|
authenticating
|
New sessions start in the authenticating state. In this state,
the dial-out state machine has received a valid trigger and is waiting
for authentication, authorization, and accounting (AAA) to complete
the initial authentication.
On getting a grant from AAA, the session transitions to the
connecting state. Alternatively, on getting a deny from AAA, the session
transitions to the inhibited state.
|
|
connecting
|
Sessions enter the connecting state when authentication is complete.
In this state, the dial-out state machine has initiated an outgoing
L2TP call. On entering this state, the session-connecting timer is
set to the chassis-wide trigger timer value. The session stays in
this state until either the outgoing call is successful or the connecting
timer expires. Any new trigger packets received for this session when
it is in the connecting state are discarded.
|
|
inService
|
A session enters the inService state from the connecting state
on successful completion of the dial-out call request. The session
stays in this state until the outgoing call is closed.
|
|
inhibited
|
A session enters the inhibited state from the connecting state
when the connecting timer expires (that is, the outgoing call was
unsuccessful). This state prevents the router from thrashing on an
outgoing call that cannot be completed. When in this state, the router
discards all trigger packets received for the session.
The inhibited timer controls the amount of time spent in this
state. The setting of the inhibited timer varies depending on whether
the session is entering the inhibited state for the first time or
is reentering the state.
- If it is the first time, the inhibited timer is initialized
to the chassis-wide trigger value.
- If it is reentering the state, the inhibited timer is
initialized to 2 times the previous value of the inhibited timer,
up to a maximum of 8 times the chassis-wide trigger value. For example,
if the chassis-wide trigger value is 30 seconds, the setting of the
inhibited timer within the session (on subsequent immediate reentries;
see postInhibited state) is 30, 60, 120, 240. Since 240 is 8 x 30,
the inhibited timer for this session is never set larger than 240
seconds.
|
|
postInhibited
|
A session enters the postInhibited state after completion of
an inhibited state. The inhibited timer is reused to control the amount
of time the session stays in postInhibited state. In this state the
timer repeatedly times out and reduces the inhibited timer by a factor
of 2 on each iteration. Once the inhibited timer reaches zero, the
session transitions to dormant. The receipt of a trigger in this state
results in a transition to the authenticating state.
|
|
dormant
|
A session enters the dormant state after completion of a postInhibited
state. The dormant timer is initialized to the chassis-wide dormant
timer value, minus the time the session spent in the postInhibited
state. Receipt of a new trigger packet transitions the session to
the authenticating state. If the dormant timer expires, the session
is deleted. The dormant state exists to allow analysis of a dial-out
session before it is deleted.
|
|
pending
|
A session enters the pending state when a valid trigger is received
but there already are the maximum number of connecting sessions in
the router. The router discards all subsequent trigger packets until
other sessions transition out of the connecting state. When this happens,
pending sessions can transition to the dormant state.
|
|
failed
|
A session enters the failed state when the router detects a
configuration error that prevents the successful operation of the
session. Specifically, one of the final steps in a dial-out request
is mutual PPP authentication at the LNS. A side-effect of authentication
is the installation of an access route for the outgoing call. If the
access route does not correspond to the trigger packet (that is, the
trigger packet cannot be routed successfully by the new access route),
the router detects this discrepancy as a configuration error because
trigger packets that arrive are not forwarded into the outgoing call;
rather, they are buffered or discarded.
The only way to exit the failed state is with the l2tp dial-out session reset command.
|
