Detection of Corruption in the FPGA Statistics for Policies of Subscribers Managed by the SRC Software

When a bit flip occurs in the RAM of the field-programmable gate array (FPGA) statistics of a router that is functioning as the Session and Resource Control (SRC) client, the router may transmit erroneous and inconsistent statistical details for IPv4 and IPv6 subscribers to the SRC server or the Common Open Policy Service (COPS) server. This affects the computation of accounting information for subscriber sessions. When incorrect policy statistical details are sent from the SRC client, you can resolve the problem of inconsistent subscriber accounting only by replacing the defective hardware.

You can configure a software detection mechanism that identifies corruption in the FPGA statistics and prevents the SRC client from sending erroneous subscriber statistics to the SRC server. The capability to detect incorrect statistics operates by comparing the following statistical counters against a threshold value:

• Packets processed by an interface
• Packets for which policies are attached to the interface

If the difference between the interface counters and policy counters for ingress or egress policies collected over two polling intervals matches or exceeds the specified threshold value, a corruption is detected in the FPGA statistics and the subscriber statistics are not forwarded to the SRC server. If the difference between the interface counters and policy counters for ingress or egress policies collected over two polling intervals is less than the specified threshold value, no corruption is detected in the FPGA statistics and the collected subscriber statistical details are sent to the SRC server.

You can now use the fpga-stats-monitoring-enable command in Privileged Exec mode to enable the capability to detect corruption in the FPGA statistics and prevent the transmission of incorrect statistical details to the SRC server for subscriber policies managed by the SRC software. You can now use the fpga-stats-monitoring threshold thresholdValue command in Global Configuration mode to specify a threshold value to be used to determine corruption in the FPGA statistics. The threshold value is matched against the difference of the interface and policy counter values (for ingress and egress policies) collected over two consecutive polling periods.

In a Layer 2 Tunneling Protocol (L2TP) network that is established over a Point-to-Point Protocol (PPP) link between the router and the customer premises equipment (CPE) or the client, you can enable the router to manage subscriber policies using the SRC server. In such a network topology, the SRC client or the router sends COPS request messages to the SRC server. The SRC server sends provisioned policies to the SRC client, which installs the default service policies. When the SRC server sends a decision (DEC) packet to enable the policies to be attached to the interface, a new subscriber session is established after the user is successfully authenticated. The SRC client sends the Acct-Start message to the RADIUS server for the newly logged-in subscriber.

When the SRC server requests subscriber statistics counter values from the SRC client, which is also the RADIUS client, the router retrieves the accounting information by sending an Interim-Acct message to the RADIUS server and transmits the retrieved counter values to the SRC server. When the PPP session is terminated, the SRC client sends the Acct-Stop message to the RADIUS server and transmits the collected accounting details to the SRC server. The Delete Request (DRQ) messages are sent to the SRC server at this point.

The detection mechanism for corruption in the FPGA statistics is triggered for periodic DEC packets that the SRC client receives from the SRC server. You can set up the interval at which these DEC packets are sent in the SRC software. After you enable the corruption detection mechanism on the router or the SRC client, the detection feature is triggered when one of the following events occurs on the SRC client:

• Receipt of a DEC message from the SRC server to attach the service policy to an interface
• Receipt of a DEC message from the SRC server to retrieve interim accounting statistics
• Subscriber session goes down and the final accounting report is sent to the SRC server

Guidelines for Configuring the Capability to Detect Corruption in the FPGA Statistics

Keep the following points in mind when you configure the capability to detect corruption in the FPGA statistics. You must specify a threshold to determine discrepancies in the statistics:

• When a subscriber attempts to establish sessions over a defective slot where corruption in the FPGA statistics is detected, the subscriber will not be allowed to log in.
• The configuration settings related to the detection of corruption in the FPGA statistics are preserved across unified in-service software upgrade (ISSU), stateful switch route processor (SRP) switchover, and stateful line module switchover operations.
• For L2TP subscribers, the corruption in the FPGA statistics is detected on ES2 10G ADV line module (LMs) or ES2 4G LMs with Service input/output adapters (IOAs), and this validation of the state of the FPGA statistics is not performed on the access interfaces. This method of detection occurs because the interface statistics are maintained only in the Service IOA.
• When a corruption is detected on ES2 4G LMs or ES2 10G ADV LMs with ES2-ES1 Service IOA, establishment of subscriber sessions over such line modules is not allowed. This prevention of creation of subscriber sessions occurs because the maximum number of tunnel-service interfaces that can be provisioned on a tunnel-server port is set to zero in such a case.
• Even if the interval to poll accounting statistics from the SRC client is configured at a higher frequency, such as at periodic intervals of one second on the SRC server, the performance of the router is not impacted because of the handling of such DEC messages from the SRC server.
• The session termination request is sent to the SRC server when corruption is detected for a slot over which the subscriber is logged in. The existing subscriber session is terminated and new subscribers cannot establish a session over the defective slot.
• The detection mechanism for corruption in the FPGA statistics has a limitation in the calculation of policy statistics when the ingress or egress traffic does not match any of the classifier rules configured within a policy. To avoid this discrepancy, a default classifier group should be added to the policy so that no traffic remains unaccounted..
• The detection mechanism for corruption in the FPGA statistics cannot detect bit flips in least significant bits, which result in statistics corruption lower than the configured threshold value.
• Information about defective slots is not persistent across unified ISSU, stateful SRP switchover, and stateful line module switchover operations. Therefore, if subscribers attempt to log in to a slot, which was determined to be corrupted prior to the restart of the router, they are permitted to log in until the detection capability classifies the slot to be defective again after the router went through a stateful reset.