Routing

Hello all,

I've been using PPPoE subscriber management on our MX routers for a while. Since a couple of weeks, one interface connected to many customers, stopped handling pppoe requests. When customers try to connect via pppoe we do not see the VLAN coming in on the MX and the access-request message being sent to the radius server.

Sometimes it works, but a lot of the time it doesn't. We have been having this problem for a while now and we cannot pinpoint where it started.

The weird thing is that it is exclusively happening on this interface. All other interfaces do the handling quite fine.

When we bridge an incoming interface to a different router, and this router getting IP information from the radius, it all works fine. But we need the pppoe sessions to be terminated on the MX and not on that other router.

The configuration itself is fine. But i can post it here if needed.

The optic has been checked on light, errors and such. Nothing found.

The only logs we see on a VLAN, 1167 in the example below, is this:

Oct 25 07:11:27 Received async msg for ifl xe-0/0/3.1167

Oct 25 07:11:27 Received add async msg for ifl xe-0/0/3.1167

Oct 25 07:11:27 session 0 not found to attach ifl xe-0/0/3.1167, index 804 to session

Oct 25 07:11:27 autoconfd_add_ifl: ifl xe-0/0/3.1167 added, index 0x324, gen num 27568, ifl session 0 phy dev-index 149

Oct 25 07:11:27 Received async msg for ifl xe-0/0/3.1167

Oct 25 07:11:27 Received chg async msg for ifl xe-0/0/3.1167

Last things I checked:

> show network-access aaa terminate-code brief                   

Terminate-code:

  RADIUS     Custom Usage-Count Type Code

  1          no     10          dhcp client-request                            

  10         no     2           dhcp nas-logout                                

  10         no     2           ppp  admin-logout                              

  10         no     13          ppp  lcp-keepalive-failure                     

  1          no     16          ppp  lcp-peer-terminate-term-req               

  2          no     38          ppp  lower-interface-down

I hope you can help here, because I'm out of ideas.

Hi,

Please confirm the version you're using on MX. In case 13.3, did you tried restarting auto-configuration?

Regards,

Rahul N

attach configuration of interfaces and dynamic-profiles here, access profiles. 

also attach output of command "show system resource-monitor summary"

Is it new setup, or its already used for SM ? 

marijn@core-nkh-03# show interfaces xe-0/0/3 
description "CUST: KPN 10G interconnect / CID 7754";
traceoptions {
    flag all;
}
flexible-vlan-tagging;
auto-configure {
    stacked-vlan-ranges {
        dynamic-profile DYNINTF-STACKED-VLAN-INET-KPN {
            accept any;
            ranges {
                1025-1025,6-6;
            }
        }
        dynamic-profile DEMUX-QinQ {
            accept pppoe;
            ranges {
                1048-1048,7-7;
                1048-1048,6-6;
                1025-1025,7-7;
            }
        }
    }
    vlan-ranges {
        dynamic-profile DYNINTF-VLAN-DHCP-INET-KPN {
            accept [ dhcp-v4 dhcp-v6 ];
            ranges {
                1000-1024;
                1026-1041;
                1049-1064;
                1066-1066;
                1068-1071;
                1076-1076;
                1078-1079;
                1082-1082;
                1084-1084;
                1086-1093;
                1095-1099;
                1101-1104;
                1107-1108;
                1115-1117;
                1121-1121;
                1127-1127;
                1130-1130;
                1134-1135;
                1137-1138;
                1043-1046;
            }
        }
        dynamic-profile DEMUX-Q {
            accept pppoe;
            ranges {
                1042-1042;
                1047-1047;
                1067-1067;
                1072-1075;
                1080-1081;
                1083-1083;
                1085-1085;
                1094-1094;
                1100-1100;
                1105-1106;
                1109-1114;
                1118-1120;
                1122-1126;
                1128-1129;
                1131-1133;
                1136-1136;
                1139-1140;
                1141-1150;
                1151-1160;
                1162-1999;
            }
        }
    }
    remove-when-no-subscribers;
}
mtu 1530;
encapsulation flexible-ethernet-services;
gigether-options {
    ethernet-switch-profile {
        mac-learn-enable;
    }
}

show dynamic-profiles DEMUX-Q   
interfaces {
    demux0 {
        unit "$junos-interface-unit" {
            demux-source inet;
            proxy-arp;
            vlan-id "$junos-vlan-id";
            demux-options {
                underlying-interface "$junos-interface-ifd-name";
            }
            family inet {
                unnumbered-address lo0.0 preferred-source-address 185.52.208.2;
            }
            family pppoe {
                duplicate-protection;
                dynamic-profile PPPoE-SUBSCRIBER;
            }
        }
    }
}

show dynamic-profiles PPPoE-SUBSCRIBER 
predefined-variable-defaults {
    inactive: input-filter police-unlimited;
    inactive: output-filter police-unlimited;
}
routing-instances {
    "$junos-routing-instance" {
        interface "$junos-interface-name";
        routing-options {
            access {
                route $junos-framed-route-ip-address-prefix {
                    next-hop "$junos-framed-route-nexthop";
                    preference 4;
                }
            }
            access-internal {
                route $junos-subscriber-ip-address {
                    qualified-next-hop "$junos-interface-name";
                }
            }
        }
    }
}
interfaces {
    pp0 {
        unit "$junos-interface-unit" {
            ppp-options {
                pap;
                authentication [ pap chap ];
                mru 1492;
                mtu 1492;
            }
            pppoe-options {
                underlying-interface "$junos-underlying-interface";
                server;
            }
            keepalives interval 60;
            family inet {
                filter {
                    input "$junos-input-filter";
                    output "$junos-output-filter";
                }
                unnumbered-address "$junos-loopback-interface";
            }
        }
    }
}

show access 
radius-server {
    xx.xx.xx.xx{
        secret "$9$1I5hcrbwgGDkuO1hylXxjHkPz39Ap01R"; ## SECRET-DATA
        source-address yy.yy.yy.yy;
    }
}
domain-name-server-inet {
    xx.xx.xx.xx;
    zz.zz.zz.zz;
}
profile local {
    accounting-order radius;
    authentication-order radius;
    radius {
        authentication-server xx.xx.xx.xx;
        accounting-server xx.xx.xx.xx;
    }
    radius-server {
        xx.xx.xx.xx {
            secret "$9$1I5hcrbwgGDkuO1hylXxjHkPz39Ap01R"; ## SECRET-DATA
            source-address yy.yy.yy.yy;
        }
    }
    accounting {
        order radius;
    }
}

The command "show system resource-monitor summary" cannot be executed on this MX80.

show version 
Hostname: core-nkh-03
Model: mx80
Junos: 13.3R6.5
JUNOS Base OS boot [13.3R6.5]
JUNOS Base OS Software Suite [13.3R6.5]
JUNOS Kernel Software Suite [13.3R6.5]
JUNOS Crypto Software Suite [13.3R6.5]
JUNOS Packet Forwarding Engine Support (MX80) [13.3R6.5]
JUNOS Online Documentation [13.3R6.5]
JUNOS Services Application Level Gateways [13.3R6.5]
JUNOS Services Jflow Container package [13.3R6.5]
JUNOS Services Stateful Firewall [13.3R6.5]
JUNOS Services NAT [13.3R6.5]
JUNOS Services RPM [13.3R6.5]
JUNOS Services Crypto [13.3R6.5]
JUNOS Services SSL [13.3R6.5]
JUNOS Services IPSec [13.3R6.5]
JUNOS Routing Software Suite [13.3R6.5]

Oh and the router has been restarted a week ago. Isn't that the same as restarting auto-configuration?

You're above the vlan-limit. No plan for upgrading to 15.1 or 16.1?

PPPOE# show | match ranges |except accept|display set| count  
Count: 44 lines

https://www.juniper.net/documentation/en_US/junos12.3/topics/task/configuration/vlan-dynamic-profile...

You can configure multiple VLAN range groups (up to 32 total) on the same physical interface that use different VLAN dynamic profiles

Yes, there was a plan to upgrade it to 15.1 last week. Unfortunately we had to postpone this to later this year.

I'll try to see if I can do something with the VLAN ranges.

You are sure this is what holds us back?

Also, i've checked that link you posted. How can dynamic override help us here?

I would suggest to bring down the vlan-ranges and check if issue persist.

If nothing is showing under PPPoE logs means DVLAN is failing and possible reason is vlan-range limit.

As mentioned earlier, this limit doesn't exist in later releases.

Regards,

Rahul N

Hi Rahul,

Bringing down the vlan ranges limit did indeed do something! All sessions reconnected on the Juniper again instead on the backup PPPoE server.

So the upgrade to 15.1 would have solved this issue as well.

Thanks for looking into this!

Beelze