Routing

Expand all | Collapse all

MX access-internal route

Jump to Best Answer
  • 1.  MX access-internal route

    Posted 01-15-2020 06:53

    Hi ,

    juniper mx works as bng, junos 13.2R2.4. The access-internal route was registered with the next-hop address of one of the subscriber, everything worked, after updating to 18.4 the routes do not work,
    before update:
    nsa @ mx80bras> show route 2 * 2. *. 16. *

    inet. 0:23 destinations, 23 routes (23 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    2 * 2. *. 16. * / 30 * [Access-internal / 12] 11:41:08, metric2 0
                         > to # 0 44.d9.e7.ca.a8.bd via demux0.1073741832
    after:

    nsa @ mx80bras> show route 2 * 2. *. 16. *

    inet. 0:23 destinations, 23 routes (23 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    2 * 2. *. 16. * / 30 * [Access-internal / 12] 11:41:08, metric2 0
                         >

     

    Thanks



  • 2.  RE: MX access-internal route

     
    Posted 01-15-2020 07:34

    Hi,

     

    This is the expected behavior. In the next generation subscriber management releases (JUNOS 15.1+) the next-hop for access-internal routes is private:

    user@mx> show route 10.1.100.159
    
    inet.0: 15683 destinations, 15683 routes (15683 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    10.1.100.159/32    *[Access-internal/12] 23:36:11
                          Private unicast
    
    user@mx> show system subscriber-management route ?
    Possible completions:
      <[Enter]>            Execute this command
      brief                Display brief information
      detail               Display detailed information
      family               Name of family
      incomplete           Display only incomplete routes
      next-hop             Show subscriber management route next-hop information
      prefix               IPv4/IPv6 route prefix
      route-type           Type of route
      routing-instance     Name of routing instance
      summary              Show subscriber management route summary
      |                    Pipe through a command
    user@mx> show system subscriber-management route prefix 10.1.100.159/32
    
    Route:  10.1.100.159/32
         Routing-instance:         default:default
         Kernel rt-table id :      0
         Family:                   AF_INET
         Route Type:               Access-internal
         Protocol Type:            Unspecified
         Interface:                pp0.3221402859
         Interface index:          178816
         Internal Interface index: 178816
         Route index:              90640
         Next-Hop:                 2314
         Reference-count:          1
         L2 Address:               00:10:94:00:dc:46
         Flags:                    0x0
         Dirty Flags:              0x0

    What exactly does not work ofr you in 18.4?

     

    Best regards,

    Sergii

    -------------------------------------------------------------------

    Please accept the solution if your problem is resolved Smiley Happy

    -------------------------------------------------------------------



  • 3.  RE: MX access-internal route

    Posted 01-15-2020 07:51

    root @ bras # show routing-options access-internal
    route 172.16.0.0/30 next-hop 10.0.0.35;

    on the output above:
    172.16.0.0/30 is the subnet behind the subscriber's address 10.0.0.35, i.e. this subnet has nothing to do with bng, on the old version this route worked and I could ping the subnet 172.16.0.0/30 with the active subscriber 10.0.0.35, now I can’t
    junos 13.2:
    show route 172.16.0.1
    172.16.0.0/30 * [Access-internal / 12] 12:40:09, metric2 0
                         > to # 0 44.d9.e7.ca.a8.bd via demux0.1073741832
    junos 18.4:
    show route 172.16.0.1
    172.16.0.0/30 * [Access-internal / 12] 12:40:09, metric2 0
                         >



  • 4.  RE: MX access-internal route

     
    Posted 01-15-2020 08:16

    @xamza1412 wrote:

    root @ bras # show routing-options access-internal
    route 172.16.0.0/30 next-hop 10.0.0.35;

    on the output above:
    172.16.0.0/30 is the subnet behind the subscriber's address 10.0.0.35, i.e. this subnet has nothing to do with bng, on the old version this route worked and I could ping the subnet 172.16.0.0/30 with the active subscriber 10.0.0.35, now I can’t


    This is a strange construct - a static route that points to the subscriber's next-hop. Please remove it as it won't work in 15.1 and newer JUNOS releases.

     

    Usually it's implemented in the following way - when subscriber authenticates, Radius returns "Framed-Route" in Access-Accept (in addition to all other attributes). This route describes the network that is reachable via CPE (in your case, 172.16.0.0/30 is reachable via 10.0.0.35). If this attribute is present in Access-Accept, MX will install a corresponding access route.

     

    Best regards,

    Sergii

    -------------------------------------------------------------------

    Please accept the solution if your problem is resolved Smiley Happy

    -------------------------------------------------------------------



  • 5.  RE: MX access-internal route

     
    Posted 01-15-2020 08:37

    This is an example how this could look like:

    pppoe1 Cleartext-Password := "spirent"
        Service-Type = Framed-User,
        Framed-Route = "172.16.0.0/30"
    user@mx> show route protocol access-internal
    
    inet.0: 406 destinations, 406 routes (406 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    10.1.219.244/32    *[Access-internal/12] 00:01:52
                          Private unicast
    
    user@mx> show system subscriber-management route prefix 10.1.219.244/32
    
    Route:  10.1.219.244/32
         Routing-instance:         default:default
         Kernel rt-table id :      0
         Family:                   AF_INET
         Route Type:               Access-internal
         Protocol Type:            Unspecified
         Interface:                pp0.3221463517 <=====
         Interface index:          240895
         Internal Interface index: 240895
         Route index:              121189
         Next-Hop:                 2310
         Reference-count:          1
         L2 Address:               00:10:94:01:12:02
         Flags:                    0x0
         Dirty Flags:              0x0
    
    user@mx> show route protocol access
    
    inet.0: 406 destinations, 406 routes (406 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    172.16.0.0/30      *[Access/13] 00:03:05, metric 1
                          Private unicast
    
    user@mx> show system subscriber-management route prefix 172.16.0.0/30
    
    Route:  172.16.0.0/30
         Routing-instance:         default:default
         Kernel rt-table id :      0
         Family:                   AF_INET
         Route Type:               Access
         Protocol Type:            (null)
         Interface:                pp0.3221463517 <=====
         Interface index:          240895
         Internal Interface index: 240895
         Route index:              121188
         Next-Hop:                 2310
         Reference-count:          1
         L2 Address:               00:10:94:01:12:02
         Flags:                    0x100000
         Dirty Flags:              0x0

     

    Best regards,

    Sergii

    -------------------------------------------------------------------

    Please accept the solution if your problem is resolved Smiley Happy

    -------------------------------------------------------------------



  • 6.  RE: MX access-internal route

    Posted 01-15-2020 10:27

    thanks for your reply

    Radius returned the attribute, but I do not see it in the access route, there is only the following output:
    root @ bras> show subscribers address 10.0.0.35 extensive
    Type: DHCP
    User Name: 44 **. E7ca.a8bd
    IP Address: 10.0.0.35
    IP Netmask: 255.255.254.0
    Logical System: default
    Routing Instance: default
    Interface: demux0.3221231921
    Interface type: Dynamic
    Underlying Interface: xe-0/0 / 0.84
    Dynamic Profile Name: IPoE
    MAC Address: 44: **: e7: ca: a8: bd
    State: Active
    Radius Accounting ID: 262519
    Session ID: 262519
    PFE Flow ID: 6522
    VLAN Id: 84
    Login Time: 2020-01-15 21:15:52 GMT-3
    Service Sessions: 1
    DHCP Options: len 49
    35 01 01 3d 07 01 44 d9 e7 ca a8 bd 39 02 02 40 37 07 01 03
    06 0c 0f 1c 2a 3c 0c 75 64 68 63 70 20 31 2e 32 34 2e 32 0c
    08 49 46 2d 32 36 34 35 78
    DHCP Header: len 44
    01 01 06 00 21 1b 5e 7b 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 00 00 44 d9 e7 ca a8 bd 00 00 00 00 00 00 00
    00 00 00 00
    IP Address Pool: POOL_2
    Accounting interval: 600
    Dynamic configuration:
      junos-framed-route-ip-address-prefix: 172.16.0.0/30
          junos-framed-route-nexthop: 10.0.0.35
              junos-framed-route-cost: 1

       Service Session ID: 262521
    .....

    accordingly does not work



  • 7.  RE: MX access-internal route

     
    Posted 01-15-2020 14:07

    Can you please try adding the following configuration to your dynamic profile and see if it helps?

    routing-instances {
        "$junos-routing-instance" {
            interface "$junos-interface-name" {
                any;
            }
            routing-options {
                access {
                    route $junos-framed-route-ip-address-prefix {
                        next-hop "$junos-framed-route-nexthop";
                        metric "$junos-framed-route-cost";
                        preference "$junos-framed-route-distance";
                    }
                }
            }
        }
    }

    Best regards,

    Sergii

    -------------------------------------------------------------------

    Please accept the solution if your problem is resolved Smiley Happy

    -------------------------------------------------------------------



  • 8.  RE: MX access-internal route

     
    Posted 01-20-2020 01:05

    Hello,

     

    Can you please let us know if the suggested configuration change helped? If not, please share the dynamic profile configuration used for this subscriber.

     

    Best regards,

    Sergii

    -------------------------------------------------------------------

    Please accept the solution if your problem is resolved Smiley Happy

    -------------------------------------------------------------------



  • 9.  RE: MX access-internal route

    Posted 01-20-2020 03:39

    please wait a couple of days, in the production environment we cannot change the dynamic profile, I will test on test equipment



  • 10.  RE: MX access-internal route
    Best Answer

     
    Posted 02-05-2020 05:02

    Hi,

     

    It would be good to know if the suggested configuration resolved your issue.

     

    Best regards,

    Sergii

    -------------------------------------------------------------------

    Please accept the solution if your problem is resolved Smiley Happy

    -------------------------------------------------------------------