Junos OS

I have MX480 act as LNS with activate Subscriber managment and HCoS

the problem is that commit can't complete . and the failure is

error: ffp_intf_ifd_hier_tagging_config_verify: Modified IFD "si-0/0/0" flags 0x2020 is in use by BBE subscriber, commit denied - hierarchical-scheduler config changed
error: foreign file propagation (ffp) failed

the version is

the chassess is

the Configuration of chassis and si-0/0/0

the only soultion of this problem is to deactive hierarchical-scheduler under si-0/0/0 , but  i see that not affect on online subscriber or there speed ( firewall filter $junos-output-filter" )

trying to solve this problem i update MX480 to recommanded version 16.1R6-S1

same  problem solved as mention on link below

https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1304951

in another thread i see this command

The system is designed to not allow a change to an active profile to be modified as a protection mechanism. There is no way to force the commit to happen.
The options you have are to:   Disconnect all subscribers currently using the profile and execute the commit. Rollback the configuration changes to undo the change and execute the commit.
Instead of modifying this dynamic profile to include the new interface ae11, you can create a new dynamic profile with the desired changes, and apply this new profile. This way, all new subscribers will use the new profile and the old profile can be deleted once no subscribers are using it.

Please read my previous post.

According previous post i activate flexible-queuing-mode on configuration mode , you can check configuration on main topic

The error basically pops up when you modify configuration parameter onto the interface were existing subscriber is logged in.

Logout the subscriber, do the modifyication & commit. Post successful commit, bring the subscriber online.

Are doing any configuration changes post subscriber login?

Hope you're not doing any dynamic-profile releated changes post the subscriber login.. check if versioning is enabled?

show configuration system dynamic-profile-options

about versioning of dynamic profile is enable .

Can you share dynamic-profile configuration?

Regards,
Rahul N

dynamic profile

any change of configuration will not commit , for example if you want to change timezone or add login user the commit will not done . just when deactivate hierarchical-scheduler under si-0/0/0 .

BTW , i deactivate it now . my goal is to limit speed to ADSL user using policier and filter , no need more feature and the limitaion work with deactivation  hierarchical-scheduler

If you modify any other configuration which is not related to subscribers, the system will allow to commit.

But you modify subscriber related configuration which is in use with existing subscriber and along that you add/delete any other configuration(non-subscriber related), the system will not allow you to commit becuase you modifiying a parameter is in use with existing subscribers.

As you mentioned you want limit subscriber speed and i assume while they are connected, usually this done by creation service dynamic-profile that includes variables for policer/filter for subscriber. This gets attached to subscriber either returning service activation VSA from radius or can changed on fly using CoA without diconnecting subscriber or without doing any configuration changes on node.

Hi,

Please find my lab testing.

As i mentioned eaarlier, MPC2E NG PQ & Flex Q doesn't support HCOS. To resolve commit issue, we need to enable flexible-queuing-mode.

labroot@ERX-MX960-NS-1# show chassis
fpc 7 {
    pic 0 {
        tunnel-services {
            bandwidth 10g;
        }
        inline-services {
            bandwidth 10g;
        }
    }
}
network-services enhanced-ip;

FPC 7            REV 11   750-054904   CAEV1347          MPC2E NG PQ & Flex Q
  CPU            REV 12   711-045719   CAEV1898          RMPC PMB
  MIC 0          REV 31   750-028387   CAFE7364          3D 4x 10GE  XFP
    PIC 0                 BUILTIN      BUILTIN           2x 10GE  XFP
    PIC 1                 BUILTIN      BUILTIN           2x 10GE  XFP
 
test# set system login user test class super-user authentication plain-text-password
New password:
Retype new password:

{master}[edit]
test# commit
re0:
error: ffp_intf_ifd_hier_tagging_config_verify: Modified IFD "si-7/0/0" flags 0x20 is in use by BBE subscriber, commit denied - hierarchical-scheduler config changed
error: foreign file propagation (ffp) failed

{master}[edit]
test# run show subscribers
Interface           IP Address/VLAN ID                      User Name                      LS:RI
si-7/0/0.3221225477 X.X.X.X                             test@test.com             default:default     

{master}[edit]
test# run show interfaces terse | grep si-
si-7/0/0                up    up
si-7/0/0.0              up    up   inet   

Logout the subscriber

TEST# run show subscribers   
Total subscribers: 0, Active Subscribers: 0

Enable the flexiable-queuing-mode

TEST# set chassis fpc 7 flexible-queuing-mode

 
TEST# commit
re0:
[edit chassis fpc 7]
  'flexible-queuing-mode'
    warning: FPC configuration for flexible-queuing is changed. FPC would undergo reboot to enable flexible-queuing. FPC would come online only if power available is sufficient to enable queuing components.
configuration check succeeds
re1:
[edit chassis fpc 7]
  'flexible-queuing-mode'
    warning: FPC configuration for flexible-queuing is changed. FPC would undergo reboot to enable flexible-queuing. FPC would come online only if power available is sufficient to enable queuing components.
commit complete
re0:

Once the FPC is online. Bring up the subscribers.

  7  Online            37      8          0       11     10      9    3584        6         25

TEST> show subscribers   
Interface           IP Address/VLAN ID                      User Name                      LS:RI
si-7/0/0.3221225478 X.X.X.X                             test@test.com             default:default   

Do the changes and commit. No issues seen this time.

TEST# set system login user test class super-user authentication plain-text-password
New password:
Retype new password:

{master}[edit]
TEST# commit
re0:
configuration check succeeds
re1:
commit complete
re0:
commit complete

Regards,

Rahul N

Thanks  for your clarify the lab test ..

actually i do all things that you mention on your post but not work . add flexible-queuing-mode on fpc 0 that i used and the module reboot but still show the error when i commit any change like you do . I have one RE installed  not like your router.

By the way , when i deactivate  hierarchical-scheduler , I can modify any things on configuration

i test 2 changes one on address-assignment and other on policer .

the first one i give pool with prefix /24 start from 0 to 255 , when i change range from 30 to 255 all user under 30 disconnect and reconnect taking new IP but when i expand range the users not disconnect . this is great feature not like cisco that want to disconnect user manual when i want to remove one of DHCP range .

the second one is also great feature the when i change the policier bandwith limit from 16m to 24m the user affect directly without diconnect .

until now , i still deactivate hierarchical-scheduler under si-0/0/0 and activated flexible-queuing-mode on fpc 0 . this is the optimal solution that I found . So many thanks for you Rahul and Karan