Junos OS

 View Only
last person joined: yesterday 

Ask questions and share experiences about Junos OS.
  • 1.  Dynamic subscriber management and Update-Service

    Posted 08-18-2020 00:47

    hello!

    I send from radius server COA request such (INTERNET_POLICER - dynamic service profile with userdefined variable):

    Acct-Session-Id = 40147
    ERX-Update-Service:1 = "INTERNET_POLICER(1000)"

    and receive error

    Error-Cause = Missing-Attribute
    Attr-26.4874.178 = 0x31323220457865637574696f6e206661696c757265

    in log from MX:

    Aug 18 10:40:44.353173 dyn_req_disconnect_cb attributes remote_addr:(X.X.X.R) remote_port:(49951), rtbl_idx:(0)
    Aug 18 10:40:44.353223 authd_extract_identifier_avps received AVP type:44 val:40147 len:5
    Aug 18 10:40:44.353274 authd_extract_identifier_avps: Acct-Session-Id=40147
    Aug 18 10:40:44.353306 authd_extract_identifier_avps received AVP type:26 val: len:28
    Aug 18 10:40:44.353383 Looked up subscriber session-id:40147 access-profile-name <AP1>
    Aug 18 10:40:44.353458 Parsing RADIUS message for session-id:40147
    Aug 18 10:40:44.353529 radius-coa-request: Update-Service (Juniper-ERX-VSA) received: INTERNET_POLICER(1000)
    Aug 18 10:40:44.353577 dyn_req_disconnect_cb server_id (X.X.X.R) (X.X.X.R) port(49951) (49951) cookie :181 for session-id:40147 - parsed successfully
    Aug 18 10:40:44.353652 createDynamicRequest: (5) received
    Aug 18 10:40:44.353694 CoARequest CTOR 0x0x317686c
    Aug 18 10:40:44.353728 createDynamicRequest: isBulkCoaRequest 0
    Aug 18 10:40:44.353779 CoARequest::dynamicRequestValidate
    Aug 18 10:40:44.353818 smmProcDynReq:1287 Dynamic request decode cause(0), error(), reason(0), status(0)
    Aug 18 10:40:44.353865 persistOnlyPrivateData m_inFlight
    Aug 18 10:40:44.353910 CoARequest::savePrivateData
    Aug 18 10:40:44.353944 CoARequest::encodeServices encoding 0 service requests
    Aug 18 10:40:44.354002 smmProcDynReq:1681 BulkCoA TransactionId 0, Identifier 0 - continue to create services in SDB
    Aug 18 10:40:44.354051

    ====== Dynamic Service Request ======= session-id:40147
    Aug 18 10:40:44.354115 Dynamic Service Handler session-id:40147, dynRequest
    Aug 18 10:40:44.354163 Details from Current Dynamic Request: 0x317686c BulkCoaTransactionId=0 BulkCoaIdentifier=0 DynamicProfileUpdateFailCause=0 DynamicProfileUpdateErrorMsg="" Reason=0 NumServiceActivates 0 NumServiceDeactivates 0 getNumServicesCreated 0 StartIndex=0 NumBulkCoaRequests=1 NumRequests=0 SessionIdListSize=0 Sessions:
    Aug 18 10:40:44.354203 smmServiceHandler:3672 Nothing To Process: dynRequest 0x317686c
    Aug 18 10:40:44.354310 serviceRequestsPresent 0 NumRequests 0
    Aug 18 10:40:44.354348 triggerService: No Implemented Attributes Found
    Aug 18 10:40:44.354380 setDynamicProfileUpdateFailCause: dynamicProfileUpdateResult 3
    Aug 18 10:40:44.354412 setDynamicProfileUpdateErrorMsg:5961 BEFORE dynamicProfileUpdateErrorMsg: , reason(0)
    Aug 18 10:40:44.354448 setDynamicProfileUpdateErrorMsg:6021 After dynamicProfileUpdateErrorMsg: 122 Execution failure, reason(4)
    Aug 18 10:40:44.354502 ../../../../../../src/junos/usr.sbin/authd/service/authd_aaa_service_mngr.cc:2804 Dynamic request processing status <Error:authd class=1, code=3>
    Aug 18 10:40:44.354906 smmProcDynReq:1718: newDynRequest->triggerRequest result 3
    Aug 18 10:40:44.354943 smmProcDynReq: coa-req trigger-request failed, session-id:40147
    Aug 18 10:40:44.354982 cleanServiceList: numRequests 0
    Aug 18 10:40:44.355017 ~CoARequest 0x0x317686c
    Aug 18 10:40:44.355049 cleanServiceList: numRequests 0
    Aug 18 10:40:44.355082 ~DynamicRequestEntry 0x0x317686c
    Aug 18 10:40:44.355128 persistOnlyPrivateData
    Aug 18 10:40:44.355193 dyn_req_disconnect_cb dyn_result: -1
    Aug 18 10:40:44.355855 dyn_req_disconnect_cb:1081 Send disconnect response: session-id:40147 cookie:(0) server_id:(X.X.X.R) port(49951)remote_addr:(X.X.X.R) remote_port:(49951) cause:(3) reason(122 Execution failure)
    Aug 18 10:40:44.356204 authd_auth_aaa_msg_destruct auth_aaa_msg: 0x27726e8

     

    What attributes are missing in the request?

    Thanx!



  • 2.  RE: Dynamic subscriber management and Update-Service

    Posted 08-18-2020 02:27

    show configuration of INTERNET_POLICER dynamic-profile



  • 3.  RE: Dynamic subscriber management and Update-Service

    Posted 08-18-2020 05:58

    winsor@rtestroom-1# show dynamic-profiles INTERNET_POLICER
    variables {
    bandwith_var default-value 1m;
    filter_in uid;
    filter_out uid;
    policer_customer uid;
    burst_var equals "round($bandwith_var*6/80)";
    }
    interfaces {
    "$junos-interface-ifd-name" {
    unit "$junos-interface-unit" {
    family inet {
    filter {
    input "$filter_in";
    output "$filter_out";
    }
    }
    }
    }
    }
    firewall {
    family inet {
    filter "$filter_in" {
    interface-specific;
    term 1 {
    then {
    policer "$policer_customer";
    accept;
    }
    }
    }
    filter "$filter_out" {
    interface-specific;
    term 1 {
    then {
    policer "$policer_customer";
    accept;
    }
    }
    }
    }
    policer "$policer_customer" {
    filter-specific;
    if-exceeding {
    bandwidth-limit "$bandwith_var";
    burst-size-limit "$burst_var";
    }
    then discard;
    }
    }



  • 4.  RE: Dynamic subscriber management and Update-Service

    Posted 08-20-2020 03:20

    can you advise anything? thanx!



  • 5.  RE: Dynamic subscriber management and Update-Service

    Posted 08-20-2020 08:34

    value of 1000 if very strange, mx can not program policer for 1000bps, 
    Try to send INTERNET_POLICER(100000) for example and check what will happens, 



  • 6.  RE: Dynamic subscriber management and Update-Service

    Posted 08-20-2020 22:42

    Query:

    Acct-Session-Id = "40150"
    ERX-Update-Service = "INTERNET_POLICER(100000)"
    Result:
    Error-Cause = Missing-Attribute
    Attr-26.4874.178 = 0x31323220457865637574696f6e206661696c757265
    (0) -: Expected CoA-ACK got CoA-NAK

    the error is the same.

    You can explain the format of this AV-Pair (Update-Service) from the documentation:
    New values of service and time quotas for existing service.
    What does the time quotas format look like and what does it mean? given that it is requesting in one param?

    p.s. on COA Activate-Service takes a 1000bps value and sets the dynamic profile variable to this...



  • 7.  RE: Dynamic subscriber management and Update-Service
    Best Answer

     
    Posted 08-21-2020 00:09

    Hello,

     

    According to Standard and Vendor-Specific RADIUS Attributes, ERX-Update-Service contains new values of service and time quotas for existing service.

    Also I think this error means you're missing ERX-VSA with code 178 (which is missing in the table above), but 26-​179 is Service-​Volume-​Gigawords, so maybe 178 is something related - Service-Quota, etc.

     

    Attr-26.4874.178 = 0x31323220457865637574696f6e206661696c757265

     

     In any case, I don't think you're using quotas, so I'd suggest performing service deactivation and activation instead:

    Deactivate-​Service:1 += "INTERNET_POLICER(10000)",

    Activate-​Service:2 += "INTERNET_POLICER(20000)"

     

    Please try and let us know if it works.

     

    Best regards,

    Sergii

    -------------------------------------------------------------------

    Please accept the solution if your problem is resolved Smiley Happy

    -------------------------------------------------------------------



  • 8.  RE: Dynamic subscriber management and Update-Service

    Posted 08-21-2020 01:22

    if I understand correctly - Update-Service is it used only for services based on quotas? Can you give a small dynamic-profile example for understanding?
    the service deactivate/activate sequence works fine.



  • 9.  RE: Dynamic subscriber management and Update-Service

     
    Posted 08-21-2020 01:34

    Hello,

     

    Thank you, I'm happy to hear that your issue is resolved. Please mark appropriate post as the accepted solution, which would allow users to find solutions for similar problems faster.

     

    Quota based subscriber services is a relatively recent feature, which, unfortunately, doesn't seem to be documented properly. I don't have much experience with it, and documentation is not there. Perhaps you can start a new thread here explicitly asking for sample configuration of quota based subscriber service, and hopefully someone else could help.

     

    Best regards,

    Sergii

    -------------------------------------------------------------------

    Please accept the solution if your problem is resolved Smiley Happy

    -------------------------------------------------------------------