Junos OS

Expand all | Collapse all

L2TP Subscriber rate limiting

Jump to Best Answer
  • 1.  L2TP Subscriber rate limiting

    Posted 07-19-2020 11:13

    Hi all,


    I can create rate limiting within a dynamic profile for a tunnel. But this takes affect on every subscriber within the tunnel.


    Othe than configuring a separate rate for every single subscriber (impossible), is there a way, on the LNS to rate limit different subscribers dynamically please (i.e: 1 subscriber 10mb, one subscriber 20mb, 1 sibscriber 30mb etc etc)?

    (I have this configured on the RADIUS and when viewing the interface for the subscriber it shows the correct rate but it, for some reason is not using the rate).



  • 2.  RE: L2TP Subscriber rate limiting

    Posted 07-19-2020 12:00





  • 3.  RE: L2TP Subscriber rate limiting

    Posted 07-20-2020 12:29

    Thanks for the information.


    I have been through the Juniper documentation but with no actual RADIUS server that I can use it makes it quite difficult to test anything. So for me to come up with a config that I cannot test is not good.


    I was hoping someone would say "configure this" or "configure that".



  • 4.  RE: L2TP Subscriber rate limiting
    Best Answer

    Posted 07-20-2020 13:11

    Hi ,


    You can add this COS part to the dynamic profile for subscriber, but data needs to be provided from radius.

     class-of-service {
            traffic-control-profiles {
                tc-profile {
                    scheduler-map "$junos-cos-scheduler-map";
                    shaping-rate "$junos-cos-shaping-rate";
                    overhead-accounting "$junos-cos-shaping-mode" bytes "$junos-cos-byte-adjust";
                    guaranteed-rate "$junos-cos-guaranteed-rate";
                    delay-buffer-rate "$junos-cos-delay-buffer-rate";
            interfaces {
                "$junos-interface-ifd-name" {
                    unit "$junos-interface-unit" {
                        output-traffic-control-profile tc-profile;
                        classifiers {
                            dscp GEN-CLASSIFIER-IN;
                        rewrite-rules {
                            dscp GEN-RW-OUT-DSCP;

    You can setup Free radius for testing this as well.

    Here is a list of the supported Radius attributes and juniper networks VSAs



    If this solves your problem, please consider to mark this post as "Accepted Solution".

    Best Regards,


  • 5.  RE: L2TP Subscriber rate limiting

    Posted 08-04-2020 14:36

    Hi Mohamed


    I am just trying to rate limit this now. So, I have configured the following:


    Dynamic profile with policers and you will also see the configuration attached.


    So, here is the weird part...


    Laptop1 --- CPE  ---- LAC ---- LNS ---- ISP ---- Internet ---- other laptop


    If initiate a speedtest from laptop1 I get between 37 and 47mbps, and the Policer etc is set to 1mbps. However, if I initiate a connection from "other laptop" to the CPE it seems to work correctly. Something is not right here.


    Have a look at the files attached and see what you think


    PPPOE-Test.txt   9 KB 1 version

  • 6.  RE: L2TP Subscriber rate limiting

    Posted 08-05-2020 12:09







    Please mark "Accept as solution" if this answers your query.


    Best Regards,


  • 7.  RE: L2TP Subscriber rate limiting

    Posted 08-05-2020 13:10

    Output of that command for the subscriber:


    daniel@LNS-TEST> show interfaces queue egress pp0.3221228620
    Logical interface pp0.3221228620 (Index 536874196) (SNMP ifIndex 200003284)
    Flags: Up Point-To-Point Encapsulation: PPPoE
    State: SessionUp, Session ID: 2,
    Session AC name: lns.as41847.net, Remote MAC address: 20:b0:01:ce:52:b0,
    Underlying interface: demux0.3221228616 (Index 536874192)
    Ignore End-Of-List tag: Disable
    Input packets : 755738
    Output packets: 2926528
    Keepalive settings: Interval 30 seconds, Up-count 3, Down-count 3
    LCP state: Opened
    NCP state: inet: Opened, inet6: Opened, iso: Not-configured, mpls: Not-configured
    CHAP state: Success
    PAP state: Closed


    So, we can still stream Netflix etc even with a 1mb limit. Still the same when initiated from external, it seems to work.


    Really weird issue. Any more help please?

  • 8.  RE: L2TP Subscriber rate limiting

    Posted 08-05-2020 13:35

    Hi adgwytc,


    What is this router rule LNS-TEST ? Based on name it suggests that it`s LNS ? However in lns subscribers are terminated on si- interface not pp0 interface as pp0.xx should be on LAC side. Also, the dynamic profile looks to be a LAC profile as well. 

    Could you please provide the dynamic profile config for both LAC and LNS ?

    Also, please clarify how you would initiate the session from other labtop ? I believe it should from direction LAC--->LNS 

    I think you need also to config rate limits on both RE


    Please mark "Accept as solution" if this answers your query.


    Best Regards,



  • 9.  RE: L2TP Subscriber rate limiting

    Posted 08-06-2020 09:09

    Hi Mohamed,


    It's both.


    The LAC is the downstream provider.


    It's a terminator on the si interface for L2TP and a secondary dynamic profile for PPPoE subscribers.


    Let me have a look for the rules on PPPoE interface (pp0)


    Other laptop knows the IP address of the Laptop behind the CPE.

    When you look at the subscribers tunnel interface pp0.xxxxxxxxxx (in the attached I placed here) it shows the settings are being picked up by the Juniper VSAs for egress and ingress and the config is exactly as Juniper states plus other sites that have implimented this.


    To test from other laptop we simply used FTP - it's only a 1mb pipe for the test and easily fills it up.

    So, that's the weird thing. Everything looks configured correctly and it works from external through the LNS through the downstream providers systems and through the CPE. It just doesn't work the other way.

  • 10.  RE: L2TP Subscriber rate limiting

    Posted 08-15-2020 00:03

    Hi Mohamed,

    Finally got this working correctly with IPv4 and IPv6. Also got it working for L2TP customers on the SI Interface and the pp0 PPPoE interface.

    Thanks for your help.