Junos OS

 View Only
last person joined: 22 hours ago 

Ask questions and share experiences about Junos OS.

MX80 taking too long to process PADI from PPPoE

  • 1.  MX80 taking too long to process PADI from PPPoE

    Posted 10-20-2022 18:40
      |   view attached

    Hi everyone,

    I have an MX80 in version 20.4R3.8 and this router is working as a BNG of PPPoE connections. It currently has a license for 16,000 connections and has around 800 PPPoE connections working.

    Scenario
    - BNG PPPoE Junos 20.4R3.8
    - HG8310M SPECIFIC ONU in bridge mode
    It only happens with this model
    - Any Generic CPE


    We have a problem when we use in the scenario, a Huawei ONU HG8310M in Bridge, putting any router behind to dial the PPPoE. When we do this, the PADI packet arrives at the MX, but after a few seconds, JunOS sends the PADO, preventing the PPPoE connection.

    When we use another ONU model, the PPPoE connection is established immediately, even when we use the same ONU HG8310M in an MX204, with the same PPPoE settings, the PPPoE connection is also established, only when we use this ONU in the MX80 does this happen.


    A "Monitor traffic" was made on the interface in parallel with PPPoE traceoptions.
    We can see from the capture that the PADI packet arrives
    It takes a while (usually about 10 seconds, but sometimes longer)
    Only then does traceoptions show the processed PADI and the generated PADO.
    And that then shows up in the Monitor Traffic.

    What we already solved to try to solve:

    MX80 software update (previously it was version 18), we removed all the MX80 settings and reconfigured it, including using settings from the other MX204 BNG.

    Yesterday we removed all PPPoE connections from this MX and reconfigured it from scratch, we tested it on the bench and it worked correctly, authenticating the PPPoE that is behind the ONU Bridge, but when putting it into production, authenticating 800 PPPoE connections, without any other change, the PPPoE connection of this ONU in Bridge does not rises.

    The only difference in packet capture is that the "Host-Uniq" of PPPoE Tags is 16 Bytes, when it goes through this ONU, but in other ONU models (which works correctly) it is 12 Bytes, as if Juniper takes time to process PADI when "Host-Uniq" is 16 Bytes.

    Note: We have already removed all DDoS-Protection settings for testing and the CPU usage did not go above 20% with the MX80 in production.

    Does anyone have any other ideas on what to do to resolve this?

    Here are some PPPoE settings:


    interfaces {
    xe-0/0/0 {
    description LINK-JUNIPER;
    gigether-options {
    802.3ad ae0;
    }
    }
    xe-0/0/1 {
    description LINK-JUNIPER;
    gigether-options {
    802.3ad ae0;
    }
    }
    ae0 {
    description LINK-JUNIPER;
    flexible-vlan-tagging;
    auto-configure {
    stacked-vlan-ranges {
    dynamic-profile svlan-profile {
    accept pppoe;
    ranges {
    any,any;
    }
    }
    access-profile PPPoE-Access-Profile;
    }
    vlan-ranges {
    dynamic-profile vlan-profile {
    accept pppoe;
    ranges {
    any;
    }
    }
    access-profile PPPoE-Access-Profile;
    }
    remove-when-no-subscribers;
    }

    dynamic-profiles {
    PPPOE-PROFILE {
    routing-instances {
    "$junos-routing-instance" {
    interface "$junos-interface-name";
    routing-options {
    access {
    route $junos-framed-route-ip-address-prefix {
    next-hop "$junos-framed-route-nexthop";
    tag "$junos-framed-route-tag";
    }
    }
    access-internal {
    route $junos-subscriber-ip-address {
    qualified-next-hop "$junos-interface-name";
    }
    }
    }
    }
    }
    interfaces {
    pp0 {
    unit "$junos-interface-unit" {
    no-traps;
    ppp-options {
    pap;
    mru 1500;
    mtu 1500;
    }
    pppoe-options {
    underlying-interface "$junos-underlying-interface";
    server;
    }
    keepalives interval 15;
    family inet {
    rpf-check;
    filter {
    input "$junos-input-filter";
    output "$junos-output-filter";
    }
    unnumbered-address "$junos-loopback-interface";
    }
    }
    }
    }
    }
    vlan-profile {
    interfaces {
    demux0 {
    interface-mib;
    unit "$junos-interface-unit" {
    no-traps;
    vlan-id "$junos-vlan-id";
    demux-options {
    underlying-interface "$junos-interface-ifd-name";
    }
    family pppoe {
    access-concentrator BRAS-2;
    duplicate-protection;
    dynamic-profile PPPoE-MainProfile;
    max-sessions 16000;
    }
    }
    }
    }
    }
    svlan-profile {
    interfaces {
    demux0 {
    interface-mib;
    unit "$junos-interface-unit" {
    no-traps;
    vlan-tags outer "$junos-stacked-vlan-id" inner "$junos-vlan-id";
    demux-options {
    underlying-interface "$junos-interface-ifd-name";
    }
    family pppoe {
    access-concentrator BRAS-2;
    duplicate-protection;
    dynamic-profile PPPoE-MainProfile;
    }
    }
    }
    }
    }
    }

    access {
    radius-server {
    179.x.x.x {
    port 1812;
    accounting-port 1813;
    dynamic-request-port 3779;
    secret "$9$P5F/SyKL7VKM87ds; ## SECRET-DATA
    source-address 179.x.x.x;
    }
    }
    radius-disconnect-port 3779;
    radius-disconnect {
    179.x.x.x;
    }
    profile PPPoE-Access-Profile {
    authentication-order radius;
    domain-name-server {
    177.x.x.x;
    8.8.8.8;
    }
    radius {
    authentication-server 179.x.x.x;
    accounting-server 179.x.x.x;
    options {
    nas-port-extended-format {
    slot-width 5;
    adapter-width 1;
    port-width 3;
    }
    calling-station-id-format {
    mac-address;
    }
    client-authentication-algorithm round-robin;
    }
    }
    accounting {
    order radius;
    accounting-stop-on-failure;
    accounting-stop-on-access-deny;
    immediate-update;
    address-change-immediate-update;
    update-interval 10;
    statistics volume-time;
    }
    }
    address-assignment {
    neighbor-discovery-router-advertisement V6-WAN;
    pool V6-LAN {
    family inet6 {
    prefix 2xxx:1xxx:1080::/42;
    range 1 prefix-length 56;
    dhcp-attributes {
    maximum-lease-time 86400;
    dns-server {
    2xxx:1xxx:c00::2;
    2xxx:1xxx:c00::3;
    }
    }
    }
    }
    pool V6-WAN {
    family inet6 {
    prefix 2xxx:1xxx:1040::/42;
    range V6-NDRA {
    low 2xxx:1xxx:1040:0002:0000:0000:0000:0000/64;
    high 2xxx:1xxx:1040:0002:ffff:ffff:ffff:ffff/64;
    }
    }
    }
    pool V6-IA-NA {
    family inet6 {
    prefix 2xxx:1xxx:1006:2::/64;
    range V6-IA-NA {
    low 2xxx:1xxx:1006:2::2/128;
    high 2xxx:1xxx:1006:2::ffff/128;
    }
    dhcp-attributes {
    dns-server {
    2xxx:1xxx:c00::2;
    2xxx:1xxx:c00::3;
    }
    }
    }
    }
    pool V4-POOL-CGNAT {
    family inet {
    network 10.254.0.0/20;
    range V4-RANGE {
    low 10.254.0.1;
    high 10.254.15.255;
    }
    dhcp-attributes {
    maximum-lease-time 120;
    }
    }
    }
    }


    ------------------------------
    Bruno Cerqueira
    ------------------------------

    Attachment(s)

    txt
    config.txt   6 KB 1 version