Routing

 View Only
last person joined: 6 hours ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.

Subscriber Management - Non-DHCP (Static) mixed with DHCP triggers Subs

  • 1.  Subscriber Management - Non-DHCP (Static) mixed with DHCP triggers Subs

     
    Posted 04-13-2023 19:14

    Hello! my apologies for the long post -

    I've got a BNG heading a network with a stacked-VLAN DHCP configuration.  This works just fine, but we do have a subset of customers that have non-DHCP, static IP blocks (e.g. 10.100.14.0/28, 10.50.2.0/30).  What we do now is manually assign the first usable address on an IFL outside the stacked VLAN ranges, and then translate the inner VLAN at the access node (dslam/whatever it might be) to an inner-vlan that is outside the range.  This works, but is error prone and not scalable. I've tried a number of times, unsuccessfully, to come up with a better way to do this, and thought I'd ask the question here.

    Ideally, this would be assigned by RADIUS - but if I'm understanding the docs correctly, "Framed-Route" would only allow me to provide this block on the backside of a CPE, which the uplink interface has an address via DHCP.  I don't necessarily have a routed CPE, and would like the customer gateway to exist directly on the BNG.

    Is there an obvious way to do this that I'm missing?  Ideally I'd pass a different "Client-Profile-Name" or whatever the attribute is, and either a framed-route, or a/multiple framed-ip-addresses, and that would work.  Though honestly, just having a way to do this without swapping the vlan on the far end would be a huge improvement.  If I try to assign vlan-tags that are both in the range now, it either won't commit, or it's just very intermittent (and gave some ugly errors), depending on the software version.

    I'll put some example config (IP's replaced) to describe our BNG config below.  I appreciate any assistance.

    Thanks in advance!

    user@bng# show dynamic-profiles
    DP-DHCP-DEFAULT {
        routing-instances {
            "$junos-routing-instance" {
                interface "$junos-interface-name";
                routing-options {
                    access {
                        route $junos-framed-route-ip-address-prefix next-hop "$junos-framed-route-nexthop";
                    }
                }
            }
        }
        interfaces {
            demux0 {
                unit "$junos-interface-unit" {
                    proxy-arp;
                    targeted-distribution;
                    family inet {
                        filter {
                            input "$junos-input-filter";
                        }
                        unnumbered-address "$junos-loopback-interface";
                    }
                }
            }
        }
        protocols {
            router-advertisement {
                interface "$junos-interface-name";
            }
        }
        class-of-service {
            traffic-control-profiles {
                TCP-STANDARD {
                    scheduler-map MAP-INET-AND-VOICE;
                    shaping-rate "$junos-cos-shaping-rate";
                }
            }
            interfaces {
                "$junos-interface-ifd-name" {
                    unit "$junos-underlying-interface-unit" {
                        output-traffic-control-profile TCP-STANDARD;
                    }
                }
            }
            scheduler-maps {
                MAP-INET-AND-VOICE {
                    forwarding-class best-effort scheduler SCHEDULER-INET;
                    forwarding-class expedited-forwarding scheduler SCHEDULER-VOICE;
                }
            }
            schedulers {
                SCHEDULER-INET {
                    transmit-rate {
                        remainder;
                    }
                    priority low;
                }
                SCHEDULER-VOICE {
                    shaping-rate "$junos-cos-scheduler-shaping-rate";
                    priority strict-high;
                }
            }
        }
    }
    DP-VLAN-STACKED {
        interfaces {
            demux0 {
                unit "$junos-interface-unit" {
                    proxy-arp;
                    vlan-tags outer "$junos-stacked-vlan-id" inner "$junos-vlan-id";
                    demux-options {
                        underlying-interface "$junos-interface-ifd-name";
                    }
                    family inet {
                        unnumbered-address lo0.0 preferred-source-address 10.10.10.1;
                    }
                }
            }
        }
    }

    user@bng# show interfaces ae1
    description CA-BLUE;
    hierarchical-scheduler;
    flexible-vlan-tagging;
    auto-configure {
        stacked-vlan-ranges {
            dynamic-profile DP-VLAN-STACKED {
                accept [ any inet inet6 ];
                ranges {
                    2001-3999,1000-2999;
                }
            }
            authentication {
                password "$abc123";
                username-include {
                    interface-name;
                }
            }
        }
        remove-when-no-subscribers;
    }
    mtu 9000;
    encapsulation flexible-ethernet-services;
    aggregated-ether-options {
        minimum-links 1;
        link-speed 10g;
        lacp {
            active;
        }
    }
    unit 10000 {
        apply-groups br-25x25;
        description 123-456-7890;
        vlan-tags outer 2002 inner 100; # this would have been something like inner 1101, but is translated on the far end.
        family inet {
            address 10.100.20.1/30;
        }
    }

    user@bng# show access
    radius-server {
        10.255.255.254 {
            port 1812;
            accounting-port 1813;
            secret "removed"; ## SECRET-DATA
            timeout 44;
            retry 3;
            accounting-timeout 20;
            accounting-retry 6;
            source-address 10.1.1.1;
        }
    }
    profile AP-RADIUS {
        accounting-order radius;
        authentication-order radius;
        radius {
            authentication-server 10.255.255.254;
            accounting-server 10.255.255.254;
            options {
                client-authentication-algorithm round-robin;
            }
        }
        accounting {
            order radius;
            immediate-update;
            coa-immediate-update;
            address-change-immediate-update;
            update-interval 60;
            statistics volume-time;
        }
    }