Junos®OS
Broadband Subscriber Management SolutionsGuide
Release
10.4
Published: 2010-10-05
Copyright © 2010, Juniper Networks, Inc.
Juniper Networks, Inc.1194 North Mathilda AvenueSunnyvale, California 94089USA408-745-2000www.juniper.net
This product includes the Envoy SNMP Engine, developed by Epilogue Technology, an Integrated Systems Company. Copyright © 1986-1997,Epilogue Technology Corporation. All rights reserved. This program and its documentation were developed at private expense, and no partof them is in the public domain.
This product includes memory allocation software developed by Mark Moraes, copyright © 1988, 1989, 1993, University of Toronto.
This product includes FreeBSD software developed by the University of California, Berkeley, and its contributors. All of the documentationand software included in the 4.4BSD and 4.4BSD-Lite Releases is copyrighted by the Regents of the University of California. Copyright ©1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994. The Regents of the University of California. All rights reserved.
GateD software copyright © 1995, the Regents of the University. All rights reserved. Gate Daemon was originated and developed throughrelease 3.0 by Cornell University and its collaborators. Gated is based on Kirton’s EGP, UC Berkeley’s routing daemon (routed), and DCN’sHELLO routing protocol. Development of Gated has been supported in part by the National Science Foundation. Portions of the GateDsoftware copyright © 1988, Regents of the University of California. All rights reserved. Portions of the GateD software copyright © 1991, D.L. S. Associates.
This product includes software developed by Maker Communications, Inc., copyright © 1996, 1997, Maker Communications, Inc.
Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the UnitedStates and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All othertrademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify,transfer, or otherwise revise this publication without notice.
Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that areowned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312,6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.
Junos®OS Broadband Subscriber Management Solutions Guide
Release 10.4Copyright © 2010, Juniper Networks, Inc.All rights reserved. Printed in USA.
Writing: Mark BarnardEditing: Ben MannIllustration: Nathaniel Woodward, Mark BarnardCover Design: Edmonds Design
Revision HistoryOctober 2010—R1 Junos 10.4
The information in this document is current as of the date listed in the revision history.
YEAR 2000 NOTICE
Juniper Networks hardware and software products are Year 2000 compliant. The Junos OS has no known time-related limitations throughthe year 2038. However, the NTP application is known to have some difficulty in the year 2036.
Copyright © 2010, Juniper Networks, Inc.ii
ENDUSER LICENSE AGREEMENT
READ THIS ENDUSER LICENSE AGREEMENT (“AGREEMENT”) BEFORE DOWNLOADING, INSTALLING, ORUSING THE SOFTWARE.BY DOWNLOADING, INSTALLING, OR USING THE SOFTWARE OR OTHERWISE EXPRESSING YOUR AGREEMENT TO THE TERMSCONTAINED HEREIN, YOU (AS CUSTOMER OR IF YOU ARE NOT THE CUSTOMER, AS A REPRESENTATIVE/AGENT AUTHORIZED TOBIND THE CUSTOMER) CONSENT TO BE BOUND BY THIS AGREEMENT. IF YOU DO NOT OR CANNOT AGREE TO THE TERMS CONTAINEDHEREIN, THEN (A) DO NOT DOWNLOAD, INSTALL, OR USE THE SOFTWARE, AND (B) YOU MAY CONTACT JUNIPER NETWORKSREGARDING LICENSE TERMS.
1. The Parties. The parties to this Agreement are (i) Juniper Networks, Inc. (if the Customer’s principal office is located in the Americas) orJuniper Networks (Cayman) Limited (if the Customer’s principal office is located outside the Americas) (such applicable entity being referredto herein as “Juniper”), and (ii) the person or organization that originally purchased from Juniper or an authorized Juniper reseller the applicablelicense(s) for use of the Software (“Customer”) (collectively, the “Parties”).
2. The Software. In this Agreement, “Software” means the program modules and features of the Juniper or Juniper-supplied software, forwhich Customer has paid the applicable license or support fees to Juniper or an authorized Juniper reseller, or which was embedded byJuniper in equipment which Customer purchased from Juniper or an authorized Juniper reseller. “Software” also includes updates, upgradesand new releases of such software. “Embedded Software” means Software which Juniper has embedded in or loaded onto the Juniperequipment and any updates, upgrades, additions or replacements which are subsequently embedded in or loaded onto the equipment.
3. LicenseGrant.Subject to payment of the applicable fees and the limitations and restrictions set forth herein, Juniper grants to Customera non-exclusive and non-transferable license, without right to sublicense, to use the Software, in executable form only, subject to thefollowing use restrictions:
a. Customer shall use Embedded Software solely as embedded in, and for execution on, Juniper equipment originally purchased byCustomer from Juniper or an authorized Juniper reseller.
b. Customer shall use the Software on a single hardware chassis having a single processing unit, or as many chassis or processing unitsfor which Customer has paid the applicable license fees; provided, however, with respect to the Steel-Belted Radius or Odyssey AccessClient software only, Customer shall use such Software on a single computer containing a single physical random access memory spaceand containing any number of processors. Use of the Steel-Belted Radius or IMS AAA software on multiple computers or virtual machines(e.g., Solaris zones) requires multiple licenses, regardless of whether such computers or virtualizations are physically contained on a singlechassis.
c. Product purchase documents, paper or electronic user documentation, and/or the particular licenses purchased by Customer mayspecify limits to Customer’s use of the Software. Such limits may restrict use to a maximum number of seats, registered endpoints, concurrentusers, sessions, calls, connections, subscribers, clusters, nodes, realms, devices, links, ports or transactions, or require the purchase ofseparate licenses to use particular features, functionalities, services, applications, operations, or capabilities, or provide throughput,performance, configuration, bandwidth, interface, processing, temporal, or geographical limits. In addition, such limits may restrict the useof the Software to managing certain kinds of networks or require the Software to be used only in conjunction with other specific Software.Customer’s use of the Software shall be subject to all such limitations and purchase of all applicable licenses.
d. For any trial copy of the Software, Customer’s right to use the Software expires 30 days after download, installation or use of theSoftware. Customer may operate the Software after the 30-day trial period only if Customer pays for a license to do so. Customer may notextend or create an additional trial period by re-installing the Software after the 30-day trial period.
e. The Global Enterprise Edition of the Steel-Belted Radius software may be used by Customer only to manage access to Customer’senterprise network. Specifically, service provider customers are expressly prohibited from using the Global Enterprise Edition of theSteel-Belted Radius software to support any commercial network access services.
The foregoing license is not transferable or assignable by Customer. No license is granted herein to any user who did not originally purchasethe applicable license(s) for the Software from Juniper or an authorized Juniper reseller.
4. Use Prohibitions. Notwithstanding the foregoing, the license provided herein does not permit the Customer to, and Customer agreesnot to and shall not: (a) modify, unbundle, reverse engineer, or create derivative works based on the Software; (b) make unauthorizedcopies of the Software (except as necessary for backup purposes); (c) rent, sell, transfer, or grant any rights in and to any copy of theSoftware, in any form, to any third party; (d) remove any proprietary notices, labels, or marks on or in any copy of the Software or any productin which the Software is embedded; (e) distribute any copy of the Software to any third party, including as may be embedded in Juniperequipment sold in the secondhand market; (f) use any ‘locked’ or key-restricted feature, function, service, application, operation, or capabilitywithout first purchasing the applicable license(s) and obtaining a valid key from Juniper, even if such feature, function, service, application,operation, or capability is enabled without a key; (g) distribute any key for the Software provided by Juniper to any third party; (h) use the
iiiCopyright © 2010, Juniper Networks, Inc.
Software in any manner that extends or is broader than the uses purchased by Customer from Juniper or an authorized Juniper reseller; (i)use Embedded Software on non-Juniper equipment; (j) use Embedded Software (or make it available for use) on Juniper equipment thatthe Customer did not originally purchase from Juniper or an authorized Juniper reseller; (k) disclose the results of testing or benchmarkingof the Software to any third party without the prior written consent of Juniper; or (l) use the Software in any manner other than as expresslyprovided herein.
5. Audit. Customer shall maintain accurate records as necessary to verify compliance with this Agreement. Upon request by Juniper,Customer shall furnish such records to Juniper and certify its compliance with this Agreement.
6. Confidentiality. The Parties agree that aspects of the Software and associated documentation are the confidential property of Juniper.As such, Customer shall exercise all reasonable commercial efforts to maintain the Software and associated documentation in confidence,which at a minimum includes restricting access to the Software to Customer employees and contractors having a need to use the Softwarefor Customer’s internal business purposes.
7. Ownership. Juniper and Juniper’s licensors, respectively, retain ownership of all right, title, and interest (including copyright) in and tothe Software, associated documentation, and all copies of the Software. Nothing in this Agreement constitutes a transfer or conveyanceof any right, title, or interest in the Software or associated documentation, or a sale of the Software, associated documentation, or copiesof the Software.
8. Warranty, Limitation of Liability, Disclaimer ofWarranty. The warranty applicable to the Software shall be as set forth in the warrantystatement that accompanies the Software (the “Warranty Statement”). Nothing in this Agreement shall give rise to any obligation to supportthe Software. Support services may be purchased separately. Any such support shall be governed by a separate, written support servicesagreement. TO THE MAXIMUM EXTENT PERMITTED BY LAW, JUNIPER SHALL NOT BE LIABLE FOR ANY LOST PROFITS, LOSS OF DATA,OR COSTS OR PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR CONSEQUENTIAL DAMAGESARISING OUT OF THIS AGREEMENT, THE SOFTWARE, OR ANY JUNIPER OR JUNIPER-SUPPLIED SOFTWARE. IN NO EVENT SHALL JUNIPERBE LIABLE FOR DAMAGES ARISING FROM UNAUTHORIZED OR IMPROPER USE OF ANY JUNIPER OR JUNIPER-SUPPLIED SOFTWARE.EXCEPT AS EXPRESSLY PROVIDED IN THE WARRANTY STATEMENT TO THE EXTENT PERMITTED BY LAW, JUNIPER DISCLAIMS ANYAND ALL WARRANTIES IN AND TO THE SOFTWARE (WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE), INCLUDING ANYIMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. IN NO EVENT DOESJUNIPER WARRANT THAT THE SOFTWARE, OR ANY EQUIPMENT OR NETWORK RUNNING THE SOFTWARE, WILL OPERATE WITHOUTERROR OR INTERRUPTION, OR WILL BE FREE OF VULNERABILITY TO INTRUSION OR ATTACK. In no event shall Juniper’s or its suppliers’or licensors’ liability to Customer, whether in contract, tort (including negligence), breach of warranty, or otherwise, exceed the price paidby Customer for the Software that gave rise to the claim, or if the Software is embedded in another Juniper product, the price paid byCustomer for such other product. Customer acknowledges and agrees that Juniper has set its prices and entered into this Agreement inreliance upon the disclaimers of warranty and the limitations of liability set forth herein, that the same reflect an allocation of risk betweenthe Parties (including the risk that a contract remedy may fail of its essential purpose and cause consequential loss), and that the sameform an essential basis of the bargain between the Parties.
9. Termination. Any breach of this Agreement or failure by Customer to pay any applicable fees due shall result in automatic terminationof the license granted herein. Upon such termination, Customer shall destroy or return to Juniper all copies of the Software and relateddocumentation in Customer’s possession or control.
10. Taxes. All license fees payable under this agreement are exclusive of tax. Customer shall be responsible for paying Taxes arising fromthe purchase of the license, or importation or use of the Software. If applicable, valid exemption documentation for each taxing jurisdictionshall be provided to Juniper prior to invoicing, and Customer shall promptly notify Juniper if their exemption is revoked or modified. Allpayments made by Customer shall be net of any applicable withholding tax. Customer will provide reasonable assistance to Juniper inconnection with such withholding taxes by promptly: providing Juniper with valid tax receipts and other required documentation showingCustomer’s payment of any withholding taxes; completing appropriate applications that would reduce the amount of withholding tax tobe paid; and notifying and assisting Juniper in any audit or tax proceeding related to transactions hereunder. Customer shall comply withall applicable tax laws and regulations, and Customer will promptly pay or reimburse Juniper for all costs and damages related to anyliability incurred by Juniper as a result of Customer’s non-compliance or delay with its responsibilities herein. Customer’s obligations underthis Section shall survive termination or expiration of this Agreement.
11. Export. Customer agrees to comply with all applicable export laws and restrictions and regulations of any United States and anyapplicable foreign agency or authority, and not to export or re-export the Software or any direct product thereof in violation of any suchrestrictions, laws or regulations, or without all necessary approvals. Customer shall be liable for any such violations. The version of theSoftware supplied to Customer may contain encryption or other capabilities restricting Customer’s ability to export the Software withoutan export license.
Copyright © 2010, Juniper Networks, Inc.iv
12. Commercial Computer Software. The Software is “commercial computer software” and is provided with restricted rights. Use,duplication, or disclosure by the United States government is subject to restrictions set forth in this Agreement and as provided in DFARS227.7201 through 227.7202-4, FAR 12.212, FAR 27.405(b)(2), FAR 52.227-19, or FAR 52.227-14(ALT III) as applicable.
13. Interface Information. To the extent required by applicable law, and at Customer's written request, Juniper shall provide Customerwith the interface information needed to achieve interoperability between the Software and another independently created program, onpayment of applicable fee, if any. Customer shall observe strict obligations of confidentiality with respect to such information and shall usesuch information in compliance with any applicable terms and conditions upon which Juniper makes such information available.
14. Third Party Software.Any licensor of Juniper whose software is embedded in the Software and any supplier of Juniper whose productsor technology are embedded in (or services are accessed by) the Software shall be a third party beneficiary with respect to this Agreement,and such licensor or vendor shall have the right to enforce this Agreement in its own name as if it were Juniper. In addition, certain third partysoftware may be provided with the Software and is subject to the accompanying license(s), if any, of its respective owner(s). To the extentportions of the Software are distributed under and subject to open source licenses obligating Juniper to make the source code for suchportions publicly available (such as the GNU General Public License (“GPL”) or the GNU Library General Public License (“LGPL”)), Juniperwill make such source code portions (including Juniper modifications, as appropriate) available upon request for a period of up to threeyears from the date of distribution. Such request can be made in writing to Juniper Networks, Inc., 1194 N. Mathilda Ave., Sunnyvale, CA
94089, ATTN: General Counsel. You may obtain a copy of the GPL at http://www.gnu.org/licenses/gpl.html, and a copy of the LGPL
at http://www.gnu.org/licenses/lgpl.html .
15. Miscellaneous. This Agreement shall be governed by the laws of the State of California without reference to its conflicts of lawsprinciples. The provisions of the U.N. Convention for the International Sale of Goods shall not apply to this Agreement. For any disputesarising under this Agreement, the Parties hereby consent to the personal and exclusive jurisdiction of, and venue in, the state and federalcourts within Santa Clara County, California. This Agreement constitutes the entire and sole agreement between Juniper and the Customerwith respect to the Software, and supersedes all prior and contemporaneous agreements relating to the Software, whether oral or written(including any inconsistent terms contained in a purchase order), except that the terms of a separate written agreement executed by anauthorized Juniper representative and Customer shall govern to the extent such terms are inconsistent or conflict with terms containedherein. No modification to this Agreement nor any waiver of any rights hereunder shall be effective unless expressly assented to in writingby the party to be charged. If any portion of this Agreement is held invalid, the Parties agree that such invalidity shall not affect the validityof the remainder of this Agreement. This Agreement and associated documentation has been written in the English language, and theParties agree that the English version will govern. (For Canada: Les parties aux présentés confirment leur volonté que cette convention demême que tous les documents y compris tout avis qui s'y rattaché, soient redigés en langue anglaise. (Translation: The parties confirm thatthis Agreement and all related documentation is and will be in the English language)).
vCopyright © 2010, Juniper Networks, Inc.
Copyright © 2010, Juniper Networks, Inc.vi
Table of Contents
About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
JUNOS Documentation and Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii
Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii
Supported Routing Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Using the Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Using the Examples in This Manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Merging a Full Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Merging a Snippet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xx
Documentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xx
Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxii
Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxii
Self-Help Online Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiii
Opening a Case with JTAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiii
Part 1 Broadband Subscriber Management Overview
Chapter 1 Subscriber Management Basics Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Broadband Subscriber Management Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Broadband Subscriber Management Platform Support . . . . . . . . . . . . . . . . . . . . . 4
Broadband Subscriber Management Network Topology Overview . . . . . . . . . . . . . 4
Broadband Subscriber Management Solutions Terms and Acronyms . . . . . . . . . . 5
Supporting Documentation for Broadband Subscriber Management . . . . . . . . . . . 7
Triple Play and Multiplay Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Chapter 2 Residential Broadband Technology Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Broadband History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
PPP in Broadband Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
DHCP in Broadband Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Broadband Service Delivery Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Digital Subscriber Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Active Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Passive Optical Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Hybrid Fiber Coaxial . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Broadband Delivery and FTTx . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
viiCopyright © 2010, Juniper Networks, Inc.
Chapter 3 Broadband Subscriber Management Solution Hardware Overview . . . . . . 15
Broadband Subscriber Management Edge Router Overview . . . . . . . . . . . . . . . . . 15
Broadband Services Router Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
High-Speed Internet Access Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
IPTV Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Video Services Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Services Router Placement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Single Edge Placement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Multiedge Placement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Multiservice Access Node Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Ethernet MSAN Aggregation Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Direct Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Ethernet Aggregation Switch Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Ring Aggregation Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Chapter 4 Broadband Subscriber Management Solution Software Overview . . . . . . . 21
Broadband Subscriber Management VLAN Architecture Overview . . . . . . . . . . . . 21
Broadband Subscriber Management VLANs Across an MSAN . . . . . . . . . . . . 22
Customer VLANs and Ethernet Aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . 22
VLANs and Residential Gateways . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Broadband Subscriber Management IGMP Model Overview . . . . . . . . . . . . . . . . . 23
DHCP and Broadband Subscriber Management Overview . . . . . . . . . . . . . . . . . . 24
Extended DHCP Local Server and Broadband Subscriber Management
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Extended DHCP Relay and Broadband Subscriber Management
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
AAA Service Framework and Broadband Subscriber Management Overview . . . 25
Class of Service and Broadband Subscriber Management Overview . . . . . . . . . . 25
Policy and Control for Broadband Subscriber Management Overview . . . . . . . . . 26
Chapter 5 Broadband Subscriber ManagementWholesale Overview . . . . . . . . . . . . . . 27
Layer 2 and Layer 3 Wholesale Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
PPPoE Layer 3 Wholesale Configuration Interface Support . . . . . . . . . . . . . . . . . . 28
DHCP Layer 3 Wholesale Configuration Interface Support . . . . . . . . . . . . . . . . . . 28
Layer 3 Wholesale Configuration DHCP Support . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Subscriber to Logical System and Routing Instance Relationship . . . . . . . . . . . . . 29
RADIUS VSAs and Broadband Subscriber Management Wholesale Configuration
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Part 2 Configuring Broadband Subscriber Management Solutions
Chapter 6 Broadband Subscriber Management Configuration Overview . . . . . . . . . . . 35
Broadband Subscriber Management Solution Topology and Configuration
Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Subscriber Management Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Copyright © 2010, Juniper Networks, Inc.viii
Junos 10.4 Broadband Subscriber Management Solutions Guide
Chapter 7 Configuring a Basic Triple Play Subscriber Management Network . . . . . . . 37
Triple Play Subscriber Management Network Topology Overview . . . . . . . . . . . . . 37
Configuring Top-Level Broadband Subscriber Management Elements . . . . . . . . 38
Configuring a Loopback Interface for the Broadband Subscriber Management
Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Configuring Static Customer VLANs for the Broadband Subscriber Management
Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Configuring Dynamic Customer VLANs for the Broadband Subscriber
Management Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Configuring a Global Class of Service Profile for the Subscriber Management
Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Configuring a Class of Service Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Configuring CoS Fowarding Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Configuring CoS Schedulers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Configuring Scheduler Maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Configuring CoS Classifiers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Configuring CoS Interface Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Configuring Dynamic Firewall Filter Services for Use in Dynamic Profiles . . . . . . . 49
Configuring AAA Service Framework for the Broadband Subscriber Management
Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Configuring RADIUS Server Access Information . . . . . . . . . . . . . . . . . . . . . . . 50
Configuring RADIUS Server Access Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Configuring Address Server Elements for the Broadband Subscriber Management
Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Configuring an Address Assignment Pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Configuring Extended DHCP Local Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Configuring a PPPoE Dynamic Profile for the Triple Play Solution . . . . . . . . . . . . . 54
Configuring a DHCP Dynamic Profile for the Triple Play Solution . . . . . . . . . . . . . 56
Chapter 8 Broadband Subscriber Management DHCP Layer 3Wholesale NetworkConfiguration Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Broadband Subscriber Management DHCP Layer 3 Wholesale Topology and
Configuration Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Chapter 9 Configuring the Broadband Subscriber Management DHCP Layer 3Wholesale Network Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
DHCP Layer 3 Wholesale Network Topology Overview . . . . . . . . . . . . . . . . . . . . . . 61
Configuring Loopback Interfaces for the DHCP Layer 3 Wholesale Solution . . . . 62
Configuring VLANs for the DHCP Layer 3 Wholesale Network Solution . . . . . . . . 64
Configuring Static Customer VLANs for the DHCP Layer 3 Wholesale Network
Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Configuring Dynamic Customer VLANs for the Wholesale Network
Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Configuring Access Components for the DHCP Wholesale Network Solution . . . 67
Configuring RADIUS Server Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Configuring a DHCP Wholesaler Access Profile . . . . . . . . . . . . . . . . . . . . . . . . 67
Configuring DHCP Retailer Access Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
ixCopyright © 2010, Juniper Networks, Inc.
Table of Contents
Configuring Dynamic Profiles for the DHCP Layer 3 Wholesale Network
Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Configuring a Wholesale Dynamic Profile for use in the DHCP Solution . . . . 69
Configuring a Retail Dynamic Profile for use in the DHCP Solution . . . . . . . . 69
Configuring Separate Routing Instances for DHCP Service Retailers . . . . . . . . . . 70
Configure Default Forwarding Options for the DHCP Wholesale Network
Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Chapter 10 Broadband Subscriber Management DHCP Layer 3Wholesale NetworkConfiguration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Example: Wholesaler Dynamic Profile for a DHCP Wholesale Network . . . . . . . . 75
Example: Retailer Dynamic Profile for a DHCP Wholesale Network . . . . . . . . . . . 76
Example: Default Forwarding Options Configuration for the DHCP Wholesale
Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Example: Retailer Routing Instances for a DHCP Wholesale Network . . . . . . . . . . 77
Chapter 11 Broadband Subscriber Management PPPoE Layer 3Wholesale NetworkConfiguration Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Broadband Subscriber Management PPPoE Layer 3 Wholesale Topology and
Configuration Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Chapter 12 Configuring the Broadband Subscriber Management PPPoE Layer 3Wholesale Network Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
PPPoE Layer 3 Wholesale Network Topology Overview . . . . . . . . . . . . . . . . . . . . 83
Configuring Loopback Interfaces for the PPPoE Layer 3 Wholesale Solution . . . . 84
Configuring Static Customer VLANs for the PPPoE Layer 3 Wholesale Network
Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Configuring Access Components for the PPPoE Wholesale Network Solution . . 86
Configuring RADIUS Server Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Configuring a PPPoE Wholesaler Access Profile . . . . . . . . . . . . . . . . . . . . . . . 87
Configuring PPPoE Retailer Access Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Configuring Dynamic Profiles for the PPPoE Layer 3 Wholesale Network
Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Configuring a Wholesale Dynamic Profile for use in the PPPoE Solution . . . 89
Configuring Separate Routing Instances for PPPoE Service Retailers . . . . . . . . . . 90
Chapter 13 Broadband Subscriber Management PPPoEWholesale NetworkConfiguration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Example: Wholesaler Dynamic Profile for a PPPoE Wholesale Network . . . . . . . 93
Example: Retailer Routing Instances for a PPPoE Wholesale Network . . . . . . . . . 94
Chapter 14 Broadband Subscriber Management Layer 2Wholesale NetworkConfiguration Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Broadband Subscriber Management Layer 2 Wholesale Topology and
Configuration Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Chapter 15 Configuring the Broadband Subscriber Management Layer 2WholesaleNetwork Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Layer 2 Wholesale Network Topology Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Configuring a Retail Dynamic Profile for use in the Layer 2 Wholesale
Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Stacking and Rewriting VLAN Tags for the Layer 2 Wholesale Solution . . . . . . . . 99
Copyright © 2010, Juniper Networks, Inc.x
Junos 10.4 Broadband Subscriber Management Solutions Guide
Configuring VLAN Interfaces for the Layer 2 Wholesale Solution . . . . . . . . . . . . . 102
Configuring Encapsulation for Layer 2 Wholesale VLAN Interfaces . . . . . . . . . . . 103
Configuring Separate Routing Instances for Layer 2 Wholesale Service
Retailers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Configuring Access Components for the Layer 2 Wholesale Network
Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Configuring RADIUS Server Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Configuring a Layer 2 Wholesaler Access Profile . . . . . . . . . . . . . . . . . . . . . . 106
Chapter 16 Broadband Subscriber Management Layer 2Wholesale NetworkConfiguration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Example: Retailer Dynamic Profile for a Layer 2 Wholesale Network . . . . . . . . . 109
Example: Access Interface for a Layer 2 Wholesale Network . . . . . . . . . . . . . . . . 109
Example: Retailer Routing Instances for a Layer 2 Wholesale Network . . . . . . . . 110
Part 3 Monitoring Broadband Subscriber Management Solutions
Chapter 17 Related Broadband Subscriber Management CLI Commands . . . . . . . . . . 113
Subscriber Management AAA and DHCP CLI Commands . . . . . . . . . . . . . . . . . . 113
Subscriber Management DHCP Local Server CLI Commands . . . . . . . . . . . . . . . . 113
Subscriber Management DHCP Relay CLI Commands . . . . . . . . . . . . . . . . . . . . . 114
Subscriber Management Interface CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . 114
Subscriber Management Dynamic Protocol CLI Commands . . . . . . . . . . . . . . . . 115
Subscriber Management Subscriber CLI Commands . . . . . . . . . . . . . . . . . . . . . . 115
Part 4 Index
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
xiCopyright © 2010, Juniper Networks, Inc.
Table of Contents
Copyright © 2010, Juniper Networks, Inc.xii
Junos 10.4 Broadband Subscriber Management Solutions Guide
List of Figures
Part 1 Broadband Subscriber Management Overview
Chapter 1 Subscriber Management Basics Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Figure 1: Subscriber Management Residential Broadband Network Example . . . . . 5
Chapter 3 Broadband Subscriber Management Solution Hardware Overview . . . . . . 15
Figure 2: Choosing an MSAN Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Part 2 Configuring Broadband Subscriber Management Solutions
Chapter 6 Broadband Subscriber Management Configuration Overview . . . . . . . . . . . 35
Figure 3: Basic Subscriber Management Solution Topology for a DHCP Subscriber
Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Chapter 7 Configuring a Basic Triple Play Subscriber Management Network . . . . . . . 37
Figure 4: Triple Play Network Reference Topology . . . . . . . . . . . . . . . . . . . . . . . . . 38
Chapter 8 Broadband Subscriber Management DHCP Layer 3Wholesale NetworkConfiguration Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Figure 5: Basic Subscriber Management Layer 3 Wholesale Solution
Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Chapter 9 Configuring the Broadband Subscriber Management DHCP Layer 3Wholesale Network Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Figure 6: DHCP Layer 3 Wholesale Network Reference Topology . . . . . . . . . . . . . 62
Chapter 11 Broadband Subscriber Management PPPoE Layer 3Wholesale NetworkConfiguration Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Figure 7: Basic Subscriber Management PPPoE Layer 3 Wholesale Solution
Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Chapter 12 Configuring the Broadband Subscriber Management PPPoE Layer 3Wholesale Network Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Figure 8: PPPoE Layer 3 Wholesale Network Reference Topology . . . . . . . . . . . . 84
Chapter 14 Broadband Subscriber Management Layer 2Wholesale NetworkConfiguration Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Figure 9: Basic Subscriber Management Layer 2 Wholesale Solution
Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Chapter 15 Configuring the Broadband Subscriber Management Layer 2WholesaleNetwork Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Figure 10: Layer 2 Wholesale Network Reference Topology . . . . . . . . . . . . . . . . . . 98
xiiiCopyright © 2010, Juniper Networks, Inc.
Copyright © 2010, Juniper Networks, Inc.xiv
Junos 10.4 Broadband Subscriber Management Solutions Guide
List of Tables
About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
Table 1: Notice Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi
Table 2: Text and Syntax Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi
Part 1 Broadband Subscriber Management Overview
Chapter 1 Subscriber Management Basics Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Table 3: Triple Play and Multiplay Comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Chapter 3 Broadband Subscriber Management Solution Hardware Overview . . . . . . 15
Table 4: Ethernet MSAN Aggregation Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Chapter 5 Broadband Subscriber ManagementWholesale Overview . . . . . . . . . . . . . . 27
Table 5: Required Juniper Networks VSAs for the Broadband Subscriber
Management Wholesale Network Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Part 2 Configuring Broadband Subscriber Management Solutions
Chapter 7 Configuring a Basic Triple Play Subscriber Management Network . . . . . . . 37
Table 6: Class of Service Queue Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Chapter 15 Configuring the Broadband Subscriber Management Layer 2WholesaleNetwork Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Table 7: Rewrite Operations on Single-Tagged and Dual-Tagged Frames . . . . . 100
Table 8: Applying Rewrite Operations to VLAN Maps . . . . . . . . . . . . . . . . . . . . . . 100
Table 9: Encapsulation Combinations for Layer 2 Wholesale Interfaces . . . . . . . 103
Part 3 Monitoring Broadband Subscriber Management Solutions
Chapter 17 Related Broadband Subscriber Management CLI Commands . . . . . . . . . . 113
Table 10: Subscriber Management AAA and Address Assignment Pools CLI
Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Table 11: Subscriber Management DHCP Local Server CLI Commands . . . . . . . . 114
Table 12: Subscriber Management DHCP Relay CLI Commands . . . . . . . . . . . . . . 114
Table 13: Subscriber Management Interface CLI Commands . . . . . . . . . . . . . . . . 114
Table 14: Subscriber Management Dynamic Protocol CLI Commands . . . . . . . . . 115
Table 15: Subscriber Management Subscriber CLI Commands . . . . . . . . . . . . . . . 115
xvCopyright © 2010, Juniper Networks, Inc.
Copyright © 2010, Juniper Networks, Inc.xvi
Junos 10.4 Broadband Subscriber Management Solutions Guide
About This Guide
This preface provides the following guidelines for using the Junos®OS Broadband
Subscriber Management Solutions Guide:
• JUNOS Documentation and Release Notes on page xvii
• Objectives on page xviii
• Audience on page xviii
• Supported Routing Platforms on page xix
• Using the Index on page xix
• Using the Examples in This Manual on page xix
• Documentation Conventions on page xx
• Documentation Feedback on page xxii
• Requesting Technical Support on page xxii
JUNOSDocumentation and Release Notes
For a list of related JUNOS documentation, see
http://www.juniper.net/techpubs/software/junos/ .
If the information in the latest release notes differs from the information in the
documentation, follow the JUNOS Release Notes.
To obtain the most current version of all Juniper Networks®
technical documentation,
see the product documentation page on the Juniper Networks website at
http://www.juniper.net/techpubs/.
Juniper Networks supports a technical book program to publish books by Juniper Networks
engineers and subject matter experts with book publishers around the world. These
books go beyond the technical documentation to explore the nuances of network
architecture, deployment, and administration using the Junos operating system (Junos
OS) and Juniper Networks devices. In addition, the Juniper Networks Technical Library,
published in conjunction with O'Reilly Media, explores improving network security,
reliability, and availability using Junos OS configuration techniques. All the books are for
sale at technical bookstores and book outlets around the world. The current list can be
viewed at http://www.juniper.net/books .
xviiCopyright © 2010, Juniper Networks, Inc.
Objectives
This guide provides an overview of broadband subscriber management using Junos OS
and describes how to configure and manage remote subscribers on the routing platform.
NOTE: For additional information about Junos OS—either corrections to orinformation thatmight have been omitted from this guide—see the softwarerelease notes at http://www.juniper.net.
Audience
This guide is designed for network administrators who are configuring and monitoring a
Juniper Networks MX Series Ethernet Services Router.
To use this guide, you need a broad understanding of networks in general, the Internet
in particular, networking principles, and network configuration. You must also be familiar
with one or more of the following Internet routing protocols:
• Border Gateway Protocol (BGP)
• Distance Vector Multicast Routing Protocol (DVMRP)
• Intermediate System-to-Intermediate System (IS-IS)
• Internet Control Message Protocol (ICMP) router discovery
• Internet Group Management Protocol (IGMP)
• Multiprotocol Label Switching (MPLS)
• Open Shortest Path First (OSPF)
• Protocol-Independent Multicast (PIM)
• Resource Reservation Protocol (RSVP)
• Routing Information Protocol (RIP)
• Simple Network Management Protocol (SNMP)
Personnel operating the equipment must be trained and competent; must not conduct
themselves in a careless, willfully negligent, or hostile manner; and must abide by the
instructions provided by the documentation.
Copyright © 2010, Juniper Networks, Inc.xviii
Junos 10.4 Broadband Subscriber Management Solutions Guide
Supported Routing Platforms
For the features described in this manual, the Junos OS currently supports the following
router:
• MX Series Ethernet Services Router
Using the Index
This reference contains a complete index that includes topic entries.
Using the Examples in This Manual
If you want to use the examples in this manual, you can use the loadmerge or the load
merge relative command. These commands cause the software to merge the incoming
configuration into the current candidate configuration. If the example configuration
contains the top level of the hierarchy (or multiple hierarchies), the example is a full
example. In this case, use the loadmerge command.
If the example configuration does not start at the top level of the hierarchy, the example
is a snippet. In this case, use the loadmerge relative command. These procedures are
described in the following sections.
Merging a Full Example
To merge a full example, follow these steps:
1. From the HTML or PDF version of the manual, copy a configuration example into a
text file, save the file with a name, and copy the file to a directory on your routing
platform.
For example, copy the following configuration to a file and name the file ex-script.conf.
Copy the ex-script.conf file to the /var/tmp directory on your routing platform.
system {scripts {commit {file ex-script.xsl;
}}
}interfaces {fxp0 {disable;unit 0 {family inet {address 10.0.0.1/24;
}}
}}
xixCopyright © 2010, Juniper Networks, Inc.
About This Guide
2. Merge the contents of the file into your routing platform configuration by issuing the
loadmerge configuration mode command:
[edit]user@host# loadmerge /var/tmp/ex-script.confload complete
Merging a Snippet
To merge a snippet, follow these steps:
1. From the HTML or PDF version of the manual, copy a configuration snippet into a text
file, save the file with a name, and copy the file to a directory on your routing platform.
For example, copy the following snippet to a file and name the file
ex-script-snippet.conf. Copy the ex-script-snippet.conf file to the /var/tmp directory
on your routing platform.
commit {file ex-script-snippet.xsl; }
2. Move to the hierarchy level that is relevant for this snippet by issuing the following
configuration mode command:
[edit]user@host# edit system scripts[edit system scripts]
3. Merge the contents of the file into your routing platform configuration by issuing the
loadmerge relative configuration mode command:
[edit system scripts]user@host# loadmerge relative /var/tmp/ex-script-snippet.confload complete
For more information about the load command, see the Junos OS CLI User Guide.
Documentation Conventions
Table 1 on page xxi defines notice icons used in this guide.
Copyright © 2010, Juniper Networks, Inc.xx
Junos 10.4 Broadband Subscriber Management Solutions Guide
Table 1: Notice Icons
DescriptionMeaningIcon
Indicates important features or instructions.Informational note
Indicates a situation that might result in loss of data or hardware damage.Caution
Alerts you to the risk of personal injury or death.Warning
Alerts you to the risk of personal injury from a laser.Laser warning
Table 2 on page xxi defines the text and syntax conventions used in this guide.
Table 2: Text and Syntax Conventions
ExamplesDescriptionConvention
To enter configuration mode, type theconfigure command:
user@host> configure
Represents text that you type.Bold text like this
user@host> show chassis alarms
No alarms currently active
Represents output that appears on theterminal screen.
Fixed-width text like this
• A policy term is a named structurethat defines match conditions andactions.
• Junos System Basics ConfigurationGuide
• RFC 1997,BGPCommunities Attribute
• Introduces important new terms.
• Identifies book names.
• Identifies RFC and Internet draft titles.
Italic text like this
Configure the machine’s domain name:
[edit]root@# set system domain-namedomain-name
Represents variables (options for whichyou substitute a value) in commands orconfiguration statements.
Italic text like this
• To configure a stub area, include thestub statement at the [edit protocolsospf area area-id] hierarchy level.
• The console port is labeledCONSOLE.
Represents names of configurationstatements, commands, files, anddirectories; IP addresses; configurationhierarchy levels; or labels on routingplatform components.
Text like this
stub <default-metricmetric>;Enclose optional keywords or variables.< > (angle brackets)
xxiCopyright © 2010, Juniper Networks, Inc.
About This Guide
Table 2: Text and Syntax Conventions (continued)
ExamplesDescriptionConvention
broadcast | multicast
(string1 | string2 | string3)
Indicates a choice between the mutuallyexclusive keywords or variables on eitherside of the symbol. The set of choices isoften enclosed in parentheses for clarity.
| (pipe symbol)
rsvp { # Required for dynamicMPLS onlyIndicates a comment specified on thesame line as the configuration statementto which it applies.
# (pound sign)
community namemembers [community-ids ]
Enclose a variable for which you cansubstitute one or more values.
[ ] (square brackets)
[edit]routing-options {static {route default {nexthop address;retain;
}}
}
Identify a level in the configurationhierarchy.
Indention and braces ( { } )
Identifies a leaf statement at aconfiguration hierarchy level.
; (semicolon)
J-Web GUI Conventions
• In the Logical Interfaces box, selectAll Interfaces.
• To cancel the configuration, clickCancel.
Represents J-Web graphical userinterface (GUI) items you click or select.
Bold text like this
In the configuration editor hierarchy,select Protocols>Ospf.
Separates levels in a hierarchy of J-Webselections.
> (bold right angle bracket)
Documentation Feedback
We encourage you to provide feedback, comments, and suggestions so that we can
improve the documentation. You can send your comments to
[email protected], or fill out the documentation feedback form at
https://www.juniper.net/cgi-bin/docbugreport/. If you are using e-mail, be sure to include
the following information with your comments:
• Document or topic name
• URL or page number
• Software release version (if applicable)
Requesting Technical Support
Technical product support is available through the Juniper Networks Technical Assistance
Center (JTAC). If you are a customer with an active J-Care or JNASC support contract,
Copyright © 2010, Juniper Networks, Inc.xxii
Junos 10.4 Broadband Subscriber Management Solutions Guide
or are covered under warranty, and need postsales technical support, you can access
our tools and resources online or open a case with JTAC.
• JTAC policies—For a complete understanding of our JTAC procedures and policies,
review the JTAC User Guide located at
http://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf .
• Product warranties—For product warranty information, visit
http://www.juniper.net/support/warranty/ .
• JTAC Hours of Operation —The JTAC centers have resources available 24 hours a day,
7 days a week, 365 days a year.
Self-Help Online Tools and Resources
For quick and easy problem resolution, Juniper Networks has designed an online
self-service portal called the Customer Support Center (CSC) that provides you with the
following features:
• Find CSC offerings: http://www.juniper.net/customers/support/
• Find product documentation: http://www.juniper.net/techpubs/
• Find solutions and answer questions using our Knowledge Base: http://kb.juniper.net/
• Download the latest versions of software and review release notes:
http://www.juniper.net/customers/csc/software/
• Search technical bulletins for relevant hardware and software notifications:
https://www.juniper.net/alerts/
• Join and participate in the Juniper Networks Community Forum:
http://www.juniper.net/company/communities/
• Open a case online in the CSC Case Management tool: http://www.juniper.net/cm/
To verify service entitlement by product serial number, use our Serial Number Entitlement
(SNE) Tool: https://tools.juniper.net/SerialNumberEntitlementSearch/
Opening a Casewith JTAC
You can open a case with JTAC on the Web or by telephone.
• Use the Case Management tool in the CSC at http://www.juniper.net/cm/ .
• Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).
For international or direct-dial options in countries without toll-free numbers, visit us at
http://www.juniper.net/support/requesting-support.html
xxiiiCopyright © 2010, Juniper Networks, Inc.
About This Guide
Copyright © 2010, Juniper Networks, Inc.xxiv
Junos 10.4 Broadband Subscriber Management Solutions Guide
PART 1
Broadband Subscriber ManagementOverview
• Subscriber Management Basics Overview on page 3
• Residential Broadband Technology Overview on page 9
• Broadband Subscriber Management Solution Hardware Overview on page 15
• Broadband Subscriber Management Solution Software Overview on page 21
• Broadband Subscriber Management Wholesale Overview on page 27
1Copyright © 2010, Juniper Networks, Inc.
Copyright © 2010, Juniper Networks, Inc.2
Junos 10.4 Broadband Subscriber Management Solutions Guide
CHAPTER 1
SubscriberManagementBasicsOverview
• Broadband Subscriber Management Overview on page 3
• Broadband Subscriber Management Platform Support on page 4
• Broadband Subscriber Management Network Topology Overview on page 4
• Broadband Subscriber Management Solutions Terms and Acronyms on page 5
• Supporting Documentation for Broadband Subscriber Management on page 7
• Triple Play and Multiplay Overview on page 8
Broadband Subscriber Management Overview
Broadband Subscriber Management is a method of dynamically provisioning and
managing subscriber access in a multiplay or triple play network environment. This
method uses AAA configuration in conjunction with dynamic profiles to provide dynamic,
per-subscriber authentication, addressing, access, and configuration for a host of
broadband services including Internet access, gaming, IPTV, Video on Demand (VoD),
and subscriber wholesaling.
NOTE: The Junos broadband subscriber management solution currentlysupports Dynamic Host Configuration Protocols (DHCP)-based andPoint-to-Point Protocol /Point-to-Point Protocol over Ethernet(PPP/PPPoE)-based configuration and RADIUS authentication andauthorization.
This guide focuses on the general components necessary for configuring a Juniper
Networks MX Series Ethernet Services Router to dynamically provision and manage
subscribers. However, you can also use a Juniper Networks EX Series Ethernet Switch in
a subscriber network.
Managing subscribers in a DHCP-based or PPP/PPPoE-based residential broadband
network using an MX Series router requires the following:
• Planning and configuring a virtual LAN (VLAN) architecture for the access network.
• Configuring an authentication, authorization, and accounting (AAA) framework for
subscriber authentication and authorization through external servers (for example,
RADIUS) as well as accounting and dynamic-request change of authorization (CoA)
3Copyright © 2010, Juniper Networks, Inc.
and disconnect operations through external servers, and address assignment through
a combination of local address-assignment pools and RADIUS.
• Configuring DHCP local server or DHCP relay for subscriber address assignment for
DHCP-based networks.
• Configuring address assignment pools for PPPoE-based networks.
• Configuring dynamic profiles to include dynamic IGMP, firewall filter, and class of
service (CoS) configuration for subscriber access.
• Configuring multicast access to the core network.
To better understand the subscriber access network, this guide also provides general
information about some hardware not from Juniper Networks and suggests methods for
choosing different network configuration options. You can configure a subscriber network
in many different ways. This guide does not cover all configuration scenarios. It is intended
as a starting point for understanding subscriber management and how you can use
Juniper Networks hardware and software to plan and build your own subscriber
management solution.
RelatedDocumentation
Broadband Subscriber Management Platform Support on page 4•
• Broadband Subscriber Management Network Topology Overview on page 4
• Broadband Subscriber Management Solutions Terms and Acronyms on page 5
• Supporting Documentation for Broadband Subscriber Management on page 7
• Triple Play and Multiplay Overview on page 8
• Broadband History on page 9
Broadband Subscriber Management Platform Support
Juniper Networks currently supports DHCP and PPP/PPPoE broadband subscriber
management solutions on MX Series routers and PPP/PPPoE broadband subscriber
management solutions on M120 and M320 routers.
NOTE: This guide describes configuration onMX Series routers.
RelatedDocumentation
Broadband Subscriber Management Overview on page 3•
• Broadband Subscriber Management Edge Router Overview on page 15
Broadband Subscriber Management Network Topology Overview
Figure 1 on page 5 illustrates how network elements can make up a residential broadband
access network.
Copyright © 2010, Juniper Networks, Inc.4
Junos 10.4 Broadband Subscriber Management Solutions Guide
Figure 1: Subscriber Management Residential Broadband NetworkExample
Super CoreEdge Access Metro Core Super Head-End
VHO/Regional Data Center
VSO/Central Office
VSR andAggregation
Switch
Video
SIP
BSR
Apps
g016
989
MSAN
MX SeriesMX SeriesMX Series
MX SeriesMX SeriesMX Series
MX Series
EX Series
EX Series
RelatedDocumentation
Broadband Subscriber Management Overview on page 3•
Broadband Subscriber Management Solutions Terms and Acronyms
• AAA(authentication,authorization,andaccounting)—An IP-based networking system
that controls user access to computer resources and manages the activity of users
over a network.
• ASM (Any SourceMulticast)—A method of allowing a multicast receiver to listen to
all traffic sent to a multicast group, regardless of its source.
• BSR (broadband services router)—A router used for subscriber management and
edge routing.
• CoA (change of authorization)—RADIUS messages that contain information for
dynamically changing session authorizations.
• CoS (class of service)—A method of managing network traffic by grouping similar
types of traffic together and treating each traffic type as a “class” with a defined service
priority.
• DHCP (Dynamic Host Configuration Protocol )—A mechanism through which hosts
using TCP/IP can obtain protocol configuration parameters automatically from a DHCP
server on the network; allocates IP addresses dynamically so that they can be reused
when no longer needed.
• IGMP (Internet GroupMembership Protocol)—A host to router signaling protocol for
IPv4 used to support IP multicasting.
5Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Subscriber Management Basics Overview
• IS-IS (Intermediate System-to-Intermediate System)—A link-state, interior gateway
routing protocol (IGRP) for IP networks that uses the shortest-path-first (SPF) algorithm
to determine routes.
• LSP (label-switched path)—The path traversed by a packet that is routed by MPLS.
Some LSPs act as tunnels. LSPs are unidirectional, carrying traffic only in the
downstream direction from an ingress node to an egress node.
• MPLS(Multiprotocol LabelSwitching)—A mechanism for engineering network traffic
patterns that functions by assigning to network packets short labels that describe how
to forward the packets through the network.
• MSAN (multiservice access node)—A group of commonly used aggregation devices
including digital subscriber line access multiplexers (DSLAMs) used in xDSL networks,
optical line termination (OLT) for PON/FTTx networks, and Ethernet switches for
Active Ethernet connections.
• Multiplay—A networking paradigm that enables the ability to add new and robust
networking services that individual subscriber can access.
• OIF (outgoing interface)—An interface used by multicast functions within a router to
determine which egress ports to use for fowarding multicast groups.
• OSPF (Open Shortest Path First)—A link-state interior gateway protocol (IGP) that
makes routing decisions based on the shortest-path-first (SPF) algorithm (also referred
to as the Dijkstra algorithm).
• PIM(Protocol IndependentMulticast)—A multicast routing protocol used for delivering
multicast messages in a routed environment.
• PPP (Point-to-Point Protocol)—Link-layer protocol that provides multiprotocol
encapsulation. PPP is used for link-layer and network-layer configuration. Provides a
standard method for transporting multiprotocol datagrams over point-to-point links.
• PPPoE(Point-to-PointProtocoloverEthernet)—Network protocol that encapsulates
PPP frames in Ethernet frames and connects multiple hosts over a simple bridging
access device to a remote access concentrator.
• RADIUS (Remote Authentication Dial In User Service)—A networking protocol that
provides centralized access, authorization, and accounting management for subscribers
to connect and use a network service.
• Residential gateway—A firewall, Network Address Translation (NAT) router, or other
routing device used as a customer premises equipment (CPE) terminator in the home,
office, or local point of presence (POP).
• SSM (single-sourcemulticast)—A routing method that allows a multicast receiver
to detect only a specifically identified sender within a multicast group.
• set-top box—The end host or device used to receive IPTV video streams.
• Triple play—A networking paradigm that dedicates bandwidth to data, voice, and
video service.
Copyright © 2010, Juniper Networks, Inc.6
Junos 10.4 Broadband Subscriber Management Solutions Guide
• VOD(videoondemand)—A unicast streaming video offering by service providers that
enables the reception of an isolated video session per user with rewind, pause, and
similar VCR-like capabilities.
• VSR (video services router)—A router used in a video services network to route video
streams between an access network and a metro or core network. The video services
router is any M Series Multiservice Edge Router or MX Series router that supports the
video routing package provided with Junos OS Release 8.3 or later.
RelatedDocumentation
Broadband Subscriber Management Overview on page 3•
Supporting Documentation for Broadband Subscriber Management
The JunosOSBroadbandSubscriberManagementSolutionsGuide relies heavily on existing
configuration documentation. In particular, this guide references configuration material
presented in the Junos OS Subscriber Access Configuration Guide. We recommend you
become familiar with the configuration options presented for subscriber access before
reading this guide.
Several guides in the Junos OS documentation set provide detailed configuration
information that is not fully covered in this guide. This guide might reference other Junos
OS configuration and solutions documents that can provide more detail about a specific
feature or configuration option.
For more detailed configuration information, see the following Junos OS documents:
• Junos OS Subscriber Access Configuration Guide
• Junos OS Layer 2 Configuration Guide
• Junos OSMulticast Protocols Configuration Guide
• Junos OS Network Interfaces Configuration Guide
• Junos OS Policy Framework Configuration Guide
For other solution examples, see the following Junos OS solutions guides:
• Junos OSMX Series Ethernet Services Routers Solutions Guide
• Session Border Control Solutions Guide Using BGF and IMSG
In addition to related Junos documentation, you can obtain useful information from the
JunosE Software documentation. Many features described in the JunosE Broadband
Access ConfigurationGuide are similar to those described in both this guide and the Junos
OS Subscriber Access Configuration Guide.
RelatedDocumentation
Broadband Subscriber Management Overview on page 3•
7Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Subscriber Management Basics Overview
Triple Play andMultiplay Overview
This document defines triple play and multiplay networks as different entities:
• A triple play network dedicates bandwidth to each possible service—data, voice, and
video. This method works well when a limited number of services are deployed and
sufficient bandwidth is available.
• A multiplay network refers to the ability to add new and robust networking services
that each subscriber can access. This method requires the integration of dynamic
bandwidth management and the ability to manage subscribers dynamically though
the use of features such as hierarchical quality of service (QoS) and a AAA service
framework that provides authentication, accounting, dynamic change of authorization
(CoA), and dynamic address assignment.
Table 3 on page 8 provides some comparison between a triple play and multiplay
network and the level of flexibility associated with certain networking options.
Table 3: Triple Play andMultiplay Comparison
MultiplayTriple PlayFlexibility
One bandwidth pool for each subscriber is shared by allservices.
Fixed bandwidth allocation for each service.BandwidthManagement
The existence of one shared bandwidth pool eliminatesthe need to reallocate bandwidth to new services.
Requires deallocating bandwidth from oneservice and allocating that bandwith to thenew service.
Adding New Services
Subscribers can use their share of bandwidth forwhatever applications they want to run.
Limited subscriber flexibility because a fixedbandwidth is allocated to each service orapplication.
Subscriber Flexibility
Client devices are not assigned to any specific ports.This flexibility enables the ability to use client devicesfor various services (for example, adding software to aPC to enable television broadcasts) and allows differentclient devices (PCs, Voice-over-IP phones, and set-topboxes) to reside on a single LAN.
Client devices (PCs or set-top boxes) arededicated to specific services and oftenassigned to specific ports on customerpremise equipment.
Client Device Types
With software and hardware now available to enable client devices to access and use
the network in a variety of ways, bandwidth demands increasing, and new networking
business models emerging, dynamic support of new applications is required to ensure
subscriber satisfaction. A dynamic multiplay network configuration can provide the
flexibility to meet these demands.
RelatedDocumentation
• Broadband Subscriber Management Overview on page 3
Copyright © 2010, Juniper Networks, Inc.8
Junos 10.4 Broadband Subscriber Management Solutions Guide
CHAPTER 2
Residential Broadband TechnologyOverview
• Broadband History on page 9
• PPP in Broadband Networks on page 10
• DHCP in Broadband Networks on page 11
• Broadband Service Delivery Options on page 11
• Broadband Delivery and FTTx on page 13
Broadband History
Residential broadband services developed using a mainly ATM-based infrastructure and
early Internet access required that each subscriber access the network using a dial-up
modem to connect from a PC to a Remote Access Server (RAS), or bank of servers, which
was connected directly to the Internet. Point-to-Point Protocol (PPP), originally defined
by the IETF in RFC 1661, was already in use on leased lines. It was well suited for use on
the existing ATM infrastructure and enabled operators to better manage subscriber
connections by providing authentication and accounting, along with a level of protocol
flexibility due to it being connection-oriented and enabling service providers to customize
it to their needs. The use of the PPP model, however, required special software (including
the PPP protocol stack) be installed on each PC to communicate within the PPP network.
After establishing a connection to the Internet, the subscriber logged in using a PPP user
identifier provided by the service provider.
This always on model quickly evolved in several ways. Dedicated broadband access such
as DSL replaced dial-up service, replacing the dial-up modem with a DSL modem. Dial-up
remote access servers were replaced by the Broadband Remote Access Server (B-RAS)
and residential gateways were introduced to allow multiple PCs from one site to connect
to the broadband network. Residential gateways have since evolved to provide a wide
range of functions including firewall and wireless (802.1b/g/n wi-fi) connectivity. The
residential gateway also became the termination point for the PPP connection, eliminating
the need for the installation of special PC software.
9Copyright © 2010, Juniper Networks, Inc.
These new broadband networks were built based on the following two key assumptions:
• Only a small percentage of subscribers were expected to be using network bandwidth
at any given time and, even if many subscribers logged in to the network concurrently,
few subscribers were likely to enter data at the exact same time.
• Traffic was TCP-based and not real-time. If a packet was lost due to network
congestion, TCP detected the loss and retransmitted the packets.
Based on these assumptions, operators over-subscribed the network, enabling more
subscribers than a limited amount of bandwidth can support if all subscribers were to
access the network simultaneously. For example, if 50 subscribers were to sign up for
service that required bandwidth of 1 Mbps for each subscriber, the network did not
necessarily need to support a full 50 Mbps of throughput. Instead, operators designed
the network to support much lower traffic volumes, expecting maximum traffic flow for
all subscribers to occur rarely, if ever. For example, a 50:1 over-subscription needed to
support only 1 Mbps of bandwidth. Bandwidth requirements have changed significantly
over the years and this method of access is becoming more difficult to maintain.
The basic broadband architecture was initially defined by DSL Forum TR-025 (November
1999). This specification assumed only one service was provided to subscribers—Internet
Access (or data). DSL Forum TR-059 (September 2003) introduced quality of service
(QoS) to allow broadband networks to deliver voice over IP (VoIP) in addition to data.
Because VoIP is a small percentage of overall network traffic, its introduction has not
significantly altered the broadband delivery landscape. It is also worth noting that these
original standards specified ATM as the Layer 2 protocol on the broadband network.
RelatedDocumentation
PPP in Broadband Networks on page 10•
• DHCP in Broadband Networks on page 11
• Broadband Service Delivery Options on page 11
• Broadband Delivery and FTTx on page 13
PPP in Broadband Networks
Point-to-Point Protocol (PPP) is used for communications between two nodes, such as
between a client and a server. Originally defined by the IETF in RFC 1661, and used for
direct connection between devices over a leased line using ISO 3309 framing, several
methods have been defined to establish PPP connections across other media. Because
residential broadband services historically used an ATM infrastructure, Point-to-Point
Protocol over ATM (PPPoA) was originally the dominant access protocol in service
provider networks. However, as networks have transitioned to Ethernet, Point-to-Point
Protocol over Ethernet (PPPoE) has emerged as an alternative to PPPoA.
The connection-oriented nature of PPP, indicating the availability of a connection as well
as whether IP connectivity is established, is well-suited for a subscriber access network.
When links are not active, echo-request and echo-reply packets provide link confirmation
for any connected peers. When links are active, these link-checking packets are not sent;
the presence of data alone indicates that the link is functioning.
Copyright © 2010, Juniper Networks, Inc.10
Junos 10.4 Broadband Subscriber Management Solutions Guide
The usage of PPP for subscriber access is not without its challenges, however. As more
client connections are managed, the amount of state information maintained by the
routers increases. The management of this state information can become more complex
when using advanced features and when managing clients dynamically.
RelatedDocumentation
Broadband Service Delivery Options on page 11•
DHCP in Broadband Networks
Dynamic Host Configuration Protocol (DHCP) is an alternative to PPP for assigning IP
addresses and provisioning services in broadband networks. Using DHCP helps to simplify
network configuration by decreasing (and in some cases eliminating) the need for
manually configuring static IP addresses on network devices. For example, DHCP enables
PCs and other devices within a subscriber residence to obtain IP addresses to access the
Internet. Due to its general simplicity and scalability, along with the increased usage of
Ethernet in access networks, DHCP deployments in broadband networks have increased.
NOTE: The Junos subscriber management solution currently supports onlyDHCP as amultiple-client configuration protocol. This guide provides onlyDHCP-based configuration examples where applicable.
RelatedDocumentation
Broadband Service Delivery Options on page 11•
Broadband Service Delivery Options
Four primary delivery options exist today for delivering broadband network service. These
options include the following:
• Digital Subscriber Line
• Active Ethernet
• Passive Optical Networking
• Hybrid Fiber Coaxial
The following sections briefly describe each delivery option.
Digital Subscriber Line
Digital subscriber line (DSL) is the most widely deployed broadband technology
worldwide. This delivery option uses existing telephone lines to send broadband
information on a different frequency than is used for the existing voice service. Many
generations of DSL are used for residential service, including Very High Speed Digital
Subscriber Line 2 (VDSL2) and versions of Asymmetric Digital Subscriber Line (ADSL,
ADSL2, and ADSL2+). These variations of DSL primarily offer asymmetric residential
broadband service where different upstream and downstream speeds are implemented.
(VDSL2 also supports symmetric operation.) Other DSL variations, like High bit rate Digital
11Copyright © 2010, Juniper Networks, Inc.
Chapter 2: Residential Broadband Technology Overview
Subscriber Line (HDSL) and Symmetric Digital Subscriber Line (SDSL), provide symmetric
speeds and are typically used in business applications.
The head-end to a DSL system is the Digital Subscriber Line Access Multiplexer (DSLAM).
The demarcation device at the customer premise is a DSL modem. DSL service models
are defined by the Broadband Forum (formerly called the DSL Forum).
Active Ethernet
Active Ethernet uses traditional Ethernet technology to deliver broadband service across
a fiber-optic network. Active Ethernet does not provide a separate channel for existing
voice service, so VoIP (or TDM-to-VoIP) equipment is required. In addition, sending
full-speed (10 or 100 Mbps) Ethernet requires significant power, necessitating distribution
to Ethernet switches and optical repeaters located in cabinets outside of the central
office. Due to these restrictions, early Active Ethernet deployments typically appear in
densely populated areas.
Passive Optical Networking
Passive Optical Networking (PON), like Active Ethernet, uses fiber-optic cable to deliver
services to the premises. This delivery option provides higher speeds than DSL but lower
speeds than Active Ethernet. Though PON provides higher speed to each subscriber, it
requires a higher investment in cable and connectivity.
A key advantage of PON is that it does not require any powered equipment outside of
the central office. Each fiber leaving the central office is split using a non-powered optical
splitter. The split fiber then follows a point-to-point connection to each subscriber.
PON technologies fall into three general categories:
• ATM PON (APON), Broadband PON (BPON), and Gigabit-capable PON (GPON)—PON
standards that use the following different delivery options:
• APON—The first passive optical network standard and is primarily used for business
applications.
• BPON—Based on APON, BPON adds wave division multiplexing (WDM), dynamic
and higher upstream bandwidth allocation, and a standard management interface
to enable mixed-vendor networks.
• GPON—The most recent PON adaptation, GPON is based on BPON but supports
higher rates, enhanced security, and a choice of which Layer 2 protocol to use (ATM,
Generic Equipment Model [GEM], or Ethernet).
• Ethernet PON (EPON)—Provides capabilities similar to GPON, BPON, and APON, but
uses Ethernet standards. These standards are defined by the IEEE. Gigabit Ethernet
PON (GEPON) is the highest speed version.
• Wave Division Multiplexing PON (WDM-PON)—A nonstandard PON which, as the
name implies, provides a separate wavelength to each subscriber.
The head-end to a PON system is an Optical Line Terminator (OLT). The demarcation
device at the customer premises is an Optical Network Terminator (ONT). The ONT
Copyright © 2010, Juniper Networks, Inc.12
Junos 10.4 Broadband Subscriber Management Solutions Guide
provides subscriber-side ports for connecting Ethernet (RJ-45), telephone wires (RJ-11)
or coaxial cable (F-connector).
Hybrid Fiber Coaxial
Multi-System Operators (MSOs; also known as cable TV operators) offer broadband
service through their hybrid fiber-coaxial (HFC) network. The HFC network combines
optical fiber and coaxial cable to deliver service directly to the customer. Services leave
the central office (CO) using a fiber-optic cable. The service is then converted outside
of the CO to a coaxial cable tree using a series of optical nodes and, where necessary,
through a trunk radio frequency (RF) amplifier. The coaxial cables then connect to multiple
subscribers. The demarcation device is a cable modem or set-top box, which talks to a
Cable Modem Termination System (CMTS) at the MSO head-end or master facility that
receives television signals for processing and distribution. Broadband traffic is carried
using the Data Over Cable Service Interface Specification (DOCSIS) standard defined
by CableLabs and many contributing companies.
RelatedDocumentation
Broadband Delivery and FTTx on page 13•
Broadband Delivery and FTTx
Many implementations use existing copper cabling to deliver signal to the premises, but
fiber-optic cable connectivity is making its way closer to the subscriber. Most networks
use a combination of both copper and fiber-optic cabling. The term fiber to the x (FTTx)
describes how far into the network fiber-optic cabling runs before a switch to copper
cabling takes place. Both PON and Active Ethernet can use fiber-optic portion of the
network, while xDSL is typically used on the copper portion. This means that a single
fiber-optic strand may support multiple copper-based subscribers.
Increasing the use of fiber in the network increases cost but it also increases network
access speed to each subscriber.
The following terms are used to describe the termination point of fiber-optic cable in a
network:
• Fiber to the Premises (FTTP), Fiber to the Home (FTTH), Fiber to the Business
(FTTB)—Fiber extends all the way to the subscriber. PON is most common for residential
access, although Active Ethernet can be efficiently used in dense areas such as
apartment complexes. Active Ethernet is more common for delivering services to
businesses.
• Fiber to the Curb (FTTC)—Fiber extends most of the way (typically, 500 feet/150
meters or less) to the subscriber. Existing copper is used for the remaining distance to
the subscriber.
• Fiber to the Node/Neighborhood (FTTN)—Fiber extends to within a few thousand feet
of the subscriber and converted to xDSL for the remaining distance to the subscriber.
• Fiber to the Exchange (FTTE)—A typical central office-based xDSL implementation
in which fiber is used to deliver traffic to the central office and xDSL is used on the
existing local loop.
13Copyright © 2010, Juniper Networks, Inc.
Chapter 2: Residential Broadband Technology Overview
RelatedDocumentation
• Broadband Service Delivery Options on page 11
Copyright © 2010, Juniper Networks, Inc.14
Junos 10.4 Broadband Subscriber Management Solutions Guide
CHAPTER 3
Broadband Subscriber ManagementSolution Hardware Overview
• Broadband Subscriber Management Edge Router Overview on page 15
• Multiservice Access Node Overview on page 17
• Ethernet MSAN Aggregation Options on page 18
Broadband Subscriber Management Edge Router Overview
The edge router is the demarcation point between the residential broadband access
network and the core network. The Juniper Networks MX Series router (along with the
Juniper Networks EX Series Ethernet Switch) can play multiple roles as an edge router.
The most common include the following:
• Broadband services router (BSR)—This router supports high speed Internet access
along with several other subscriber-based services including VoIP, IPTV, and gaming.
• Video services router (VSR)—The video services router capabilities are a subset of
those provided by a broadband services router. In general, using the MX Series router
as a video services router provides bi-directional traffic destined for the set-top box
(STB). This traffic includes IPTV and video on demand (VoD) streams as well as
associated control traffic such as IGMP and electronic program guide (EPG) updates.
You can also use the MX Series router in certain Layer 2 solutions. For information about
configuring the MX Series router in Layer 2 scenarios, see the JunosOSLayer 2Configuration
Guide or the Junos OSMX Series Ethernet Services Routers Solutions Guide.
Broadband Services Router Overview
A broadband services router is an edge router that traditionally supports primarily
Internet-bound traffic. This router replaces and provides a superset of the functionality
provided by a Broadband Remote Access Server (B-RAS). The broadband services router
functions can be broken into two key areas—high speed Internet access and IPTV support.
High-Speed Internet Access Support
The broadband services router communicates with the RADIUS server to enforce which
services each subscriber can access. For example, one subscriber might have signed up
for a smaller Internet access service of 1 Mbps where another subscriber might have
signed up for a higher, 10 Mbps service. The broadband services router manages the
15Copyright © 2010, Juniper Networks, Inc.
traffic to each subscriber, ensuring that each subscriber obtains the level of access service
they have purchased, while also ensuring that any VoIP traffic receives priority. The
broadband services router also makes traffic forwarding decisions based on aggregate
bandwidth detected on any adjacent multiservice access node (MSAN).
IPTV Support
The broadband services router supports IPTV traffic including support for IGMP multicast
group start and stop requests from downstream MSANs. The broadband services router
manages the bandwidth allocations associated with high-bandwidth IPTV as well as
video on demand (VoD) traffic to ensure high quality service delivery.
Video Services Router
When configuring a multiedge network, you can use the MX Series router as a video
services router (VSR) to support only video traffic without supporting the high-speed
Internet access (HSIA) capabilities.
NOTE: Werecommendasingle-edgenetworkmodelbut theMXSeries routerallows for flexibility when defining amultiplay network topology.
Some advantages of using a separate video services router for video traffic include the
following:
• Provides the ability to add IPTV service without the need to modify an existing edge
router that is performing other functions.
• Reduces network bandwidth by moving the video edge further out to the network edge
while still allowing for centralized broadband services router operation.
• Typically requires less capital investment because the video services router does not
need to provide per-subscriber management.
Services Router Placement
Depending on the type of network you are creating—single edge or multiedge—you can
place a broadband services router or video services router in various locations.
Single Edge Placement
In a single edge network, you use only broadband services routers because the single
device must perform all of the necessary edge functions—providing subscriber
management for high-speed Internet access and IPTV services. You can use the two
following topology models when placing the broadband services router:
• Centralizedsingleedge—The edge router is centrally located and placed at one location
to cover a particular region. A secondary router is sometimes placed in this location to
act as a backup. Downstream MSANs are connected to the broadband services router
using a ring or mesh topology.
• Distributedsingleedge—The edge router is placed further out into the network, typically
in the central office (CO) closest to the subscribers it services. Downstream MSANs
Copyright © 2010, Juniper Networks, Inc.16
Junos 10.4 Broadband Subscriber Management Solutions Guide
are typically connected directly to the broadband services router (in a true, single edge
topology) or through an Ethernet aggregation switch.
In general, the addition of IPTV service favors a more distributed model because it pushes
the need for subscriber management farther out into the network.
Multiedge Placement
In a multiedge network, you use both broadband services routers and video services
routers. The broadband services router controls any high-speed Internet traffic and the
video services router controls video traffic. You can use the two following topology models
when placing service routers in a multiedge network topology:
• Co-locatedmultiedge—The broadband services router and video services router are
housed in the same location and an Ethernet switch directs traffic in the CO to the
appropriate edge router.
NOTE: A single MX Series router can serve as both Ethernet switch andvideo services router. For information about configuring the MX Seriesrouter in Layer 2 scenarios, see the Junos OS Layer 2 Configuration Guide orthe Junos OSMX Series Ethernet Services Routers Solutions Guide.
• Split multiedge—The video services router and broadband services router reside in
different locations. In this model, the broadband services router is typically located
more centrally and video services routers are distributed.
RelatedDocumentation
Multiservice Access Node Overview on page 17•
• Ethernet MSAN Aggregation Options on page 18
• Broadband Subscriber Management Platform Support on page 4
Multiservice Access Node Overview
A multiservice access node is a broader term that refers to a group of commonly used
aggregation devices. These devices include digital subscriber line access multiplexers
(DSLAMs) used in xDSL networks, optical line termination (OLT) for PON/FTTx networks,
and Ethernet switches for Active Ethernet connections. Modern MSANs often support
all of these connections, as well as providing connections for additional circuits such as
plain old telephone service (referred to as POTS) or Digital Signal 1 (DS1 or T1).
The defining function of a multiservice access node is to aggregate traffic from multiple
subscribers. At the physical level, the MSAN also converts traffic from the last mile
technology (for example, ADSL) to Ethernet for delivery to subscribers.
You can broadly categorize MSANs into three types based on how they forward traffic
in the network:
• Layer–2MSAN—This type of MSAN is essentially a Layer 2 switch (though typically
not a fully functioning switch) with some relevant enhancements. These MSANs use
17Copyright © 2010, Juniper Networks, Inc.
Chapter 3: Broadband Subscriber Management Solution Hardware Overview
Ethernet (or ATM) switching to forward traffic. The MSAN forwards all subscriber traffic
upstream to an edge router that acts as the centralized control point and prevents
direct subscriber-to-subscriber communication. Ethernet Link Aggregation (LAG)
provides the resiliency in this type of network.
Layer 2 DSLAMs cannot interpret IGMP, so they cannot selectively replicate IPTV
channels.
• Layer–3 awareMSAN—This IP-aware MSAN can interpret and respond to IGMP
requests by locally replicating a multicast stream and forwarding the stream to any
subscriber requesting it. Layer 3 awareness is important when supporting IPTV traffic
to perform channel changes (sometimes referred to as channel zaps). Static IP-aware
MSANs always receive all multicast television channels. They do not have the ability
to request that specific channels be forwarded to the DSLAM. Dynamic IP-aware
DSLAMs, however, can inform the network to begin (or discontinue) sending individual
channels to the DSLAM. Configuring IGMP proxy or IGMP snooping on the DSLAM
accomplishes this function.
• Layer–3MSAN—These MSANs use IP routing functionality rather than Layer 2
technologies to forward traffic. The advantage of this forwarding method is the ability
to support multiple upstream links going to different upstream routers and improving
network resiliency. However, to accomplish this level of resiliency, you must assign a
separate IP subnetwork to each MSAN, adding a level of complexity that can be more
difficult to maintain or manage.
In choosing a MSAN type, refer to Figure 2 on page 18:
Figure 2: Choosing anMSAN Type
Start
ReplicateMulticastat DSLAM
Usage Trackingor QoS Adjust?
Where?
L2 MSAN L3-aware MSAN
L3 MSAN withIGMP Snooping
L3 MSAN withIGMP Proxy
Yes Yes
No No
At BSR
At MSAN
g017
267
RelatedDocumentation
Ethernet MSAN Aggregation Options on page 18•
Ethernet MSANAggregation Options
Each MSAN can connect directly to an edge router (broadband services router or video
services router), or an intermediate device (for example, an Ethernet switch) can
aggregate MSAN traffic before being sent to the services router. Table 4 on page 19 lists
the possible MSAN aggregation methods and under what conditions they are used.
Copyright © 2010, Juniper Networks, Inc.18
Junos 10.4 Broadband Subscriber Management Solutions Guide
Table 4: Ethernet MSANAggregationMethods
When UsedMethod
Each MSAN connects directly to the broadband services router and optional videoservices router.
Direct connection
Each MSAN connects directly to an intermediate Ethernet switch. The switch, in turn,connects to the broadband services router or optional video services router.
Ethernet aggregation switch connection
Each MSAN connects to a ring topology of MSANs. The head-end MSAN (the deviceclosest to the upstream edge router) connects to the broadband services router.
Ethernet ring aggregation connection
You can use different aggregation methods in different portions of the network. You can
also create multiple layers of traffic aggregation within the network. For example, an
MSAN can connect to a central office terminal (COT), which, in turn, connects to an
Ethernet aggregation switch, or you can create multiple levels of Ethernet aggregation
switches prior to connecting to the edge router.
Direct Connection
In the direct connection method, each MSAN has a point-to-point connection to the
broadband services router. If an intermediate central office exists, traffic from multiple
MSANs can be combined onto a single connection using wave-division multiplexing
(WDM). You can also connect the MSAN to a video services router. However, this
connection method requires that you use a Layer 3 MSAN that has the ability to determine
which link to use when forwarding traffic.
When using the direct connection method, keep the following in mind:
• We recommend this approach when possible to simplify network management.
• Because multiple MSANs are used to connect to the services router, and Layer 3 MSANs
generally require a higher equipment cost, this method is rarely used in a multiedge
subscriber management model.
• Direct connection is typically used when most MSAN links are utilized less than 33
percent and there is little value in combining traffic from multiple MSANs.
Ethernet Aggregation Switch Connection
An Ethernet aggregation switch aggregates traffic from multiple downstream MSANs
into a single connection to the services router (broadband services router or optional
video services router).
19Copyright © 2010, Juniper Networks, Inc.
Chapter 3: Broadband Subscriber Management Solution Hardware Overview
When using the Ethernet aggregation switch connection method, keep the following in
mind:
• Ethernet aggregation is typically used when most MSAN links are utilized over 33
percent or to aggregate traffic from lower speed MSANs (for example, 1 Gbps) to a
higher speed connection to the services router (for example, 10 Gbps).
• You can use an MX Series router as an Ethernet aggregation switch. For information
about configuring the MX Series router in Layer 2 scenarios, see the Junos OS Layer 2
ConfigurationGuideor the JunosOSMXSeriesEthernetServicesRoutersSolutionsGuide.
Ring Aggregation Connection
In a ring topology, the remote MSAN that connects to subscribers is called the remote
terminal (RT). This device can be located in the outside plant (OSP) or in a remote central
office (CO). Traffic traverses the ring until it reaches the central office terminal (COT)
at the head-end of the ring. The COT then connects directly to the services router
(broadband services router or video services router).
NOTE: The RT and COTmust support the same ring resiliency protocol.
You can use an MX Series router in an Ethernet ring aggregation topology. For information
about configuring the MX Series router in Layer 2 scenarios, see the Junos OS Layer 2
Configuration Guide or the Junos OSMX Series Ethernet Services Routers Solutions Guide.
RelatedDocumentation
• Multiservice Access Node Overview on page 17
Copyright © 2010, Juniper Networks, Inc.20
Junos 10.4 Broadband Subscriber Management Solutions Guide
CHAPTER 4
Broadband Subscriber ManagementSolution Software Overview
• Broadband Subscriber Management VLAN Architecture Overview on page 21
• Broadband Subscriber Management IGMP Model Overview on page 23
• DHCP and Broadband Subscriber Management Overview on page 24
• AAA Service Framework and Broadband Subscriber Management Overview on page 25
• Class of Service and Broadband Subscriber Management Overview on page 25
• Policy and Control for Broadband Subscriber Management Overview on page 26
Broadband Subscriber Management VLANArchitecture Overview
The subscriber management logical network architecture is as important as the physical
network architecture. You configure the logical portion of the subscriber management
network using virtual local area networks (VLANs).
Three VLAN models deliver multiple services to subscribers. These models include the
following:
• Service VLAN—The service VLAN (S-VLAN) provides many-to-one (N:1)
subscriber-to-service connectivity: The service VLAN carries a service (for example,
data, video, or voice) to all subscribers instead of having different services share a
VLAN. Adding a new service requires adding a new VLAN and allocating bandwidth to
the new service. The service VLAN model enables different groups that are using the
broadband network (for example, external application providers) to manage a given
service. One limitation of service VLANs is the absence of any logical isolation between
user sessions at the VLAN level. This lack of isolation requires that the multiservice
access node (MSAN) and broadband services router provide the necessary security
filtering.
• Customer VLAN—The customer VLAN (C-VLAN) provides one-to-one (1:1)
subscriber-to-service connectivity: One VLAN carries all traffic to each subscriber on
the network. Having a single VLAN per subscriber simplifies operations by providing a
1:1 mapping of technology (VLANs) to subscribers. You can also understand what
applications any subscriber is using at any given time. Because you use only one VLAN
to carry traffic to each subscriber, this approach is not affected when adding new
services. However, using a pure C-VLAN model consumes more bandwidth because
21Copyright © 2010, Juniper Networks, Inc.
a single television channel being viewed by multiple subscribers is carried across the
network several times—once on each C-VLAN. This approach requires a more scalable,
robust edge router that can support several thousand VLANs.
• HybridC-VLAN—The hybrid VLAN combines the best of both previous VLANs by using
one VLAN per subscriber to carry unicast traffic and one shared multicast VLAN
(M-VLAN) for carrying broadcast (multicast) television traffic. You can use both the
pure and hybrid C-VLAN models in different portions of the network, depending upon
available bandwidth and MSAN capabilities.
NOTE: The term C-VLAN, when used casually, often refers to a hybridC-VLAN implementation.
We recommend using one of the C-VLAN models to simplify configuration and
management when expanding services. However, some MSANs are limited to the number
of VLANs they can support, limiting the ability to use either C-VLAN model.
NOTE: Most MSANs can support the service VLANmodel.
Broadband Subscriber Management VLANs Across anMSAN
You configure VLANs to operate between the MSAN and the edge router (broadband
services router or video services router). However, the MSAN might modify VLAN identifiers
before forwarding information to the subscriber in the following ways:
NOTE: Not all MSANs support these options.
• The VLAN identifiers can be carried within the ATM VCs or they can be removed. The
value of keeping the VLAN header is that it carries the IEEE 802.1p Ethernet priority
bits. These priority bits can be added to upstream traffic by the residential gateway,
allowing the DSLAM to easily identify and prioritize more important traffic (for example,
control and VoIP traffic). Typically, a VLAN identifier of zero (0) is used for this purpose.
• In a C-VLAN model, the MSAN might modify the VLAN identifier so that the same VLAN
is sent to each subscriber. This enables the use of the same digital subscriber line (DSL)
modem and residential gateway configuration for all subscribers without the need to
define a different VLAN for each device.
Customer VLANs and Ethernet Aggregation
The 12-bit VLAN identifier (VLAN ID) can support up to 4095 subscribers. When using
an aggregation switch with a C-VLAN topology, and fewer than 4095 subscribers are
connected to a single edge router port, the aggregation switch can transparently pass
all VLANs. However, if the VLAN can exceed 4095 subscribers per broadband services
router port, you must use VLAN stacking (IEEE 802.1ad, also known as Q-in-Q). VLAN
stacking includes two VLAN tags—an outer tag to identify the destination MSAN and an
Copyright © 2010, Juniper Networks, Inc.22
Junos 10.4 Broadband Subscriber Management Solutions Guide
inner tag to identify the subscriber. For downstream traffic (that is, from the broadband
services router or Ethernet switch to the MSAN), the outer tag determines which port to
forward traffic. The forwarding device then uses the VLAN pop function on this tag before
forwarding the traffic. The reverse process occurs for upstream traffic.
VLAN stacking is not necessary for S-VLANs or M-VLANs. However, for the hybrid (C-VLAN
and M-VLAN) model, the Ethernet switch or services router must be able to pop or push
tags onto C-VLAN traffic while not modifying M-VLAN packets.
VLANs and Residential Gateways
One function provided by a residential gateway is to enable each subscriber to have a
private (in-home) network, unseen by other broadband subscribers, while enabling the
subscriber to have multiple devices connected to the broadband network. This private
network is made possible by using Network Address Translation (NAT).
Most conditional access systems require detecting the real IP address of the set-top box
(STB). This security measure means that traffic to and from the STB must be bridged,
not routed, across all network elements including aggregation switches, MSANs, and
residential gateways. NAT cannot be used at the residential gateway for traffic to and
from the STB. In addition, some residential gateways associate VLANs (or ATM virtual
circuits) with ports. Traffic on a given VLAN is always forwarded to specific downstream
port. Use caution when mapping VLANs on an MSAN.
RelatedDocumentation
Static Subscriber Interfaces and VLAN Overview•
Broadband Subscriber Management IGMPModel Overview
In an IPTV network, channel changes occur when a set-top box (STB) sends IGMP
commands that inform an upstream device (for example, a multiservice access node
[MSAN] or services router) whether to start or stop sending multicast groups to the
subscriber. In addition, IGMP hosts periodically request notification from the STB about
which channels (multicast groups) are being received.
You can implement IGMP in the subscriber management network in the following ways:
• Static IGMP—All multicast channels are sent to the MSAN. When the MSAN receives
an IGMP request to start or stop sending a channel, it performs the request and then
discards the IGMP packet.
• IGMP Proxy—Only multicast channels currently being viewed are sent to the MSAN.
If the MSAN receives a request to view a channel that is not currently being forwarded
to the MSAN, it forwards the request upstream. However, the upstream device does
not see all channel change requests from each subscriber.
• IGMPSnooping—Only multicast channels currently being viewed are sent to the MSAN.
The MSAN forwards all IGMP requests upstream, unaltered, even if it is already receiving
the channel. The upstream device sees all channel change requests from each
subscriber. Using IGMP snooping enables the broadband services router to determine
23Copyright © 2010, Juniper Networks, Inc.
Chapter 4: Broadband Subscriber Management Solution Software Overview
the bandwidth requirement of each multicast group and adjust the bandwidth made
available to unicast traffic.
• IGMP Passthrough—The MSAN transparently passes IGMP packets upstream to the
broadband services router.
IGMP hosts (sources) also periodically verify that they are sending the correct traffic by
requesting that each client send information about what multicast groups it wants to
receive. The responses to this IGMP query can result in a substantial upstream traffic
burst.
IGMPv2 is the minimum level required to support IPTV, and is the most widely deployed.
Emerging standards specify IGMPv3.
RelatedDocumentation
Dynamic IGMP Configuration Overview•
DHCP and Broadband Subscriber Management Overview
You use DHCP in broadband networks to provide IP address configuration and service
provisioning. DHCP, historically a popular protocol in LANs, works well with Ethernet
connectivity and is becoming increasingly popular in broadband networks as a simple,
scalable solution for assigning IP addresses to subscriber home PCs, set-top boxes
(STBs), and other devices.
The Junos broadband subscriber management solution currently supports the following
DHCP allocation models:
• DHCP Local Server
• DHCP Relay
DHCP uses address assignment pools from which to allocate subscriber addresses.
Address-assignment pools support both dynamic and static address assignment:
• Dynamic address assignment—A subscriber is automatically assigned an address from
the address-assignment pool.
• Static address assignment—Addresses are reserved and always used by a particular
subscriber.
NOTE: Addresses that are reserved for static assignment are removedfrom the dynamic address pool and cannot be assigned to other clients.
Extended DHCP Local Server and Broadband Subscriber Management Overview
You can enable the services router to function as an extended DHCP local server. As an
extended DHCP local server the services router, and not an external DHCP server, provides
an IP address and other configuration information in response to a client request. The
extended DHCP local server supports the use of external AAA authentication services,
such as RADIUS, to authenticate DHCP clients.
Copyright © 2010, Juniper Networks, Inc.24
Junos 10.4 Broadband Subscriber Management Solutions Guide
Extended DHCP Relay and Broadband Subscriber Management Overview
You can configure extended DHCP relay options on the router and enable the router to
function as a DHCP relay agent. A DHCP relay agent forwards DHCP request and reply
packets between a DHCP client and a DHCP server. You can use DHCP relay in carrier
edge applications such as video and IPTV to obtain configuration parameters, including
an IP address, for your subscribers. The extended DHCP relay agent supports the use of
external AAA authentication services, such as RADIUS, to authenticate DHCP clients.
RelatedDocumentation
Extended DHCP Local Server Overview•
• Extended DHCP Relay Agent Overview
• Address-Assignment Pools Overview
AAA Service Framework and Broadband Subscriber Management Overview
You use AAA Service Framework for all authentication, authorization, accounting, address
assignment, and dynamic request services that the services router uses for network
access. The framework supports authentication and authorization through external
servers, such as RADIUS. The framework also supports accounting and dynamic-request
CoA and disconnect operations through external servers, and address assignment through
a combination of local address-assignment pools and RADIUS.
NOTE: The broadband subscriber management solution currently supportsthe use of only RADIUS servers.
The broadband services router interacts with external servers to determine how individual
subscribers access the broadband network. The router also obtains information from
the external server for the following:
• Methods used for authentication and accounting.
• How accounting statistics are collected and used.
• How dynamic requests are handled.
RelatedDocumentation
AAA Service Framework Overview•
• RADIUS-Initiated Change of Authorization (CoA) Overview
• RADIUS-Initiated Disconnect Overview
Class of Service and Broadband Subscriber Management Overview
Class of service (CoS) is a mechanism that enables you to divide traffic into classes and
offer various levels of throughput and acceptable packet loss when congestion occurs.
CoS also provides the option of using differentiated services when best-effort traffic
delivery is insufficient. You can also configure the services router to provide hierarchical
25Copyright © 2010, Juniper Networks, Inc.
Chapter 4: Broadband Subscriber Management Solution Software Overview
scheduling for subscribers by dynamically adding or deleting queues when subscribers
require services.
By using a dynamic profile, you can provide all subscribers in your network with default
CoS parameters when they log in. For example, you can configure an access dynamic
profile to specify that all subscribers receive a basic data service. If you use RADIUS
variables in the dynamic profile, you can enable the service to be activated for those
subscribers at login. You can also use variables to configure a service profile that enables
subscribers to activate a service or upgrade to different services through RADIUS
change-of-authorization (CoA) messages following initial login.
RelatedDocumentation
CoS for Subscriber Access Overview•
Policy and Control for Broadband Subscriber Management Overview
You can use the Juniper Networks Session and Resource Control (SRC) software to
implement policy and control in the subscriber management network. The SRC software
provides policy management, subscriber management, and network resource control
functions that enable the creation and delivery of services across the network.
For additional information about the Juniper Networks SRC software, go to
http://www.juniper.net/techpubs/software/management/src/.
Copyright © 2010, Juniper Networks, Inc.26
Junos 10.4 Broadband Subscriber Management Solutions Guide
CHAPTER 5
Broadband Subscriber ManagementWholesale Overview
• Layer 2 and Layer 3 Wholesale Overview on page 27
• PPPoE Layer 3 Wholesale Configuration Interface Support on page 28
• DHCP Layer 3 Wholesale Configuration Interface Support on page 28
• Layer 3 Wholesale Configuration DHCP Support on page 29
• Subscriber to Logical System and Routing Instance Relationship on page 29
• RADIUS VSAs and Broadband Subscriber Management Wholesale Configuration
Overview on page 30
Layer 2 and Layer 3Wholesale Overview
In general, wholesaling broadband services allows service providers to resell broadband
services and allows other providers to deploy their own services over the incumbent
network. There are different methods to partitioning an access network for resale. The
two most common approaches are based on either Layer 2 or Layer 3 information.
Wholesale access is the process by which the access network provider (the wholesaler)
partitions the access network into separately manageable and accountable subscriber
segments for resale to other network providers (or retailers).
In a Layer 3 wholesale configuration, you partition the wholesaler access network at the
network layer or the subscriber IP component by associating the IP component with a
distinct Layer 3 domain. In a Layer 2 wholesale configuration, you partition the access
network at the subscriber circuit or customer VLAN (C-VLAN) by backhauling the
connection through the service provider backbone network to the subscribing retailer
network where the access traffic can be managed at higher layers.
In a Junos Dynamic Host Configuration Protocol (DHCP) or Point-to-Point Protocol over
Ethernet (PPPoE) subscriber access configuration, wholesale partitioning is accomplished
through the use of logical systems and routing instances within the router. Logical systems
offer a stricter partitioning of routing resources than routing instances. The purpose
behind the use of logical systems is to distinctly partition the physical router into separate
administrative domains. This partitioning enables multiple providers to administer the
router simultaneously, with each provider having access only to the portions of the
configuration relevant to their logical system. Junos OS supports up to 15 named logical
27Copyright © 2010, Juniper Networks, Inc.
systems in addition to the default logical system (that is, inet.0). Unless otherwise
specified in configuration, all interfaces belong to the default logical system.
NOTE: This Junos OS release supports the use of only the default logicalsystem. Partitioning currently occurs through the use of separate routinginstances.
A logical system can have one or more routing instances. Typically used in Layer 3 VPN
scenarios, a routing instance does not have the same level of administrative separation
as a logical system because it does not offer administrative isolation. However, the routing
instance defines a distinct routing table, set of routing policies, and set of interfaces.
RelatedDocumentation
Broadband Subscriber Management DHCP Layer 3 Wholesale Topology and
Configuration Elements on page 59
•
• Broadband Subscriber Management PPPoE Layer 3 Wholesale Topology and
Configuration Elements on page 81
• Broadband Subscriber Management Layer 2 Wholesale Topology and Configuration
Elements on page 95
PPPoE Layer 3Wholesale Configuration Interface Support
PPPoE Layer 3 wholesale requires the use of PPP interfaces. This means that you must
specify the PP0 interface when configuring Layer 3 wholesaling in a PPPoE network.
For general additional information about configuring PPPoE interfaces, see the Junos OS
Network Interfaces Configuration Guide.
RelatedDocumentation
Junos OS Network Interfaces Configuration Guide•
• Configuring a Basic PPPoE Dynamic Profile
• Configuring Dynamic PPPoE Subscriber Interfaces Using Dynamic Profiles
• Configuring a PPPoE Dynamic Profile with Additional Options
DHCP Layer 3Wholesale Configuration Interface Support
DHCP Layer 3 wholesale currently supports only the use of IP demux interfaces.
For general additional information about configuring IP demux interfaces, see the Junos
OS Network Interfaces Configuration Guide.
RelatedDocumentation
Junos OS Network Interfaces Configuration Guide•
• Subscriber Interfaces and Demultiplexing Overview
• Configuring Dynamic Subscriber Interfaces Using IP Demux Interfaces in Dynamic
Profiles
Copyright © 2010, Juniper Networks, Inc.28
Junos 10.4 Broadband Subscriber Management Solutions Guide
• Configuring a Subscriber Interface Using a Set of Static IP Demux Interfaces
Layer 3Wholesale Configuration DHCP Support
DHCP Layer 3 wholesale supports the following DHCP configuration options:
• DHCP Relay
• DHCP Relay Proxy
• DHCP Local Server
NOTE: All routing instances within the samewholesale networkmust usethe same DHCP configuration option.
For additional information about any of these DHCP options, see the AAA Service
Framework Overview.
RelatedDocumentation
Extended DHCP Relay Agent Overview•
• DHCP Relay Proxy Overview
• Extended DHCP Local Server Overview
Subscriber to Logical System and Routing Instance Relationship
As subscriber sessions are established, subscriber to logical system/routing instance
memberships are established by the AAA framework configured for the default logical
system. When configuring Layer 3 wholesaling, you typically configure global (wholesale)
information within the default (master) logical system and default routing instance.
Incoming subscribers must then be authenticated, but this authentication can be handled
in one of two ways:
• Single (wholesaler only) authentication—Incoming subscribers are authenticated by
the wholesaler RADIUS server. After authentication, the subscribers are assigned values
specified by dynamic profiles (routing instances, interfaces, and any configuration
values) specific to a particular retailer.
• Dual (wholesaler and retailer) authentication—Sometimes referred to as double-dip
authentication. Incoming subscribers are initially authenticated by RADIUS using the
wholesale configuration. Authenticated subscribers are then redirected to other routing
instances associated with individual retailer network space. When you redirect
subscribers, and those subscribers are to be authenticated by AAA servers owned by
individual retailers, the subscribers must be authenticated again by the AAA servers
before they are provided an address and any dynamic profile values are assigned. After
reauthentication, however, the subscribers are managed normally using any values
specific to the retailer routing instance to which they are assigned.
29Copyright © 2010, Juniper Networks, Inc.
Chapter 5: Broadband Subscriber Management Wholesale Overview
RelatedDocumentation
See “Routing Instances Overview” in the Junos OS Routing Protocols Configuration
Guide.
•
RADIUS VSAs and Broadband Subscriber ManagementWholesale ConfigurationOverview
You can use RADIUS to assign various values through the use of dynamic variables within
dynamic profiles. However, the configuration of at least one of the two VSAs described
in Table 5 on page 30 is required for a wholesale network to function.
Table 5: Required Juniper Networks VSAs for the Broadband SubscriberManagementWholesale Network Solution
ValueDescriptionAttribute NameAttribute Number
string: logicalsystem:routinginstance
Client logicalsystem/routinginstance membershipname. Allowed onlyfrom RADIUS serverfor “default” logicalsystem/routinginstance membership.
LSRI-Name26-1
string: logicalsystem:routinginstance
Client logicalsystem/routinginstance membershipname indicating towhich logicalsystem/routinginstance membershipthe request isredirected for userauthentication.
Redirect-LSRI-Name26-25
Specifying the $junos-routing-instance dynamic variable in a dynamic profile triggers a
RADIUS access-accept response of either the LSRI-Name VSA or the Redirect-LSRI-Name
VSA. Returning an LSRI-Name attribute in the access-accept response provides the
logical system and routing instance in which the logical interface is to be created and
the router updates the session database with the specified routing instance value.
Returning a Redirect-LSRI-Name attribute in the access-accept response results in the
router immediately sending a second access-request message (sometimes referred to
as a double-dip) to the RADIUS server specified by the logical system:routing instance
attribute specified by the Redirect-LSRI-Name VSA.
NOTE: Attributes returned as a result of a second access-request messageto the logical system/routing instancemembership specified by theRedirect-LSRI-Name VSA override any prior attributes returned by initialaccess-accept responses to the default logical system/routing instancemembership.
Copyright © 2010, Juniper Networks, Inc.30
Junos 10.4 Broadband Subscriber Management Solutions Guide
RelatedDocumentation
• Juniper Networks VSAs Supported by the AAA Service Framework
31Copyright © 2010, Juniper Networks, Inc.
Chapter 5: Broadband Subscriber Management Wholesale Overview
Copyright © 2010, Juniper Networks, Inc.32
Junos 10.4 Broadband Subscriber Management Solutions Guide
PART 2
Configuring Broadband SubscriberManagement Solutions
• Broadband Subscriber Management Configuration Overview on page 35
• Configuring a Basic Triple Play Subscriber Management Network on page 37
• Broadband Subscriber Management DHCP Layer 3 Wholesale Network Configuration
Overview on page 59
• Configuring the Broadband Subscriber Management DHCP Layer 3 Wholesale Network
Solution on page 61
• Broadband Subscriber Management DHCP Layer 3 Wholesale Network Configuration
Examples on page 75
• Broadband Subscriber Management PPPoE Layer 3 Wholesale Network Configuration
Overview on page 81
• Configuring the Broadband Subscriber Management PPPoE Layer 3 Wholesale Network
Solution on page 83
• Broadband Subscriber Management PPPoE Wholesale Network Configuration
Examples on page 93
• Broadband Subscriber Management Layer 2 Wholesale Network Configuration
Overview on page 95
• Configuring the Broadband Subscriber Management Layer 2 Wholesale Network
Solution on page 97
• Broadband Subscriber Management Layer 2 Wholesale Network Configuration
Examples on page 109
33Copyright © 2010, Juniper Networks, Inc.
Copyright © 2010, Juniper Networks, Inc.34
Junos 10.4 Broadband Subscriber Management Solutions Guide
CHAPTER 6
Broadband Subscriber ManagementConfiguration Overview
• Broadband Subscriber Management Solution Topology and Configuration
Elements on page 35
• Subscriber Management Licensing on page 36
Broadband Subscriber Management Solution Topology and Configuration Elements
The network topology for the broadband subscriber management solution focuses on
configuring the access network to which the MX Series routers connect. There are many
possible broadband subscriber management configurations. Figure 3 on page 35 illustrates
an example of a basic DHCP topology model.
Figure 3: Basic Subscriber Management Solution Topology for a DHCPSubscriber Network
Core Network
Edge Access
MSAN
Access Network
AAA Service FrameworkDHCP Relay / DHCP Local ServerDynamic Profiles
- Interfaces- Firewall filters- Protocols (IGMP)- Class of Service
Access Network Configuration
MX Series
SRC
DHCPserver
RADIUSserver
g017
268
When configuring the broadband subscriber management solution, specific configuration
elements come into play. In one form or another, you must configure each of these
elements for the subscriber management solution to function.
The configuration elements include the following:
• Subscriber network VLAN configuration
• AAA Service Framework configuration
35Copyright © 2010, Juniper Networks, Inc.
• Addressing server or addressing server access configuration
• Dynamic profile configuration
• Core network configuration
RelatedDocumentation
Triple Play Subscriber Management Network Topology Overview on page 37•
• Configuring Top-Level Broadband Subscriber Management Elements on page 38
Subscriber Management Licensing
To enable some Junos subscriber management software features or router scaling levels,
you must purchase, install, and manage certain software license packs. The presence
on the router of the appropriate software license keys (passwords) determines whether
you can configure and use certain features or configure a feature to a predetermined
scale.
For information about how to purchase Juniper Networks Junos OS licenses, contact your
Juniper Networks sales representative. For information about installing and managing
software licenses that pertain to your broadband subscriber management network, see
the Junos OS Installation and Upgrade Guide.
RelatedDocumentation
• Configuring Top-Level Broadband Subscriber Management Elements on page 38
Copyright © 2010, Juniper Networks, Inc.36
Junos 10.4 Broadband Subscriber Management Solutions Guide
CHAPTER 7
Configuring a Basic Triple Play SubscriberManagement Network
• Triple Play Subscriber Management Network Topology Overview on page 37
• Configuring Top-Level Broadband Subscriber Management Elements on page 38
• Configuring a Loopback Interface for the Broadband Subscriber Management
Solution on page 39
• Configuring Static Customer VLANs for the Broadband Subscriber Management
Solution on page 40
• Configuring Dynamic Customer VLANs for the Broadband Subscriber Management
Solution on page 41
• Configuring a Global Class of Service Profile for the Subscriber Management
Solution on page 43
• Configuring Dynamic Firewall Filter Services for Use in Dynamic Profiles on page 49
• Configuring AAA Service Framework for the Broadband Subscriber Management
Solution on page 50
• Configuring Address Server Elements for the Broadband Subscriber Management
Solution on page 51
• Configuring a PPPoE Dynamic Profile for the Triple Play Solution on page 54
• Configuring a DHCP Dynamic Profile for the Triple Play Solution on page 56
Triple Play Subscriber Management Network Topology Overview
This configuration explains the basics in configuring a basic triple-play (data, voice, and
video) network. Figure 4 on page 38 provides the reference topology for this configuration
example.
37Copyright © 2010, Juniper Networks, Inc.
Figure 4: Triple Play Network Reference Topology
MX Series
MSAN
Access Network Elements
GE-1/3/0 GE-1/3/1
Access Network Core Network
RADIUSserver
Access Network Interface:Loopback (lo0) Interface Address:
C-VLANs:Logical Interfaces:
Extended DHCP Local Server Address Pool Network:Address Pool Range:
RADIUS Authentication Server Address:RADIUS Accounting Server Address:
Dynamic Profile:
GE-1/3/033.33.0.1/32Five (unit 1 to 5); Outer tag: 3; Inner tags: 1 to 5GE-1/3/0.1 to GE-1/3/0.533.33.0.0/1633.33.0.10 to 33.33.127.254222.222.222.42222.222.222.42Profile-Triple-Play g0
1726
9
RelatedDocumentation
Configuring Top-Level Broadband Subscriber Management Elements on page 38•
Configuring Top-Level Broadband Subscriber Management Elements
When configuring an MX Series router to act as a broadband services router (BSR) or
video services router (VSR), you initially define elements that the router uses to define
both subscriber access and the level of service a subscriber can have in your network.
Many of these elements are profiles (groups of configuration statements) or static
configuration components (like firewall filters) that typically do not change after you
create them. After you define these elements, the router can use them to enable
subscribers to gain access to your network.
The top-level steps for configuring the edge access in the subscriber management network
include the following:
1. Configure the subscriber loopback interface and VLANs.
See “Configuring Static Customer VLANs for the Broadband Subscriber Management
Solution” on page 40.
2. Configure a class of service profile.
See “Configuring a Global Class of Service Profile for the Subscriber Management
Solution” on page 43.
3. Configure a firewall filter for use with the dynamic profile.
See “Configuring Dynamic Firewall Filter Services for Use in Dynamic Profiles” on
page 49.
4. Configure AAA Framework Services.
Copyright © 2010, Juniper Networks, Inc.38
Junos 10.4 Broadband Subscriber Management Solutions Guide
See “Configuring AAA Service Framework for the Broadband Subscriber Management
Solution” on page 50.
5. Configure an address assignment pool for use by the address server.
See “Configuring Address Server Elements for the Broadband Subscriber Management
Solution” on page 51.
6. Configure DHCP local server to assign subscriber addresses.
See “Configuring Address Server Elements for the Broadband Subscriber Management
Solution” on page 51.
RelatedDocumentation
Triple Play Subscriber Management Network Topology Overview on page 37•
• Broadband Subscriber Management Solution Topology and Configuration Elements
on page 35
ConfiguringaLoopback Interface for theBroadbandSubscriberManagementSolution
You must configure a loopback interface for use in the subscriber management access
network. The loopback interface is automatically used for unnumbered interfaces.
NOTE: If you do not configure the loopback interface, the routing platformchooses the first interface to come online as the default. If you configuremore than one address on the loopback interface, we recommend that youconfigure one to be the primary address to ensure that it is selected for usewith unnumbered interfaces. By default, the primary address is used as thesource address when packets originate from the interface.
To configure a loopback interface:
1. Edit the loopback interface.
[edit]user@host# edit interfaces lo0
2. Edit the loopback interface unit.
[edit interfaces lo0]user@host# edit unit 0
3. Edit the loopback interface family.
[edit interfaces lo0 unit 0]user@host# edit family inet
4. Specify the loopback interface address.
[edit interfaces lo0 unit 0]user@host# set address 33.33.0.1/32
RelatedDocumentation
Configuring Top-Level Broadband Subscriber Management Elements on page 38•
39Copyright © 2010, Juniper Networks, Inc.
Chapter 7: Configuring a Basic Triple Play Subscriber Management Network
• Junos OS Network Interfaces Configuration Guide
Configuring Static Customer VLANs for the Broadband Subscriber ManagementSolution
In this example configuration, the access interface (ge-1/3/0) connects to a device (that
is, a DSLAM) on the access side of the network. You can define static customer VLANs
(C-VLANs) for use by the access network subscribers.
For a PPPoE solution, to configure the customer VLANs:
1. Edit the access side interface.
[edit]user@host# edit interfaces ge-1/3/0
2. Edit the interface unit for the first VLAN.
[edit interfaces ge-1/3/0]user@host# edit unit 1
3. Define the VLAN tags for the first VLAN.
[edit interfaces ge-1/3/0 unit 1]user@host# set vlan-tags outer 3 inner 1
4. Repeat steps 2 through 4 for VLAN interface units 2 through 5.
For a DHCP solution, to configure the customer VLANs:
1. Edit the access side interface.
[edit]user@host# edit interfaces ge-1/3/0
2. Edit the interface unit for the first VLAN.
[edit interfaces ge-1/3/0]user@host# edit unit 1
3. Define the VLAN tags for the first VLAN.
[edit interfaces ge-1/3/0 unit 1]user@host# set vlan-tags outer 3 inner 1
4. Specify that you want to create IPv4 demux interfaces.
[edit interfaces ge-1/3/0 unit 1]user@host# set demux-source inet
5. Edit the family for the first VLAN.
[edit interfaces ge-1/3/0 unit 1]user@host# edit family inet
6. Define the unnumbered address and the preferred source address for the first VLAN.
[edit interfaces ge-1/3/0 unit 1 family inet]
Copyright © 2010, Juniper Networks, Inc.40
Junos 10.4 Broadband Subscriber Management Solutions Guide
user@host# set unnumbered-address lo0.0 preferred-source-address 33.33.0.1
7. Repeat steps 2 through 7 for VLAN interface units 2 through 5.
RelatedDocumentation
Configuring Top-Level Broadband Subscriber Management Elements on page 38•
• Junos OS Network Interfaces Configuration Guide
Configuring Dynamic Customer VLANs for the Broadband Subscriber ManagementSolution
In this example configuration, the access interface (ge-1/3/0) connects to a device (that
is, a DSLAM) on the access side of the network. This procedure enables the dynamic
creation of up to five customer VLANs (C-VLANs) for use by the access network
subscribers.
NOTE: Dynamic customer VLAN configuration is currently not supported forPPPoE. Youmust configure static VLANs for PPPoE. For an example of howto configure static customer VLANs for PPPoE, see “Configuring StaticCustomer VLANs for the PPPoE Layer 3Wholesale Network Solution” onpage 85.
To configure dynamic VLANs for the solution:
1. Configure a dynamic profile for dynamic VLAN creation.
a. Name the profile.
[edit]user@host# edit dynamic-profiles VLAN-PROF
b. Define the interface-name statement with the internal $junos-interface-ifd-name
variable used by the router to match the interface name of the receiving interface.
[edit dynamic-profiles VLAN-PROF]user@host# edit interfaces $junos-interface-ifd-name
c. Define the unit statement with the predefined $junos-interface-unit variable:
[edit dynamic-profiles VLAN-PROF interfaces “$junos-interface-ifd-name”]user@host# set unit $junos-interface-unit
d. (Optional) To configure the router to respond to any ARP request, specify the
proxy-arp statement.
[edit dynamic-profiles VLAN-PROF interfaces "$junos-interface-ifd-name" unit"$junos-interface-unit"]
user@host# set proxy-arp
e. Specify that you want to create IPv4 demux interfaces.
[edit dynamic-profiles VLAN-PROF interfaces "$junos-interface-ifd-name" unit"$junos-interface-unit"]
user@host# set demux-source inet
41Copyright © 2010, Juniper Networks, Inc.
Chapter 7: Configuring a Basic Triple Play Subscriber Management Network
f. Specify the VLAN ID variable.
[edit dynamic-profiles VLAN-PROF interfaces "$junos-interface-ifd-name" unit"$junos-interface-unit"]
user@host# set vlan-tags outer $junos-stacked-vlan-id
The variable is dynamically replaced with an outer VLAN ID within the VLAN range
specified at the [edit interfaces] hierarchy level.
g. Specify the inner VLAN ID variable.
[edit dynamic-profiles VLAN-PROF interfaces "$junos-interface-ifd-name" unit"$junos-interface-unit"]
user@host# set vlan-tags inner $junos-vlan-id
The variable is dynamically replaced with an inner VLAN ID within the VLAN range
specified at the [edit interfaces] hierarchy level.
h. Specify the family type.
[edit dynamic-profiles VLAN-PROF interfaces "$junos-interface-ifd-name" unit"$junos-interface-unit"]
user@host# set family (Dynamic Standard Interface) inet
i. (Optional) Enable IP and MAC address validation for dynamic IP demux interfaces
in a dynamic profile.
[edit dynamic-profiles VLAN-PROF interfaces "$junos-interface-ifd-name" unit"$junos-interface-unit" family inet]
user@host# setmac-validate (Dynamic IP Demux Interface) strict
j. Specify the unnumbered address and preferred source address.
[edit dynamic-profiles VLAN-PROF interfaces "$junos-interface-ifd-name" unit"$junos-interface-unit" family inet]
user@host# set unnumbered-address (Dynamic Profiles) lo.0preferred-source-address 33.33.0.1
2. Associate the dynamic profile with the VLAN interface.
a. Access the interface that you want to use for creating VLANs.
[edit interfaces]user@host# edit interfaces ge-1/3/0
b. Specify that you want to automatically configure VLAN interfaces.
[edit interfaces ge-1/3/0]user@host# edit auto-configure
c. Specify that you want to configure stacked VLANs.
[edit interfaces ge-1/3/0 auto-configure]user@host# edit stacked-vlan-ranges
d. Specify the dynamic VLAN profile that you want the interface to use.
[edit interfaces ge-1/3/0 auto-configure stacked-vlan-ranges]
Copyright © 2010, Juniper Networks, Inc.42
Junos 10.4 Broadband Subscriber Management Solutions Guide
user@host# set dynamic-profile (Stacked VLAN) VLAN-PROF
3. Specify the Ethernet packet type that the VLAN dynamic profile can accept.
[edit interfaces ge-1/3/0 auto-configure stacked-vlan-ranges VLAN-PROF]user@host# set accept inet
NOTE: This release supports only INET (IPv4) Ethernet packet types.
4. Define VLAN ranges for use by the dynamic profile when dynamically creating VLAN
IDs. For this solution, specify the outer and inner stacked VLAN ranges that you want
the dynamic profile to use. To mimic the static VLAN configuration, the following
example specifies an outer stacked VLAN ID range of 3–3 (enabling only the outer
range of 3) and an inner stacked VLAN ID range of 1–5 (enabling a range from 1 through
5 for the inner stacked VLAN ID).
[edit interfaces ge-0/0/0 auto-configure vlan-ranges]user@host# set ranges (Dynamic Stacked VLAN) 3–3,1–5
RelatedDocumentation
Configuring Top-Level Broadband Subscriber Management Elements on page 38•
• Broadband Subscriber Management VLAN Architecture Overview on page 21
• Dynamic 802.1Q VLAN Overview
• Configuring VLAN Dynamic Profiles
• Configuring VLAN Interfaces to Use Dynamic Profiles
• Configuring Which VLAN Ethernet Packet Types Dynamic Profiles Can Accept
• Configuring VLAN Ranges for Use with Dynamic Profiles
• Junos OS Network Interfaces Configuration Guide
Configuring a Global Class of Service Profile for the Subscriber Management Solution
• Configuring a Class of Service Profile on page 43
• Configuring CoS Fowarding Classes on page 44
• Configuring CoS Schedulers on page 45
• Configuring Scheduler Maps on page 46
• Configuring CoS Classifiers on page 47
• Configuring CoS Interface Properties on page 48
Configuring a Class of Service Profile
You can configure class of service (CoS) for all subscribers that successfully establish
connection to the broadband network. After you create the CoS profile, you can attach
it to subscriber interfaces using a dynamic profile.
43Copyright © 2010, Juniper Networks, Inc.
Chapter 7: Configuring a Basic Triple Play Subscriber Management Network
Configuring a CoS profile includes the following general steps:
1. Configuring forwarding classes.
2. Configuring schedulers.
3. Configuring scheduler maps.
4. Configuring classifiers.
5. Configuring CoS interface properties.
In the configuration we build in this section, we configure three forwarding classes, each
with its own scheduler, and an IP precedence classifier for the traffic destined for the
access network. Table 6 on page 44 provides an overview of the queue configuration:
Table 6: Class of Service Queue Configuration
PurposePriorityBandwidthDifferentiated ServicesClassification
voice trafficstrict high128 KbpsExpedited forwarding (EF)
video trafficlow29.4 MbpsAssured forwarding (AF)
data trafficlowremainderBest effort (BE)
Configuring CoS Fowarding Classes
Forwarding classes identify output queues for packets. For a classifier to assign an output
queue to each packet, it must associate the packet with one of the following forwarding
classes:
• Expedited forwarding (EF)—Provides a low loss, low latency, low jitter, assured
bandwidth, end-to-end service.
• Assured forwarding (AF)—Provides a group of values you can define and includes four
subclasses: AF1, AF2, AF3, and AF4, each with three drop probabilities: low, medium,
and high.
• Best effort (BE)—Provides no service profile. For the BE forwarding class, loss priority
is typically not carried in a class-of-service (CoS) value, and random early detection
(RED) drop profiles are more aggressive.
• Network control (NC)—This class is typically high priority because it supports protocol
control.
NOTE: TheMXSeries router enables you to configure up to eight forwardingclass queues.
To configure forwarding class queues:
1. Edit the best effort queue.
Copyright © 2010, Juniper Networks, Inc.44
Junos 10.4 Broadband Subscriber Management Solutions Guide
[edit]user@host# edit class-of-service forwarding-classes queue 0
2. Name the queue.
[edit class-of-service forwarding-classes queue 0]user@host# set fc_be
3. Edit the expedited forwarding queue.
[edit]user@host# edit class-of-service forwarding-classes queue 1
4. Name the queue.
[edit class-of-service forwarding-classes queue 1]user@host# set fc_ef
5. Edit the assured forwarding queue.
[edit]user@host# edit class-of-service forwarding-classes queue 2
6. Name the queue.
[edit class-of-service forwarding-classes queue 1]user@host# set fc_af
Configuring CoS Schedulers
CoS schedulers define the properties of output queues. These properties can include the
amount of interface bandwidth assigned to the queue, the size of the memory buffer
allocated for storing packets, the priority of the queue, and the random early detection
(RED) drop profiles associated with the queue.
To configure CoS schedulers for the existing queues:
1. Create a scheduler and name it for the best effort traffic.
[edit]user@host# edit class-of-service schedulers sched_be
2. Define the best effort scheduler buffer size.
[edit class-of-service schedulers sched_be]user@host# set buffer-size remainder
3. Set the priority of the best effort scheduler.
[edit class-of-service schedulers sched_be]user@host# set prioritiy low
4. Create a scheduler and name it for the expedited forwarding traffic.
[edit]user@host# edit class-of-service schedulers sched_ef
5. Configure the transmit rate for the expedited forwarding scheduler.
[edit class-of-service schedulers sched_ef]user@host# set transmit-rate 128k
6. Define the expedited forwarding scheduler buffer size.
45Copyright © 2010, Juniper Networks, Inc.
Chapter 7: Configuring a Basic Triple Play Subscriber Management Network
[edit class-of-service schedulers sched_ef]user@host# set buffer-size remainder
7. Set the priority of the expedited forwarding scheduler.
[edit class-of-service schedulers sched_ef]user@host# set prioritiy strict-high
8. Create a scheduler and name it for the assured forwarding traffic.
[edit]user@host# edit class-of-service schedulers sched_af
9. Configure the transmit rate for the assured forwarding scheduler.
[edit class-of-service schedulers sched_af]user@host# set transmit-rate 29400000
10. Define the assured forwarding scheduler buffer size.
[edit class-of-service schedulers sched_af]user@host# set buffer-size remainder
11. Set the priority of the expedited forwarding scheduler.
[edit class-of-service schedulers sched_af]user@host# set prioritiy low
Configuring Scheduler Maps
After configuring both CoS forwarding classes and schedulers, you must use scheduler
maps to associate them.
To map CoS forwarding classes to schedulers:
1. Create a forwarding map and name it.
[edit]user@host# edit class-of-service scheduler-maps SchedulerMap_Triple_Play_Basic
2. Edit the best effort forwarding class queue.
[edit class-of-service scheduler-maps SchedulerMap_Triple_Play_Basic]user@host# edit forwarding-class fc_be
3. Associate the scheduler that you want this forwarding class to use.
[editclass-of-servicescheduler-mapsSchedulerMap_Triple_Play_Basic forwarding-classfc_be]
user@host# set scheduler sched_be
4. Edit the expedited forwarding class queue.
[edit class-of-service scheduler-maps SchedulerMap_Triple_Play_Basic]user@host# edit forwarding-class fc_ef
5. Associate the scheduler that you want this forwarding class to use.
[editclass-of-servicescheduler-mapsSchedulerMap_Triple_Play_Basic forwarding-classfc_ef]
user@host# set scheduler sched_ef
Copyright © 2010, Juniper Networks, Inc.46
Junos 10.4 Broadband Subscriber Management Solutions Guide
6. Edit the assured forwarding class queue.
[edit class-of-service scheduler-maps SchedulerMap_Triple_Play_Basic]user@host# edit forwarding-class fc_af
7. Associate the scheduler that you want this forwarding class to use.
[editclass-of-servicescheduler-mapsSchedulerMap_Triple_Play_Basic forwarding-classfc_af]
user@host# set scheduler sched_af
Configuring CoS Classifiers
You can override the default IP precedence classifier by defining a custom classifier. You
can then apply the classifier to a logical interface.
To define a custom CoS classifier:
1. Create a Differentiated Services code point (DSCP) classifier and name it.
[edit]user@host# edit class-of-service classifiers dscp Class_DSCP
NOTE: DSCP classifiers handle incoming IPv4 packets.
2. Edit the best effort forwarding class queue.
[edit class-of-service classifiers dscp Class_DSCP]user@host# edit forwarding-class fc_be
3. Edit the loss priority level for the forwarding class queue.
[edit class-of-service classifiers dscp Class_DSCP forwarding-class fc_be]user@host# edit loss-priority high
4. Set code points for the loss priority level.
[edit class-of-service classifiers dscp Class_DSCP forwarding-class fc_be loss-prioritylow]
user@host# set code-points be
5. Edit the expedited forwarding class queue.
[edit class-of-service classifiers dscp Class_DSCP]user@host# edit forwarding-class fc_ef
6. Edit the loss priority level for the forwarding class queue.
[edit class-of-service classifiers dscp Class_DSCP forwarding-class fc_ef]user@host# edit loss-priority low
7. Set code points for the loss priority level.
[edit class-of-service classifiers dscp Class_DSCP forwarding-class fc_ef loss-prioritylow]
user@host# set code-points ef
8. Edit the assured forwarding class queue.
[edit class-of-service classifiers dscp Class_DSCP]
47Copyright © 2010, Juniper Networks, Inc.
Chapter 7: Configuring a Basic Triple Play Subscriber Management Network
user@host# edit forwarding-class fc_af
9. Edit the loss priority level for the forwarding class queue.
[edit class-of-service classifiers dscp Class_DSCP forwarding-class fc_af]user@host# edit loss-priority low
10. Set code points for the loss priority level.
[edit class-of-service classifiers dscp Class_DSCP forwarding-class fc_af loss-prioritylow]
user@host# set code-points af41
Configuring CoS Interface Properties
Configuring CoS interface properties enables the router to throttle and classify the traffic
from the Internet that is sent to subscriber local loops. Limiting the traffic to the access
network ensures that the traffic sent to the subscriber local loops does not exceed the
current data transmission rate of those lines. Limiting traffic also ensures that changes
to subscriber local loop speeds do not cause bandwidth contention at the subscriber’s
residential gateway. You apply the classifier to the core-facing interface to classify
incoming traffic for the queues you are using in the access network.
To configure CoS interfaces:
1. Edit the core CoS interface you want to configure.
[edit]user@host# edit class-of-service interfaces ge-1/3/0
2. Edit the interface shaping rate.
[edit class-of-service interfaces ge-1/3/0]user@host# edit class-of-service interfaces ge-1/3/0 shaping-rate
3. Set the shaping rate value to throttle traffic to the subscriber local loops.
[edit class-of-service interfaces ge-1/3/0 shaping-rate]user@host# set 500m
4. Edit the interface connected to the core network.
[edit]user@host# edit class-of-service interfaces ge-1/3/1
5. Edit the interface unit.
[edit class-of-service interfaces ge-1/3/1]user@host# edit unit 0
6. Edit the interface unit classifiers.
[edit class-of-service interfaces ge-1/3/1 unit 0]user@host# edit classifiers
7. Apply the classifier to the interface to classify traffic coming from the Internet.
[edit class-of-service interfaces ge-1/3/1 unit 0 classifiers]user@host# set dscp Class_DSCP
Copyright © 2010, Juniper Networks, Inc.48
Junos 10.4 Broadband Subscriber Management Solutions Guide
Configuring Dynamic Firewall Filter Services for Use in Dynamic Profiles
Firewall filters provide rules that define whether to permit or deny packets that are
transiting an interface on a router. You can configure firewall filters for use in dynamic
profiles. After you configure dynamic firewall filters, you can specify which filters you
want to apply to subscriber interfaces using a dynamic profile.
To create a firewall filter:
1. Create and name a firewall filter.
[edit]user@host# edit firewall filter fw_fltr_af41
2. Specify the filter to be interface specific.
[edit firewall filter fw_fltr_af41]user@host# set interface-specific
3. Edit a first term for the firewall filter.
[edit firewall filter fw_fltr_af41]user@host# edit firewall filter fw_fltr_af41 term 1
4. Set the from match condition.
[edit firewall filter fw_fltr_af41 term 1]user@host# set from dscp af41
5. Set the then action to take when a match occurs.
[edit firewall filter fw_fltr_af41 term 1]user@host# then count c2 accept
6. Edit a second term for the firewall filter.
[edit firewall filter fw_fltr_af41]user@host# edit firewall filter fw_fltr_af41 term 2
7. Set the then action to take when a match occurs for term 1.
[edit firewall filter fw_fltr_af41 term 1]user@host# then accept
8. Apply the dynamic firewall filter to interfaces using a dynamic profile.
See “Configuring a DHCP Dynamic Profile for the Triple Play Solution” on page 56.
RelatedDocumentation
Configuring Top-Level Broadband Subscriber Management Elements on page 38•
• Dynamic Firewall Filters Overview
• Dynamic Profiles Overview
• Junos OS Policy Framework Configuration Guide
49Copyright © 2010, Juniper Networks, Inc.
Chapter 7: Configuring a Basic Triple Play Subscriber Management Network
Configuring AAA Service Framework for the Broadband Subscriber ManagementSolution
• Configuring RADIUS Server Access Information on page 50
• Configuring RADIUS Server Access Profile on page 50
Configuring RADIUS Server Access Information
Define the RADIUS server address and secret data that RADIUS access profiles can
reference. Define an access profile that includes specific RADIUS configuration.
To configure RADIUS server access:
1. Edit router access to the RADIUS server.
[edit]user@host# edit access radius-server
2. Set the address to the RADIUS server.
[edit access radius-server]user@host# set 222.222.222.42
3. Edit the RADIUS server.
[edit access radius-server]user@host# edit 222.222.222.42
4. Configure the source address for the RADIUS server.
[edit access radius-server 222.222.222.42]user@host# set source-address 222.222.222.1
5. Configure the secret for the RADIUS server.
[edit access radius-server 222.222.222.42]user@host# set secret "$EcReTRad1uSdAta4f0rTh3rtR"
Configuring RADIUS Server Access Profile
You can define a RADIUS access profile that references defined RADIUS servers and
includes specific RADIUS configuration for authentication and accounting.
To configure a RADIUS access profile:
1. Create and name a RADIUS access profile.
[edit]user@host# edit access profile AccessProfile_general
2. Edit the order in which authentication mechanisms are used.
[edit access profile AccessProfile_general]user@host# set authentication-order radius
3. Edit the RADIUS access addresses.
[edit access profile AccessProfile_general]user@host# edit access profile AccessProfile_general radius
Copyright © 2010, Juniper Networks, Inc.50
Junos 10.4 Broadband Subscriber Management Solutions Guide
4. Set the address or address list for the RADIUS authentication server.
[edit access profile AccessProfile_general radius]user@host# set authentication-server 222.222.222.42
5. Set the address or address list for the RADIUS accounting server.
[edit access profile AccessProfile_general radius]user@host# set accounting-server 222.222.222.42
6. Edit the RADIUS accounting values for the access profile.
[edit access profile AccessProfile_general]user@host# edit accounting
7. Set the RADIUS accounting order.
[edit access profile AccessProfile_general accounting]user@host# set order radius
8. Specify that RADIUS accounting stop when a user fails authentication but is granted
access.
[edit access profile AccessProfile_general accounting]user@host# set accounting-stop-on-failure
9. Specify that RADIUS accounting stop when access is denied to a subscriber.
[edit access profile AccessProfile_general accounting]user@host# set accounting-stop-on-access-deny
10. Specify that RADIUS provide immediate updates.
[edit access profile AccessProfile_general accounting]user@host# set immediate-update
11. Specify the amount of time (in minutes) between RADIUS updates.
[edit access profile AccessProfile_general accounting]user@host# set update-interval 10
12. Specify that RADIUS accounting report only subscriber uptime.
[edit access profile AccessProfile_general accounting]user@host# set statistics time
RelatedDocumentation
Configuring Top-Level Broadband Subscriber Management Elements on page 38•
• AAA Service Framework Overview
Configuring Address Server Elements for the Broadband Subscriber ManagementSolution
• Configuring an Address Assignment Pool on page 51
• Configuring Extended DHCP Local Server on page 53
Configuring an Address Assignment Pool
Address assignment pools enable you to specify groups of IP addresses that different
client applications can share. In this configuration, the extended DHCP local server
51Copyright © 2010, Juniper Networks, Inc.
Chapter 7: Configuring a Basic Triple Play Subscriber Management Network
configuration or the router PPP software uses the address pool to provide addresses to
subscribers that are accessing the network.
For PPP, to configure an address assignment pool:
1. Create and name an address assignment pool.
[edit]user@host# edit access address-assignment pool AddressPool_1
2. Edit the address pool family.
[edit access address-assignment pool AddressPool_1]user@host# edit family inet
3. Define the address pool network address.
[edit access address-assignment pool AddressPool_1 family inet]user@host# set network 33.33.0.0/16
4. Set the address range for the network.
[edit access address-assignment pool AddressPool_1 family inet]user@host# set range all low 33.33.0.10 high 33.33.127.254
5. Specify which access profile you want to instantiate.
[edit]user@host# set access-profile AccessProfile_general
For DHCP local server, to configure an address assignment pool:
1. Create and name an address assignment pool.
[edit]user@host# edit access address-assignment pool AddressPool_1
2. Edit the address pool family.
[edit access address-assignment pool AddressPool_1]user@host# edit family inet
3. Define the address pool network address.
[edit access address-assignment pool AddressPool_1 family inet]user@host# set network 33.33.0.0/16
4. Set the address range for the network.
[edit access address-assignment pool AddressPool_1 family inet]user@host# set range all low 33.33.0.10 high 33.33.127.254
5. Edit the family DHCP attributes.
[edit access address-assignment pool AddressPool_1 family inet]user@host# edit family inet dhcp-attributes
6. Set the maximum lease time.
[edit access address-assignment pool AddressPool_1 family inet dhcp-attributes]user@host# setmaximum-lease-time 3600
7. Set the grace period.
Copyright © 2010, Juniper Networks, Inc.52
Junos 10.4 Broadband Subscriber Management Solutions Guide
[edit access address-assignment pool AddressPool_1 family inet dhcp-attributes]user@host# set grace–periord 60
8. Set the router IP address that you want advertised to subscribers.
[edit access address-assignment pool AddressPool_1 family inet dhcp-attributes]user@host# set router 33.33.0.1
9. Specify which access profile you want to instantiate.
[edit]user@host# set access-profile AccessProfile_general
Configuring Extended DHCP Local Server
You can enable the MX Series router to function as an extended DHCP local server. The
extended DHCP local server provides IP addresses and other configuration information
to a subscriber logging into the network.
To configure the DHCP local server:
1. Edit the routing system services.
[edit]user@host# edit system services
2. Edit the DHCP local server.
[edit system services]user@host# edit dhcp-local-server
3. Edit the DHCP local server trace options.
[edit system services dhcp-local-server]user@host# edit traceoptions
4. Specify a log file into which you want trace option information to be saved.
[edit system services dhcp-local-server traceoptions]user@host# set file dhcp-server-msgs.log
5. Specify the DHCP local server message operations that you want saved in the log file.
[edit system services dhcp-local-server traceoptions]user@host# set flag all
6. Define the DHCP pool match order.
[edit system services dhcp-local-server]user@host# set pool-match-order ip-address-first
7. Set the authentication password.
[edit system services dhcp-local-server]user@host# set authentication password auth-psswrd
8. Edit the values you want included with the username.
[edit system services dhcp-local-server]user@host# edit authentication username-include
9. Set the values you want included with the username.
53Copyright © 2010, Juniper Networks, Inc.
Chapter 7: Configuring a Basic Triple Play Subscriber Management Network
[edit system services dhcp-local-server username-include]user@host# set domain-name yourcompany.comuser@host# set user-prefix user-defined-prefix
10. Create and name a DHCP local server group.
[edit system services dhcp-local-server]user@host# edit group dhcp-ls-group
11. Specify a dynamic profile that you want the DHCP local server group to use.
[edit system services dhcp-local-server group dhcp-ls-group]user@host# set dynamic-profile Profile-Triple_Play
12. Assign interfaces to the group.
[edit system services dhcp-local-server group dhcp-ls-group]user@host# set interface ge-1/3/0.1 upto ge-1/3/0.5
RelatedDocumentation
Configuring Top-Level Broadband Subscriber Management Elements on page 38•
• Address-Assignment Pools Overview
• Extended DHCP Local Server Overview
Configuring a PPPoE Dynamic Profile for the Triple Play Solution
A dynamic profile is a set of characteristics, defined in a type of template, that you can
use to provide dynamic subscriber access and services for broadband applications. These
services are assigned dynamically to interfaces.
NOTE: The following configuration is PPPoE-specific.
To configure a PPPoE dynamic profile:
1. Create and name the dynamic profile.
[edit]user@host# edit dynamic-profiles Profile-Triple-Play
2. Edit the profile PPPoE dynamic interface.
[edit dynamic-profiles Profile-Triple-Play]user@host# edit interfaces pp0
3. Edit the unit variable.
[edit dynamic-profiles Profile-Triple-Play interfaces pp0]user@host# edit unit $junos-interface-unit
4. Edit the PPP options.
[edit dynamic-profiles Profile-Triple-Play interfaces pp0 unit "$junos-interface -unit"]user@host# edit ppp-options
5. (Optional) Specify either chap or pap (or both).
Copyright © 2010, Juniper Networks, Inc.54
Junos 10.4 Broadband Subscriber Management Solutions Guide
[edit dynamic-profiles Profile-Triple-Play interfaces pp0 unit “$junos-interface-unit”ppp-options]
user@host# set chapuser@host# set pap
6. Edit the PPPoE options.
[edit dynamic-profiles Profile-Triple-Play interfaces pp0 unit “$junos-interface-unit”]user@host# edit pppoe-options
7. Specify the PPPoE underlying interface variable.
[edit dynamic-profiles Profile-Triple-Play interfaces pp0 unit “$junos-interface-unit”pppoe-options]
user@host# set underlying-interface $junos-underlying-interface
8. Define the router to act as a PPPoE server when a PPPoE logical interface is
dynamically created.
[edit dynamic-profiles Profile-Triple-Play interfaces pp0 unit “$junos-interface-unit”pppoe-options]
user@host# set server
9. Edit the dynamic interface family.
[edit dynamic-profiles Profile-Triple-Play interfaces "$junos-interface-ifd-name" unit"$junos-underlying-interface-unit"]
user@host# edit family inet
10. Specify the input filter that you want to apply to each dynamic interface when it is
created.
[edit dynamic-profiles Profile-Triple-Play interfaces "$junos-interface-ifd-name" unit"$junos-underlying-interface-unit" family inet]
user@host# set filter input fltr_af41
11. Specify the output filter that you want to apply to each dynamic interface when it is
created.
[edit dynamic-profiles Profile-Triple-Play interfaces "$junos-interface-ifd-name" unit"$junos-underlying-interface-unit" family inet]
user@host# set filter output fltr_af41
12. Enable the local address to be derived from the specified PPPoE interface (in this
case, the loopback address).
[edit dynamic-profiles Profile-Triple-Play interfaces "$junos-interface-ifd-name" unit"$junos-underlying-interface-unit" family inet]
user@host# set unnumbered-address lo0.0
13. Edit dynamic class of service.
[edit dynamic-profiles Profile-Triple-Play]user@host# edit class-of-service
14. Edit the dynamic CoS traffic control profile.
[edit dynamic-profiles Profile-Triple-Play class-of-service]user@host# edit traffic-control-profiles
15. Create and name a traffic control profile.
[edit dynamic-profiles Profile-Triple-Play class-of-service traffic-control-profiles]
55Copyright © 2010, Juniper Networks, Inc.
Chapter 7: Configuring a Basic Triple Play Subscriber Management Network
user@host# edit TrafficProfile_Triple_Play
16. Specify a scheduler map that you want the dynamic CoS traffic control profile to use.
[edit dynamic-profiles Profile-Triple-Play class-of-service traffic-control-profile]user@host# set scheduler-map SchedulerMap_Triple_Play_Basic
17. Specify the shaping rate that you want the dynamic CoS traffic control profile to use.
[edit dynamic-profiles Profile-Triple-Play class-of-service traffic-control-profile]user@host# set shaping-rate 32700000
18. Edit the dynamic CoS interfaces.
[edit dynamic-profiles Profile-Triple-Play class-of-service]user@host# edit interfaces
19. Apply CoS to the dynamic interfaces and apply an output traffic control profile.
[edit dynamic-profiles Profile-Triple-Play class-of-service]user@host# set interfaces $junos-interface-ifd-name unit$junos-underlying-interface-unit output-traffic-control-profile otcp-profile
RelatedDocumentation
Configuring Top-Level Broadband Subscriber Management Elements on page 38•
• Dynamic Profiles Overview
Configuring a DHCPDynamic Profile for the Triple Play Solution
A dynamic profile is a set of characteristics, defined in a type of template, that you can
use to provide dynamic subscriber access and services for broadband applications. These
services are assigned dynamically to interfaces.
NOTE: The following configuration is DHCP-specific.
To configure a DHCP dynamic profile:
1. Create and name the dynamic profile.
[edit]user@host# edit dynamic-profiles Profile-Triple_Play
2. Edit the profile dynamic interfaces.
[edit dynamic-profiles Profile-Triple-Play]user@host# edit interfaces
3. Set the dynamic interfaces and unit variables.
[edit dynamic-profiles Profile-Triple-Play interfaces]user@host# set $junos-interface-ifd-name unit $junos-underlying-interface-unit
4. Edit dynamic interfaces.
[edit dynamic-profiles Profile-Triple-Play interfaces]user@host# edit dynamic-profiles Profile-Triple_Play interfaces$junos-interface-ifd-name unit $junos-underlying-interface-unit
Copyright © 2010, Juniper Networks, Inc.56
Junos 10.4 Broadband Subscriber Management Solutions Guide
5. Set the dynamic interface family.
[edit dynamic-profiles Profile-Triple-Play interfaces "$junos-interface-ifd-name" unit"$junos-underlying-interface-unit"]
user@host# set family inet
6. Edit the dynamic interface family.
[edit dynamic-profiles Profile-Triple-Play interfaces "$junos-interface-ifd-name" unit"$junos-underlying-interface-unit"]
user@host# edit family inet
7. Specify the input filter that you want to apply to each dynamic interface when it is
created.
[edit dynamic-profiles Profile-Triple-Play interfaces "$junos-interface-ifd-name" unit"$junos-underlying-interface-unit" family inet]
user@host# set filter input fltr_af41
8. Specify the output filter that you want to apply to each dynamic interface when it is
created.
[edit dynamic-profiles Profile-Triple-Play interfaces "$junos-interface-ifd-name" unit"$junos-underlying-interface-unit" family inet]
user@host# set filter output fltr_af41
9. Edit dynamic class of service.
[edit dynamic-profiles Profile-Triple-Play]user@host# edit class-of-service
10. Edit the dynamic CoS traffic control profile.
[edit dynamic-profiles Profile-Triple_Play class-of-service]user@host# edit traffic-control-profiles
11. Create and name a traffic control profile.
[edit dynamic-profiles Profile-Triple_Play class-of-service traffic-control-profiles]user@host# edit TrafficProfile_Triple_Play
12. Specify a scheduler map that you want the dynamic CoS traffic control profile to use.
[edit dynamic-profiles Profile-Triple_Play class-of-service traffic-control-profile]user@host# set scheduler-map SchedulerMap_Triple_Play_Basic
13. Specify the shaping rate that you want the dynamic CoS traffic control profile to use.
[edit dynamic-profiles Profile-Triple_Play class-of-service traffic-control-profile]user@host# set shaping-rate 32700000
14. Edit the dynamic CoS interfaces.
[edit dynamic-profiles Profile-Triple_Play class-of-service]user@host# edit interfaces
15. Apply CoS to the dynamic interfaces and apply an output traffic control profile.
[edit dynamic-profiles Profile-Triple_Play class-of-service]user@host# set interfaces $junos-interface-ifd-name unit$junos-underlying-interface-unit output-traffic-control-profile otcp-profile
57Copyright © 2010, Juniper Networks, Inc.
Chapter 7: Configuring a Basic Triple Play Subscriber Management Network
RelatedDocumentation
• Configuring Top-Level Broadband Subscriber Management Elements on page 38
• Dynamic Profiles Overview
Copyright © 2010, Juniper Networks, Inc.58
Junos 10.4 Broadband Subscriber Management Solutions Guide
CHAPTER 8
Broadband Subscriber ManagementDHCP Layer 3Wholesale NetworkConfiguration Overview
• Broadband Subscriber Management DHCP Layer 3 Wholesale Topology and
Configuration Elements on page 59
Broadband Subscriber Management DHCP Layer 3Wholesale Topology andConfiguration Elements
The network topology for the subscriber management DHCP Layer 3 wholesale solution
includes configuring separate routing instances for individual retailers that use a portion
of the router. This solution uses a DHCP relay configuration. However, you can also
implement DHCP Relay Proxy or DHCP Local Server configuration.
To explain the concept, but to limit complexity, this solution provides a configuration
with one wholesaler and only two retailers. Figure 5 on page 60 illustrates a basic Layer
3 wholesale topology model from which you can expand.
59Copyright © 2010, Juniper Networks, Inc.
Figure 5: Basic Subscriber Management Layer 3Wholesale SolutionTopology
MSAN
MSAN
Retailer 1
serverDHCP
Retailer 1
serverRADIUS
Wholesaler
serverRADIUS
Wholesaler
serverDHCP
Retailer 2
serverRADIUS
Retailer 2
serverDHCP
Wholesaler Network Space
g017
381
MX Series
Retailer 1 Network Space
Retailer 2 Network Space
When you are configuring a DHCP Layer 3 wholesale network solution, the following
configuration elements are required:
• Subscriber network VLAN configuration
• DHCP configuration
• Addressing server or addressing server access configuration
• RADIUS server access configuration
• Dynamic profile configuration for default (wholesaler) access
• Dynamic profile configuration for retailer access (following subscriber redirection; if
applicable)
• Routing instance configuration for individual retailers
• Group configuration and forwarding options for the network
• Core network configuration
Copyright © 2010, Juniper Networks, Inc.60
Junos 10.4 Broadband Subscriber Management Solutions Guide
CHAPTER 9
Configuring the Broadband SubscriberManagement DHCP Layer 3WholesaleNetwork Solution
• DHCP Layer 3 Wholesale Network Topology Overview on page 61
• Configuring Loopback Interfaces for the DHCP Layer 3 Wholesale Solution on page 62
• Configuring VLANs for the DHCP Layer 3 Wholesale Network Solution on page 64
• Configuring Access Components for the DHCP Wholesale Network Solution on page 67
• Configuring Dynamic Profiles for the DHCP Layer 3 Wholesale Network
Solution on page 69
• Configuring Separate Routing Instances for DHCP Service Retailers on page 70
• Configure Default Forwarding Options for the DHCP Wholesale Network
Solution on page 72
DHCP Layer 3Wholesale Network Topology Overview
This configuration explains how to configure a simple DHCP Layer 3 wholesale subscriber
access network. This solution incorporates two retailers sharing resources on a wholesaler
router. Figure 6 on page 62 provides the reference topology for this configuration example.
61Copyright © 2010, Juniper Networks, Inc.
Figure 6: DHCP Layer 3Wholesale Network Reference Topology
MSAN
GE-2/3/0
Retailer 1 Network Space
MSAN
GE-2/3/0
Retailer 1
serverDHCP
Retailer 1
serverRADIUS
Wholesaler
serverRADIUS
Wholesaler
serverDHCP
Retailer 2
serverRADIUS
Retailer 2 Network Space
Retailer 1 Network Elements
Access Network Interface:Loopback (lo0.1) Interface Address:
C-VLANs:Logical Interfaces:
RADIUS Authentication Server Address:RADIUS Accounting Server Address:
Access Profile:
GE-2/3/044.44.0.1/32Three (unit 1 to 3)GE-2/3/0.1 to GE-2/3/0.310.10.10.110.10.10.1
Retailer_Access1DHCP Server Address: 10.10.100.1
Routing Instance: Retailer_Instance1Dynamic Profile: Subscriber_Profile_Retail1
Retailer 2 Network Elements
Access Network Interface:Loopback (lo0.2) Interface Address:
C-VLANs:Logical Interfaces:
RADIUS Authentication Server Address:RADIUS Accounting Server Address:
Access Profile:
GE-2/3/044.42.0.1/32Three (unit 4 to 6)GE-2/3/0.4 to GE-2/3/0.610.20.20.110.20.20.1
Retailer_Access2DHCP Server Address: 10.20.200.1
Routing Instance: Retailer_Instance2Dynamic Profile: Subscriber_Profile_Retail2
Wholesaler-Specific Network Elements
Access Network Interface:Loopback (lo0.3) Interface Address:
C-VLANs:Logical Interfaces:
RADIUS Authentication Server Address:RADIUS Accounting Server Address:
Access Profile:
GE-2/3/044.40.0.1/32One (unit 7)GE-2/3/0.7192.168.1.1192.168.1.1
Wholesaler_AccessDHCP Server Address: 192.168.100.1
Routing Instance: Wholesaler_InstanceDynamic Profile: Wholesaler_Profile
MX Series
Retailer 2
serverDHCP
g017
382
RelatedDocumentation
Layer 2 and Layer 3 Wholesale Overview on page 27•
• Broadband Subscriber Management DHCP Layer 3 Wholesale Topology and
Configuration Elements on page 59
Configuring Loopback Interfaces for the DHCP Layer 3Wholesale Solution
You must configure loopback interfaces for use in the subscriber management access
network. The loopback interfaces are automatically used for unnumbered interfaces.
Copyright © 2010, Juniper Networks, Inc.62
Junos 10.4 Broadband Subscriber Management Solutions Guide
NOTE: If you do not configure the loopback interface, the routing platformchooses the first interface to come online as the default. If you configuremore than one address on the loopback interface, we recommend that youconfigure one to be the primary address to ensure that it is selected for usewith unnumbered interfaces. By default, the primary address is used as thesource address when packets originate from the interface.
To configure loopback interfaces:
1. Edit the loopback interface.
[edit]user@host# edit interfaces lo0
2. Edit the unit for the wholesale loopback interface.
[edit interfaces lo0]user@host# edit unit 3
3. Edit the wholesale loopback interface family.
[edit interfaces lo0 unit 3]user@host# edit family inet
4. Specify the wholesale loopback interface address.
[edit interfaces lo0 unit 3]user@host# set address 44.40.0.1/32
5. Edit the unit for a retail loopback interface.
[edit interfaces lo0]user@host# edit unit 1
6. Edit the retail loopback interface family.
[edit interfaces lo0 unit 1]user@host# edit family inet
7. Specify the retail loopback interface address.
[edit interfaces lo0 unit 1]user@host# set address 44.42.0.1/32
8. Repeat steps 5 through 7 for additional retailers, making sure to use unique unit and
address values for each retailer loopback interface.
RelatedDocumentation
Configuring Top-Level Broadband Subscriber Management Elements on page 38•
• Junos OS Network Interfaces Configuration Guide
63Copyright © 2010, Juniper Networks, Inc.
Chapter 9: Configuring the Broadband Subscriber Management DHCP Layer 3 Wholesale Network Solution
Configuring VLANs for the DHCP Layer 3Wholesale Network Solution
You can configure either static or dynamic customer VLANs for use in the DHCP wholesale
network solution.
• Configuring Static Customer VLANs for the DHCP Layer 3 Wholesale Network
Solution on page 64
• Configuring Dynamic Customer VLANs for the Wholesale Network Solution on page 65
Configuring Static Customer VLANs for the DHCP Layer 3Wholesale Network Solution
In this example configuration, the access interface (ge-2/3/0) connects to a device (that
is, a DSLAM) on the access side of the network. You c an define static customer VLANs
(C-VLANs) for use by the access network subscribers.
To configure the customer VLANs:
1. Edit the access side interface.
[edit]user@host# edit interfaces ge-2/3/0
2. Specify the use of stacked VLAN tagging.
[edit interfaces ge-2/3/0]user@host# set stacked-vlan-tagging
3. Edit the interface unit for the first VLAN.
[edit interfaces ge-2/3/0]user@host# edit unit 1
4. Define the VLAN tags for the first VLAN.
[edit interfaces ge-2/3/0 unit 1]user@host# set vlan-tags outer 3 inner 1
5. Specify that you want to create IPv4 demux interfaces.
[edit interfaces ge-2/3/0 unit 1]user@host# set demux-source inet
6. Edit the family for the first VLAN.
[edit interfaces ge-2/3/0 unit 1]user@host# edit family inet
7. (Optional) Define the unnumbered address and the preferred source address for the
first VLAN.
[edit interfaces ge-2/3/0 unit 1 family inet]user@host# set unnumbered-address lo0.1 preferred-source-address 44.44.0.1
8. Repeat steps 2 through 7 for additional VLAN interface units.
Copyright © 2010, Juniper Networks, Inc.64
Junos 10.4 Broadband Subscriber Management Solutions Guide
Configuring Dynamic Customer VLANs for theWholesale Network Solution
To configure dynamic VLANs for the solution:
1. Configure a dynamic profile for dynamic VLAN creation.
a. Name the profile.
[edit]user@host# edit dynamic-profiles VLAN-PROF
b. Define the interfaces statement with the internal$junos-interface-ifd-namevariable
used by the router to match the interface name of the receiving interface.
[edit dynamic-profiles VLAN-PROF]user@host# edit interfaces $junos-interface-ifd-name
c. Define the unit statement with the predefined $junos-interface-unit variable:
[edit dynamic-profiles VLAN-PROF interfaces “$junos-interface-ifd-name”]user@host# edit unit $junos-interface-unit
d. (Optional) To configure the router to respond to any ARP request, specify the
proxy-arp statement.
[edit dynamic-profiles VLAN-PROF interfaces "$junos-interface-ifd-name" unit"$junos-interface-unit"]
user@host# set proxy-arp
e. Specify that you want to create IPv4 demux interfaces.
[edit dynamic-profiles VLAN-PROF interfaces "$junos-interface-ifd-name" unit"$junos-interface-unit"]
user@host# set demux-source inet
f. Specify the VLAN ID variable.
[edit dynamic-profiles VLAN-PROF interfaces "$junos-interface-ifd-name" unit"$junos-interface-unit"]
user@host# set vlan-tags outer $junos-stacked-vlan-id
The variable is dynamically replaced with an outer VLAN ID within the VLAN range
specified at the [interfaces] hierarchy level.
g. Specify the inner VLAN ID variable.
[edit dynamic-profiles VLAN-PROF interfaces "$junos-interface-ifd-name" unit"$junos-interface-unit"]
user@host# set vlan-tags inner $junos-vlan-id
The variable is dynamically replaced with an inner VLAN ID within the VLAN range
specified at the [interfaces] hierarchy level.
h. Access the family type.
[edit dynamic-profiles VLAN-PROF interfaces "$junos-interface-ifd-name" unit"$junos-interface-unit"]
user@host# edit family (Dynamic Standard Interface) inet
65Copyright © 2010, Juniper Networks, Inc.
Chapter 9: Configuring the Broadband Subscriber Management DHCP Layer 3 Wholesale Network Solution
i. (Optional) Enable IP and MAC address validation for dynamic IP demux interfaces
in a dynamic profile.
[edit dynamic-profiles VLAN-PROF interfaces "$junos-interface-ifd-name" unit"$junos-interface-unit" family inet]
user@host# setmac-validate (Dynamic IP Demux Interface) strict
j. (Optional) Specify the unnumbered address and preferred source address.
[edit dynamic-profiles VLAN-PROF interfaces "$junos-interface-ifd-name" unit"$junos-interface-unit" family inet]
user@host# set unnumbered-address (Dynamic Profiles) lo.0preferred-source-address 33.33.0.1
2. Associate the dynamic profile with the VLAN interface.
a. Access the interface that you want to use for creating VLANs.
[edit interfaces]user@host# edit interfaces ge-2/3/0
b. Specify the use of stacked VLAN tagging.
[edit interfaces ge-2/3/0]user@host# set stacked-vlan-tagging
c. Specify that you want to automatically configure VLAN interfaces.
[edit interfaces ge-2/3/0]user@host# edit auto-configure
d. Specify that you want to configure stacked VLANs.
[edit interfaces ge-2/3/0 auto-configure]user@host# edit stacked-vlan-ranges
e. Specify the dynamic VLAN profile that you want the interface to use.
[edit interfaces ge-2/3/0 auto-configure stacked-vlan-ranges]user@host# set dynamic-profile VLAN-PROF
f. Repeat steps a through e for any other interfaces that you want to use for creating
VLANs.
3. Specify the Ethernet packet type that the VLAN dynamic profile can accept.
[edit interfaces ge-2/3/0 auto-configure stacked-vlan-ranges VLAN-PROF]user@host# set accept inet
NOTE: This release supports only INET (IPv4) Ethernet packet types.
4. Define VLAN ranges for use by the dynamic profile when dynamically creating VLAN
IDs. For this solution, specify the outer and inner stacked VLAN ranges that you want
the dynamic profile to use. The following example specifies an outer stacked VLAN
ID range of 3–3 (enabling only the outer range of 3) and an inner stacked VLAN ID
range of 1–3 (enabling a range from 1 through 3 for the inner stacked VLAN ID).
[edit interfaces ge-0/0/0 auto-configure vlan-ranges]
Copyright © 2010, Juniper Networks, Inc.66
Junos 10.4 Broadband Subscriber Management Solutions Guide
user@host# set ranges 3–3,1–3
Configuring Access Components for the DHCPWholesale Network Solution
When configuring a wholesale network, you must configure several components globally.
This configuration provides access to RADIUS servers (if used) that you want the
wholesaler and any configured retailers to use globally. The access configuration includes
the following general steps:
• Configuring RADIUS Server Access on page 67
• Configuring a DHCP Wholesaler Access Profile on page 67
• Configuring DHCP Retailer Access Profiles on page 68
Configuring RADIUS Server Access
You can globally define any RADIUS servers in your network that either the wholesale
access profile or retailer access profile can use. After you define the global RADIUS
servers, you can specify specific RADIUS servers within individual access profiles.
To define RADIUS servers for profile access:
1. Access the [edit access radius-server] hierarchy level.
[edit ]user@host# edit access radius-server
2. Specify the address and secret for any RADIUS servers in the network.
[edit access radius-server]user@host# set 192.168.10.1 secret $9$CzBxBBf1eWx-wM8xgaU.m345B02EcyKXLuser@host# set 10.10.10.1 secret $7$OsCsBAf1fXx-wY3xgaU.m123A02ZtyNMT
Configuring a DHCPWholesaler Access Profile
You must define the network and interface over which you want subscribers to initially
access the network with a wholesale access profile. When a subscriber attempts to
access the network, the access profile provides initial access information including
authentication and accounting values that the router uses for the accessing subscriber.
To define a wholesale access profile:
1. Create the wholesale access profile.
[edit]user@host# edit access profileWholesale1
2. Specify the authentication methods for the profile and the order in which they are
used.
[edit access profileWholesaler1]user@host# set authentication-order radius password
3. Specify that you want to configure RADIUS support.
[edit access profileWholesaler1]user@host# edit radius (Access Profile)
67Copyright © 2010, Juniper Networks, Inc.
Chapter 9: Configuring the Broadband Subscriber Management DHCP Layer 3 Wholesale Network Solution
4. Specify the IP address of the RADIUS server used for authentication.
[edit access profileWholesaler1 radius]user@host# set authentication-server 192.168.10.1
5. Specify the IP address of the RADIUS server used for accounting.
[edit access profileWholesaler1 radius]user@host# set accounting-server 192.168.10.1
6. Configure any desired options for the RADIUS server.
See Configuring RADIUS Server Options for Subscriber Access.
7. Configure subscriber accounting (RADIUS accounting).
See Configuring Per-Subscriber Session Accounting.
Configuring DHCP Retailer Access Profiles
In this solution, subscribers are redirected to a networking space used by a specific retailer
and defined by a unique routing instance. This method requires that you define the network
and interface over which you want subscribers to access the network after being redirected
by the wholesale access profile.
To define a retailer access profile:
1. Create the retailer access profile.
[edit]user@host# edit access profile Retailer1
2. Specify the authentication methods for the profile and the order in which they are
used.
[edit access profile Retailer1]user@host# set authentication-order radius password
3. Specify that you want to configure RADIUS support.
[edit access profile Retailer1]user@host# edit radius (Access Profile)
4. Specify the IP address of the RADIUS server used for authentication.
[edit access profile Retailer1 radius]user@host# set authentication-server 10.10.10.1
5. Specify the IP address of the RADIUS server used for accounting.
[edit access profile Retailer1 radius]user@host# set accounting-server 10.10.10.1
6. Configure any desired options for the RADIUS server.
See Configuring RADIUS Server Options for Subscriber Access.
7. Configure subscriber accounting (RADIUS accounting).
See Configuring Per-Subscriber Session Accounting.
Copyright © 2010, Juniper Networks, Inc.68
Junos 10.4 Broadband Subscriber Management Solutions Guide
Configuring Dynamic Profiles for the DHCP Layer 3Wholesale Network Solution
A dynamic profile is a set of characteristics, defined in a type of template, that you can
use to provide services for broadband applications. These services are assigned
dynamically to interfaces as they access the network. When configuring dynamic profiles
for the DHCP Layer 3 wholesale network, you can choose to configure one dynamic profile
to address all incoming subscribers or you can configure individual dynamic profiles for
use by the different network management groups (that is, the wholesaler and any
retailers). In fact, you can create multiple dynamic profiles that you can use to roll out
different services and selectively apply those dynamic profiles to different subscriber
groups as necessary.
In this solution example, one dynamic profile is created for use by the wholesaler when
subscribers initially access the network. Other dynamic profiles are created for the
subscribers for each individual retailer to use after they are redirected to that retailer
network space.
• Configuring a Wholesale Dynamic Profile for use in the DHCP Solution on page 69
• Configuring a Retail Dynamic Profile for use in the DHCP Solution on page 69
Configuring aWholesale Dynamic Profile for use in the DHCP Solution
You can configure a basic access profile to initially manage subscribers that access the
network.
To configure a dynamic profile for use by the wholesaler:
1. Create a wholesale dynamic profile.
[edit]user@host# edit dynamic-profilesWholesaler1
2. Define the dynamic profile interfaces.
See Configuring Dynamic Subscriber Interfaces Using IP Demux Interfaces in Dynamic
Profiles for the minimal dynamic demux interface configuration.
Configuring a Retail Dynamic Profile for use in the DHCP Solution
To configure a dynamic profile for use with retailer access:
1. Create a retail dynamic profile.
[edit]user@host# edit dynamic-profiles Subscriber_Profile_Retail1
2. Define the dynamic routing instance variable in the dynamic profile.
[edit dynamic-profiles Subscriber_Profile_Retail1]user@host# edit routing-instances $junos-routing-instance
3. Set the dynamic interface variable for the dynamic routing instance.
[edit dynamic-profiles Subscriber_Profile_Retail1 routing-instances“$junos-routing-instance”]
69Copyright © 2010, Juniper Networks, Inc.
Chapter 9: Configuring the Broadband Subscriber Management DHCP Layer 3 Wholesale Network Solution
user@host# set interface $junos-interface-name
4. Define the dynamic profile interfaces.
See Configuring Dynamic Subscriber Interfaces Using IP Demux Interfaces in Dynamic
Profiles for the minimal dynamic demux interface configuration.
Configuring Separate Routing Instances for DHCP Service Retailers
As the owner of the system, the wholesaler uses the default routing instance. You must
create separate routing instances for each individual retailer to keep routing information
for individual retailers separate and to define any servers and forwarding options specific
to each retailer.
To define a retailer routing instance:
1. Create the retailer routing instance.
[edit]user@host# edit routing-instances RetailerInstance1
2. Specify the routing instance type for the retailer.
[edit routing-instances “RetailerInstance1”]user@host# set instance-type vrf
3. Specify the access profile that you want the routing instance to use.
[edit routing-instances “RetailerInstance1”]user@host# set access-profile Retailer1
4. Specify the interface that faces the Retailer1 RADIUS server.
[edit routing-instances “RetailerInstance1”]user@host# set interface ge-11/1/9.10
5. Specify the interface that faces the Retailer1 DHCP server.
[edit routing-instances “RetailerInstance1”]user@host# set interface ge-11/1/10.100
6. Specify the loopback interface unit for this routing instance.
[edit routing-instances “RetailerInstance1”]user@host# set interface lo0.1
NOTE: Loopback interfacesmust be unique for each routing instance.
7. Access the DHCP Relay forwarding options hierarchy for the routing instance.
[edit routing-instances “RetailerInstance1”]user@host# edit forwarding-options dhcp-relay
NOTE: The configuration for this wholesale solution uses DHCP Relay.However, you can also configure DHCP Proxy Relay or DHCP Local Serverfor the DHCP Layer 3 wholesale network.
Copyright © 2010, Juniper Networks, Inc.70
Junos 10.4 Broadband Subscriber Management Solutions Guide
8. Specify that you want to configure authentication options and use external AAA
authentication services.
[edit routing-instances “RetailerInstance1” forwarding-options dhcp-relay]user@host# edit authentication
9. (Optional) Configure a password that authenticates the username to the external
authentication service.
See Configuring Passwords for Usernames.
10. (Optional) Configure optional features to create a unique username.
See Creating Unique Usernames for DHCP Clients.
11. Specify the default dynamic profile that you want to attach to DHCP subscriber for
this retailer.
[edit routing-instances “RetailerInstance1” forwarding-options dhcp-relay]user@host# set dynamic-profile Subscriber_Profile_Retail1
12. Specify any overrides for the default DHCP Relay configuration.
See Overriding the Default DHCP Relay Configuration Settings.
13. Configure a named server group for the retailer.
[edit routing-instances “RetailerInstance1” forwarding-options dhcp-relay]user@host# edit server-group Retailer1_Group
14. Specify the DHCP server address for the retailer group.
[edit routing-instances “RetailerInstance1” forwarding-optionsdhcp-relay server-group“Retailer1_Group”]
user@host# set 10.10.100.1
15. Specify the retailer group as the active server group for this routing instance.
[edit routing-instances “RetailerInstance1” forwarding-options dhcp-relay]user@host# set active-server-group Retailer1_Group
16. Configure a group you can use to define the retailer dynamic profile and DHCP access
interface.
[edit routing-instances “RetailerInstance1” forwarding-options dhcp-relay]user@host# edit group Retailer1_Group
17. Specify the dynamic profile that the retailer DHCP subscribers use.
[edit routing-instances “RetailerInstance1” forwarding-options dhcp-relay group“Retailer1_Group”]
user@host# set dynamic-profile Subscriber_Profile_Retailer1
18. Specify the retailer interface that the retailer DHCP subscribers use.
[edit routing-instances “RetailerInstance1” forwarding-options dhcp-relay group“Retailer1_Group”]
user@host# set interface ge-2/3/0.2
19. (Optional) Configure any passwords that authenticate the username to the external
authentication service for the retailer groups that you created.
See Configuring Passwords for Usernames.
71Copyright © 2010, Juniper Networks, Inc.
Chapter 9: Configuring the Broadband Subscriber Management DHCP Layer 3 Wholesale Network Solution
20. (Optional) Configure any unique username values for the retailer groups that you
created.
See Creating Unique Usernames for DHCP Clients.
21. (Optional) Specify any overrides for any of the DHCP Relay group configurations that
you created.
See Overriding the Default DHCP Relay Configuration Settings.
22. Repeat this procedure for other retailers.
RelatedDocumentation
Configuring Routing Instances•
Configure Default Forwarding Options for the DHCPWholesale Network Solution
You can use DHCP Relay, DHCP Relay Proxy, or DHCP Local Server configuration in a
DHCP wholesale network. DHCP configuration is defined at the [edit forwarding-options]
hierarchy level.
NOTE: The configuration for this wholesale solution uses DHCP Relay.
To configure DHCP Relay forwarding options:
1. Access the [edit forwarding-options dhcp-relay] hierarchy.
[edit]user@host# edit forwarding-options dhcp-relay
2. Specify that you want to configure authentication options and use external AAA
authentication services.
[edit forwarding-options dhcp-relay]user@host# edit authentication
3. (Optional) Configure a password that authenticates the username to the external
authentication service.
See Configuring Passwords for Usernames.
4. (Optional) Configure optional features to create a unique username.
See Creating Unique Usernames for DHCP Clients.
5. Specify the default dynamic profile that you want to attach to all DHCP subscriber
that access the router.
[edit forwarding-options dhcp-relay]user@host# set dynamic-profileWholesaler_Profile
6. Specify any overrides for the default DHCP Relay configuration.
See Overriding the Default DHCP Relay Configuration Settings.
7. Configure a named server group for default (wholesaler) DHCP server access.
Copyright © 2010, Juniper Networks, Inc.72
Junos 10.4 Broadband Subscriber Management Solutions Guide
[edit forwarding-options dhcp-relay]user@host# edit server-groupWholesaler_Group
8. Specify the DHCP server address for the default (wholesale) group.
[edit forwarding-options dhcp-relay server-group “Wholesaler_Group”]user@host# set 192.168.100.1
9. Specify the default (wholesale) group as the active server group.
[edit forwarding-options dhcp-relay]user@host# set active-server-groupWholesaler_Group
10. Configure a group you can use to define the wholesale DHCP access interface.
[edit forwarding-options dhcp-relay]user@host# edit groupWholesaler_Group
11. Specify the default (wholesale) interface that all DHCP subscribers use when first
accessing the router.
[edit forwarding-options dhcp-relay group “Wholesaler_Group”]user@host# set interface ge-2/3/0.1
12. Configure a group you can use to define a retail DHCP interface.
[edit forwarding-options dhcp-relay]user@host# edit group Retailer1_Group
13. Specify the logical interface the DHCP subscribers use once redirected.
[edit forwarding-options dhcp-relay group “Retailer1_Group”]user@host# set interface ge-2/3/0.2
14. Repeat steps 12 and 13 for other retailer groups.
In this solution example, you configure another group name of “Retailer2_Group” and
specify ge-2/3/0.3 for the logical interface.
15. (Optional) Configure any passwords that authenticate the username to the external
authentication service for any of the groups that you created.
See Configuring Passwords for Usernames.
16. (Optional) Configure optional features to create a unique username for any of the
groups that you created.
See Creating Unique Usernames for DHCP Clients.
17. (Optional) Specify any overrides for any of the DHCP Relay group configurations that
you created.
See Overriding the Default DHCP Relay Configuration Settings.
RelatedDocumentation
• Extended DHCP Relay Agent Overview
• DHCP Relay Proxy Overview
• Configuring Passwords for Usernames
• Creating Unique Usernames for DHCP Clients
• Overriding the Default DHCP Relay Configuration Settings
73Copyright © 2010, Juniper Networks, Inc.
Chapter 9: Configuring the Broadband Subscriber Management DHCP Layer 3 Wholesale Network Solution
Copyright © 2010, Juniper Networks, Inc.74
Junos 10.4 Broadband Subscriber Management Solutions Guide
CHAPTER 10
Broadband Subscriber ManagementDHCP Layer 3Wholesale NetworkConfiguration Examples
• Example: Wholesaler Dynamic Profile for a DHCP Wholesale Network on page 75
• Example: Retailer Dynamic Profile for a DHCP Wholesale Network on page 76
• Example: Default Forwarding Options Configuration for the DHCP Wholesale
Network on page 76
• Example: Retailer Routing Instances for a DHCP Wholesale Network on page 77
Example:Wholesaler Dynamic Profile for a DHCPWholesale Network
This example specifies a dynamic profile name of Wholesaler_Profile, uses dynamic IP
demux interfaces, and references the predefined input firewall filter.
dynamic-profiles {Wholesaler_Profile {interfaces {demux0 {unit "$junos-interface-unit" {demux-options {underlying-interface "$junos-underlying-interface";
}family inet {demux-source {$junos-subscriber-ip-address;
}filter {input "$junos-input-filter";
}unnumbered-address "$junos-loopback-interface"preferred-source-address$junos-preferred-source-address;
}}
}}
}
75Copyright © 2010, Juniper Networks, Inc.
Example: Retailer Dynamic Profile for a DHCPWholesale Network
dynamic-profiles {Subscriber_Profile_Retailer1 {routing-instances {"$junos-routing-instance" {interface "$junos-interface-name";
}}interfaces {demux0 {unit "$junos-interface-unit" {demux-options {underlying-interface "$junos-underlying-interface";
}family inet {demux-source {"$junos-subscriber-ip-address";
}unnumbered-address "$junos-loopback-interface"preferred-source-address"$junos-preferred-source-address";
}}
}}
}
Example: Default ForwardingOptionsConfiguration for theDHCPWholesaleNetwork
forwarding-options {dhcp-relay {traceoptions {file size 1g;inactive: flag all;
}authentication {password psswd;username-include {user-prefixWholesaleNetwork;
}}dynamic-profileWholesaler_Profile;overrides {always-write-giaddr;always-write-option-82;layer2-unicast-replies;trust-option-82;client-discover-match;
}server-group {Wholesaler-Server-Group {192.168.100.1;
}}
Copyright © 2010, Juniper Networks, Inc.76
Junos 10.4 Broadband Subscriber Management Solutions Guide
active-server-groupWholesaler-Server Group;groupWholesaler-Group {authentication {password psswd;username-include {user-prefixWholesaleNetwork;
}}interface ge-2/3/0.1;
}group Retailer1-Group {authentication {password psswd1;username-include {user-prefixWholesaleNetwork_Retailer1;
}}interface ge-2/3/0.2;
}group Retailer2-Group {authentication {password psswd2;username-include {user-prefixWholesaleNetwork_Retailer1;
}}interface ge-2/3/0.3;
}}
}
Example: Retailer Routing Instances for a DHCPWholesale Network
routing-instances {Retailer_Instance1 {instance-type vrf;access-profile Retailer_Access1;interface ge-11/1/9.10;interface ge-11/1/10.100;interface lo0.1;route-distinguisher 1:1;forwarding-options {dhcp-relay {authentication {password psswd1;username-include {user-prefixWholesaleNetwork_Retailer1;
}}dynamic-profile Subscriber_Profile_Retailer1;overrides {always-write-giaddr;always-write-option-82;layer2-unicast-replies;trust-option-82;
77Copyright © 2010, Juniper Networks, Inc.
Chapter 10: Broadband Subscriber Management DHCP Layer 3 Wholesale Network Configuration Examples
client-discover-match;}server-group {Retailer1-Server-Group {10.10.100.1;
}}active-server-group Retailer1-Server-Group;group Retailer1-Group {authentication {password psswd1;username-include {user-prefixWholesaleNetwork_Retailer1;
}}dynamic-profile Subscriber_Profile_Retailer1;overrides {always-write-giaddr;trust-option-82;client-discover-match;
}interface ge-2/3/0.2;
}}
}}Retailer_Instance2 {instance-type vrf;access-profile Retailer_Access2;interface ge-7/1/9.10;interface ge-7/1/9.100;interface lo0.2;route-distinguisher 2:2;forwarding-options {dhcp-relay {authentication {password psswd2;username-include {user-prefixWholesaleNetwork_Retailer2;
}}dynamic-profile Subscriber_Profile_Retailer2;overrides {always-write-giaddr;trust-option-82;client-discover-match;
}server-group {Retailer2-Group {10.20.200.1;
}}active-server-group Retailer2-Group;group Retailer2-Group {authentication {password psswd2;
Copyright © 2010, Juniper Networks, Inc.78
Junos 10.4 Broadband Subscriber Management Solutions Guide
username-include {user-prefix psswd2;
}}dynamic-profile Subscriber_Profile_Retailer2;overrides {always-write-giaddr;trust-option-82;client-discover-match;
}interface ge-2/3/0.3;
}}
}}
}
79Copyright © 2010, Juniper Networks, Inc.
Chapter 10: Broadband Subscriber Management DHCP Layer 3 Wholesale Network Configuration Examples
Copyright © 2010, Juniper Networks, Inc.80
Junos 10.4 Broadband Subscriber Management Solutions Guide
CHAPTER 11
Broadband Subscriber ManagementPPPoE Layer 3Wholesale NetworkConfiguration Overview
• Broadband Subscriber Management PPPoE Layer 3 Wholesale Topology and
Configuration Elements on page 81
Broadband Subscriber Management PPPoE Layer 3Wholesale Topology andConfiguration Elements
The network topology for the subscriber management PPPoE Layer 3 wholesale solution
includes configuring separate routing instances for individual retailers that use a portion
of the router.
To explain the concept, but to limit complexity, this solution provides a configuration
with one wholesaler and only two retailers. Figure 7 on page 82 illustrates a basic PPPoE
Layer 3 wholesale topology model from which you can expand.
81Copyright © 2010, Juniper Networks, Inc.
Figure7:BasicSubscriberManagementPPPoELayer3WholesaleSolutionTopology
MSAN
Retailer 1 Network Space
MSAN Retailer 2 Network Space
MX-series Wholesaler Network Space
Retailer 1RADIUSserver
WholesalerRADIUSserver
Retailer 2RADIUSserver
g017
456
When you are configuring a PPPoE Layer 3 wholesale network solution, the following
configuration elements are required:
• Subscriber network VLAN configuration
• Addressing server or addressing server access configuration
• RADIUS server access configuration
• Dynamic profile configuration for default (wholesaler) access
• Routing instance configuration for individual retailers
• Group configuration and forwarding options for the network
• Core network configuration
This implementation of PPPoE Layer 3 wholesale supports the following:
• Dynamic PPPoE interface creation.
• Static VLAN use only.
• AAA server assignment of subscribers to different routing instances within the same
(default) logical system only.
Copyright © 2010, Juniper Networks, Inc.82
Junos 10.4 Broadband Subscriber Management Solutions Guide
CHAPTER 12
Configuring the Broadband SubscriberManagement PPPoE Layer 3WholesaleNetwork Solution
• PPPoE Layer 3 Wholesale Network Topology Overview on page 83
• Configuring Loopback Interfaces for the PPPoE Layer 3 Wholesale Solution on page 84
• Configuring Static Customer VLANs for the PPPoE Layer 3 Wholesale Network
Solution on page 85
• Configuring Access Components for the PPPoE Wholesale Network Solution on page 86
• Configuring Dynamic Profiles for the PPPoE Layer 3 Wholesale Network
Solution on page 88
• Configuring Separate Routing Instances for PPPoE Service Retailers on page 90
PPPoE Layer 3Wholesale Network Topology Overview
This configuration explains how to configure a simple PPPoE Layer 3 wholesale subscriber
access network. This solution incorporates two retailers sharing resources on a wholesaler
router. Figure 8 on page 84 provides the reference topology for this configuration example.
83Copyright © 2010, Juniper Networks, Inc.
Figure 8: PPPoE Layer 3Wholesale Network Reference Topology
MSAN
GE-9/3/0
Retailer 1 Network Space
MSAN
GE-9/3/0
Retailer 1RADIUSserver
Retailer 2 Network Space
Retailer 1 Network ElementsAccess Network Interface:
Loopback (lo0.5) Interface Address:C-VLANs:
Logical Interfaces:RADIUS Authentication Server Address:
RADIUS Accounting Server Address:Access Profile:
GE-9/3/033.33.0.1/32Three (unit 8 to 10)GE-9/3/0.8 to GE-9/3/0.1110.10.10.110.10.10.1PPPoE_Retailer_Access1
Routing Instance: PPPoE_Retailer_Instance1
Retailer 2 Network ElementsAccess Network Interface:
Loopback (lo0.6) Interface Address:C-VLANs:
Logical Interfaces:RADIUS Authentication Server Address:
RADIUS Accounting Server Address:Access Profile:
GE-9/3/033.32.0.1/32Three (unit 11 to 13)GE-9/3/0.11 to GE-9/3/0.1310.20.20.110.20.20.1PPPoE_Retailer_Access2
Routing Instance: PPPoE_Retailer_Instance2
Wholesaler-Specific Network ElementsAccess Network Interface:
Loopback (lo0.4) Interface Address:C-VLANs:
Logical Interfaces:RADIUS Authentication Server Address:
RADIUS Accounting Server Address:Access Profile:
GE-9/3/033.30.0.1/32One (unit 14)GE-9/3/0.14192.168.1.1192.168.1.1PPPoE_Wholesaler_Access
Routing Instance: PPPoE_Wholesaler_InstanceDynamic Profile: PPPoE_Wholesaler_Profile
MX-seriesWholesaler
RADIUSserver
Retailer 2RADIUSserver
g017
457
RelatedDocumentation
Layer 2 and Layer 3 Wholesale Overview on page 27•
• Broadband Subscriber Management DHCP Layer 3 Wholesale Topology and
Configuration Elements on page 59
Configuring Loopback Interfaces for the PPPoE Layer 3Wholesale Solution
You must configure loopback interfaces for use in the subscriber management access
network. The loopback interfaces are automatically used for unnumbered interfaces.
NOTE: If you do not configure the loopback interface, the routing platformchooses the first interface to come online as the default. If you configuremore than one address on the loopback interface, we recommend that youconfigure one to be the primary address to ensure that it is selected for usewith unnumbered interfaces. By default, the primary address is used as thesource address when packets originate from the interface.
Copyright © 2010, Juniper Networks, Inc.84
Junos 10.4 Broadband Subscriber Management Solutions Guide
To configure loopback interfaces:
1. Edit the loopback interface.
[edit]user@host# edit interfaces lo0
2. Edit the unit for the wholesale loopback interface.
[edit interfaces lo0]user@host# edit unit 4
3. Edit the wholesale loopback interface family.
[edit interfaces lo0 unit 4]user@host# edit family inet
4. Specify the wholesale loopback interface address.
[edit interfaces lo0 unit 4]user@host# set address 33.30.0.1/32
5. (Optional) Specify the loopback interface address as the primary loopback interface.
[edit interfaces lo0 unit 4]user@host# set address 33.30.0.2/32 primary
6. Edit the unit for a retail loopback interface.
[edit interfaces lo0]user@host# edit unit 5
7. Edit the retail loopback interface family.
[edit interfaces lo0 unit 5]user@host# edit family inet
8. Specify the retail loopback interface address.
[edit interfaces lo0 unit 5]user@host# set address 33.33.0.1/32
9. (Optional) Specify the loopback interface address as the primary loopback interface.
[edit interfaces lo0 unit 5]user@host# set address 33.33.0.2/32 primary
10. Repeat steps 7 through 10 for additional retailers, making sure to use unique unit and
address values for each retailer loopback interface.
RelatedDocumentation
Configuring Top-Level Broadband Subscriber Management Elements on page 38•
• Junos OS Network Interfaces Configuration Guide
ConfiguringStaticCustomerVLANsfor thePPPoELayer3WholesaleNetworkSolution
In this example configuration, the access interface (ge-9/3/0) connects to a device (that
is, a DSLAM) on the access side of the network. You can define static customer VLANs
(C-VLANs) for use by the wholesaler and any access network subscribers.
85Copyright © 2010, Juniper Networks, Inc.
Chapter 12: Configuring the Broadband Subscriber Management PPPoE Layer 3 Wholesale Network Solution
To configure the customer VLANs:
1. Edit the access side interface.
[edit]user@host# edit interfaces ge-9/3/0
2. Specify the use of flexible VLAN tagging.
[edit interfaces ge-9/3/0]user@host# set flexible-vlan-tagging
3. Edit the interface unit for the wholesaler VLAN.
[edit interfaces ge-9/3/0]user@host# edit unit 14
4. Specify the type of encapsulation that you want the wholesaler VLAN to use.
[edit interfaces ge-9/3/0 unit 14]user@host# set encapsulation ppp-over-ether
5. (Optional) Specify that you want the wholesaler VLAN to use Proxy ARP.
[edit interfaces ge-9/3/0 unit 14]user@host# set proxy-arp
6. Define a unique VLAN ID for the wholesaler VLAN.
[edit interfaces ge-9/3/0 unit 14]user@host# set vlan-id 14
7. Specify the dynamic profile that you want the wholesaler VLAN to use.
[edit interfaces ge-9/3/0 unit 14]user@host#setpppoe-underlying-optionsdynamic-profilePPPoE_Wholesaler_Profile
Configuring Access Components for the PPPoEWholesale Network Solution
When configuring a wholesale network, you must configure several components globally.
This configuration provides access to RADIUS servers (if used) that you want the
wholesaler and any configured retailers to use globally. The access configuration includes
the following general steps:
• Configuring RADIUS Server Access on page 86
• Configuring a PPPoE Wholesaler Access Profile on page 87
• Configuring PPPoE Retailer Access Profiles on page 87
Configuring RADIUS Server Access
You can globally define any RADIUS servers in your network that either the wholesale
access profile or retailer access profile can use. After you define the global RADIUS
servers, you can specify specific RADIUS servers within individual access profiles.
To define RADIUS servers for profile access:
1. Access the [edit access radius-server] hierarchy level.
[edit ]
Copyright © 2010, Juniper Networks, Inc.86
Junos 10.4 Broadband Subscriber Management Solutions Guide
user@host# edit access radius-server
2. Specify the address and secret for any RADIUS servers in the network.
[edit access radius-server]user@host# set 192.168.10.1 secret $9$CzBxBBf1eWx-wM8xgaU.m345B02EcyKXLuser@host# set 10.10.10.1 secret $7$OsCsBAf1fXx-wY3xgaU.m123A02ZtyNMT
Configuring a PPPoEWholesaler Access Profile
You must define the network and interface over which you want subscribers to initially
access the network with a wholesale access profile. When a subscriber attempts to
access the network, the access profile provides initial access information including
authentication and accounting values that the router uses for the accessing subscriber.
To define a wholesale access profile:
1. Create the wholesale access profile.
[edit]user@host# edit access profile PPPoE_Wholesaler_Access
2. Specify the authentication methods for the profile and the order in which they are
used.
[edit access profileWholesaler1]user@host# set authentication-order radius
3. Specify that you want to configure RADIUS support.
[edit access profileWholesaler1]user@host# edit radius (Access Profile)
4. Specify the IP address of the RADIUS server used for authentication.
[edit access profileWholesaler1 radius]user@host# set authentication-server 192.168.10.1
5. Specify the IP address of the RADIUS server used for accounting.
[edit access profileWholesaler1 radius]user@host# set accounting-server 192.168.10.1
6. Configure any desired options for the RADIUS server.
See Configuring RADIUS Server Options for Subscriber Access.
7. Configure subscriber accounting (RADIUS accounting).
See Configuring Per-Subscriber Session Accounting.
Configuring PPPoE Retailer Access Profiles
In this solution, subscribers are redirected to a networking space used by a specific retailer
and defined by a unique routing instance. This method requires that you define the network
and interface over which you want subscribers to access the network after being redirected
by the wholesale access profile.
87Copyright © 2010, Juniper Networks, Inc.
Chapter 12: Configuring the Broadband Subscriber Management PPPoE Layer 3 Wholesale Network Solution
To define a retailer access profile:
1. Create the retailer access profile.
[edit]user@host# edit access profile PPPoE_Retailer_Access1
2. Specify the authentication methods for the profile and the order in which they are
used.
[edit access profile Retailer1]user@host# set authentication-order radius
3. Specify that you want to configure RADIUS support.
[edit access profile Retailer1]user@host# edit radius (Access Profile)
4. Specify the IP address of the RADIUS server used for authentication.
[edit access profile Retailer1 radius]user@host# set authentication-server 10.10.10.1
5. Specify the IP address of the RADIUS server used for accounting.
[edit access profile Retailer1 radius]user@host# set accounting-server 10.10.10.1
6. Configure any desired options for the RADIUS server.
See Configuring RADIUS Server Options for Subscriber Access.
7. Configure subscriber accounting (RADIUS accounting).
See Configuring Per-Subscriber Session Accounting.
Configuring Dynamic Profiles for the PPPoE Layer 3Wholesale Network Solution
A dynamic profile is a set of characteristics, defined in a type of template, that you can
use to provide services for broadband applications. These services are assigned
dynamically to interfaces as they access the network. When configuring dynamic profiles
for the PPPoE Layer 3 wholesale network, you can choose to configure one dynamic
profile to address all incoming subscribers or you can configure individual dynamic profiles
for use by the different network management groups (that is, the wholesaler and any
retailers). In fact, you can create multiple dynamic profiles that you can use to roll out
different services and selectively apply those dynamic profiles to different subscriber
groups as necessary.
In this solution example, one dynamic profile is created for use by the wholesaler when
subscribers initially access the network. Subscribers are assigned by the wholesaler
RADIUS server to a particular retailer routing instance and can then be redirected to that
retailer network space.
• Configuring a Wholesale Dynamic Profile for use in the PPPoE Solution on page 89
Copyright © 2010, Juniper Networks, Inc.88
Junos 10.4 Broadband Subscriber Management Solutions Guide
Configuring aWholesale Dynamic Profile for use in the PPPoE Solution
You can configure a basic access profile to initially manage PPPoE subscribers that
access the network.
To configure a dynamic profile for use by the wholesaler:
1. Create a wholesale dynamic profile.
[edit]user@host# edit dynamic-profiles PPPoE_Wholesaler_Profile
2. Define the dynamic routing instance variable in the dynamic profile.
[edit dynamic-profiles PPPoE_Wholesaler_Profile]user@host# edit routing-instances $junos-routing-instance
3. Set the dynamic interface variable for the dynamic routing instance.
[edit dynamic-profiles PPPoE_Wholesaler_Profile routing-instances“$junos-routing-instance”]
user@host# set interface $junos-interface-name
4. Specify that you want to configure the pp0 interface in the dynamic profile.
[edit dynamic-profiles PPPoE_Wholesaler_Profile interfaces pp0]user@host# edit interfaces pp0
5. Configure the unit for the pp0 interface.
a. Configure the variable for the unit number of the pp0 interface.
The variable is dynamically replaced with the unit number that RADIUS supplies
when the subscriber logs in.
[edit dynamic-profiles PPPoE_Wholesaler_Profile interfaces pp0]user@host# edit unit $junos-interface-unit
b. Configure PAP or CHAP (or both) to function on the interface.
[edit dynamic-profiles PPPoE_Wholesaler_Profile interfaces pp0 unit“$junos-interface-unit”]
user@host# set ppp-options chap pap
c. Configure the variable for the underlying interface of the pp0 interfaces.
The variable is dynamically replaced with the underlying interface that RADIUS
supplies when the subscriber logs in.
[edit dynamic-profiles PPPoE_Wholesaler_Profile interfaces pp0 unit“$junos-interface-unit”]
user@host# set pppoe-options underlying-interface $junos-underlying-interface
d. Configure the router to act as a PPPoE server.
[edit dynamic-profiles PPPoE_Wholesaler_Profile interfaces pp0 unit“$junos-interface-unit”]
user@host# set pppoe-options server
6. (Optional) Modify the PPPoE keepalive interval.
89Copyright © 2010, Juniper Networks, Inc.
Chapter 12: Configuring the Broadband Subscriber Management PPPoE Layer 3 Wholesale Network Solution
[edit dynamic-profiles PPPoE_Wholesaler_Profile interfaces pp0 unit“$junos-interface-unit”]
user@host# set keepalives interval 15
7. Configure the family for the pp0 interface.
a. Specify that you want to configure the family.
NOTE: You can specify inet for IPv4 and inet6 for IPv6. However, this
solution provides the IPv4 configuration only.
[edit dynamic-profiles PPPoE_Wholesaler_Profile interfaces pp0 unit“$junos-interface-unit”]
user@host# edit family inet
b. Configure the unnumbered address for the family.
[edit dynamic-profiles PPPoE_Wholesaler_Profile interfaces pp0 unit“$junos-interface-unit” family inet]
user@host# set unnumbered-address $junos-loopback-interface
Configuring Separate Routing Instances for PPPoE Service Retailers
As the owner of the system, the wholesaler uses the default routing instance. You must
create separate routing instances for each individual retailer to keep routing information
for individual retailers separate and to define any servers and forwarding options specific
to each retailer.
To define a retailer routing instance:
1. Create the retailer routing instance.
[edit]user@host# edit routing-instances PPPoE_Retailer_Instance1
2. Specify the routing instance type for the retailer.
[edit routing-instances “RetailerInstance1”]user@host# set instance-type vrf
3. Specify the access profile that you want the routing instance to use.
[edit routing-instances “RetailerInstance1”]user@host# set access-profile PPPoE_Retailer_Access1
4. Specify the interface that faces the Retailer1 RADIUS server.
[edit routing-instances “RetailerInstance1”]user@host# set interface ge-11/1/9.10
5. Specify the loopback interface unit for this routing instance.
[edit routing-instances “RetailerInstance1”]user@host# set interface lo0.5
Copyright © 2010, Juniper Networks, Inc.90
Junos 10.4 Broadband Subscriber Management Solutions Guide
NOTE: Loopback interfacesmust be unique for each routing instance.
6. Specify an identifier to distinguish the VPN to which the route belongs.
[edit routing-instances “RetailerInstance1”]user@host# set route-distinguisher 1:1
7. Specify how routes are imported into the local PE router’s VPN routing table from the
remote PE router.
[edit routing-instances “RetailerInstance1”]user@host# setvrf-import policyImport
8. Specify which routes are exported from the local instance table to the remote PE
router.
[edit routing-instances “RetailerInstance1”]user@host# setvrf-export policyExport
9. Repeat this procedure for other retailers.
RelatedDocumentation
• Configuring Routing Instances
91Copyright © 2010, Juniper Networks, Inc.
Chapter 12: Configuring the Broadband Subscriber Management PPPoE Layer 3 Wholesale Network Solution
Copyright © 2010, Juniper Networks, Inc.92
Junos 10.4 Broadband Subscriber Management Solutions Guide
CHAPTER 13
Broadband Subscriber ManagementPPPoEWholesale Network ConfigurationExamples
• Example: Wholesaler Dynamic Profile for a PPPoE Wholesale Network on page 93
• Example: Retailer Routing Instances for a PPPoE Wholesale Network on page 94
Example:Wholesaler Dynamic Profile for a PPPoEWholesale Network
This example specifies a dynamic profile name of PPPoE_Wholesaler_Profile, uses pp0
interfaces, and references the predefined input firewall filter.
PPPoE_Wholesaler_Profile {routing-instances {"$junos-routing-instance" {interface "$junos-interface-name";
}}interfaces {pp0 {unit "$junos-interface-unit" {ppp-options {chap;pap;
}pppoe-options {underlying-interface "$junos-underlying-interface";server;
}keepalives interval 15;family inet {filter {input "$junos-input-filter";output "$junos-output-filter";
}unnumbered-address "$junos-loopback-interface";
}}
}}
93Copyright © 2010, Juniper Networks, Inc.
}
Example: Retailer Routing Instances for a PPPoEWholesale Network
routing-instances {PPPoE_Retailer_Instance1 {instance-type vrf;access-profile PPPoE_Retailer_Access1;interface ge-11/1/9.10;interface lo0.5;route-distinguisher 1:1;vrf-import policyImport;vrf-export policyExport;
}Retailer_Instance2 {instance-type vrf;access-profile PPPoE_Retailer_Access2;interface ge-11/1/9.10;interface lo0.6;route-distinguisher 2:2;vrf-import policyImport;vrf-export policyExport;
}}
Copyright © 2010, Juniper Networks, Inc.94
Junos 10.4 Broadband Subscriber Management Solutions Guide
CHAPTER 14
BroadbandSubscriberManagementLayer2 Wholesale Network ConfigurationOverview
• Broadband Subscriber Management Layer 2 Wholesale Topology and Configuration
Elements on page 95
Broadband Subscriber Management Layer 2Wholesale Topology and ConfigurationElements
The network topology for the subscriber management Layer 2 wholesale solution includes
configuring separate routing instances for individual retailers that use a portion of the
router. This solution uses a Virtual Private LAN Service (VPLS) configuration.
To explain the concept but limit complexity, this solution provides a configuration with
one wholesaler and only two retailers. Figure 9 on page 96 illustrates a basic Layer 2
wholesale topology model from which you can expand.
95Copyright © 2010, Juniper Networks, Inc.
Figure 9: Basic Subscriber Management Layer 2Wholesale SolutionTopology
Retailer 1Network Space
g017
481
Retailer 1
serverDHCP
Retailer 1
serverRADIUS
MX Series
Backhaul Network
MX Series
ISP Access
ISP Access Retailer 2Network Space
Retailer 2
serverRADIUS
Retailer 2
serverDHCP
Wholesaler
serverRADIUS
Layer 2Access Network
Client(Retailer 1)
Client(Retailer 1)
Client(Retailer 1)
Client(Retailer 1)
Client(Retailer 2)
Client(Retailer 2)
Client(Retailer 1)
Client(Retailer 1)
Client(Retailer 1)
Client(Retailer 1)
Client(Retailer 2)
Client(Retailer 2)
MX Series
MSAN
MSAN
MSAN
MSAN
Wholesaler ControlledNetwork Space
When you are configuring a Layer 2 wholesale network solution, the following configuration
elements are required:
• Subscriber access dynamic VLAN configuration including dynamic profile configuration
for retailer routing instances
• Routing instance configuration for individual retailers on Provider Edge (PE) routers
and Network to Network Interface (NNI) routers.
• VLAN interface configuration
• RADIUS server access configuration
• Core network configuration
RelatedDocumentation
• Layer 2 and Layer 3 Wholesale Overview on page 27
• Layer 2 Wholesale Network Topology Overview on page 97
Copyright © 2010, Juniper Networks, Inc.96
Junos 10.4 Broadband Subscriber Management Solutions Guide
CHAPTER 15
Configuring the Broadband SubscriberManagement Layer 2Wholesale NetworkSolution
• Layer 2 Wholesale Network Topology Overview on page 97
• Configuring a Retail Dynamic Profile for use in the Layer 2 Wholesale Solution on page 98
• Stacking and Rewriting VLAN Tags for the Layer 2 Wholesale Solution on page 99
• Configuring VLAN Interfaces for the Layer 2 Wholesale Solution on page 102
• Configuring Encapsulation for Layer 2 Wholesale VLAN Interfaces on page 103
• Configuring Separate Routing Instances for Layer 2 Wholesale Service
Retailers on page 104
• Configuring Access Components for the Layer 2 Wholesale Network Solution on page 105
Layer 2Wholesale Network Topology Overview
This configuration explains how to configure a simple Layer 2 wholesale subscriber access
network. This solution illustrates two Internet Service Provider (ISP) retailers sharing
access to a wholesaler network. The wholesaler network contains a Layer 2
Networkaccess router and two Virtual Private LAN Service (VPLS) Network to Network
Interface (NNI) routers.
NOTE: You can havemore than one ISP router connecting to a single VPLSNNI router with VPLS interfaces configured with routing instances specificto each different ISP-facing interfaces.
Figure 10 on page 98 provides the reference topology for this configuration example.
97Copyright © 2010, Juniper Networks, Inc.
Figure 10: Layer 2Wholesale Network Reference Topology
Retailer 1Network Space
g017
482
Retailer 1
serverDHCP
Retailer 1
serverRADIUS
Backhaul Network
MX Series
ISP Access
ISP Access Retailer 2Network Space
Retailer 2
serverRADIUS
Retailer 2
serverDHCP
Layer 2Access Network
Client(Retailer 1)
Client(Retailer 1)
Client(Retailer 1)
Client(Retailer 1)
Client(Retailer 2)
Client(Retailer 2)
Client(Retailer 1)
Client(Retailer 1)
Client(Retailer 1)
Client(Retailer 1)
Client(Retailer 2)
Client(Retailer 2)
MSAN
MSAN
MSAN
MSAN
Wholesaler ControlledNetwork Space
Wholesaler Access PE Router Network Elements
Access Network Interface:RADIUS Authentication Server Address:
RADIUS Accounting Server Address:Access Profile:
GE-2/3/010.10.10.110.10.10.1AccessProfile
Routing Instances: Retailer_Instance1Retailer_Instance2
Dynamic Profile: L2_Access_Profile
Wholesaler NNI-1 Router Network ElementsInterface facing ISP Retailer 1: GE-1/1/0
VPLS Routing Instances: Retailer_Instance1
Wholesaler NNI-2 Router Network ElementsInterface facing ISP Retailer 2: GE-2/2/0
VPLS Routing Instances: Retailer_Instance2
GE-1/1/0
GE-2/2/0
GE-2/3/0
MX Series
MX Series
Wholesaler
serverRADIUS
10.10.10.1
RelatedDocumentation
Layer 2 and Layer 3 Wholesale Overview on page 27•
• Broadband Subscriber Management Layer 2 Wholesale Topology and Configuration
Elements on page 95
Configuring a Retail Dynamic Profile for use in the Layer 2Wholesale Solution
To configure a dynamic profile for use with retailer access:
1. Create a retail dynamic profile.
[edit]user@host# edit dynamic-profiles Subscriber_Profile_Retail1
2. Define the dynamic routing instance variable in the dynamic profile.
[edit dynamic-profiles Subscriber_Profile_Retail1]user@host# edit routing-instances $junos-routing-instance
3. Set the dynamic interface variable for the dynamic routing instance.
Copyright © 2010, Juniper Networks, Inc.98
Junos 10.4 Broadband Subscriber Management Solutions Guide
[edit dynamic-profiles Subscriber_Profile_Retail1 routing-instances“$junos-routing-instance”]
user@host# set interface $junos-interface-name
4. Define the dynamic interfaces variable for the dynamic profile.
[edit dynamic-profiles Subscriber_Profile_Retail1]user@host# set interfaces $junos-interface-ifd-name
5. Define the dynamic interface unit variable for the dynamic profile.
[editdynamic-profilesSubscriber_Profile_Retail1 interfaces“$junos-interface-ifd-name”]user@host# set unit $junos-interface-unit
6. (Optional) Define the VLAN encapsulation for the dynamic interfaces.
[editdynamic-profilesSubscriber_Profile_Retail1 interfaces“$junos-interface-ifd-name”unit “$junos-interface-unit”]
user@host# set encapsulation vlan-vpls
NOTE: If you choose not to specify an encapsulation for the logicalinterface, youmust specify encapsulation for the physical interface.
7. Define the VLAN tag variables for the dynamic profile:
NOTE: This solution example uses stacked VLAN tagging. However, youcan also specify single-tag VLANs. For additional information aboutconfiguringdynamicVLANs, see theSubscriberAccessConfigurationGuide.
[editdynamic-profilesSubscriber_Profile_Retail1 interfaces“$junos-interface-ifd-name”unit “$junos-interface-unit”]
user@host# set vlan-tags outer $junos-stacked-vlan-id inner $junos-vlan-id
8. Define the input and output VLAN maps. See “Stacking and Rewriting VLAN Tags for
the Layer 2 Wholesale Solution” on page 99 for details.
9. Specify the unit family as vpls at the [edit dynamic-profiles profile-name interfaces
“$junos-interface-ifd-name” unit “$junos-interface-unit” family] hierarchy level.
[editdynamic-profilesSubscriber_Profile_Retail1 interfaces“$junos-interface-ifd-name”unit “$junos-interface-unit”]
user@host# set family vpls
Stacking and Rewriting VLAN Tags for the Layer 2Wholesale Solution
Stacking and rewriting VLAN tags allows you to use an additional (outer) VLAN tag to
differentiate between routers in the Layer 2 wholesale network. A frame can be received
on an interface, or it can be internal to the system (as a result of the input-vlan-map
statement).
You can configure rewrite operations to stack (push), remove (pop), or rewrite (swap)
tags on single-tagged frames and dual-tagged frames. If a port is not tagged, rewrite
operations are not supported on any logical interface on that port.
99Copyright © 2010, Juniper Networks, Inc.
Chapter 15: Configuring the Broadband Subscriber Management Layer 2 Wholesale Network Solution
You can configure the following single-action VLAN rewrite operations:
• pop—Remove a VLAN tag from the top of the VLAN tag stack. The outer VLAN tag of
the frame is removed.
• push—Add a new VLAN tag to the top of the VLAN stack. An outer VLAN tag is pushed
in front of the existing VLAN tag.
• swap—Replace the inner VLAN tag of the incoming frame with a user-specified VLAN
tag value.
You configure VLAN rewrite operations for logical interfaces in the input VLAN map for
incoming frames and in the output VLAN map for outgoing frames.
You can include both the input-vlan-map and output-vlan-map statements at the [edit
dynamic-profiles profile-name interface “$junos-interface-ifd-name” unit ”
$junos-interface-unit] hierarchy level.
The type of VLAN rewrite operation permitted depends upon whether the frame is
single-tagged or dual-tagged. Table 7 on page 100 shows supported rewrite operations
and whether they can be applied to single-tagged frames or dual-tagged frames. The
table also indicates the number of tags being added or removed during the operation.
Table 7: Rewrite Operations on Single-Tagged and Dual-Tagged Frames
Number of TagsDual-TaggedSingle-TaggedRewrite Operation
– 1YesYespop
+1YesYespush
0YesYesswap
Depending on the VLAN rewrite operation, you configure the rewrite operation for the
interface in the input VLAN map, the output VLAN map, or both. Table 8 on page 100
shows what rewrite operation combinations you can configure. “None” means that no
rewrite operation is specified for the VLAN map.
Table 8: Applying Rewrite Operations to VLANMaps
Output VLANMap
Input VLANMap swappoppushnone
YesNoNoYesnone
NoYesNoNopush
NoNoYesNopop
YesNoNoYesswap
Copyright © 2010, Juniper Networks, Inc.100
Junos 10.4 Broadband Subscriber Management Solutions Guide
To configure the input VLAN map:
NOTE: Youconfigure the input-vlan-mapstatementonlywhenthere isaneed
to either push an outer tag on a single-tagged subscriber packet or modifythe outer tag in a subscriber dual-tagged packet.
1. Include the input-vlan-map statement.
[editdynamic-profilesSubscriber_Profile_Retail1 interfaces“$junos-interface-ifd-name”unit “$junos-interface-unit”]
user@host# edit input-vlan-map
2. Specify the action that you want the input VLAN map to take.
[editdynamic-profilesSubscriber_Profile_Retail1 interfaces“$junos-interface-ifd-name”unit “$junos-interface-unit” input-vlan-map]
user@host# set push
3. Include the vlan-id statement along with the $junos-vlan-map-id dynamic variable.
[editdynamic-profilesSubscriber_Profile_Retail1 interfaces“$junos-interface-ifd-name”unit “$junos-interface-unit” input-vlan-map]
user@host# set vlan-id $junos-vlan-map-id
To configure the output VLAN map:
NOTE: You configure the output-vlan-map statement only when there is a
need to either pop or modify the outer tag found in a dual-tagged packetmeant for the subcriber.
1. Include the output-vlan-map statement.
[editdynamic-profilesSubscriber_Profile_Retail1 interfaces“$junos-interface-ifd-name”unit “$junos-interface-unit”]
user@host# edit output-vlan-map
2. Specify the action that you want the output VLAN map to take.
[editdynamic-profilesSubscriber_Profile_Retail1 interfaces“$junos-interface-ifd-name”unit “$junos-interface-unit” input-vlan-map]
user@host# set pop
You must know whether the VLAN rewrite operation is valid and is applied to the input
VLAN map or the output VLAN map. You must also know whether the rewrite operation
requires you to include statements to configure the inner and outer tag protocol identifiers
(TPIDs) and inner and outer VLAN IDs in the input VLAN map or output VLAN map. For
information about configuring inner and outer TPIDs and inner and outer VLAN IDs, see
Configuring Inner and Outer TPIDs and VLAN IDs.
101Copyright © 2010, Juniper Networks, Inc.
Chapter 15: Configuring the Broadband Subscriber Management Layer 2 Wholesale Network Solution
Configuring VLAN Interfaces for the Layer 2Wholesale Solution
1. Access the physical interface that you want to use for dynamically creating VLAN
interfaces.
[edit interfaces]user@host# edit interfaces ge-2/3/0
2. Specify the desired VLAN tagging.
NOTE: Thisexampleuses flexibleVLANtagging tosimultaneouslysupporttransmission of 802.1Q VLAN single-tag and dual-tag frames on logicalinterfaces on the same Ethernet port.
[edit interfaces ge-2/3/0]user@host# set flexible-vlan-tagging
3. Specify that you want to automatically configure VLAN interfaces.
[edit interfaces ge-2/3/0]user@host# edit auto-configure
4. Specify that you want to configure single VLANs.
[edit interfaces ge-2/3/0 auto-configure]user@host# edit vlan-ranges
5. Define the VLAN ranges for the configuration.
[edit interfaces ge-2/3/0 auto-configure vlan-ranges]user@host# set ranges any, any
6. Specify the dynamic VLAN profile that you want the interface to use.
[edit interfaces ge-2/3/0 auto-configure vlan-ranges]user@host# set dynamic-profile Subscriber_Profile_Retail1
7. Specify that any type of VLAN Ethernet packet is accepted by the interface.
[edit interfaces ge-2/3/0 auto-configure vlan-ranges dynamic-profile “VLAN-PROF”]user@host# set accept any
8. Repeat steps for any other interfaces that you want to use for creating VLANs.
9. Specify the encapsulation type for the VLAN interfaces.
[edit interfaces ge-2/3/0]user@host# edit encapsulation flexible-ethernet-services
RelatedDocumentation
Configuring Single-Level VLAN Ranges for Use with VLAN Dynamic Profiles•
• Configuring Encapsulation for Layer 2 Wholesale VLAN Interfaces on page 103
Copyright © 2010, Juniper Networks, Inc.102
Junos 10.4 Broadband Subscriber Management Solutions Guide
Configuring Encapsulation for Layer 2Wholesale VLAN Interfaces
Each dynamic VLAN interface in a Layer 2 wholesale network must use encapsulation.
You can configure encapsulation dynamically for each VLAN interface by using the
encapsulation statement at the [edit dynamic-profiles profile-name interface
“$junos-interface-ifd-name” unit “$junos-interface-unit”] hierarchy level or configure
encapsulation for the physical interfaces at the [edit interfaces interface-name] hierarchy
level for each dynamically created VLAN interface to use. However, how you choose to
configure (or not configure) encapsulation at the [edit dynamic-profiles profile-name
interface “$junos-interface-ifd-name” unit “$junos-interface-unit”] hierarchy level affects
how you configure encapsulation at the [edit interfaces interface-name] hierarchy level.
Table 9 on page 103 provides the valid encapsulation combinations for both dynamic
profiles and physical interfaces in the Layer 2 wholesale network.
Table 9: Encapsulation Combinations for Layer 2Wholesale Interfaces
Usage NotesPhysical InterfaceEncapsulation
Dynamic ProfileEncapsulation
Using the vlan-vpls encapsulation type in both thedynamic profile and when configuring the physicalinterface limits the VLAN ID value to a number greaterthan or equal to 512.
vlan-vplsvlan-vpls
Using the flexible-ethernet-services encapsulationtype removes any VLAN ID value limitation.
flexible-ethernet-servicesvlan-vpls
The extended-vlan-vpls encapsulation type cansupport multiple TPIDs. Using this encapsulation typeremoves any VLAN ID value limitation.
extended-vlan-vplsvlan-vpls
The extended-vlan-vpls encapsulation type cansupport multiple TPIDs. Using this encapsulation typeremoves any VLAN ID value limitation.
extended-vlan-vplsNo encapsulation type
To configure encapsulation for Layer 2 wholesale VLAN interfaces:
1. (Optional) Define the VLAN encapsulation for the dynamic interfaces.
[editdynamic-profilesSubscriber_Profile_Retail1 interfaces“$junos-interface-ifd-name”unit “$junos-interface-unit”]
user@host# set encapsulation encapsulation-type
2. Specify the encapsulation type for the physical VLAN interface.
[edit interfaces ge-2/3/0]user@host# edit encapsulation encapsulation-type
NOTE: If you choose not to specify an encapsulation for the logicalinterface, youmust specify extended-vlan-vpls encapsulation for the
physical interface.
103Copyright © 2010, Juniper Networks, Inc.
Chapter 15: Configuring the Broadband Subscriber Management Layer 2 Wholesale Network Solution
RelatedDocumentation
• Configuring a Retail Dynamic Profile for use in the Layer 2 Wholesale Solution on
page 98
• Configuring VLAN Interfaces for the Layer 2 Wholesale Solution on page 102
Configuring Separate Routing Instances for Layer 2Wholesale Service Retailers
As the owner of the system, the wholesaler uses the default routing instance. You must
create separate routing instances for each individual retailer to keep routing information
for individual retailers separate and to define any servers and forwarding options specific
to each retailer.
To define a retailer routing instance:
1. Create the retailer routing instance.
[edit]user@host# edit routing-instances RetailerInstance1
2. Specify the routing instance type for the retailer.
[edit routing-instances RetailerInstance1]user@host# set instance-type vpls
3. Specify that access ports in this VLAN domain do not forward packets to each other.
[edit routing-instances RetailerInstance1]user@host# set no-local-switching
4. Specify that access ports in this VLAN domain prune (constrain) distribution of
broadcast, unicast, and multicast (BUM) packets of unknown origin to only those
interfaces that match the traffic from a specific VLAN pair.
[edit routing-instances RetailerInstance1]user@host# set qualified-bum-pruning-mode
5. Specify a unique identifier attached to a route that enables you to distinguish to which
VPN the route belongs.
[edit routing-instances RetailerInstance1]user@host# setroute-distinguisher 10.10.1.1:1
6. (Optional) Specify a VRF target community.
[edit routing-instances RetailerInstance1]user@host# set vrf-target target:100:1
NOTE: The purpose of the vrf-target statement is to simplify the
configuration by allowing you to configuremost statements at the [edit
routing-instances] hierarchy level.
Copyright © 2010, Juniper Networks, Inc.104
Junos 10.4 Broadband Subscriber Management Solutions Guide
7. Define the VPLS protocol for the routing instance.
a. Access the routing instance protocols hierarchy.
[edit routing-instances RetailerInstance1]user@host# edit protocols
b. Enable VPLS on the routing instance.
[edit routing-instances RetailerInstance1]user@host# edit vpls
c. Specify the maximum number of sites allowed for the VPLS domain.
[edit routing-instances RetailerInstance1 protocols vpls]user@host# set site-range 1000
d. (Optional) Specify the no-tunnel-services statement if the router does not have a
Tunnel Services PIC.
[edit routing-instances RetailerInstance1 protocols vpls]user@host# set no-tunnel-services
e. Specify a site name.
[edit routing-instances RetailerInstance1 protocols vpls]user@host# set site A-PE
f. Specify a site identifier.
[edit routing-instances RetailerInstance1 protocols vpls site A-PE]user@host# set site-identifier 1
g. Define the connectivity of the VPLS routing instance as permanent to keep the
VPLS connection up until specifically taken down.
[edit routing-instances RetailerInstance1 protocols vpls]user@host# set connectivity-type permanent
8. Repeat this procedure for other retailers.
RelatedDocumentation
Configuring VPLS Routing Instances•
• Configuring Routing Instances
Configuring Access Components for the Layer 2Wholesale Network Solution
When configuring a wholesale network, you must configure several components globally.
This configuration provides access to RADIUS servers (if used) that you want the
wholesaler and any configured retailers to use globally. The access configuration includes
the following general steps:
• Configuring RADIUS Server Access on page 106
• Configuring a Layer 2 Wholesaler Access Profile on page 106
105Copyright © 2010, Juniper Networks, Inc.
Chapter 15: Configuring the Broadband Subscriber Management Layer 2 Wholesale Network Solution
Configuring RADIUS Server Access
You can globally define any RADIUS servers in your network that either the wholesale
access profile or retailer access profile can use. After you define the global RADIUS
servers, you can specify specific RADIUS servers within individual access profiles.
To define RADIUS servers for profile access:
1. Access the [edit access radius-server] hierarchy level.
[edit ]user@host# edit access radius-server
2. Specify the address and secret for any RADIUS servers in the network.
[edit access radius-server]user@host# set 192.168.10.1 secret $9$CzBxBBf1eWx-wM8xgaU.m345B02EcyKXLuser@host# set 10.10.10.1 secret $7$OsCsBAf1fXx-wY3xgaU.m123A02ZtyNMT
Configuring a Layer 2Wholesaler Access Profile
You must define the network and interface over which you want subscribers to initially
access the network with a wholesale access profile. When a subscriber attempts to
access the network, the access profile provides initial access information including
authentication and accounting values that the router uses for the accessing subscriber.
To define a wholesale access profile:
1. Create the wholesale access profile.
[edit]user@host# edit access profile AccessProfile
2. Specify the authentication methods for the profile and the order in which they are
used.
[edit access profile AccessProfile]user@host# set authentication-order radius password
3. Specify that you want to configure RADIUS support.
[edit access profile AccessProfile]user@host# edit radius
4. Specify the IP address of the RADIUS server used for authentication.
[edit access profile AccessProfile radius]user@host# set authentication-server 10.10.10.1
5. Specify the IP address of the RADIUS server used for accounting.
[edit access profile AccessProfile radius]user@host# set accounting-server 10.10.10.1
6. Configure any desired options for the RADIUS server.
See Configuring RADIUS Server Options for Subscriber Access.
Copyright © 2010, Juniper Networks, Inc.106
Junos 10.4 Broadband Subscriber Management Solutions Guide
7. Configure subscriber accounting (RADIUS accounting).
See Configuring Per-Subscriber Session Accounting.
107Copyright © 2010, Juniper Networks, Inc.
Chapter 15: Configuring the Broadband Subscriber Management Layer 2 Wholesale Network Solution
Copyright © 2010, Juniper Networks, Inc.108
Junos 10.4 Broadband Subscriber Management Solutions Guide
CHAPTER 16
BroadbandSubscriberManagementLayer2 Wholesale Network ConfigurationExamples
• Example: Retailer Dynamic Profile for a Layer 2 Wholesale Network on page 109
• Example: Access Interface for a Layer 2 Wholesale Network on page 109
• Example: Retailer Routing Instances for a Layer 2 Wholesale Network on page 110
Example: Retailer Dynamic Profile for a Layer 2Wholesale Network
dynamic-profiles {Subscriber_Profile_Retail1 {routing-instances {"$junos-routing-instance" {interface "$junos-interface-name";
}}interfaces {"$junos-interface-ifd-name" {unit "$junos-interface-unit" {encapsulation vlan-vpls;vlan-tags outer "$junos-stacked-vlan-id" inner "$junos-vlan-id";input-vlan-map {swap;vlan-id "$junos-vlan-map-id";
}output-vlan-map swap;family vpls;
}}
}}
Example: Access Interface for a Layer 2Wholesale Network
interfaces {ge-2/3/0 {flexible-vlan-tagging;auto-configure {
109Copyright © 2010, Juniper Networks, Inc.
stacked-vlan-ranges {dynamic-profile Subscriber_Profile_Retail1 {accept any;ranges {any,any;
}}access-profile AccessProfile;
}}encapsulation flexible-ethernet-services;
}
Example: Retailer Routing Instances for a Layer 2Wholesale Network
routing-instances {Retailer_Instance1 {instance-type vpls;no-local-switching;qualified-bum-pruning-mode;route-distinguisher 10.10.1.1:1;vrf-target target:100:1;protocols {vpls {site-range 1000;no-tunnel-services;site A-PE {site-identifier 1;
}connectivity-type permanent;
}}
}Retailer_Instance2 {instance-type vpls;no-local-switching;qualified-bum-pruning-mode;route-distinguisher 10.10.10.1:2;vrf-target target:300:1;protocols {vpls {site-range 1000;no-tunnel-services;site A-PE {site-identifier 1;
}connectivity-type permanent;
}}
}}
Copyright © 2010, Juniper Networks, Inc.110
Junos 10.4 Broadband Subscriber Management Solutions Guide
PART 3
Monitoring Broadband SubscriberManagement Solutions
• Related Broadband Subscriber Management CLI Commands on page 113
111Copyright © 2010, Juniper Networks, Inc.
Copyright © 2010, Juniper Networks, Inc.112
Junos 10.4 Broadband Subscriber Management Solutions Guide
CHAPTER 17
Related Broadband SubscriberManagement CLI Commands
You can use a number of Junos OS CLI commands to monitor and troubleshoot a
configured subscriber management solution. The following sections provide links to CLI
commands that are related to the subscriber management configuration and where to
locate details about each command.
• Subscriber Management AAA and DHCP CLI Commands on page 113
• Subscriber Management DHCP Local Server CLI Commands on page 113
• Subscriber Management DHCP Relay CLI Commands on page 114
• Subscriber Management Interface CLI Commands on page 114
• Subscriber Management Dynamic Protocol CLI Commands on page 115
• Subscriber Management Subscriber CLI Commands on page 115
Subscriber Management AAA and DHCP CLI Commands
Table 10 on page 113 provides a list of AAA–related and DHCP–related CLI commands
that are associated with subscriber management configuration. These commands appear
in the Junos OS System Basics and Services Command Reference.
Table 10: Subscriber Management AAA and Address Assignment Pools CLI Commands
PurposeCLI Command
Display AAA accounting and authentication statistics.show network-access aaa statistics
Display subscriber-specific AAA statistics.show network-access aaa subscribers
Display state information for each address-assignment pool.show network-access address-assignment pool
Subscriber Management DHCP Local Server CLI Commands
Table 11 on page 114 provides a list of DHCP local server–related CLI commands that are
associated with subscriber management configuration. These commands appear in the
Junos OS System Basics and Services Command Reference.
113Copyright © 2010, Juniper Networks, Inc.
Table 11: Subscriber Management DHCP Local Server CLI Commands
PurposeCLI Command
Display the address bindings in the client table on the extended Dynamic HostConfiguration Protocol (DHCP) local server.
show dhcp server binding
Display extended Dynamic Host Configuration Protocol (DHCP) local serverstatistics.
show dhcp server statistics
Clear the binding state of a Dynamic Host Configuration Protocol (DHCP) clientfrom the client table on the extended DHCP local server.
clear dhcp server binding
Clear all extended Dynamic Host Configuration Protocol (DHCP) local serverstatistics.
clear dhcp server statistics
Subscriber Management DHCP Relay CLI Commands
Table 12 on page 114 provides a list of DHCP relay–related CLI commands that are
associated with subscriber management configuration. These commands appear in the
Junos OS Routing Protocols and Policies Command Reference.
Table 12: Subscriber Management DHCP Relay CLI Commands
PurposeCLI Command
Display the address bindings in the Dynamic Host Configuration Protocol (DHCP)client table.
show dhcp relay binding
Display Dynamic Host Configuration Protocol (DHCP) relay statistics.show dhcp relay statistics
Clear the binding state of a Dynamic Host Configuration Protocol (DHCP) clientfrom the client table.
clear dhcp relay binding
Clear all Dynamic Host Configuration Protocol (DHCP) relay statistics.clear dhcp relay statistics
Subscriber Management Interface CLI Commands
Table 13 on page 114 provides a list of interface–related CLI commands that are associated
with subscriber management configuration. These commands appear in the Junos OS
Interfaces Command Reference.
Table 13: Subscriber Management Interface CLI Commands
PurposeCLI Command
Display information about configured loopback interfaces.show interfaces (Loopback)
Copyright © 2010, Juniper Networks, Inc.114
Junos 10.4 Broadband Subscriber Management Solutions Guide
Table 13: Subscriber Management Interface CLI Commands (continued)
PurposeCLI Command
Display information about configured interfaces. This command includesbrief, detail, and extensive options that you can use to view all interfacesor a specific Ethernet or LAG interface.
show interfaces (Aggregated Ethernet)
show interfaces (Fast Ethernet)
show interfaces (Gigabit Ethernet)
Display information about configured Demux interfaces.show interfaces demux0 (Demux Interfaces)
Display all firewall filters that are installed on each interface.show interfaces filters
Display status information about the PPPoE interface.show interfaces (PPPoE)
Have the routing protocol process display its view of the state of the router'sinterfaces.
show interfaces routing
Display information about PPP interfaces.show ppp interfacepp0
Subscriber Management Dynamic Protocol CLI Commands
Table 14 on page 115 provides a list of dynamic protocol–related CLI commands that are
associated with subscriber management configuration. These commands appear in the
Junos OS Routing Protocols and Policies Command Reference.
Table 14: Subscriber Management Dynamic Protocol CLI Commands
PurposeCLI Command
Display information about Internet Group Management Protocol (IGMP)-enabledinterfaces.
show igmp interface
Display Internet Group Management Protocol (IGMP) statistics.show igmp statistics
Subscriber Management Subscriber CLI Commands
Table 15 on page 115 provides the subscriber–related CLI command that is associated
with subscriber management configuration. This command appears in the Junos OS
System Basics and Services Command Reference.
Table 15: Subscriber Management Subscriber CLI Commands
PurposeCLI Command
Display information for active subscribers.show subscribers
115Copyright © 2010, Juniper Networks, Inc.
Chapter 17: Related Broadband Subscriber Management CLI Commands
Copyright © 2010, Juniper Networks, Inc.116
Junos 10.4 Broadband Subscriber Management Solutions Guide
PART 4
Index
• Index on page 119
117Copyright © 2010, Juniper Networks, Inc.
Copyright © 2010, Juniper Networks, Inc.118
Junos 10.4 Broadband Subscriber Management Solutions Guide
Index
Symbols#, comments in configuration statements..................xxii
( ), in syntax descriptions...................................................xxii
< >, in syntax descriptions...................................................xxi
[ ], in configuration statements.......................................xxii
{ }, in configuration statements.......................................xxii
| (pipe), in syntax descriptions.........................................xxii
AAAA service framework
configuring........................................................................50
monitoring........................................................................113
access
Layer 2 wholesale........................................................105
Layer 3 wholesale
DHCP..........................................................................67
PPPoE.......................................................................86
access network delivery
active Ethernet.................................................................12
digital subscriber line......................................................11
passive optical networking..........................................12
access profile
retailer
DHCP.........................................................................68
PPPoE........................................................................87
wholesaler......................................................................106
DHCP..........................................................................67
PPPoE........................................................................87
active Ethernet..........................................................................12
address assignment pool
configuring.........................................................................51
address server
configuring.........................................................................51
Bbraces, in configuration statements...............................xxii
brackets
angle, in syntax descriptions.....................................xxi
square, in configuration statements......................xxii
broadband access networks
delivery options.................................................................11
DHCP..................................................................................24
FTTx......................................................................................13
history of..............................................................................9
IGMP model......................................................................23
residential broadband topology.................................4
using DHCP.........................................................................11
using PPP...........................................................................10
broadband services router (BSR)......................................15
high-speed Internet access support........................15
IPTV support.....................................................................16
network placement........................................................16
overview..............................................................................15
broadband subscriber management
AAA service framework...............................................25
basic topology.................................................................35
class of service................................................................25
configuration overview................................................38
DHCP..................................................................................24
edge routers......................................................................15
Layer 2 wholesale topology.......................................95
Layer 3 wholesale topology
DHCP.........................................................................59
PPPoE.........................................................................81
licensing.............................................................................36
monitoring........................................................................113
platform support..............................................................4
residential broadband topology.................................4
solution overview..............................................................3
supporting documentation...........................................7
terms.....................................................................................5
VLAN architecture...........................................................21
BSR See broadband services router
Cclass of service
configuring........................................................................43
configuring classifiers...................................................47
configuring forwarding classes.................................44
119Copyright © 2010, Juniper Networks, Inc.
configuring scheduler maps......................................46
configuring schedulers.................................................45
classifiers
configuring........................................................................47
CLI commands........................................................................113
comments, in configuration statements......................xxii
conventions
text and syntax...............................................................xxi
curly braces, in configuration statements....................xxii
customer support..................................................................xxii
contacting JTAC.............................................................xxii
customer VLAN
configuring.......................................................................40
configuring dynamic......................................................41
overview..............................................................................21
DDHCP See extended DHCP
digital subscriber line (DSL).................................................11
documentation
comments on.................................................................xxii
DSL See digital subscriber line
dynamic profiles
configuring DHCP..........................................................56
configuring pp0..............................................................54
DHCP retailer example.................................................76
DHCP wholesaler example.........................................75
firewall filter configuration.........................................49
Layer 2 wholesale retailer example......................109
PPPoE wholesaler example.......................................93
retailer
DHCP.........................................................................69
Layer 2 wholesale.................................................98
wholesale network
DHCP.........................................................................69
PPPoE.......................................................................88
wholesaler
DHCP.........................................................................69
PPPoE.......................................................................89
dynamic protocols
monitoring........................................................................115
Eedge router placement
multiedge network..........................................................17
single-edge network......................................................16
extended DHCP
configuring
local server...............................................................53
monitoring........................................................................113
local server..............................................................113
relay server
monitoring...............................................................114
Ffiber-optic delivery
FTTx......................................................................................13
firewall filters
configuring........................................................................49
font conventions.....................................................................xxi
forwarding classes
configuring........................................................................44
forwarding options
configuring.........................................................................72
DHCP example................................................................76
Gglobal elements
configuring........................................................................38
HHFC See hybrid fiber coaxial
hybrid customer VLAN..........................................................22
hybrid fiber coaxial (HFC).....................................................13
Iicons defined, notice...............................................................xx
IGMP
network models..............................................................23
interface
Layer 2 wholesale example......................................109
interfaces
loopback
configuring...............................................................39
DHCP Layer 3 wholesale....................................62
PPPoE Layer 3 wholesale..................................84
monitoring........................................................................114
LLayer 2 wholesale
access...............................................................................105
access profile.................................................................106
basic topology.................................................................95
configuration elements...............................................95
Copyright © 2010, Juniper Networks, Inc.120
Junos 10.4 Broadband Subscriber Management Solutions Guide
dynamic profiles............................................................98
retailer example...................................................109
interface..........................................................................109
overview.............................................................................27
reference topology.........................................................97
routing instances.................................................104, 110
Layer 3 wholesale
access
DHCP..........................................................................67
PPPoE.......................................................................86
RADIUS server.......................................67, 86, 106
access profile
DHCP..................................................................67, 68
PPPoE........................................................................87
basic topology
DHCP.........................................................................59
PPPoE.........................................................................81
configuration elements
DHCP.........................................................................59
PPPoE.........................................................................81
DHCP
forwarding options example.............................76
DHCP support.................................................................29
dynamic profiles
DHCP.........................................................................69
DHCP retailer example........................................76
DHCP wholesaler example................................75
PPPoE...............................................................88, 89
PPPoE wholesaler example..............................93
dynamic VLAN
DHCP.........................................................................65
forwarding options
configuring................................................................72
interface support............................................................28
overview.............................................................................27
RADIUS VSAs..................................................................30
reference topology
DHCP..........................................................................61
PPPoE........................................................................83
routing instances
DHCP.........................................................................70
DHCP example........................................................77
PPPoE.......................................................................90
PPPoE example.....................................................94
static VLAN
DHCP.........................................................................64
PPPoE.......................................................................85
vlans
DHCP.........................................................................64
licensing......................................................................................36
local server
configuring DHCP...........................................................53
monitoring........................................................................113
logical systems
subscriber relationship with.......................................29
loopback interface
Layer 3 wholesale
DHCP.........................................................................62
PPPoE.......................................................................84
subscriber management.............................................39
Mmanuals
comments on.................................................................xxii
MSAN See multiservice access node
multiplay
overview...............................................................................8
multiservice access node (MSAN)
choosing.............................................................................18
delivery options...............................................................18
overview..............................................................................17
VLAN interaction............................................................22
Nnotice icons defined...............................................................xx
Pparentheses, in syntax descriptions...............................xxii
passive optical networking (PON)
APON...................................................................................12
BPON...................................................................................12
defined................................................................................12
EPON....................................................................................12
GPON...................................................................................12
optical line terminator...................................................12
WDM-PON.........................................................................12
PON See passive optical networking
RRADIUS
access profile..................................................................50
configuring server access...........................................50
wholesale VSA support...............................................30
RADIUS server
access configuration
configuring..............................................67, 86, 106
relay server
monitoring........................................................................114
121Copyright © 2010, Juniper Networks, Inc.
Index
routing instances
retailer
DHCP.........................................................................70
DHCP example........................................................77
Layer 2 wholesale...............................................104
Layer 2 wholesale example..............................110
PPPoE.......................................................................90
PPPoE example.....................................................94
subscriber relationship with.......................................29
Sscheduler maps
configuring........................................................................46
schedulers
configuring........................................................................45
service VLAN..............................................................................21
subscriber management
dynamic protocols
monitoring...............................................................115
interfaces
monitoring...............................................................114
subscribers
monitoring...............................................................115
subscribers
monitoring........................................................................115
support, technical See technical support
syntax conventions................................................................xxi
Ttechnical support
contacting JTAC.............................................................xxii
topology
Layer 2 wholesale network........................................95
Layer 3 wholesale network
DHCP.........................................................................59
PPPoE.........................................................................81
subscriber management network...........................35
traffic classifiers
configuring........................................................................47
triple play
DHCP dynamic profile configuration......................56
overview...............................................................................8
PPPoE dynamic profile configuration....................54
topology overview..........................................................37
Vvideo services router (VSR).................................................15
network placement........................................................16
overview.............................................................................16
VLAN
configuring customer VLANs....................................40
customer VLAN................................................................21
DHCP wholesale
dynamic configuration........................................65
static configuration..............................................64
dynamic customer VLANs...........................................41
Ethernet aggregation and...........................................22
hybrid..................................................................................22
multiservice access node interaction.....................22
PPPoE wholesale
static configuration..............................................85
residential gateway interaction................................23
service VLAN.....................................................................21
VSR See video services router
Wwholesale See Layer 2 wholesale See Layer 3
wholesale
Copyright © 2010, Juniper Networks, Inc.122
Junos 10.4 Broadband Subscriber Management Solutions Guide