Configure Juniper BNG CUPS
RESUMO Este documento apresenta configurações de amostra que você pode usar para configurar o BNG CUPS da Juniper e configurar o acesso de assinantes e o gerenciamento de assinantes.
Como configurar o Juniper BNG CUPS para gerenciamento de assinantes
O Juniper BNG CUPS usa um modo de operação desagregado para gerenciamento de assinantes, que é diferente do que o Junos OS oferece suporte. Em uma operação desagregada, o Controlador BNG CUPS da Juniper (BNG CUPS Controller) e o Plano de Usuário BNG (Plano de Usuário BNG) da Juniper estão em sistemas separados. Além disso, você pode associar um controlador BNG CUPS a vários planos de usuário BNG. Para configurar o Juniper BNG CUPS para o gerenciamento de assinantes, você deve realizar configurações tanto no BNG CUPS Controller quanto em todos os planos de usuário BNG associados.
As seções a seguir descrevem como configurar e usar o Juniper BNG CUPS para gerenciamento de assinantes.
Configure o controlador BNG CUPS
No Juniper BNG CUPS, você pode usar a seguinte configuração de controlador BNG CUPS para configurar funções de gerenciamento de assinantes para DHCP e PPP.
Para obter informações sobre o acesso à CLI, consulte Acesse o BNG CUPS Controller CLI.
Para configurar o controlador BNG CUPS, você aplica a seguinte configuração:
system { root-authentication { encrypted-password "xxxxxx..."; ## SECRET-DATA } login { user regress { uid 928; class superuser; shell csh; authentication { encrypted-password "xxxxxx..."; ## SECRET-DATA } } } services { ssh { root-login allow; } extension-service { request-response { grpc { clear-text { port 50051; } max-connections 8; skip-authentication; } } } flow-tap-dtcp { ssh; } dhcp-local-server { dhcpv6 { overrides { delegated-pool dhcpv6-over-pppoe-pool; } group dhcpv6-over-pppoe { interface up:sample-up-2:ge-0/0/1.0; interface up:sample-up-2:pp0.0; interface up:sample-up-1:ge-0/0/1.0; interface up:sample-up-1:pp0.0; } } group dhcp-v4-client { dynamic-profile dhcp-client-demux; interface up:sample-up-2:demux0.0; interface up:sample-up-2:ge-0/0/0.1; interface up:sample-up-1:demux0.0; interface up:sample-up-1:ge-0/0/0.1; } } subscriber-management { enable { mode { control-plane { control-plane-name sample-cp-1; transport { inet 192.0.2.2; } user-plane sample-up-1 { inet 192.0.2.100; netconf { user-name user; password "password"; port 830; } user-plane sample-up-2 { inet 192.0.2.200; netconf { user-name user; password "password"; port 830; } } } interfaces up:sample-up-2:ge-0/0/0 { auto-configure { vlan-ranges { dynamic-profile dhcp-server-demux { accept dhcp-v4; ranges { 1500-1599; } } } remove-when-no-subscribers; } } interfaces up:sample-up-2:ge-0/0/2 { auto-configure { vlan-ranges { dynamic-profile dhcp-relay-demux { accept dhcp-v4; ranges { 2500-2599; } } } remove-when-no-subscribers; } } interfaces up:sample-up-1:ge-0/0/0 { auto-configure { vlan-ranges { dynamic-profile dhcp-server-demux { accept dhcp-v4; ranges { 1500-1599; } } } remove-when-no-subscribers; } } interfaces up:sample-up-2:ge-0/0/1 { unit 0 { pppoe-underlying-options { dynamic-profile ppp-dp-pp0; } } auto-configure { vlan-ranges { dynamic-profile ppp-dvlan { accept any; ranges { 3500-3599; } } } remove-when-no-subscribers; } } interfaces up:sample-up-1:ge-0/0/1 { unit 0 { pppoe-underlying-options { dynamic-profile ppp-dp-pp0; } } auto-configure { vlan-ranges { dynamic-profile ppp-dvlan { accept any; ranges { 3500-3599; } } } remove-when-no-subscribers; } } } } processes { general-authentication-service { traceoptions { file authd size 500m; flag all; } } dhcp-service { traceoptions { file size 500m; level all; flag all; } } cp-smg-service { traceoptions { file size 500m; level all; flag all; } } } } access-profile noauth; access { profile noauth { authentication-order none; } address-assignment { neighbor-discovery-router-advertisement v6-na-pool-0; pool v4pool { family inet { network 198.51.100.1/16; range limited { low 198.51.100.10; high 198.51.100.250; } dhcp-attributes { maximum-lease-time 84600; } } } pool my-v6 { family inet6 { prefix 2001:db8:4136:e368:8000:63bf:3fff:fdd2; range limits prefix-length 64; } } pool dhcpv6-over-pppoe-pool { family inet6 { prefix 2001:db8:4136:e368:8000:63bf:3fff:fdd2; range limits prefix-length 64; } } pool v6-na-pool-0 { family inet6 { prefix 2001:db8:4136:e100:8000:63bf:3fff:fdd2; range v6-range-0 { low 2001:db8:::1000:63bf:3fff:fdd2; high 2001:db8:4136:e900:8000:63bf:3fff:fdd2; } } } } address-protection; } protocols { ppp-service { traceoptions { file jpppd size 500m; level all; flag all; } } pppoe { traceoptions { file jpppoed size 500m; level all; flag all; } } } dynamic-profiles { client-dhcp-demux { interfaces { demux0 { unit "$junos-interface-unit" { demux-options { underlying-interface "$junos-underlying-interface"; } family inet { demux-source { $junos-subscriber-ip-address; } unnumbered-address lo0.0; } } } } } dhcp-client-demux { variables { fin uid; fout uid; } interfaces { demux0 { unit "$junos-interface-unit" { actual-transit-statistics; proxy-arp; demux-options { underlying-interface "$junos-underlying-interface"; } family inet { demux-source { $junos-subscriber-ip-address; } filter { input "$fin"; output "$fout"; } unnumbered-address lo0.0; } } } } class-of-service { traffic-control-profiles { norm { scheduler-map smap5; shaping-rate percent 50; } } interfaces { demux0 { unit "$junos-interface-unit" { output-traffic-control-profile norm; } } } scheduler-maps { smap5 { forwarding-class best-effort scheduler normie; } } schedulers { normie { shaping-rate percent 50; } } } firewall { family inet { filter "$fin" { interface-specific; term t0 { then { count all-packets-dynamic-2; accept; } } } filter "$fout" { interface-specific; term term1 { then { count all-packets-dynamic-1; accept; } } } } } } dhcp-server-demux { interfaces { demux0 { unit "$junos-interface-unit" { no-traps; proxy-arp; vlan-tags outer "$junos-vlan-id"; demux-options { underlying-interface "$junos-underlying-interface"; } family inet { demux-source { $junos-subscriber-demux-ip-address; } unnumbered-address lo0.0; } } } } } ppp-dp-pp0 { interfaces { pp0 { unit "$junos-interface-unit" { ppp-options { chap; pap; } pppoe-options { underlying-interface "$junos-underlying-interface"; server; } no-keepalives; family inet { unnumbered-address lo0.0; } family inet6 { unnumbered-address lo0.0; } } } } protocols { router-advertisement { interface "$junos-interface-name" { max-advertisement-interval 4; min-advertisement-interval 3; managed-configuration; reachable-time 1000; retransmit-timer 1; prefix 2001:db8:4136::8000:63bf:3fff:fdd2; } } } class-of-service { traffic-control-profiles { norm { scheduler-map smap5; shaping-rate percent 50; } } interfaces { pp0 { unit "$junos-interface-unit" { output-traffic-control-profile norm; } } } scheduler-maps { smap5 { forwarding-class best-effort scheduler normie; } } schedulers { normie { shaping-rate percent 50; } } } } ppp-dvlan { interfaces { demux0 { unit "$junos-interface-unit" { no-traps; proxy-arp; vlan-tags outer "$junos-vlan-id"; demux-options { underlying-interface "$junos-interface-ifd-name"; } family pppoe { duplicate-protection; dynamic-profile ppp-dp-pp0; } } } } } dhcp-relay-demux { interfaces { demux0 { unit "$junos-interface-unit" { demux-source inet; no-traps; proxy-arp; vlan-id "$junos-vlan-id"; demux-options { underlying-interface "$junos-underlying-interface"; } family inet { demux-source { $junos-subscriber-demux-ip-address; } unnumbered-address lo0.0; } } } } } }
Configure planos de usuário BNG
Depois de configurar o controlador BNG CUPS, você precisa configurar uma associação com os planos de usuário BNG. Você pode usar as seguintes configurações de plano de usuário BNG para configurar a funcionalidade de gerenciamento de assinantes para dois planos de usuário BNG.
Nesta amostra, os nomes do BNG User Planes são sample-up-1 e sample-up-2. Além disso, os dois planos de usuário BNG estão estabelecendo associações com o controlador BNG CUPS a partir da configuração de amostra em Configurar o controlador BNG CUPS.
Para configurar planos de usuário BNG, aplique a seguinte configuração aos dois planos de usuário BNG (sample-up-1 e sample-up-2):
system { host-name sample-112345-vm; configuration-database { max-db-size 419430400; } services { subscriber-management { enable; mode { user-plane { user-plane-name sample-up-2; transport { inet 192.0.2.200; } control-plane { control-plane-name sample-cp-1; transport { inet 192.0.2.2; } } } } } } ports { console log-out-on-disconnect; } syslog { user * { any emergency; } file messages { any notice; authorization info; } } processes { up-smg-service { traceoptions { file bbe-smg-upd size 1g files 10; level all; flag all; } } } } chassis { fpc 0 { flexible-queuing-mode; } network-services enhanced-ip; } interfaces { ge-0/0/0 { description "DHCP server clients"; hierarchical-scheduler; flexible-vlan-tagging; } unit 1 { demux-source [ inet inet6 ]; vlan-id 1000; family inet { address 198.51.100.20/24; } } } ge-0/0/1 { description "PPP clients"; hierarchical-scheduler; flexible-vlan-tagging; unit 0 { encapsulation ppp-over-ether; vlan-id 3000; } } ge-0/0/2 { description "DHCP relay clients"; hierarchical-scheduler; flexible-vlan-tagging; unit 1 { demux-source [ inet inet6 ]; vlan-id 2000; family inet { address 198.51.100.30/24; } } } ge-0/0/3 { description "DHCP relay server"; flexible-vlan-tagging; unit 0 { vlan-id 1; family inet { address 192.0.2.3/24; } } } lo0 { unit 0 { family inet { address 192.0.10.3/32; } family inet6 { address 2001:db8:4136::8000:63bf::2/128; } } } }
Configure Multicast
As configurações multicast são executadas nos planos de usuário BNG.
Você pode usar as configurações de amostra nesta seção para configurar configurações multicast globais.
Configure multicast nos planos de usuário do BNG da seguinte forma:
[edit] protocols { igmp { query-interval 125; query-response-interval 10; query-last-member-interval 1; robust-count 2; } mld { query-interval 125; query-response-interval 10; query-last-member-interval 1; robust-count 2; } } policy-options { policy-statement OIF-MAP-V4 { term A { from { route-filter 230.10.10.1/24 orlonger; route-filter 230.20.20.1/32 exact; } then { map-to-interface ge-1/0/1.33; accept; } } then reject; } policy-statement OIF-MAP-V6 { term A { from { route-filter ff3e:0:0:0:0:0:0:101/64 orlonger; route-filter ff05:230::1/128 exact; } then { map-to-interface ge-1/0/1.33; accept; } } then reject; } policy-statement igmp-group-policy { term A1 { from { route-filter 230.0.0.1/24 orlonger; } then accept; } then reject; } policy-statement mld-group-policy { term A1 { from { route-filter ff05::/64 orlonger; } then accept; } then reject; } policy-statement ssm-map-v4 { term A1 { from { route-filter 230.0.0.1/24 orlonger; } then { ssm-source 194.0.0.22; accept; } } } policy-statement ssm-map-v6 { term A1 { from { route-filter ff05::/64 orlonger; } then { ssm-source 3000::1; accept; } } } } routing-options { multicast { ssm-groups 233.0.0.0/8; cont-stats-collection-interval 600; } }
Configure o Multicast centralizado
Você pode usar as configurações de amostra nesta seção para configurar o multicast centralizado.
Configure o multicast centralizado no controlador BNG CUPS da seguinte forma:
[edit dynamic-profiles profile-name] protocols { igmp { interface "$junos-interface-name" { version 3; immediate-leave; promiscuous-mode; ssm-map-policy ssm-map-v4; group-policy igmp-group-policy; oif-map OIF-MAP-V4; } } }
Configure multicast distribuído
Você pode usar as configurações de amostra nesta seção para configurar o multicast distribuído.
Configure multicast distribuído no controlador BNG CUPS da seguinte forma:
[edit dynamic-profiles profile-name] protocols { mld { interface "$junos-interface-name" { version 2; immediate-leave; promiscuous-mode; distributed; ssm-map-policy ssm-map-v6; group-policy mld-group-policy; } } }
Configure clientes L2TP
Você pode usar a configuração de amostra nesta seção para configurar clientes L2TP.
Configure o Legal Intercept
Os radius-flow-tap
comandos de configuração são divididos entre o controlador BNG CUPS e os planos de usuário BNG.
Configure o protocolo de controle de tarefas dinâmicas
Você executa todas as configurações do protocolo de controle de tarefas dinâmicas no controlador BNG CUPS.
Execute a seguinte configuração no controlador BNG CUPS:
[edit] System { login { class <class-name> { permissions flow-tap-operation; } user <user-name> { uid <uid>; class <class-name>; authentication { encrypted-password <string> } } } services { flow-tap-dtcp { ssh { connection-limit <connection-limit>; rate-limit <rate-limit>; } } } }