配置瞻博网络 BNG CUPS
总结 本文介绍了可用于设置瞻博网络 BNG CUPS 以及配置订阅者访问和订阅者管理的示例配置。
如何为订阅者管理配置瞻博网络 BNG CUPS
瞻博网络 BNG CUPS 使用分解式操作模式进行订阅者管理,这与 Junos OS 支持的方式不同。在分解式操作中,瞻博网络 BNG CUPS 控制器(BNG CUPS 控制器)和瞻博网络 BNG 用户平面(BNG 用户平面)分别位于不同的系统上。此外,您还可以将一个 BNG CUPS 控制器与多个 BNG 用户平面相关联。要为订阅者管理设置瞻博网络 BNG CUPS,您必须在 BNG CUPS 控制器和所有相关的 BNG 用户平面上执行配置。
以下部分介绍如何配置和使用瞻博网络 BNG CUPS 进行订阅者管理。
配置 BNG CUPS 控制器
在瞻博网络 BNG CUPS 中,您可以使用以下示例 BNG CUPS 控制器配置为 DHCP 和 PPP 设置订阅者管理功能。
注意:
有关访问 CLI 的信息,请参阅 访问 BNG CUPS 控制器 CLI。
要配置 BNG CUPS 控制器,请应用以下配置:
system {
root-authentication {
encrypted-password "xxxxxx..."; ## SECRET-DATA
}
login {
user regress {
uid 928;
class superuser;
shell csh;
authentication {
encrypted-password "xxxxxx..."; ## SECRET-DATA
}
}
}
services {
ssh {
root-login allow;
}
extension-service {
request-response {
grpc {
clear-text {
port 50051;
}
max-connections 8;
skip-authentication;
}
}
}
flow-tap-dtcp {
ssh;
}
dhcp-local-server {
dhcpv6 {
overrides {
delegated-pool dhcpv6-over-pppoe-pool;
}
group dhcpv6-over-pppoe {
interface up:sample-up-2:ge-0/0/1.0;
interface up:sample-up-2:pp0.0;
interface up:sample-up-1:ge-0/0/1.0;
interface up:sample-up-1:pp0.0;
}
}
group dhcp-v4-client {
dynamic-profile dhcp-client-demux;
interface up:sample-up-2:demux0.0;
interface up:sample-up-2:ge-0/0/0.1;
interface up:sample-up-1:demux0.0;
interface up:sample-up-1:ge-0/0/0.1;
}
}
subscriber-management {
enable {
mode {
control-plane {
control-plane-name sample-cp-1;
transport {
inet 192.0.2.2;
}
user-plane sample-up-1 {
inet 192.0.2.100;
netconf {
user-name user;
password "password";
port 830;
}
user-plane sample-up-2 {
inet 192.0.2.200;
netconf {
user-name user;
password "password";
port 830;
}
}
}
interfaces up:sample-up-2:ge-0/0/0 {
auto-configure {
vlan-ranges {
dynamic-profile dhcp-server-demux {
accept dhcp-v4;
ranges {
1500-1599;
}
}
}
remove-when-no-subscribers;
}
}
interfaces up:sample-up-2:ge-0/0/2 {
auto-configure {
vlan-ranges {
dynamic-profile dhcp-relay-demux {
accept dhcp-v4;
ranges {
2500-2599;
}
}
}
remove-when-no-subscribers;
}
}
interfaces up:sample-up-1:ge-0/0/0 {
auto-configure {
vlan-ranges {
dynamic-profile dhcp-server-demux {
accept dhcp-v4;
ranges {
1500-1599;
}
}
}
remove-when-no-subscribers;
}
}
interfaces up:sample-up-2:ge-0/0/1 {
unit 0 {
pppoe-underlying-options {
dynamic-profile ppp-dp-pp0;
}
}
auto-configure {
vlan-ranges {
dynamic-profile ppp-dvlan {
accept any;
ranges {
3500-3599;
}
}
}
remove-when-no-subscribers;
}
}
interfaces up:sample-up-1:ge-0/0/1 {
unit 0 {
pppoe-underlying-options {
dynamic-profile ppp-dp-pp0;
}
}
auto-configure {
vlan-ranges {
dynamic-profile ppp-dvlan {
accept any;
ranges {
3500-3599;
}
}
}
remove-when-no-subscribers;
}
}
}
}
processes {
general-authentication-service {
traceoptions {
file authd size 500m;
flag all;
}
}
dhcp-service {
traceoptions {
file size 500m;
level all;
flag all;
}
}
cp-smg-service {
traceoptions {
file size 500m;
level all;
flag all;
}
}
}
}
access-profile noauth;
access {
profile noauth {
authentication-order none;
}
address-assignment {
neighbor-discovery-router-advertisement v6-na-pool-0;
pool v4pool {
family inet {
network 198.51.100.1/16;
range limited {
low 198.51.100.10;
high 198.51.100.250;
}
dhcp-attributes {
maximum-lease-time 84600;
}
}
}
pool my-v6 {
family inet6 {
prefix 2001:db8:4136:e368:8000:63bf:3fff:fdd2;
range limits prefix-length 64;
}
}
pool dhcpv6-over-pppoe-pool {
family inet6 {
prefix 2001:db8:4136:e368:8000:63bf:3fff:fdd2;
range limits prefix-length 64;
}
}
pool v6-na-pool-0 {
family inet6 {
prefix 2001:db8:4136:e100:8000:63bf:3fff:fdd2;
range v6-range-0 {
low 2001:db8:::1000:63bf:3fff:fdd2;
high 2001:db8:4136:e900:8000:63bf:3fff:fdd2;
}
}
}
}
address-protection;
}
protocols {
ppp-service {
traceoptions {
file jpppd size 500m;
level all;
flag all;
}
}
pppoe {
traceoptions {
file jpppoed size 500m;
level all;
flag all;
}
}
}
dynamic-profiles {
client-dhcp-demux {
interfaces {
demux0 {
unit "$junos-interface-unit" {
demux-options {
underlying-interface "$junos-underlying-interface";
}
family inet {
demux-source {
$junos-subscriber-ip-address;
}
unnumbered-address lo0.0;
}
}
}
}
}
dhcp-client-demux {
variables {
fin uid;
fout uid;
}
interfaces {
demux0 {
unit "$junos-interface-unit" {
actual-transit-statistics;
proxy-arp;
demux-options {
underlying-interface "$junos-underlying-interface";
}
family inet {
demux-source {
$junos-subscriber-ip-address;
}
filter {
input "$fin";
output "$fout";
}
unnumbered-address lo0.0;
}
}
}
}
class-of-service {
traffic-control-profiles {
norm {
scheduler-map smap5;
shaping-rate percent 50;
}
}
interfaces {
demux0 {
unit "$junos-interface-unit" {
output-traffic-control-profile norm;
}
}
}
scheduler-maps {
smap5 {
forwarding-class best-effort scheduler normie;
}
}
schedulers {
normie {
shaping-rate percent 50;
}
}
}
firewall {
family inet {
filter "$fin" {
interface-specific;
term t0 {
then {
count all-packets-dynamic-2;
accept;
}
}
}
filter "$fout" {
interface-specific;
term term1 {
then {
count all-packets-dynamic-1;
accept;
}
}
}
}
}
}
dhcp-server-demux {
interfaces {
demux0 {
unit "$junos-interface-unit" {
no-traps;
proxy-arp;
vlan-tags outer "$junos-vlan-id";
demux-options {
underlying-interface "$junos-underlying-interface";
}
family inet {
demux-source {
$junos-subscriber-demux-ip-address;
}
unnumbered-address lo0.0;
}
}
}
}
}
ppp-dp-pp0 {
interfaces {
pp0 {
unit "$junos-interface-unit" {
ppp-options {
chap;
pap;
}
pppoe-options {
underlying-interface "$junos-underlying-interface";
server;
}
no-keepalives;
family inet {
unnumbered-address lo0.0;
}
family inet6 {
unnumbered-address lo0.0;
}
}
}
}
protocols {
router-advertisement {
interface "$junos-interface-name" {
max-advertisement-interval 4;
min-advertisement-interval 3;
managed-configuration;
reachable-time 1000;
retransmit-timer 1;
prefix 2001:db8:4136::8000:63bf:3fff:fdd2;
}
}
}
class-of-service {
traffic-control-profiles {
norm {
scheduler-map smap5;
shaping-rate percent 50;
}
}
interfaces {
pp0 {
unit "$junos-interface-unit" {
output-traffic-control-profile norm;
}
}
}
scheduler-maps {
smap5 {
forwarding-class best-effort scheduler normie;
}
}
schedulers {
normie {
shaping-rate percent 50;
}
}
}
}
ppp-dvlan {
interfaces {
demux0 {
unit "$junos-interface-unit" {
no-traps;
proxy-arp;
vlan-tags outer "$junos-vlan-id";
demux-options {
underlying-interface "$junos-interface-ifd-name";
}
family pppoe {
duplicate-protection;
dynamic-profile ppp-dp-pp0;
}
}
}
}
}
dhcp-relay-demux {
interfaces {
demux0 {
unit "$junos-interface-unit" {
demux-source inet;
no-traps;
proxy-arp;
vlan-id "$junos-vlan-id";
demux-options {
underlying-interface "$junos-underlying-interface";
}
family inet {
demux-source {
$junos-subscriber-demux-ip-address;
}
unnumbered-address lo0.0;
}
}
}
}
}
}
配置 BNG 用户平面
设置 BNG CUPS 控制器后,您需要设置与 BNG 用户平面的关联。您可以使用以下示例 BNG 用户平面配置为两个 BNG 用户平面设置订阅者管理功能。
注意:
在此示例中,BNG 用户平面的名称是 sample-up-1 和 sample-up-2。此外,两个 BNG 用户平面正在根据配置 BNG CUPS 控制器中的示例配置与 BNG CUPS 控制器建立关联。
要配置 BNG 用户平面,请将以下配置应用于两个 BNG 用户平面(sample-up-1 和 sample-up-2):
system {
host-name sample-112345-vm;
configuration-database {
max-db-size 419430400;
}
services {
subscriber-management {
enable;
mode {
user-plane {
user-plane-name sample-up-2;
transport {
inet 192.0.2.200;
}
control-plane {
control-plane-name sample-cp-1;
transport {
inet 192.0.2.2;
}
}
}
}
}
}
ports {
console log-out-on-disconnect;
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
}
processes {
up-smg-service {
traceoptions {
file bbe-smg-upd size 1g files 10;
level all;
flag all;
}
}
}
}
chassis {
fpc 0 {
flexible-queuing-mode;
}
network-services enhanced-ip;
}
interfaces {
ge-0/0/0 {
description "DHCP server clients";
hierarchical-scheduler;
flexible-vlan-tagging;
}
unit 1 {
demux-source [ inet inet6 ];
vlan-id 1000;
family inet {
address 198.51.100.20/24;
}
}
}
ge-0/0/1 {
description "PPP clients";
hierarchical-scheduler;
flexible-vlan-tagging;
unit 0 {
encapsulation ppp-over-ether;
vlan-id 3000;
}
}
ge-0/0/2 {
description "DHCP relay clients";
hierarchical-scheduler;
flexible-vlan-tagging;
unit 1 {
demux-source [ inet inet6 ];
vlan-id 2000;
family inet {
address 198.51.100.30/24;
}
}
}
ge-0/0/3 {
description "DHCP relay server";
flexible-vlan-tagging;
unit 0 {
vlan-id 1;
family inet {
address 192.0.2.3/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 192.0.10.3/32;
}
family inet6 {
address 2001:db8:4136::8000:63bf::2/128;
}
}
}
}
配置组播
组播配置在 BNG 用户平面上执行。
您可以使用本节中的示例配置来配置全局组播设置。
在 BNG 用户平面上配置组播,如下所示:
[edit]
protocols {
igmp {
query-interval 125;
query-response-interval 10;
query-last-member-interval 1;
robust-count 2;
}
mld {
query-interval 125;
query-response-interval 10;
query-last-member-interval 1;
robust-count 2;
}
}
policy-options {
policy-statement OIF-MAP-V4 {
term A {
from {
route-filter 230.10.10.1/24 orlonger;
route-filter 230.20.20.1/32 exact;
}
then {
map-to-interface ge-1/0/1.33;
accept;
}
}
then reject;
}
policy-statement OIF-MAP-V6 {
term A {
from {
route-filter ff3e:0:0:0:0:0:0:101/64 orlonger;
route-filter ff05:230::1/128 exact;
}
then {
map-to-interface ge-1/0/1.33;
accept;
}
}
then reject;
}
policy-statement igmp-group-policy {
term A1 {
from {
route-filter 230.0.0.1/24 orlonger;
}
then accept;
}
then reject;
}
policy-statement mld-group-policy {
term A1 {
from {
route-filter ff05::/64 orlonger;
}
then accept;
}
then reject;
}
policy-statement ssm-map-v4 {
term A1 {
from {
route-filter 230.0.0.1/24 orlonger;
}
then {
ssm-source 194.0.0.22;
accept;
}
}
}
policy-statement ssm-map-v6 {
term A1 {
from {
route-filter ff05::/64 orlonger;
}
then {
ssm-source 3000::1;
accept;
}
}
}
}
routing-options {
multicast {
ssm-groups 233.0.0.0/8;
cont-stats-collection-interval 600;
}
}
配置集中式组播
您可以使用本节中的示例配置来配置集中式组播。
在 BNG CUPS 控制器上配置集中式组播,如下所示:
[edit dynamic-profiles profile-name]
protocols {
igmp {
interface "$junos-interface-name" {
version 3;
immediate-leave;
promiscuous-mode;
ssm-map-policy ssm-map-v4;
group-policy igmp-group-policy;
oif-map OIF-MAP-V4;
}
}
}
配置分布式组播
您可以使用本节中的示例配置来配置分布式组播。
在 BNG CUPS 控制器上配置分布式组播,如下所示:
[edit dynamic-profiles profile-name]
protocols {
mld {
interface "$junos-interface-name" {
version 2;
immediate-leave;
promiscuous-mode;
distributed;
ssm-map-policy ssm-map-v6;
group-policy mld-group-policy;
}
}
}
配置 L2TP 客户端
您可以使用本节中的示例配置来配置 L2TP 客户端。
配置合法拦截
配置 radius-flow-tap 命令在 BNG CUPS 控制器和 BNG 用户平面之间进行拆分。
配置动态任务控制协议
您可以在 BNG CUPS 控制器上运行所有动态任务控制协议配置。
对 BNG CUPS 控制器执行以下配置:
[edit]
System {
login {
class <class-name> {
permissions flow-tap-operation;
}
user <user-name> {
uid <uid>;
class <class-name>;
authentication {
encrypted-password <string>
}
}
}
services {
flow-tap-dtcp {
ssh {
connection-limit <connection-limit>;
rate-limit <rate-limit>;
}
}
}
}