Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

ANCP Agent Neighbors and Operations

 

ANCP and the ANCP Agent Overview

This topic describes the Access Node Control Protocol (ANCP) and the ANCP agent. The ANCP agent is the Junos OS process that manages subscriber access lines with ANCP. The agent monitors subscriber access lines, reports subscriber traffic rates on the access lines between the subscribers and the access nodes, and modifies the traffic rates, all in support of CoS traffic shaping.

Overview

ANCP acts as a control plane between a service-oriented Layer 3 edge device and a Layer 2 access node. The access nodes—ANCP neighbors—are network devices that terminate access loops from subscribers; for DSL access loops, the access node is a DSL access multiplexer (DSLAM). Queuing and scheduling mechanisms for subscriber traffic must avoid congestion within the access network while contending with multiple flows and distinct CoS requirements. These mechanisms require the edge device—a router acting as a broadband network gateway (BNG), often also called a network access server (NAS)—to provide information about the access network and subscriber traffic.

The ANCP agent can map an access line to an interface or interface set either statically or dynamically. The agent provides that information to both CoS and AAA. The agent passes on to both CoS and AAA the traffic shaping attributes for each subscriber access line that the access node sent to the ANCP agent. In addition, the agent sends to AAA all DSL Forum attributes that were sent by the access node. AAA can use these attributes during RADIUS accounting and authentication for both DHCP IP demux and PPPoE subscriber sessions. The traffic rates can also be used for shaping L2TP tunnel traffic.

You can monitor ANCP agent events and operations by including the traceoptions statement at the [edit protocols ancp] hierarchy level.

Junos OS supports Class of Service (CoS) traffic shaping on the following interface types for ANCP:

  • Static VLAN interfaces, except those created by Extensible Subscriber Services Manager (ESSM)

  • Static VLAN demux interfaces, except those created by ESSM

  • Static interface sets, including those created by ESSM

  • Dynamic interface sets

  • Dynamic VLAN-tagged interface sets

  • Dynamic agent circuit identifier (ACI) interface sets, also known as ACI sets or ACI VLANs

  • Dynamic PPPoE and DHCP IP demux subscriber interfaces

  • Dynamic VLAN demux interfaces with Ethernet-VPLS encapsulation

ANCP was developed as an extension of RFC 3292, General Switch Management Protocol (GSMP) V3, but is now defined in RFC 6320, Protocol for Access Node Control Mechanism in Broadband Networks.

Topology Discovery

The router uses topology discovery to collect information from the access node. The information includes the following:

  • Topology of the access network

  • DSL line state

  • Actual upstream and downstream net data rates of a synchronized DSL link

  • Maximum attainable upstream and downstream net data rates

  • Interleaving delay

Subscriber Services

The router receives the service profile for the subscribers from a RADIUS server. Most of the services are enforced by the router itself. The router shapes the aggregate egress traffic to subscribers based on the local loop throughput reported by the DSLAM. This traffic shaping optimizes traffic flow while avoiding traffic drops in the access node.

Some service attributes, such as interleaving delay and multicast channel information, are enforced at the access node. The ANCP agent provides the line configuration mechanism that the edge device can use to pass the line configuration to the access nodes. Typically, multiple profiles are provisioned on the access node. The router instructs the access node which profile to use for a given subscriber.

Subscribers typically receive some combination of voice, data, and video services. Each service can be provisioned on a VLAN. A subscriber might receive only a single service over a single VLAN configured on a logical interface. A group of VLANs carrying services to a subscriber is an interface set.

Subscribers have operational states, but they do not have administrative states because they cannot be configured in the CLI.

Subscribers have one of the following operational states which represent the DSL line state as it is reported in the ANCP Port Up and Port Down messages sent by an access node:

  • Idle—Ports are not configured and the subscriber cannot log in.

  • Silent—Ports are configured and the subscriber is connected, but the DSL modem is not ready to transfer data.

  • Showtime—Ports are configured, the subscriber is connected, and the DSL modem is online and ready to transfer data.

Note

For information about ANCP for business subscribers and services, see Layer 2 Wholesale with ANCP-Triggered VLANs Overview.

ANCP Interfaces and Access Loop Circuit Identifiers

The access loop or access line in an ANCP topology consists of the physical elements between the subscriber device (CPE) and the access node. An identifier associated with the access loop serves to identify the subscriber as well. This identifier is an alphanumeric string that actually identifies the interface on the DSLAM from which subscriber requests originate. It can be referred to by various names.

  • In ANCP messages, a TLV carries the access loop circuit ID, also referred to as the access line identifier, access loop circuit identifier, or access identifier.

  • DHCP discovery packets can identify the line with the Agent Circuit ID suboption in the Option 82 field.

  • PPPoE discovery packets can identify the line with the Agent-Circuit-ID subattribute in the DSL Forum vendor-specific tag.

Each of these identifiers is abbreviated as ACI. When the ANCP agent receives a port management message from an access node, it uses the access loop circuit identifier contained in the message to determine which logical interface or interface set corresponds to the subscriber.

You can associate an identifier with an ANCP access line by static configuration. When you configure a logical interface by specifying the interface name at the [edit protocols ancp interfaces] hierarchy level, include the access-identifier statement to associate the access loop circuit identifier with the interface. When you configure an interface set by including the interface-set statement at the [edit protocols ancp interfaces] hierarchy level, associate the access loop circuit identifier with the interface set by including the access-identifier statement at the [edit protocols ancp interfaces interface-set interface-set-name] hierarchy level.

When the DHCP or PPPoE discovery packet includes an ACI, the ANCP agent can dynamically map the ACI to the subscriber interface or interface set. VLANs for the subscribers are created according to a dynamic profile; these are called agent circuit identifier-based or ACI-based dynamic VLANs.

ANCP agent support for RADIUS authentication and accounting requires that both static and dynamic ACIs must be unique across the network. No two interfaces across multiple neighbors (access nodes) can share the same identifier. The DHCP and PPPoE processes do not have information about the access node IP addresses and consequently cannot distinguish between duplicate identifiers. This situation prevents the AAA services framework from correlating a DHCP or PPPoE client session with an access line for RADIUS authentication and accounting.

Mapping Access Lines to Interfaces and Interface Sets

The ANCP agent maps the ACI for subscriber access lines to an interface or interface set to apply DSL attributes received from the access node to CoS traffic shaping for the access line. The access line mapping can be statically configured with the access-identifier statement, or dynamically derived during subscriber authentication. Static mapping always supersedes dynamic mapping.

The ANCP agent can remap an access line to a different interface or interface set than its original mapping. Remapping can also be static or dynamic. For example, an access line might be first dynamically mapped to a subscriber interface and then statically configured to an interface set.

You can statically configure mapping with the statement only for interface and interface set types that have configured or deterministic names:

  • Static VLAN interfaces

  • Static VLAN demux interfaces

  • Static interface sets

  • Dynamic interface sets

  • Dynamic VLAN-tagged interface sets

Static configuration with the statement is required for mapping an access line to static interface sets, dynamic interface sets, and dynamic VLAN-tagged interface sets. This is true regardless of the presence of an ACI in the PPPoE or DHCP IP demux subscriber’s discovery packet, because the use of the ACI is irrelevant to the creation of these types of interface sets.

You cannot statically configure mapping with the statement for the following interface and interface set types, because they have nondeterministic, automatically generated names:

  • Dynamic VLAN demux interfaces

  • Dynamic ACI interface sets (ACI VLANs)

  • Dynamic PPPoe and DHCP IP demux subscriber interfaces

In the context of Layer 2 wholesale services, the ANCP agent can map access lines to dynamic VLAN demux interfaces that have Ethernet-VPLS encapsulation. The ANCP agent triggers the creation of these interfaces with the ANCP Port UP message, which always includes the ACI for the access line. The agent can then dynamically map the interface to an access line for CoS traffic shaping.

Dynamic mapping works as follows:

  • If the subscriber interface is a member of an interface set, the ANCP agent maps the ACI for the access line to the interface set.

  • If the subscriber interface is not a member of an interface set, the ANCP agent maps the ACI for the access line to the subscriber interface.



The ANCP agent does not support static or dynamic mapping for the following interface types, regardless of the presence of the access line’s ACI in the subscriber’s discovery packet:

  • Static VLAN interfaces created by ESSM.

  • Static VLAN demux interfaces created by ESSM.

  • Dynamic VLAN interfaces.

  • Dynamic VLAN demux interfaces that do not have Ethernet-VPLS encapsulation.

ANCP Neighbors

The ANCP agent can report traffic only for access nodes that are configured as ANCP neighbors (also referred to as ANCP peers). Neighbors can establish TCP connections with the router. Include the neighbor statement at the [edit protocols ancp] hierarchy level to configure an access node as an ANCP neighbor.

The ANCP agent exchanges adjacency messages with neighbors. If an adjacency message is not received from a neighbor within the expected period, then the neighbor is considered to be down and is disconnected. You can adjust how long the ANCP agent waits for adjacency messages from all neighbors by including the adjacency-timer statement at the [edit protocols ancp] hierarchy level. The interval between adjacency messages is negotiated between router and the neighbor during adjacency establishment. The larger of two timer values—either the value received in the ANCP SYN message or the configured value—is selected. Loss of synchronization between the router and a neighbor is declared when no valid messages are received for a period of time that exceeds three times the negotiated value.

Note

The ANCP TCP connection is not established and consequently ANCP neighbors do not come up in either of the following circumstances:

  • When the neighbor address (numbered or unnumbered) has a /32 mask.

  • When the unnumbered local address for ANCP dynamic logical interfaces is configured to use a preferred source address.

ANCP neighbors have one of the following administrative states, which simply represent the configuration of the neighbor:

  • enabled—The neighbor is configured in the CLI.

  • disabled—The neighbor is not configured, meaning either that it has never been configured or that the configuration has been deleted.

ANCP neighbors in the enabled state have one of the following operational states, which represent the state of adjacency negotiations:

  • Configured—The neighbor has been configured, but has never established an adjacency.

  • Establishing—Adjacency negotiations are in progress.

  • Established—Adjacency negotiations have succeeded and an ANCP session has been established.

  • Not Established—The neighbor has lost a previously established adjacency, but is ready to begin negotiations.

You can also configure parameters for a specific neighbor that override global or default configurations by including any of the following statements at the [edit protocols ancp neighbor ip-address] hierarchy level:

  • adjacency-timer—Adjust the interval between adjacency messages exchanged with this neighbor.

  • ietf-mode—Prevent the ANCP agent from operating in a backward-compatible mode for this neighbor; for neighbors that use the current IETF implementation of ANCP.

  • maximum-discovery-table-entries—Specify how many discovery table entries are accepted from this neighbor. Include this statement at the [edit protocols ancp] hierarchy level to set the number of entries globally for all neighbors.

  • pre-ietf-mode—Enable the ANCP agent to operate in a backward-compatible mode for this neighbor; for neighbors that use the original IETF implementation of ANCP (GSMPv2) rather than the current implementation. Include this statement at the [edit protocols ancp] hierarchy level to operate in backward-compatible mode globally for all neighbors.

RFC 6320, Protocol for Access Node Control Mechanism in Broadband Networks, defines ANCP Version 1. ANCP was originally implemented based on General Switch Management Protocol (GSMP) version 3, sub-version 1. However, the Internet community has made so many extensions and modifications to GSMPv3 in the course of developing ANCP that ANCP is no longer interoperable with GSMPv3. Consequently, ANCP neighbors must be able to dynamically detect the version that each peer supports. A joint registry codifies the GSMP and ANCP version numbers.

When an ANCP neighbor opens adjacency negotiations, it indicates the highest version of ANCP that it supports, either 0x31 for GSMPv3 or 0x32 for ANCP Version 1. (Version 1 may also be called Version 50, referring to the decimal conversion from the hexadecimal value.) If the receiving neighbor supports that version of ANCP, it returns that value when it responds to the sending neighbors. If it does not support that version, the receiving neighbor simply drops the message.

The ANCP agent stores information about active ANCP subscribers in the Junos shared database, including DSL attributes for the access lines. This storage is persistent and is removed from the database only when you delete the interface or interface set for the access line or issue one of the following commands:

The persistence of the storage enables PPPoE and DHCP IP demux subscribers to be properly managed by RADIUS for authentication and accounting, with their DSL attributes, even when the ANCP connection has been temporarily terminated.

Partitions

ANCP supports the division of an access node into logical partitions. Each partition creates an adjacency with a router; each partition on an access node can form adjacencies with different routers. Partition negotiation takes place during ANCP adjacency negotiation. ANCP messages carry the following fields relating to the partition negotiation:

  • The partition type (PType) field indicates whether the access node is partitioned and how the partition identifier is negotiated. The field has one of the following values negotiated during the formation of the adjacency:

    • 0—The access node is not partitioned or does not support partitions.

    • 1—The number of partitions is fixed and the router requests the access node to use the identifier it places in the partition identifier field.

    • 2—The number of partitions is fixed and the access node has assigned the partition identifier.

  • The partition ID field that indicates one of the following scenarios for ANCP agent support of the neighbor:

    • Zero partition ID—The ANCP agent supports each neighbor on an IP address over a single TCP session with a partition ID of zero. This is the default support case. This value is required when the partition type is zero.

    • Single nonzero partition ID—The ANCP agent supports each neighbor on an IP address over a single TCP session with a nonzero partition ID. This case requires partition ID learning to be enabled with the gsmp-syn-wait statement at the [edit protocols ancp] hierarchy level.

  • The partition flag (PFlag) field indicates the type of partition request being made. A value of one specifies a new adjacency.

The following partitioning schemes are supported

  • Each partition has an independent ANCP session and channel to an adjacent router. All partitions have a fixed partition ID of zero.

  • Each partition has an independent ANCP session and channel to an adjacent router. Each partition has a dedicated, nonzero partition ID.

Adjacency Update Messages

After an adjacency has been established, the ANCP agent uses adjacency update messages to inform routers that control the same partition about each other. Once more than one router has established an adjacency to a given partition, the ANCP agent sends an adjacency update message to each of these routers to report how many established adjacencies the partition currently supports. When an adjacency is lost, an update message is sent to the remaining routers to report the change in status. You can use the show ancp neighbor detail command to display the number of adjacencies currently established on a particular partition.

Generic Response Messages and Result Codes

ANCP neighbors and the router can reply to messages either with a specific response message or a generic response message. A generic response message is typically sent when no information needs to be sent to the peer other than a success or failure result. If the response is about a failure, then a result code is included that specifies the kind of failure; a limited amount of diagnostic data can also be included. A generic response message can also be sent independently of a request if the adjacency is being shut down because of the failure. In this case, the sender of the message zeros out the Transaction ID field in the message header and the Message Type field in the Status-Info TLV.

Table 1 describes the result codes that can be included in a generic response message.

Table 1: ANCP Failure Result Codes

Code Value

Description

Detected By

0x02

Although the request message is properly formed, it is invalid because it violates the protocol, either because of timing issues such as a race condition or the direction in which the message was transmitted.

ANCP agent

0x06

One or more of the specified ports is down because of a state mismatch between the router and an ANCP control application.

Control applications (none yet available)

0x13

ANCP is out of resources. This result code is sent only by the access node; the problem is probably not related to the access lines, but can be related to a specific request.

ANCP protocol layer or control applications (none yet available)

0x51

The type of request message is not implemented because of a mismatch in protocol versions or capability state between the peers, or possibly because the message type is optional for an ANCP capability.

ANCP agent

0x53

The message is malformed either because it was corrupted in transit or an implementation error occurred at one end of the connection.

ANCP agent

0x54

One or more mandatory TLVs is missing from the request.

ANCP agent

0x55

The contents of one or more TLVs in the request are invalid because they do not match the TLV specification.

ANCP agent

0x500

One or more of the ports specified in a request does not exist, possibly because of a configuration mismatch between the access node and the router or AAA.

Control applications (none yet available)

Note

Although Junos OS supports both sending and receiving generic response messages, currently the ANCP agent only receives these messages. When one of these messages is received, the router generates a system log, increments the generic message counters, and increments the result code counters. When the ANCP agent receives an incorrect or unexpected generic response message from an ANCP neighbor, it immediately drops the packet, generates a system log notice message, and takes no further action.

Generic response messages usually include the Status-Info TLV, which includes supplemental information about a warning or error condition. The Status-Info TLV is required when the result code indicates any of the following: a port is down or does not exist, a mandatory TLV is missing, or a TLV is invalid. The Status-Info TLV can also be included in other ANCP message types.

Benefits of Access Node Control Protocol

  • Simplify the configuration and maintenance of access lines between access nodes and subscribers.

  • Perform CoS-related adjustments on upstream and downstream data rate attributes to both accurately provide services and control congestion in the network.

  • Provide access network information, such as DSL attributes to backend applications such as operations support systems (OSS) for service management.

  • Store DSL attributes in the session database for use during RADIUS authentication and accounting of PPPoE sessions.

ANCP Operations in Different Network Configurations

This topic describes different types of supported network configurations and the sequence of events for ANCP operations in representative sample network topologies.

You can configure the ANCP agent for any of the following interface types:

  • Static VLAN interfaces, except those created by Extensible Subscriber Services Manager (ESSM)

  • Static VLAN demux interfaces, except those created by ESSM

  • Static interface sets, including those created by ESSM

  • Dynamic interface sets

  • Dynamic VLAN-tagged interface sets

  • Dynamic agent circuit identifier (ACI) interface sets, also known as ACI sets or ACI VLANs

  • Dynamic PPPoE and DHCP IP demux subscriber interfaces

  • Dynamic VLAN demux interfaces with Ethernet-VPLS encapsulation

Subscriber sessions are dynamically created as needed for each of the devices in a household. Each household can include multiple CPE devices that access the Internet. In all cases, each household is identified by a unique ACI that is assigned by the access node. Additional identifiers are used in some configurations.

1:1 and N:1 Traffic Shaping Models

The 1:1 and N:1 traffic shaping models determine how VLANs are correlated with households. These models are also referred to as access models or configuration models. A network can include one or both of the models:

  • 1:1 model—A household has only one PPPoE or DHCP IP demux subscriber session. One or more such households can exist on a single VLAN or VLAN demux interface. In the case of a single household, either the subscriber interface or its underlying VLAN or VLAN demux interface can represent the household. In the case of multiple households, the corresponding subscriber interfaces represent the households. In either case, the interface representing a household must be mapped to the ACI for its access line.

    Table 2 describes the types of interfaces supported for the ANCP 1:1 access model when interface sets are not involved, and whether the PPPoE or DHCP IP demux discovery packets must include the ACI for the subscriber access lines.

    Table 2: ACI Mapping by Interface Type for the ANCP 1:1 Model

    Interface Type

    Description

    Presence of ACI in Discovery Packets

    Dynamic PPPoE or DHCP IP demux interface

    When ACI is present in discovery packets, the ANCP agent maps the ACI to the subscriber interface. The name of the interface is automatically generated and nondeterministic.

    Required.

    Static VLAN or VLAN demux interface

    The name of the interface is statically configured. The ANCP agent configuration must include the access-identifier statement to statically map the ACI to the interface.

    Not present.

  • N:1 model—A household can have more than one PPPoE or DHCP IP demux subscriber session. The household can have more than one VLAN or VLAN demux interface. In either case, all the interfaces must be grouped into an interface set. The interface set in turn must be mapped to the ACI for the household’s access line.

    An interface set groups the dynamic PPPoE or DHCP IP demux sessions for a household. The subscribers are placed into interface sets by one several methods. Table 3 describes the types of interface sets supported in the ANCP N:1 access model, how they are created, and how the ACI is mapped to the interface set.

    Table 3: ACI Mapping by Interface Set Type for the ANCP N:1 Access Model

    Type of Interface Set

    Description

    Interface Type

    Presence of ACI in Discovery Packets

    ACI-based VLAN interface sets

    When the router receives a DHCP or PPPoE discovery packet that includes an ACI embedded within the DSL Forum vendor-specific tag, it dynamically creates the VLAN and the interface set. The router generates a nondeterministic name for the interface set, such as aci-1003-ge-1/0/0.1073741832.

    The ANCP agent automatically maps the ACI from the discovery packet to the dynamically created interface set.

    All DHCP IP demux or PPPoE sessions that have the same ACI are mapped to the same interface set.

    Dynamic VLAN and VLAN demux interfaces.

    Required.

    Dynamic interface sets

    A dynamic profile dynamically creates the interface set and places interfaces in the set. The profile can either have the name of the interface set explicitly configured or a variable that represents the interface set name. If a variable is used, then the interface set name is provided by RADIUS when it returns an Access-Accept message for the subscriber.

    The ANCP agent configuration must include the access-identifier statement to statically map the ACI to the interface set.

    All DHCP IP demux and PPPoE sessions are mapped to an interface set according to the rules of the dynamic profile.

    DHCP IP demux subscriber interfaces, PPPoE subscriber interfaces, or VLAN interfaces.

    Irrelevant.

    Static interface sets

    The interface set and set name are statically configured and include multiple static interfaces.

    The ANCP agent configuration must include the access-identifier statement to statically map the ACI to the interface set.

    Static VLAN and VLAN demux interfaces.

    Irrelevant.

    VLAN-tagged interface sets

    When the router receives a DHCP or PPPoE discovery packet that includes a VLAN ID, it dynamically creates the VLAN and the interface set. The interface set is given a deterministic name consisting of the physical interface name and the VLAN tags, for example, ge-1/0/0-101.

    The ANCP agent configuration must include the access-identifier statement to statically map the ACI to the interface set.

    All DHCP IP demux or PPPoE sessions that have the same VLAN ID tag are mapped to the same interface set.

    Dynamic VLAN and VLAN demux interfaces.

    Irrelevant.

CoS traffic shaping is based on the subscriber downstream traffic rate that the ANCP agent receives from the access node and then passes to CoS. CoS can shape subscriber traffic at the level of the household or the session:

  • Household shaping—Only aggregate traffic to the household is shaped. Household shaping results from applying a CoS traffic-control profile to the static VLAN or VLAN demux interface or to the interface set.

  • Session shaping—The traffic rate to individual devices in the household is shaped. Session shaping results from specifying a CoS traffic-control profile in the dynamic PPPoE profile that creates the subscriber session. Depending on the network configuration, session shaping may employ shared priority queues to shape all sessions identically or individual priority queues to shape the sessions separately.

Business Services Traffic Shaping Model

In addition to the N:1 and 1:1 traffic shaping models, the ANCP agent also supports a business services traffic shaping model. In this model, the Extensible Subscriber Services Manager (ESSM) classifies a PPPoE session as either residential household or business subscriber. Classification occurs during RADIUS authentication and authorization. The ANCP agent applies CoS traffic shaping differently depending on the classification.

Before RADIUS authentication and authorization, the PPPoE session represents a residential household in the ANCP 1:1 model. The ANCP agent dynamically maps the household’s access line to the corresponding subscriber interface and applies CoS traffic shaping to that interface. The household line’s ACI is present in the PPPoE discovery packet.

When ESSMD subsequently classifies a PPPoE session as a business subscriber session during RADIUS authentication and authorization, it creates and groups multiple management and data plane static VLAN interfaces into a static interface set. then it statically maps the access line for the PPPoE session to this interface set according to the CLI configuration. The ANCP agent removes CoS traffic shaping from the subscriber interface and applies it to the static interface set. Removing the CoS traffic shaping means that the CoS application applies the next rate in its default or configured adjustment control profile to the interface or interface set. The new business subscriber interface set cannot contain a mix of static and dynamic interfaces. That prohibition is not limited to dynamic VLANs and the PPPoE session that triggered the creation of the interface set.

Note

An exception to the ANCP agent’s general support for CoS traffic shaping and RADIUS authentication and accounting on static VLAN and VLAN Demux interfaces is that it does not support these interfaces if they are created by ESSM. These interfaces are different from the ESSM-created interface sets, which are supported by the ANCP agent.

From the perspective of the ANCP agent, the business dervices model effectively overrides a dynamically derived access-line-to-interface mapping with a statically configured access-line-to-interface-set mapping. This action triggers the ANCP agent to reapply CoS traffic shaping accordingly.

The business services model is typically used in a Layer 2 wholesale network. For detailed information, see Layer 2 Wholesale with ANCP-Triggered VLANs Overview.

ANCP Network Using N:1 and 1:1 Configuration Models without Interface Sets

In this sample topology, two households are configured for one underlying static VLAN or VLAN demux interface (N:1; dual-tagged VLAN) and a single household is configured for another underlying interface (1:1; single-tagged VLAN) (Figure 1). In addition to the unique ACI assigned by the access node, each household is further identified by the VLAN, which is mapped to the identifier in the ANCP agent configuration. CoS traffic shaping for sessions can employ only shared priority queues to shape all sessions identically; individual priority queues to shape the sessions separately are not supported.

Figure 1: Sample ANCP Topology Without Interface Sets (1:1 and N:1 Model)
Sample ANCP
Topology Without Interface Sets (1:1 and N:1 Model)

Sequence of ANCP Events: Static VLAN or VLAN Demux Interfaces over Ethernet Without Interface Sets

The following sequence of events is for the topology in Figure 1 with static VLAN interfaces over Ethernet without interface sets.

  1. A network device in the household initiates PPPoE discovery.
  2. PPPoE creates a dynamic PPPoE session on the underlying static VLAN or VLAN demux interface and applies the advisory options configured on the VLAN to the session.
  3. The access node independently provides the ANCP agent with the ANCP DSL attributes for an access line identified by an ACI.
  4. The ANCP agent sends CoS the adjusted downstream data rate for the static VLAN or demux VLAN mapped to the ACI. The ANCP agent stores all DSL attributes, including the adjusted upstream data rate, in the router’s shared database.
  5. AAA correlates the dynamic PPPoE session with the access line by matching the underlying interface of the session to the static VLAN or VLAN demux interface associated with the ACI in the ANCP agent configuration.
  6. AAA retrieves the ANCP DSL attributes for the access line from the router’s shared database and maps them to the Juniper Networks DSL VSAs in the RADIUS Access-Request and Accounting-Request messages. If the DSL attributes are unavailable, the session’s advisory upstream and downstream data rates are mapped to the Upstream-Calculated-Qos-Rate VSA (26-142) and Downstream-Calculated-Qos-Rate (26–141) VSAs, respectively. These VSAs are then included in the RADIUS messages.

ANCP Network Using N:1 Configuration Model with Interface Sets

In this topology, multiple households are configured for each underlying static VLAN or VLAN demux interface (Figure 2). The VLANs are dual-tagged. Each household includes several CPE devices that access the Internet. In addition to the unique ACI assigned by the access node, the household is further identified by the interface set. The interface set groups the dynamic PPPoE sessions for the individual subscriber devices. It is either explicitly configured in the dynamic PPPoE profile or specified in the RADIUS Access-Accept message during PPPoE session authentication. Session shaping can employ shared priority queues to shape all sessions identically or individual queues to shape the sessions separately.

Figure 2: Sample ANCP Topology with Interface Sets (N:1 Model)
Sample ANCP Topology
with Interface Sets (N:1 Model)

In this N:1 model with interface sets, the access node must add the DSL Forum VSA to the PPPoE PADI and PADR discovery packets that it passes to the router during the establishment of dynamic PPPoE sessions. The VSA includes the ACI for the household. This inclusion enables AAA to correlate the PPPoE sessions with their respective subscriber access lines and DSL attributes during RADIUS authentication and accounting. If the ACI is not present, AAA cannot make the correlation and subsequently reports only the advisory upstream and downstream data rates to RADIUS Authentication and Accounting.

When the dynamic PPPoE profile is configured with the $junos-interface-set-name predefined variable, the configuration of the access node, router, and RADIUS server must be synchronized with regard to the ACI and interface set:

  • The RADIUS Access-Accept message must contain the Juniper Networks Qos-Interface-Set-Name VSA (26-130).

  • The CoS Layer 2 configuration must explicitly identify the interface set that is named in the Qos-Interface-Set-Name VSA (26-130).

  • The ANCP agent configuration must map an ACI to the interface set that is named in the Qos-Interface-Set-Name VSA (26-130).

Sequence of ANCP Events: Static VLAN Interfaces over Ethernet with Interface Sets

The following sequence of events is for the topology in Figure 2 with static VLAN interfaces over Ethernet with interface sets.

  1. A network device in the household initiates PPPoE discovery.
  2. The access node adds the DSL Forum VSA tag with the ACI for the household to the PPPoE PADI and PADR discovery packets. (The identifier is known to PPPoE as the agent circuit identifier.)
  3. PPPoE creates a dynamic PPPoE session with the provided ACI on the underlying static VLAN and applies the advisory options configured on the VLAN to the session.
  4. The access node independently provides the ANCP agent with the ANCP DSL attributes for an access line identified by an ACI.
  5. The ANCP agent provides CoS with the adjusted downstream data rate for the interface set mapped to the ACI. The ANCP agent stores all ANCP DSL attributes, including the adjusted upstream and downstream data rates, in the router’s shared database.
  6. AAA correlates the dynamic PPPoE session with the access line by matching the session identifier received in the DSL Forum VSA to the ACI configured for the interface set in the ANCP agent configuration.
  7. AAA retrieves the ANCP DSL attributes for the access line from the router’s shared database and maps them to the Juniper Networks DSL VSAs in the RADIUS Access-Request and Accounting-Request messages. If the DSL attributes are unavailable, the session’s advisory upstream and downstream data rates are mapped to the Upstream-Calculated-Qos-Rate VSA (26-142) and Downstream-Calculated-Qos-Rate (26–141) VSAs, respectively. These VSAs are then included in the RADIUS messages.
  8. When authentication is completed, the dynamic PPPoE session is placed into the interface set configured in the dynamic PPPoE profile. The profile specifies a named interface set or the $junos-interface-set-name predefined variable, which indicates that the interface set is named in the RADIUS Access-Accept message.

ANCP Network Using 1:1 Configuration Model with Interface Sets

In this topology, a single household is configured for each underlying static VLAN or VLAN demux interface (Figure 3). The VLANs are dual-tagged. Each household includes several CPE devices that access the Internet. In addition to the unique ACI assigned by the access node, the household is further identified by the interface set. The interface set is either explicitly configured in the dynamic PPPoE profile or specified in the RADIUS Access-Accept message during PPPoE session authentication. Session shaping can employ shared priority queues to shape all sessions identically or individual queues to shape the sessions separately.

Figure 3: Sample ANCP Topology with Interface Sets (1:1 Model)
Sample ANCP Topology
with Interface Sets (1:1 Model)

In this 1:1 model with interface sets, the ANCP agent configuration must map the underlying interface for the PPPoE sessions in an interface set to both the ACI and the interface set. This configuration enables AAA to correlate the PPPoE sessions with their respective subscriber access lines and DSL attributes during RADIUS authentication and accounting.

When the dynamic PPPoE profile is configured with the $junos-interface-set-name predefined variable, the configuration of the access node, router, and RADIUS server must be synchronized with regard to the ACI and interface set:

  • The RADIUS Access-Accept message must contain the Juniper Networks Qos-Interface-Set-Name VSA (26-130).

  • The CoS Layer 2 configuration must explicitly identify the interface set that is named in the Qos-Interface-Set-Name VSA (26-130).

  • The ANCP agent configuration must map an ACI to the interface set that is named in the Qos-Interface-Set-Name VSA (26-130).

Sequence of ANCP Events: Static VLAN Demux Interfaces over Aggregated Ethernet with Interface Sets

The following sequence of events is for the topology in Figure 3 with static VLAN demux interfaces over aggregated Ethernet with interface sets.

  1. A network device in the household initiates PPPoE discovery.
  2. PPPoE creates a dynamic PPPoE session with the provided ACI on the underlying static VLAN demux interface and applies the advisory options configured on the VLAN to the session.
  3. The access node independently provides the ANCP agent with the ANCP DSL attributes for an access line identified by an ACI.
  4. The ANCP agent provides CoS with the adjusted downstream data rate for the interface set mapped to the ACI. The ANCP agent stores all ANCP DSL attributes, including the adjusted upstream and downstream data rates, in the router’s shared database.
  5. AAA correlates the dynamic PPPoE session with the access line by matching the underlying interface of the session to the underlying interface configured for the interface set in the ANCP agent configuration.
  6. AAA retrieves the ANCP DSL attributes for the access line from the router’s shared database and maps them to the Juniper Networks DSL VSAs in the RADIUS Access-Request and Accounting-Request messages. If the DSL attributes are unavailable, the session’s advisory upstream and downstream data rates are mapped to the Upstream-Calculated-Qos-Rate VSA (26-142) and Downstream-Calculated-Qos-Rate (26–141) VSAs, respectively. These VSAs are then included in the RADIUS messages.
  7. When authentication is completed, the dynamic PPPoE session is placed into the interface set configured in the dynamic PPPoE profile. The profile specifies a named interface set or the $junos-interface-set-name predefined variable, which indicates that the interface set is named in the RADIUS Access-Accept message.

Automatic Creation of Business Subscriber Interface Sets

For business subscribers in a network, four-level scheduler hierarchies use static interface sets to represent the subscriber access line, with static VLAN logical interface as members of the interface set. This configuration is performed by Extensible Subscriber Services Manager (ESSM) operation scripts. The op-scripts base the name on the outer VLAN tag of the subscriber interface, because the tag is unique per subscriber.

The name is derived from the $junos-svlan-interface-set-name predefined variable. The interface set name is in the format physical_interface_name-outer_vlan_tag. For example, an Ethernet interface ge-1/1/0, with a dual-tagged VLAN interface that has an outer tag of 111, results in an interface set name of ge-1/1/0-111.

Five-level scheduler hierarchies for business subscribers require dynamic interface sets. Op-scripts need to reference the dynamic interface set name during subscriber configuration; consequently the format of the dynamic name must be the same format that the script uses for static interface sets. The interface set name is provided by the RADIUS server during subscriber authentication, because the server has to determine whether a subscriber logging in is a business or residential subscriber.

Starting in Junos OS Release 19.3R1, you can configure the BNG to dynamically create the interface set name and propose that name to the RADIUS server in the Access-Request message for the subscriber. The proposed name is carried by the Juniper Networks VSA, Qos-Set-Name (26-130). When the server determines that the subscriber is a business subscriber, it returns the name in the Access-Accept message to the BNG, where the name is used to create a dynamic interface set for the business subscriber.

If the RADIUS server determines that the subscriber is residential, then the server does not return the VSA in the Access-Accept message. In this case, the dynamic PPPoE IFL is added to a default dynamic interface set to conserve L3 CoS nodes for a five-level hierarchy or L2 CoS nodes for a four-level hierarchy. The dynamic interface set for residential subscribers always resolves to the default interface set.

The default dynamic interface set is determined by the configuration of the predefined-variable-defaults statement (using expressions) in the dynamic profile:

  • For hierarchical networks, the name is derived from the parent interface set based on the backhaul ID, using the $junos-aggregation-interface-set-name predefined variable. The term -default is appended to the predefined variable’s value to create the new interface set name.

    For conventional access networks, the name is based on the physical interface using the $junos-phy-ifd-interface-set-name predefined variable.

To enable dynamic creation of the interface set name for business subscribers, use the source-interface-set-at-login svlan statement at the [edit protocols ppp-service] hierarchy level.

Note

Although a four-level scheduler hierarchy can use static interface sets for business subscribers, you can use dynamic interface sets to provide a uniform solution for both four-level and five-level hierarchies. This method ensures that all the logical interfaces, both dynamic and static, are members of the same interface set.

Configuring the ANCP Agent

You can configure the ANCP agent to enable a service-oriented Layer 3 edge device to discover information about the topology of a connected access network. The ANCP agent can also provide details about subscriber traffic and enable the adjustment of QoS traffic shaping for subscribers.

To configure the ANCP agent:

  1. Specify each ANCP neighboring access node to be monitored and optionally configure neighbor parameters.

    See Configuring ANCP Neighbors.

  2. Specify the subscribers reached by a VLAN or a set of VLANs through a particular access node.

    See Associating an Access Node with Subscribers for ANCP Agent Operations.

  3. (Optional) Configure the adjacency timer.

    See Specifying the Interval Between ANCP Adjacency Messages.

  4. (Optional) Specify the maximum number of discovery table entries that are accepted.

    See Specifying the Maximum Number of Discovery Table Entries

  5. (Optional) Configure the ANCP agent to work with an early IETF draft.

    See Configuring the ANCP Agent for Backward Compatibility.

  6. (Optional) Configure the graceful restart timer.

    See Specifying How Long Processes Wait for the ANCP Agent Restart to Complete.

  7. (Optional) Configure the ANCP agent to learn partition IDs from neighbors.

    See Configuring the ANCP Agent to Learn ANCP Partition IDs.

  8. (Optional) Configure an adjustment factor per DSL line type for the downstream and upstream data rates that the ANCP agent reports to AAA.

    See Setting a Global Adjustment Factor per DSL Subscriber Line for ANCP Agent-Reported Traffic Rates.

  9. (Optional) Configure the ANCP agent to report unadjusted downstream traffic rates to CoS.

    See Configuring the ANCP Agent to Report Traffic Rates to CoS.

  10. (Optional) Specify a recommended shaping rate to be applied by RADIUS to downstream or upstream traffic per ANCP interface.

    See Setting a Recommended Shaping Rate for Traffic on ANCP Interfaces.

  11. (Optional) Configure AAA to Include or Exclude Juniper Networks DSL VSAs in RADIUS authentication and accounting messages.

    See Configuring AAA to Include Juniper Networks DSL VSAs in RADIUS Messages.

  12. (Optional) Configure AAA to send an immediate interim accounting update to the RADIUS server when AAA receives a rate change notification from the ANCP agent on the router.

    See Configuring Immediate Interim Accounting Updates to RADIUS in Response to ANCP Notifications.

  13. (Optional) Configure the ANCP agent to associate a neighbor with an access-facing physical interface for the creation of autosensed dynamic VLANs on the interface.

    See Configuring the ANCP Agent for ANCP-Triggered, Autosensed Dynamic VLANs.

  14. (Optional) Configure the ANCP agent to dampen the effect of short-term adjacency losses for all neighbors.

    See Configuring the ANCP Agent to Dampen the Effects of Short-Term Adjacency Losses.

  15. (Optional) Configure trace options for troubleshooting the configuration.

    See Tracing ANCP Events for Troubleshooting.

Configuring ANCP Neighbors

You must configure each neighboring access node that you want the ANCP agent to monitor and potentially shape traffic for. Some neighbor settings override globally configured values.

To configure an ANCP neighbor:

  1. Specify the IP address of the neighbor.
  2. (Optional) Configure the neighbor to operate in a backward-compatible mode when it does not support the current IETF standard and the backward-compatible mode is not configured globally.
  3. (Optional) Override the globally configured backward-compatible mode when the neighbor supports the current IETF standard.
  4. (Optional) Configure the interval in seconds between ANCP adjacency messages exchanged with this neighbor.
  5. (Optional) Specify the maximum number of discovery table entries that are accepted from this neighbor.
  6. (Optional) Enable out-of-band ANCP triggering of autosensed, dynamic VLANs on the physical interface.
  7. (Optional) Configure how long the ANCP agent maintains a Layer 2 wholesale session when an adjacency loss occurs.

Associating an Access Node with Subscribers for ANCP Agent Operations

The ANCP agent on the router uses the access loop circuit identifier (ACI) to distinguish individual ANCP subscribers. Because the agent uses the ACI to associate (map) each subscriber to an interface or interface set, each ACI must be unique across all ANCP neighbors connected to the router.

Best Practice

We recommend that the ACIs be unique across your ANCP network.

Access lines can be statically or dynamically mapped to interfaces or interface set. When the subscriber’s DHCP or PPPoE discovery packets contain the ACI, then the agent can dynamically map it to the interface or interface set. Otherwise, the ACI must be statically configured. A static configuration overrides dynamic mapping of ACIs—and therefore subscribers—to interfaces or sets.

You can use the access-identifier statement only for interface and interface set types that have configured or deterministic names: static VLAN interfaces, static VLAN demux interfaces, static interface sets, dynamic interface sets, and dynamic VLAN-tagged interface sets.

The access-identifier statement is required for mapping an access line to static interface sets, dynamic interface sets, and dynamic VLAN-tagged interface sets. This is true regardless of the presence of an ACI in the PPPoE or DHCP IP demux subscriber’s discovery packet, because the use of the ACI is irrelevant to the creation of these types of interface sets.

You cannot use the access-identifier statement for the following interface and interface set types, because they have nondeterministic, automatically generated names: dynamic VLAN demux interfaces, dynamic ACI interface sets (ACI VLANs), and dynamic PPPoe and DHCP IP demux subscriber interfaces.

To associate an ACI with a set of VLAN interfaces for subscribers:

  • Specify the name of the interface set and the unique ACI for the access node.

To associate an ACI with a single VLAN:

  • Specify the logical interface and the unique ACI for the access node.

To associate an ACI with a static VLAN demux interface:

  • Specify the logical interface and the unique ACI for the access node.

Specifying the Interval Between ANCP Adjacency Messages

When the ANCP agent and a neighbor negotiate to establish an adjacency, each proposes a value for the interval between the adjacency messages that they exchange after it is established. The larger of the values proposed by the agent and the neighbor is selected for the interval between subsequent adjacency messages exchanged by the agent and the neighbor. You can specify the interval value that the ANCP agent proposes for either all neighbors or a specific neighbor.

To configure the proposed interval between ANCP adjacency messages for all neighbors:

  • Specify the time in seconds.

To configure the proposed interval between ANCP adjacency messages for a specific neighbor:

  • Specify the time in seconds.

Specifying the Maximum Number of Discovery Table Entries

You can specify the maximum number of discovery table entries accepted from all neighbors or from a particular neighbor.

To configure the maximum number of entries for all neighbors:

  • Specify the number of entries.

To configure the maximum number of entries for a specific neighbor:

  • Specify the number of entries.

Configuring the ANCP Agent for Backward Compatibility

You can configure the ANCP agent to operate in a mode compatible with the protocol as it was initially proposed to operate. This backward-compatible or pre-IETF mode is compatible with Internet draft draft-wadhwa-gsmp-l2control-configuration-00.txt, GSMP extensions for layer2 control (L2C). Setting this backward-compatible mode enables interoperation with devices that are not compatible with the later ANCP Internet drafts or RFC 6320, Protocol for Access Node Control Mechanism in Broadband Networks.

When this mode is configured globally for all neighbors, you can override it for a particular neighbor that supports the IETF draft or standard.

To configure the ANCP agent to operate in a backward-compatible mode for all neighbors:

  • Specify the pre-IETF mode.

To configure the ANCP agent to operate in a backward-compatible mode for a specific neighbor:

  • Specify the pre-IETF mode.

  • To override the globally configured backward-compatible mode for a specific neighbor:

    Specify the IETF mode.

Specifying How Long Processes Wait for the ANCP Agent Restart to Complete

You can specify how long other processes wait for the ANCP agent to restart. The ANCP agent sends a keepalive message to CoS at intervals equal to one-third the value of the maximum helper restart time. For example, when you configure the maximum restart time to 120 seconds, the ANCP agent sends a keepalive message every 40 seconds.

If CoS does not receive a keepalive message within the maximum helper restart time, it considers the ANCP agent to be down and immediately reverts any traffic shaping updates that were implemented as a result of ANCP agent monitoring to the configured values. Consequently, traffic to the subscribers is not effectively shaped, potentially resulting in traffic drops in the DSLAMs The configured values are maintained until the ANCP agent comes back up and sends fresh traffic shaping updates to CoS.

To configure how long other processes wait for the ANCP agent to restart:

  • Specify the time in seconds.

Configuring the ANCP Agent to Learn ANCP Partition IDs

By default, the ANCP agent expects ANCP partition IDs to be zero, meaning that the access node is not divided into logical partitions that can each form adjacencies with routers. You can configure the ANCP agent to support nonzero partition IDs. When you do so, the agent waits a configurable period to receive a SYN message from a neighbor during adjacency initiation. When the agent receives such a message, it uses the partition information contained in the Partition ID, PType, and PFlag fields to generate in turn a SYN message that it sends to the neighbor to continue adjacency negotiation.

To configure the ANCP agent to learn partition ID information from neighbors:

  1. Enable partition ID learning.
  2. (Optional) Specify the maximum time the ANCP agent waits to receive a SYN message from a neighbor during the formation of an adjacency.

For example, to enable partition ID learning and force the ANCP agent to wait 45 seconds for a SYN message:

Example: Configuring an ANCP Network with Interface Sets and N:1 Static Demux VLANs over Aggregated Ethernet

This example describes how to configure an ANCP network topology that manages subscriber access for several households by grouping individual devices into interface sets, providing access and services through one dedicated C-VLAN per household, and shaping traffic on a per-household basis. In this N:1 configuration, dual-tagged VLANs are configured over a single, underlying, static VLAN demux interfaces over aggregated Ethernet.

Requirements

This example uses the following hardware and software components:

  • MX Series 5G Universal Routing Platform with only MPCs installed for VLAN demux support

  • RADIUS server

  • DSLAM access node

Before you begin configuring the example, be sure you have:

Overview

ANCP provides a means to configure, maintain, and monitor local access lines between access nodes (DSLAMs) and subscribers. Associated CoS configurations shape the downstream subscriber traffic. ANCP can enable more accurate traffic shaping by adjusting net data rates to discount the packet overhead of the access lines and then providing these adjusted rates to CoS.

The network topology in this example includes a dual-tagged (C-VLAN/S-VLAN) VLAN configuration over a static VLAN demux interface that is in turn configured over aggregated Ethernet for redundancy. This topology is an N:1 configuration model because—although each C-VLAN corresponds to one subscriber household—all the C-VLANs are configured over the same underlying VLAN demux interface. Multiple end-user devices in each household—or rather the dynamic PPPoE sessions established by each device—are grouped by household into interface sets. The grouping is accomplished by a separate dynamic profile configured for each C-VLAN. The ANCP agent configuration maps the ACI for the household’s access line to an interface set. CoS applies a traffic-control profile to each interface set to shape the subscriber-directed traffic on a per-household basis. The CoS shaping rate is dynamically updated based upon the DSL attributes provided by the access node for each household’s access line.

Figure 4 shows S-VLAN 103, configured on demux0, servicing the access node. C-VLANs 1, 2, and 3 each service a single household (subscriber). The respective households are identified by unique ACIs. The dynamic PPPoE sessions for devices in each household are grouped for monitoring and traffic shaping into interface sets 10301, 10302, and 10303.

Figure 4: N:1 ANCP Topology with Interface Sets and VLAN Demux Interface over Aggregated Ethernet
N:1 ANCP Topology
with Interface Sets and VLAN Demux Interface over Aggregated Ethernet

Table 4 describes the configuration components used in this example.

Table 4: Configuration Components used in ANCP N:1 Topology Example with Interface Sets

Configuration Component or Property

Component Name or Setting

Description

Dynamic profiles

ancp-10301

ancp-10302

ancp-10303

Each profile defines the dynamic PPPoE session created when any of the devices for a particular subscriber household accesses the network.

Each profile specifies the following:

  • A set of interfaces in which the sessions are created.

  • Dynamic instantiation of both the logical interfaces for the sessions and the underlying PPPoE logical interfaces on which the subscribers log in.

  • CHAP and PAP authentication for the sessions.

  • The interval between successive PPP keepalive messages.

  • The loopback address for the dynamic PPPoE logical interfaces.

Predefined variables

$junos-interface-unit

Instantiates the logical interface for each PPPoE session.

$junos-underlying-interface

Instantiates the logical underlying PPP interface on which each dynamic PPPoE logical interface is created when a subscriber logs in.

Interfaces

ae0

Aggregated Ethernet interface that is the underlying interface for the VLAN demux interfaces.

The interface includes the following configuration:

  • CoS hierarchical scheduling.

  • Stacked VLAN tagging for all logical interfaces on top of ae0.

  • Link protection.

demux0

VLAN demux interface that runs over the underlying aggregated Ethernet interface.

demux0.10301

demux0.10302

demux0.10303

VLAN demux logical interfaces that correspond to the C-VLANs for individual subscriber households.

Each logical interface includes the following configuration:

  • Inner (C-VLAN) and outer VLAN (S-VLAN) tags.

  • The underlying physical interface, ae0.

  • The dynamic profile that creates PPPoE sessions on the C-VLAN.

  • Downstream and upstream advisory traffic rates.

  • Proxy ARP and protection against duplicate sessions on the interface.

ge-1/0/1

Primary member link in the aggregated Ethernet bundle.

ge-1/0/2

Backup member link in the aggregated Ethernet bundle.

lo0.0

Loopback interface for use in the access network. The loopback interface is automatically used for unnumbered interfaces.

pp0

PPP interface on which the PPPoE subscriber logical interfaces are created.

Interface sets

10301

10302

10303

Set of interfaces in which the sessions for the devices in a particular household are created. Each interface set is specified in a dynamic profile for that household. ANCP associates each interface set with an ACI and a VLAN demux logical interface (C-VLAN). CoS applies a traffic-control profile to each interface set.

Advisory traffic rates

downstream-rate

Recommended rate for downstream traffic in the absence of traffic rate information from the access node.

upstream-rate

Recommended rate for upstream traffic in the absence of traffic rate information from the access node.

Traffic-control profile

tcp1

CoS profile that shapes the downstream subscriber traffic rate; in this example, shaping is adjusted for ATM packet overhead. The profile is applied to the interface sets.

IP addresses

203.0.113.1

Address of the ANCP access node that monitors the subscriber households.

127.0.50.1/28

Address of the loopback interface, lo0.

198.51.100.191

Address of the RADIUS accounting server and authentication server.

Access circuit loop identifiers

192.168.61.65/0.0.0.0 eth 1/1:7;

192.168.61.65/0.0.0.0 eth 1/2:7;

192.168.61.65/0.0.0.0 eth 1/3:7;

Identifier for the local access circuit from the access node to the subscriber household. It identifies the household. ANCP associates each identifier with an interface set.

The ANCP agent configuration includes the following elements:

  • The IP address for the access node (DSLAM) is specified as 203.0.113.1. The interval between ANCP adjacency messages sent between neighbors is set to 5 seconds.

  • The ANCP agent is enabled to report adjusted data rates to CoS to improve the accuracy of downstream traffic shaping. The ANCP agent adjusts the net data rates for ADSL lines by ninety percent and for ADSL2 lines by ninety-five percent.

  • Each interface set is associated with both the ACI unique to the subscriber household and the relevant underlying VLAN demux interface.

The RADIUS configuration on the router includes the following elements:

  • The IP address (198.51.100.191) for the authentication and accounting server, as well as the secret password for accessing the server.

  • The subscriber access profile, radius-profile, specifies that RADIUS is used for authentication.

  • Juniper Networks DSL VSAs are included in RADIUS request messages, but the DSL Forum VSA attributes are excluded from RADIUS messages

  • Accounting sessions are configured to be recognized in decimal format.

Configuration

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode.

To configure an ANCP network with static N:1 demux VLANs to the subscriber households, perform these tasks:

CLI Quick Configuration

To quickly configure the ANCP network described in this example, copy the following commands, paste them in a text file, remove any line breaks, and then copy and paste the commands into the CLI.

Configuring the Dynamic PPPoE Profiles

Step-by-Step Procedure

In this procedure, you configure a dynamic profile for each C-VLAN: ancp-10301, ancp-10302, and ancp-1033.

  1. Configure the interface set that the PPPoE sessions on this C-VLAN are placed in.
  2. Configure the logical interfaces to be dynamically instantiated for the interface set.
  3. Configure CHAP and PAP authentication as properties of the dynamic PPPoE logical interfaces.
  4. Configure the logical underlying interface on which the router creates the dynamic PPPoE logical interface; this is the interface on which the subscriber logs in.
  5. Specify the interval between successive keepalive requests.
  6. Configure the IPv4 protocol family and that the local (unnumbered) address can be derived from the loopback address for the dynamic PPPoE logical interfaces.
  7. Repeat Steps 1 through 6 for the second dynamic profile, ancp-10302, and the third dynamic profile, ancp-10303.

Results

From configuration mode, confirm the dynamic profile configuration by entering the show dynamic-profiles command.

When you are done configuring the device, enter commit from configuration mode.

Configuring the Static VLAN Demux Interface over Aggregated Ethernet

Step-by-Step Procedure

  1. Enable hierarchical scheduling on this interface.
  2. Specify this interface as the primary member of the aggregated Ethernet bundle.
  3. Enable hierarchical scheduling on a second interface.
  4. Specify this interface as the backup member of the aggregated Ethernet bundle.
  5. Enable hierarchical scheduling on the aggregated Ethernet interface.
  6. Enable stacked VLAN tagging for all logical interfaces on the aggregated Ethernet interface.
  7. Enable link protection as a property of the aggregated Ethernet interface.
  8. Configure VLAN demux interface demux0.10301.
    1. Configure the router to respond to ARP requests on the interface.

    2. Configure the outer VLAN tag to identify the access node (S-VLAN) and the inner VLAN tag to identify the subscriber port on the access node (C-VLAN).

    3. Specify that the VLAN demux interface runs on the underlying aggregated Ethernet interface.

    4. Prevent multiple PPPoE sessions from being created for the same PPPoE subscriber on this VLAN demux interface.

    5. Configure the dynamic profile that is instantiated on the VLAN demux interface.

    6. Configure the recommended upstream and downstream traffic rates.

  9. Configure VLAN demux interface demux0.10302.
    1. Configure the router to respond to ARP requests on the interface.

    2. Configure the outer VLAN tag to identify the access node (S-VLAN) and the inner VLAN tag to identify the subscriber port on the access node (C-VLAN).

    3. Specify that the VLAN demux interface runs on the underlying aggregated Ethernet interface.

    4. Prevent multiple PPPoE sessions from being created for the same PPPoE subscriber on this VLAN demux interface.

    5. Configure the dynamic profile that is instantiated on the VLAN demux interface.

    6. Configure the recommended upstream and downstream traffic rates.

  10. Configure VLAN demux interface demux0.10303.
    1. Configure the router to respond to ARP requests on the interface.

    2. Configure the outer VLAN tag to identify the access node (S-VLAN) and the inner VLAN tag to identify the subscriber port on the access node (C-VLAN).

    3. Specify that the VLAN demux interface runs on the underlying aggregated Ethernet interface.

    4. Prevent multiple PPPoE sessions from being created for the same PPPoE subscriber on this VLAN demux interface.

    5. Configure the dynamic profile that is instantiated on the VLAN demux interface.

    6. Configure the recommended upstream and downstream traffic rates.

  11. Configure the IPv4 protocol family and the address of the loopback interface.

Results

From configuration mode, confirm the static VLAN demux configuration by entering the show interfaces command.

When you are done configuring the device, enter commit from configuration mode.

Configuring Class of Service

Step-by-Step Procedure

  1. Configure the traffic-control profile with the shaping rate and specify the overhead accounting mode to account for ATM cell encapsulation.
  2. Apply the traffic-control profile to the interface sets.

Results

From configuration mode, confirm the class of service configuration by entering the show class-of-service command.

When you are done configuring the device, enter commit from configuration mode.

Configuring ANCP

Step-by-Step Procedure

  1. Configure the access node address.
  2. Configure the ANCP agent to report adjusted downstream traffic rates to CoS.
  3. Specify an overhead adjustment of the traffic on ADSL and ADSL2 lines to 90 percent and 95 percent, respectively, of the net data rate.
  4. Specify an interval of 5 seconds between adjacency messages sent to all ANCP neighbors.
  5. Associate the ACI with the interface sets for each C-VLAN.
  6. Specify the underlying interface for the interface sets.
  7. Configure the size of the ANCP trace log files.
  8. Configure flags for tracing ANCP configuration and CoS operations.

Results

From configuration mode, confirm the ANCP agent configuration by entering the show ancp command.

When you are done configuring the device, enter commit from configuration mode.

Configuring RADIUS Authentication and Accounting

Step-by-Step Procedure

  1. Configure the password for the RADIUS server.
  2. Specify that RADIUS is used to authenticate subscribers.
  3. Configure the RADIUS authentication and accounting server.
  4. Configure options for the RADIUS server: The format used to identify the accounting session and that Juniper Networks DSL VSAs are added to RADIUS request messages.
  5. Exclude DSL Forum VSA attributes from being included in RADIUS messages.

Results

From configuration mode, confirm the RADIUS configuration by entering the show access command.

When you are done configuring the device, enter commit from configuration mode.

Verification

To confirm that the configuration is working properly, perform these tasks:

Verifying the Aggregated Ethernet Interface Configuration

Purpose

Verify that the interface values match your configuration, the link is up, and traffic is flowing.

Action

From operational mode, enter the show interfaces redundancy command.

user@host> show interfaces redundancy

From operational mode, enter the show interfaces ae0 command.

user@host> show interfaces ae0

Meaning

The show interfaces redundancy output shows the redundant link configuration and that both link interfaces are up. The show interfaces ae0 output shows that the aggregated Ethernet interface is up and that traffic is being received on the logical interface.

Verifying the Traffic Scheduling and Shaping Parameters for the Interface Set

Purpose

Verify that the traffic scheduling and shaping parameters are configured and applied properly.

Action

user@host> show class-of-service

Verifying the demux0 Interface Configuration

Purpose

Verify that the VLAN demux interface displays the configured PPPoE family attributes and the member links in the aggregated Ethernet bundle.

Action

From operational mode, enter the show interfaces demux0 command for each VLAN.

user@host> show interfaces demux0.10301

Alternatively, you can enter show pppoe underlying-interfaces detail to display the state and PPPoE family configuration for all configured underlying interfaces.

Meaning

The output shows the name of the underlying interface, the member links of the aggregated bundle, and the PPPoE family configuration. The output shows packet counts when traffic is present on the logical interface.

Verifying the pp0 Interface Configuration

Purpose

Verify that the interface values match your configuration.

Action

From operational mode, enter the show interfaces pp0 command.

user@host> show interfaces pp0.100

Meaning

This output shows information about the PPPoE logical interface created on the underlying VLAN demux interface. The output includes the PPPoE family and aggregated Ethernet redundant link information, and shows input and output traffic for the PPPoE interface.

Verifying the ANCP Agent Configuration

Purpose

Verify that the ANCP values match your configuration and that traffic is flowing.

Action

From operational mode, enter the show ancp subscriber command.

user@host> show ancp subscriber detail

From operational mode, enter the show ancp cos command.

user@host> show ancp cos

Meaning

The show ancp subscriber output shows subscriber line information such as state and the various traffic rates collected by the ANCP agent—displayed for each subscriber as identified by the ACI. The show ancp cos output shows that the ANCP agent is configured to send adjusted rate data to CoS, that keepalives are configured for a 30-second interval, and that the interface sets 10301, 10302, and 10303 are configured and their traffic rates are updating

Release History Table
Release
Description
Starting in Junos OS Release 19.3R1, you can configure the BNG to dynamically create the interface set name and propose that name to the RADIUS server in the Access-Request message for the subscriber.