Junos OS Enhanced Subscriber Management
Junos OS Enhanced Subscriber Management Overview
Junos OS enhanced subscriber management is a next-generation broadband edge software architecture for wireline subscriber management. Enhanced subscriber management enables you to take advantage of increased scaling and performance for configuring and managing dynamic interfaces and services for subscriber management.
Enhanced subscriber management delivers optimized scaling and performance for the existing dynamic subscriber management feature set. Enhanced subscriber management provides feature parity with the legacy Junos OS subscriber management feature set, with certain exceptions. For a list of these feature exceptions, see the latest Junos OS Release Notes for MX Series 5G Universal Routing Platforms for your Junos OS software.
In order to use dynamic profiles to create and manage dynamic subscriber interfaces and services, you must explicitly configure and enable enhanced subscriber management. When enhanced subscriber management is enabled, it handles all subscriber-management control protocol traffic (DHCP, PPP, PPPoE, L2TP, and dynamic VLAN creation) to direct the creation of subscriber sessions and their associated dynamic interfaces.
If you are using only static network configurations and static services in a business edge environment, you do not need to enable enhanced subscriber management to configure these static topologies. When enhanced subscriber management is not enabled, the following client applications do not support the use of dynamic profiles, the creation of dynamic interfaces, or dynamic authentication services:
From an operational perspective, enhanced subscriber management introduces only minimal changes to existing subscriber management configuration and verification procedures. For example, enhanced subscriber management consolidates several subscriber management components previously distributed across multiple processes into a single process. As a result, enhanced subscriber management can display consolidated information for subscriber management in a single show command.
Routing Services and Enhanced Subscriber Management
When client connections require additional routing protocols on dynamic interfaces, with the exception of IGMP and MLD, you must include routing services in the dynamic profile interface configuration. If you do not do so, then the pseudo logical interface is not created and routing services cannot be associated with the dynamic interface. The additional routing protocols cannot run on the dynamic subscriber interface.
You do not have to include routing services in the dynamic profile interface configuration when clients use only the standard access-internal routes, access routes, and framed routes. In other words, the routing service configuration is not required for simple client reachability purposes.
Routing service configuration is not required for IGMP or MLD, because these protocols are natively supported on enhanced subscriber management interfaces.
Distributed IGMP is not supported on subscriber management interfaces where routing-services are enabled.
When a dynamic profile containing the routing-services statement is instantiated, the router creates an enhanced subscriber management logical interface, also referred to as a pseudo logical interface, in the form demux0.nnnnnnnnnn (for example, demux0.3221225472). Any associated subscriber routes or routes learned from a routing protocol running on the enhanced subscriber management interface use this pseudo interface as the next-hop interface.
Starting in Junos OS Release 18.4R1, the routing-services statement is deprecated and is replaced by the routing-service statement. Besides enabling or disabling routing services for all subscribers on the dynamic interface, the routing-service statement enables you to use RADIUS to selectively enable or disable routing services for a specific subscriber during authentication if RADIUS returns the Routing-Services VSA (26-212) in the Access-Accept message.
This RADIUS capability requires you to specify the $junos-routing-services predefined variable in the dynamic profile. A VSA value of one enables routing services for the subscriber; a value of zero disables routing services for the subscriber. Any value other than zero or one is rejected. If you configure the variable and RADIUS does not return the VSA, then routing services are disabled for the subscriber.
You can specify the variable in the dynamic profiles for PPPoE subscribers, the underlying VLAN, or both. When you include the variable in the VLAN dynamic profile, then you must also configure the VLAN to be authenticated; otherwise, routing services remain disabled for the underlying interface and therefore also disabled for the PPPoE subscriber.
You can optionally create dedicated dynamic VLAN profiles to enable routing services for subscribers that require routing services. You can then create dedicated profiles for subscribers that do not need routing services by omitting the routing-service statement from the profile. In the following code sample, vlan-profile1 enables routing services; vlan-profile2 does not.
The VLAN profile is chosen based on the VLAN range associated with the profile by the ranges statement at the [edit interfaces] hierarchy level. In the following code sample, vlan-profile1 uses VLAN IDs in the range 100 through 500; vlan-profile2 uses IDs in the range from 501 through 1000:
Enabling BGP over Dynamic PPPoE Subscriber Interfaces
Starting in Junos OS Release 18.4R1, BGP is supported over dynamic PPPoE interfaces for the IPv4 address family. You must enable routing services with the routing-service statement in both the PPPoE subscriber dynamic profile and the dynamic profile for the underlying VLAN interface. If routing services are not enabled for the dynamic underlying interface, then the PPPoE subscriber is rejected during the first family profile activation. If the underlying VLAN is static rather than dynamic, then routing services are not required (or possible) on the underlying VLAN.
In this configuration, the PPPoE subscriber clients correspond to BGP neighbors. This means that when you configure the BGP neighbors with the [edit protocols bgp group name neighbor] stanza, you must use the PPPoE client IP addresses as the BGP neighbor addresses. The BGP peer addresses cannot be dynamically provisioned.
Support for BGP over dynamic PPPoE subscriber interfaces includes the following:
Route advertisement over the BGP-established PPPoE neighbor.
End-to-end bidirectional traffic from the core to the IP prefix advertised in the BGP route.
Dedicated next hops are created by the routing daemon for subscriber routes, rather than reusing shared next hops and pseudo logical interfaces.
The BGP over dynamic PPPoE interfaces feature does not support the following:
IBGP, because it might involve multihops
BFD for the PPPoE subscribers
Interface sets for the PPPoE subscribers
Aggregated Ethernet targeting
IPv6 address family
More than one routing protocol besides BGP over the same subscriber
MPLS termination on the PPPoE subscriber next hop
Subscribers over pseudowire interfaces over redundant logical tunnel stacking
Subscribers over pseudowire interfaces over demux0 stacking
The following interface stacking configurations are supported for routing-service-enabled PPPoE:
PPPoE over dynamic VLANs
PPPoE over static VLANs
PPPoE over stacked VLANs (with inner and outer VLAN IDs)
The underlying VLAN for which routing services is enabled supports:
Stacking of routing-service-enabled and routing-service-disabled PPPoE subscribers.
Stacking of other access models such as DHCP.
The parent physical interface can be a leg in an aggregated Ethernet bundle.
Address Resolution and Enhanced Subscriber Management
Starting in Junos OS Release 18.4R1, several enhancements are available for address resolution with enhanced subscriber management. These enhancements affect only framed routes on dynamic VLANs. Framed routes associated with DHCP subscribers function the same as before this feature support.
Dynamic layer 2 MAC address resolution is supported for non-host routes. Users deploying statically addressed IP clients or a mix of statically addressed IP clients and DHCP clients can use network (/29) framed routes or host (/32) framed routes to establish reachability. The /29 routes are coupled with the dynamic Layer 2 address associated with a host framed route. This supports business users who use routers with multiple public addresses behind CPE routers. This feature is enabled by default and requires no special configuration.
In earlier releases, dynamic address resolution is supported only for host framed routes; network framed routes that resolve to an indirect next hop (such as a local gateway) are not supported.
By default, an IPv4 framed host route is permanently associated with the source MAC address from the trigger packet that created the dynamic VLAN. You can override this behavior by enabling dynamic ARP to resolve the MAC address for the framed host routes with the ipoe-dynamic-arp-enable statement. ARP protocol exchange resolves the Layer 2 address for the framed route.
The router can compare the source MAC address received in a gratuitous ARP request or reply packet with the value in the ARP cache. The router updates the cache with the received MAC address if it determines this address is different from the cache entry. Include the receive-gratuitous-arp statement to enable this feature.
This capability is useful when an IP address moves to a different device or NIC and consequently is associated with a different MAC address than before the move. The new device broadcasts a gratuitous ARP reply that the router compares to the MAC address in the cache.
When the statement is not included, the dynamic ARP times out. Before it is deleted from the cache, the router sends an ARP request for the target IP address. The client responds with the new MAC address, but a black-out window may exist for the client where the MAC address does not match the NIC.
Control Plane Resiliency
Starting in Junos OS Release 19.1, several enhancements are available to improve control plane resiliency and the reliability of session database replication and state synchronization between primary and standby Routing Engines.
The master and standby Routing Engines exchange detailed information about session database replication. This exchange enables the Routing Engines to better determine whether the replication is correct.
You can configure the router to detect shared memory corruption and to automatically recover by rebooting the master or standby Routing Engines, or both. In earlier releases, a manual reboot is required to clear the corrupted shared memory; otherwise, it remains corrupted, causing processes that share the memory to generate core errors.
You can monitor Routing Engine resiliency with the show system subscriber-management resiliency command. The summary version indicates whether the system is functioning normally or an unexpected condition exists. The detail and extensive versions provide detailed statistics about the session database in shared memory per Routing Engine.
Benefits of Enhanced Subscriber Management
Optimizes scaling and performance for dynamic subscriber management features.
Required for the creation and management of dynamic profiles, dynamic interfaces, and dynamic subscribers.
Configuring Junos OS Enhanced Subscriber Management
Junos OS enhanced subscriber management is a next-generation broadband edge software architecture for wireline subscriber management. With enhanced subscriber management, you can take advantage of optimized scaling and performance for configuration and management of dynamic interfaces and services for subscriber management. It must be enabled to use dynamic profiles for creating and managing dynamic subscriber interfaces and services.
Enhanced subscriber management is supported on all MX Series 5G Universal Routing Platforms with Modular Port Concentrators (MPCs) installed. It is not supported for MS-DPCs. If the router has both MPC and MS-DPCs, a conflict between the MS-DPC and Enhanced Subscriber Management services can occur during ISSU that can result in an unscheduled shutdown of the device. To prevent this, do not run ISSU if the system has MS-DPCs installed, or only enable Enhanced Subscriber Management on device where no MS-DPCs are present.
Before you begin:
Download and install Junos OS Release 15.1R4 or later.
See Migration, Upgrade, and Downgrade Instructions in the Junos OS Release 15.1R4 Release Notes. You must reboot the router after the upgrade is validated and installed.
Because unified in-service software upgrade (unified ISSU) is not supported for subscriber management when you upgrade from a release that does not support enhanced subscriber management (Junos OS Release 14.2 or earlier) to a release that does support enhanced subscriber management (15.1R4 and later), all subscriber sessions and subscriber state are lost after the upgrade.
Starting in Junos OS Release 17.4R1, when enhanced IP network services and enhanced subscriber management are enabled, the amount of DRAM on the Routing Engine determines whether the subscriber management daemons on that Routing Engine all run in 32-bit mode or all run in 64-bit mode.
Less than 32 GB of RAM—32-bit mode
32 GB or more of RAM—64-bit mode
In releases earlier than Junos OS Release 17.4R1, only the subscriber management daemon, bbe-smgd, operates in either 32-bit or 64-bit mode depending on the DRAM.
All Routing Engines in the system must have the same amount of memory. This is universally true for subscriber management in all releases.
To configure Junos OS enhanced subscriber management for the first time:
- Configure enhanced IP network services on the router.
Specify that you want to configure chassis properties for the router.user@host# edit chassis
Configure enhanced IP network services.[edit chassis]user@host# set network-services enhanced-ip
- Enable enhanced subscriber management.
Specify that you want to configure global services for the router.user@host# edit system services
Enable enhanced subscriber management.
- Increase the amount of system shared memory available
for enhanced subscriber management by limiting the maximum size of
the configuration database.
JUNOS OS processes map shared memory into their process space. For example, on MX240 through MX10003 routers, processes can map up to 1GB of shared memory. Enhanced subscriber management processes contend for shared memory with the JUNOS OS configuration database. By default, the configuration database tries to reserve 80 percent of the shared memory map, leaving insufficient space for subscriber management to function. The majority of configurations require much less than 300MB of mapped space. An appropriate database size enables subscriber management to operate and scale optimally. In some circumstances, you must configure a maximum size to increase the amount of shared memory available to subscriber management. In other circumstances, we recommend that you allow the router to determine the appropriate size and that you do not configure a maximum.
For MX5, MX10, MX40, MX80, and MX104 routers, you must always configure the maximum size to be no more than 100MB, regardless of the which Junos OS release is running and regardless of Routing Engine RAM.user@host# set system configuration-database max-db-size 100M
For MX240, MX480, MX960, MX2008, MX2010, MX2020, and MX10003 routers, the decision whether to explicitly configure a maximum size and what that size is, depends on the Junos OS release and the amount of RAM in the Routing Engines. Table 1 lists conditions and the corresponding recommendations.
Table 1: Configuration Database Size for MX240, MX480, MX960, MX2008, MX2010, MX2020, and MX10003 Routers
Junos OS Release
Routing Engine RAM
Release 17.4R1 and earlier releases
Configure maximum size to no more than 300MB.
Release 17.4R2 and higher 17.4x releases
Release 18.1R2 and higher releases
Routing Engines have at least 32GB each
Allow the router to determine the appropriate size. Do not configure a maximum size.
Release 17.4R2 and higher 17.4x releases
Release 18.1R2 and higher releases
Routing Engines have less than 32GB each
Configure maximum size to no more than 300MB.
- (Optional) Enable dynamic ARP to resolve the MAC address for IPv4 framed host routes. Otherwise, an IPv4 framed host route is permanently associated with the source MAC address from the trigger packet that created the dynamic VLAN.
- (Optional) Enable router to compare the source MAC address received in a gratuitous ARP request or reply packet with the value in the ARP cache and update the cache when this address is different from the cache entry.
- (Optional) Configure the router to automatically reboot the primary or standby Routing Engine, or both, when it detects that the shared memory has been corrupted, which is considered a catastrophic failure.
- (Optional) Enable traffic-accounting and rate-monitoring
for the given interface:[edit dynamic-profiles profile-name interfaces unit “$junos-interface-unit”]user@host# set actual-transit-statistics
- (Optional) Enable routing services for dynamic interfaces if
you want to run routing protocols on those interfaces. This is not
required for IGMP or MLD over dynamic interfaces.[edit dynamic-profiles profile-name interfaces interface-name unit “$junos-interface-unit”]user@host# set routing-services[edit dynamic-profiles profile-name interfaces interface-name unit “$junos-interface-unit”]user@host# set routing-service
When the underlying VLAN interface for PPPoE subscribers is created with a dynamic profile, you must enable routing services in both the PPPoE dynamic profile and the dynamic profile for the underlying VLAN. Otherwise the subscriber is not allowed to log in.
- (Optional) Enable graceful Routing Engine switchover (GRES)
and nonstop active routing (NSR).
For MX Series routers using enhanced subscriber management, the new backup Routing Engine (the former master Routing Engine) will reboot when a graceful Routing Engine switchover is performed. This cold restart resynchronizes the backup Routing Engine state with that of the new master Routing Engine, preventing discrepancies in state that might have occurred during the switchover.
When graceful Routing Engine switchover is enabled for subscriber management, all Routing Engines in the router must have the same amount of DRAM for stable operation.
Enable GRES.[edit chassis redundancy]user@host# set graceful-switchover
When GRES is enabled, you can either configure NSR or graceful restart. If you configure both, then committing the configuration fails.
Enable NSR (recommended if you enable GRES).[edit routing-options]user@host# set nonstop-routing
To enable graceful restart:[edit routing-options]user@host# set graceful-restart
Configure commit operations to automatically synchronize the configuration between the master Routing Engine and the standby Routing Engine.[edit system]user@host# set commit synchronize
- Commit the configuration.
After you commit the configuration, the software prompts you to initiate a system reboot.
- Reboot the router software to enable enhanced subscriber
Access operational mode.[edit system]user@host# exit
Reboot the software.user@host> request system reboot
The following example shows a typical configuration to enable enhanced subscriber management.
If you have configured graceful-restart, then the following statement will be displayed in the example instead of nonstop-routing:
Verifying and Managing Junos OS Enhanced Subscriber Management
View information about class of service (CoS), routing tables, active subscribers, and the subscriber database for Junos OS enhanced subscriber management.
To display dynamic subscriber interface associations for CoS classifers, rewrite rules, and scheduler maps:
user@host> show class-of-service interface interface-name
To display CoS associations for a dynamic interface set:
user@host> show class-of-service interface-set interface-set-name
To display the mapping of CoS schedulers to forwarding classes:
user@host> show class-of-service scheduler-map
To display CoS traffic shaping and scheduling profiles:
To display the active entries in the routing table:
user@host> show route
To display detailed information about active subscribers whose IP address matches the specified address:
user@host> show subscribers address address detail
To display information about how routes are mapped to specific enhanced subscriber management interfaces:
user@host> show system subscriber-management route
To display summary information for the subscriber management database:
user@host> show system subscriber-management summary
To verify whether subscriber management daemons are running in 32-bit mode or 64-bit mode:
Starting in Junos OS Release 17.4 R1, when enhanced IP network services and enhanced subscriber management are enabled and a Routing Engine in the system has at least 32 GB of RAM, subscriber management daemons on that Routing Engine run in 64-bit mode. For consistent operation, all Routing Engines in the system must have the same amount of memory.
PID TT STAT TIME COMMAND 21149 - S 0:01.37 /usr/libexec64/pfed -N 21195 - S 0:00.46 /usr/libexec64/smid -N 21214 - S 0:05.04 /usr/libexec64/bbe-smgd -b -N 21270 - S 0:04.26 /usr/libexec64/authd -N 21498 - S 0:02.37 /usr/libexec64/rpd -N 21504 - S 0:00.84 /usr/libexec64/cosd 21539 - S 0:00.37 /usr/libexec64/dfwd -N 21740 - S 0:00.95 /usr/libexec64/jpppd -N
PID TT STAT TIME COMMAND 21149 - S 0:01.37 /usr/libexec32/pfed -N 21195 - S 0:00.46 /usr/libexec32/smid -N 21214 - S 0:05.04 /usr/libexec32/bbe-smgd -b -N 21270 - S 0:04.26 /usr/libexec32/authd -N 21498 - S 0:02.37 /usr/libexec32/rpd -N 21504 - S 0:00.84 /usr/libexec32/cosd 21539 - S 0:00.37 /usr/libexec32/dfwd -N 21740 - S 0:00.95 /usr/libexec32/jpppd -N