Introduction to Subscriber Management
Subscriber Management Overview
The Juniper Networks Junos OS subscriber management feature provides subscriber access, authentication, and service creation, activation, and deactivation. You can also collect accounting information and statistics for subscriber service sessions.
The subscriber access feature supports both CLI and AAA-based configuration (such as RADIUS) for subscribers. Access and services start when the router receives a message from a client (such as a DHCP discover message). For RADIUS clients, RADIUS Access-Accept messages and Change-of-Authorization-Request (CoA-Request) messages can create, modify, and delete subscriber sessions as well as activate and deactivate service sessions. You can use CLI commands to create a dynamic profile, which acts as a template of user attributes.
A subscriber service is based on the combination of a defined dynamic profile and attributes configured through authentication. Dynamic profiles can include dynamic firewall filters, class-of-service (CoS) settings, and protocol (IGMP) settings that define access limits for subscribers and the scope of a service granted to the subscriber after access is obtained.
The subscriber access feature provides the following convenience and flexibility to service providers and subscribers:
Service providers can separate services and access technology and eliminate unprofitable flat-rate billing. They gain the ability to efficiently design, manage, and deliver services that subscribers want, and then bill subscribers based on connect time, bandwidth, and the actual service used.
Subscribers benefit by gaining access to multiple simultaneous services. Depending on the service provider configuration, subscribers can dynamically connect to and disconnect from various services when they want and for however long they want. Subscribers can be billed based on the service level and usage, rather than being charged a set rate regardless of usage.
To understand more about Subscriber Management Licensing , see Subscriber Access Licensing Overview and Configuring the Router to Strictly Enforce the Subscriber Scaling License. Please refer to the Juniper Licensing Guide for general information about License Management. Please refer to the product Data Sheets for details, or contact your Juniper Account Team or Juniper Partner.
Subscriber Access Terms and Acronyms
Table 1 defines terms and acronyms that are used in this discussion of subscriber access.
Table 1: Subscriber Access Terms and Acronyms
AAA method for subscriber authentication
The AAA method that uses authentication (for example, including RADIUS VSAs in the Access-Accept packet) to verify a subscriber and activate a service when the subscriber logs in.
A template that defines a set of characteristics that are combined with authorization attributes and are dynamically assigned to static interfaces to provide dynamic subscriber access and services for broadband applications.
RADIUS CoA method
The method that uses RADIUS CoA-Request messages and VSAs to activate a service for a subscriber that is already logged in.
Subscriber access technology
The technology used by a subscriber to access services (for example, DHCP).
AAA Service Framework and Subscriber Management Overview
You use AAA Service Framework for authentication, authorization, accounting, address assignment, and dynamic services request that the BNG uses for network access. The framework supports authentication and authorization through external servers, such as RADIUS. The framework also supports accounting and dynamic-request CoA and disconnect operations through external servers, and address assignment through a combination of local address-assignment pools and RADIUS.
The BNG interacts with external servers to determine how individual subscribers access the broadband network. The router also obtains information from external servers for the following:
Methods used for authentication and accounting.
How accounting statistics are collected and used.
How dynamic requests are handled.
Class of Service and Subscriber Management Overview
Class of service (CoS) enables you to divide traffic into classes and offer various levels of throughput and acceptable packet loss when congestion occurs. CoS also provides the option of using differentiated services when best-effort traffic delivery is insufficient. You can also configure the services router to provide hierarchical scheduling for subscribers by dynamically adding or deleting queues when subscribers require services.
By using a dynamic profile, you can provide all subscribers in your network with default CoS parameters when they log in. For example, you can configure an access dynamic profile to specify that all subscribers receive a basic data service. If you use RADIUS variables in the dynamic profile, you can enable the service to be activated for those subscribers at login. You can also use variables to configure a service profile that enables subscribers to activate a service or upgrade to different services through RADIUS change-of-authorization (CoA) messages following initial login.
Configuring Subscriber Access
This topic provides a broad overview of some of the common configuration tasks for subscriber access and management. You can find detailed information in the following Junos OS Feature Guides:
To configure subscriber access:
- Configure the client access protocol.
- Configure subscriber authentication, accounting, and addressing.
Specify the RADIUS servers.
Specify any optional server attributes.
(Optional) Configure the CoA feature for the RADIUS dynamic-request server to change or deactivate the service after login.
Configure subscriber accounting (RADIUS accounting).
- Create and manage dynamic profiles for access and service.
Configure a basic dynamic profile.
Configure a dynamic profile for access.
Configure a dynamic profile for services.
Configure a default subscriber service.
Configure the static subscriber interfaces to be referenced in the dynamic profile.
Specify the interface-name and unit variables that the router uses to dynamically associate to a subscriber’s incoming interface.
Add, modify, or delete dynamic profile values to manage subscriber access and services.
The router dynamically activates or modifies the subscriber service using the RADIUS configuration.
When the subscriber logs in, the router dynamically activates the service.
If RADIUS CoA has been configured, the router can dynamically modify the service for a subscriber.
Figure 1 shows the configuration sequence you perform for DHCP-based subscriber access. It also shows the dynamic configuration performed by the router.
Subscriber Activation and Service Management in an Access Network
The subscriber access feature uses dynamic profiles to activate subscribers and manage services.
A dynamic profile is a set of characteristics, defined in a template, that the router uses to provide dynamic subscriber access and services.
By using dynamic profiles you can:
Define access for your network
Define different service levels for subscribers
Preprovision services that you can activate later
Using AAA-based login (RADIUS-based login or RADIUS CoA) you can:
Provide subscribers with dynamic activation and deactivation based on service selection
Provide greater flexibility and efficient management for a large number of subscribers and services
Components of a Dynamic Profile
You can use dynamic profiles to define various router components for subscriber access.
These components include the following:
Dynamic firewall filters—Includes input and output filters to enforce rules that define whether to permit or deny packets that are transmitting an interface on the router. To apply dynamic firewall filters to the subscriber interface, you configure static input and output firewall filters and reference those filters in dynamic profiles.
Dynamic Class of Service (CoS)—Includes CoS values that define a service for a subscriber. For example, you can configure the shaping rate for traffic in a video service by referencing CoS statements in a dynamic profile.
Dynamic signaling protocol—Includes dynamic IGMP configuration for host to router signaling for IPv4 to support IP multicasting.
Router Predefined Variables Used by Dynamic Profiles
The router contains many predefined variables. These variables enable dynamic association of certain interface-specific values to incoming subscriber requests. You must specify these predefined variables in certain statements within a dynamic profile. When a client accesses the router, the dynamic profile configuration replaces the predefined variable with the actual data from an incoming client data packet and configuration (local and RADIUS).