Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Introduction to Subscriber Management

 

Subscriber Management Overview

The Juniper Networks Junos OS subscriber management feature provides subscriber access, authentication, and service creation, activation, and deactivation. You can also collect accounting information and statistics for subscriber service sessions.

The subscriber access feature supports both CLI and AAA-based configuration (such as RADIUS) for subscribers. Access and services start when the router receives a message from a client (such as a DHCP discover message). For RADIUS clients, RADIUS Access-Accept messages and Change-of-Authorization-Request (CoA-Request) messages can create, modify, and delete subscriber sessions as well as activate and deactivate service sessions. You can use CLI commands to create a dynamic profile, which acts as a template of user attributes.

A subscriber service is based on the combination of a defined dynamic profile and attributes configured through authentication. Dynamic profiles can include dynamic firewall filters, class-of-service (CoS) settings, and protocol (IGMP) settings that define access limits for subscribers and the scope of a service granted to the subscriber after access is obtained.

The subscriber access feature provides the following convenience and flexibility to service providers and subscribers:

  • Service providers can separate services and access technology and eliminate unprofitable flat-rate billing. They gain the ability to efficiently design, manage, and deliver services that subscribers want, and then bill subscribers based on connect time, bandwidth, and the actual service used.

  • Subscribers benefit by gaining access to multiple simultaneous services. Depending on the service provider configuration, subscribers can dynamically connect to and disconnect from various services when they want and for however long they want. Subscribers can be billed based on the service level and usage, rather than being charged a set rate regardless of usage.

To understand more about Subscriber Management Licensing , see Subscriber Access Licensing Overview and Configuring the Router to Strictly Enforce the Subscriber Scaling License. Please refer to the Juniper Licensing Guide for general information about License Management. Please refer to the product Data Sheets for details, or contact your Juniper Account Team or Juniper Partner.

Subscriber Access Terms and Acronyms

Table 1 defines terms and acronyms that are used in this discussion of subscriber access.

Table 1: Subscriber Access Terms and Acronyms

Term

Definition

AAA method for subscriber authentication

The AAA method that uses authentication (for example, including RADIUS VSAs in the Access-Accept packet) to verify a subscriber and activate a service when the subscriber logs in.

Dynamic profile

A template that defines a set of characteristics that are combined with authorization attributes and are dynamically assigned to static interfaces to provide dynamic subscriber access and services for broadband applications.

RADIUS CoA method

The method that uses RADIUS CoA-Request messages and VSAs to activate a service for a subscriber that is already logged in.

Subscriber access technology

The technology used by a subscriber to access services (for example, DHCP).

AAA Service Framework and Subscriber Management Overview

You use AAA Service Framework for authentication, authorization, accounting, address assignment, and dynamic services request that the BNG uses for network access. The framework supports authentication and authorization through external servers, such as RADIUS. The framework also supports accounting and dynamic-request CoA and disconnect operations through external servers, and address assignment through a combination of local address-assignment pools and RADIUS.

The BNG interacts with external servers to determine how individual subscribers access the broadband network. The router also obtains information from external servers for the following:

  • Methods used for authentication and accounting.

  • How accounting statistics are collected and used.

  • How dynamic requests are handled.

Class of Service and Subscriber Management Overview

Class of service (CoS) enables you to divide traffic into classes and offer various levels of throughput and acceptable packet loss when congestion occurs. CoS also provides the option of using differentiated services when best-effort traffic delivery is insufficient. You can also configure the services router to provide hierarchical scheduling for subscribers by dynamically adding or deleting queues when subscribers require services.

By using a dynamic profile, you can provide all subscribers in your network with default CoS parameters when they log in. For example, you can configure an access dynamic profile to specify that all subscribers receive a basic data service. If you use RADIUS variables in the dynamic profile, you can enable the service to be activated for those subscribers at login. You can also use variables to configure a service profile that enables subscribers to activate a service or upgrade to different services through RADIUS change-of-authorization (CoA) messages following initial login.

Configuring Subscriber Access

This topic provides a broad overview of some of the common configuration tasks for subscriber access and management. You can find detailed information in the following Junos OS Feature Guides:

To configure subscriber access:

  1. Configure the client access protocol.
  2. Configure subscriber authentication, accounting, and addressing.
    1. Configure RADIUS:

      1. Specify the RADIUS servers.

        See Specifying RADIUS Authentication and Accounting Servers for Subscriber Access.

      2. Specify any optional server attributes.

        See Configuring Authentication and Accounting Parameters for Subscriber Access.

      3. (Optional) Configure the CoA feature for the RADIUS dynamic-request server to change or deactivate the service after login.

        See Configuring RADIUS-Initiated Dynamic Request Support.

      4. Configure subscriber accounting (RADIUS accounting).

        See Configuring Per-Subscriber Session Accounting.

    2. Configure addressing:

  3. Create and manage dynamic profiles for access and service.
    1. Configure a basic dynamic profile.

      See Configuring a Basic Dynamic Profile.

      See Example: Minimum PPPoE Dynamic Profile

    2. Configure a dynamic profile for access.

      See Configuring Dynamic DHCP Client Access to a Multicast Network.

    3. Configure a dynamic profile for services.

      See Defining Various Levels of Services for DHCP Subscribers.

    4. Configure a default subscriber service.

      See Configuring a Default Subscriber Service.

    5. Configure the static subscriber interfaces to be referenced in the dynamic profile.

    6. Specify the interface-name and unit variables that the router uses to dynamically associate to a subscriber’s incoming interface.

    7. Add, modify, or delete dynamic profile values to manage subscriber access and services.

The router dynamically activates or modifies the subscriber service using the RADIUS configuration.

Figure 1 shows the configuration sequence you perform for DHCP-based subscriber access. It also shows the dynamic configuration performed by the router.

Figure 1: Subscriber Access Configuration Workflow
Subscriber
Access Configuration Workflow

Subscriber Activation and Service Management in an Access Network

The subscriber access feature uses dynamic profiles to activate subscribers and manage services.

A dynamic profile is a set of characteristics, defined in a template, that the router uses to provide dynamic subscriber access and services.

By using dynamic profiles you can:

  • Define access for your network

  • Define different service levels for subscribers

  • Preprovision services that you can activate later

Using AAA-based login (RADIUS-based login or RADIUS CoA) you can:

  • Provide subscribers with dynamic activation and deactivation based on service selection

  • Provide greater flexibility and efficient management for a large number of subscribers and services

Components of a Dynamic Profile

You can use dynamic profiles to define various router components for subscriber access.

These components include the following:

  • Dynamic firewall filters—Includes input and output filters to enforce rules that define whether to permit or deny packets that are transmitting an interface on the router. To apply dynamic firewall filters to the subscriber interface, you configure static input and output firewall filters and reference those filters in dynamic profiles.

  • Dynamic Class of Service (CoS)—Includes CoS values that define a service for a subscriber. For example, you can configure the shaping rate for traffic in a video service by referencing CoS statements in a dynamic profile.

  • Dynamic signaling protocol—Includes dynamic IGMP configuration for host to router signaling for IPv4 to support IP multicasting.

Router Predefined Variables Used by Dynamic Profiles

The router contains many predefined variables. These variables enable dynamic association of certain interface-specific values to incoming subscriber requests. You must specify these predefined variables in certain statements within a dynamic profile. When a client accesses the router, the dynamic profile configuration replaces the predefined variable with the actual data from an incoming client data packet and configuration (local and RADIUS).