Using RADIUS Route-Download Server to Distribute Routes

The JunosE RADIUS route-download server provides periodic automatic distribution of IPv4 static access routes, which enables preconfiguration and preadvertising of access routes before they are assigned to clients. Using the route-download server helps eliminate routing protocol storms and other delays in client service activation that can be caused by protocol convergence or a large number of simultaneous customer activations.

The RADIUS route-download server periodically sends a RADIUS Access-Request message to the RADIUS server to request that routes be downloaded. The RADIUS server then responds with an Access-Accept message and downloads the configured routes. When the download operation is complete, the route-download server installs the access routes in the routing table.

JunosE Software supports the creation of one RADIUS route-download server per chassis.

Format of Downloaded Routes

The RADIUS server sends the downloaded routes to the RADIUS route-download server in the following format:

[ { vir | virtual-router } virtualRouterName ] [ vrf vrfName ] prefix-mask [ { null0 | null 0 } [ cost ] ] [ tag tagValue ]

The route-download server accepts downloaded routes in either the Framed-Route attribute (RADIUS attribute 22) or the Cisco-AVpair attribute (Cisco VSA 26-1).

Downloaded Route Format Examples

Framed-Route (RADIUS attribute 22)

NAS-1 Password = “14raddlsvr” User-Service-Type = Outbound-UserFramed-Route = “192.168.3.0 255.255.255.0 null0” Framed-Route = “vrf vrfboston 192.168.1.0/24 null 0 0 tag 6” Framed-Route = “vir host1 vrf vrfsunny 192.168.0.0/16 null0 0 tag 8”

Cisco-AVPair (Cisco VSA 26-1)

NAS-1 Password = “14raddlsvr” User-Service-Type = Outbound-Usercisco-avpair = “ip:route = 192.168.3.0 255.255.255.0 null0” cisco-avpair = “ip:route = vrf vrfboston 192.168.1.0/24 null 0 0 tag 6” cisco-avpair = “ip:route = vir host1 vrf vrfsunny 192.168.0.0/16 null0 0 tag 8”

Note: The prefix-mask entry in downloaded routes can be in the form of prefix length, prefix mask, or prefix. If prefix is used, the mask is determined by the IP address class of the prefix.

How the Route-Download Server Downloads Routes

The route-download server starts the initial route-download operation (for example, after a system reboot or the first time the route-download server is enabled) as soon as IP is established in the virtual router in which the download is performed. After the initial route-download process is established, the router repeats the route download operation based on either the default download schedule or the schedule you specify. You can also initiate an immediate route download at any time.

The RADIUS route-download server downloads routes in two stages—first, all routes are downloaded from the RADIUS server to the router’s download database and examined for errors. Next, the router updates the routing table with the new routes, using the following guidelines:

Adds all downloaded routes that are not already installed in the routing table
Does not add downloaded routes that are already installed in the routing table
Deletes routes from the routing table that do not appear in the newly downloaded group

Configuring the Route-Download Server to Download Routes

When you configure the E Series router as a route-download server, you specify the RADIUS server that you want to download the routes to your router. You can also modify the route-download server’s default configuration parameters, such as when to start the download process each day, how often to downloaded routes, and how long to wait after a download error before retrying the process.

To configure a RADIUS route-download server:

Specify the IP address and the key of the RADIUS server that you want to download routes.
host1(config)#radius route-download server 192.168.1.17 host1(config-radius)#key 35radsrv92
(Optional) Specify the UDP port used for RADIUS route-download server requests.
host1(config-radius)#udp-port 1812 host1(config-radius)#exit host1(config)#
Enable the route-download feature and optionally modify default parameters as needed.
host1(config)#aaa route-download 1200 retry-interval 25 password dl1456atl synchronization 03:45:00

(Optional) Verify your route-download configuration:

host1(config)#exit
host1#show aaa route-download

AAA Route Downloader:     configured in virtual router default
Download Interval:        1200 minutes
Retry Interval:           25 minutes
Default Cost:             2
Default Tag:              0
Base User Name:           <HOSTNAME>
Password:                 dl1456atl
Synchronization:          03:45:00

Status:                   downloading
Last Download Attempt:    TUE FEB 9 22:07:30 2007
Last Download Success:    <NEVER>
Last Regular Download:    not complete
Next Download Scheduled:  <DOWNLOAD ACTIVE>
Next Regular Download:    WED FEB 9 22:27:00 2007

aaa route-download

Use to enable the RADIUS route-download server on the router and to configure parameters for the server. You can configure the following parameters:
- download interval—The amount of time the route-download server waits between route download operations. The newly created server downloads routes as soon as the IP protocol is active on the virtual router that performs the route download operation, and then repeats the download operation every 720 minutes by default. You can set a download interval in the range 1–1440 minutes.
- retry-interval—The amount of time the server waits after a download failure before attempting another route download. You can set the retry interval in the range 1–60 minutes. The default interval is 10 minutes.
  Note: If the download interval is less than the retry interval, the server ignores the retry interval setting.
- cost—The cost of a downloaded route. You can specify a cost in the range 1–254. The default cost is 2.
- tag—The tag assigned to a downloaded route. You can specify a tag in the range 1–4294967295. The default tag is 0.
- base-user-name—The virtual router that is used for route-download requests. The default name is the router hostname.
- password—The password used in RADIUS Access-Request messages for route-download requests. You can specify from 1 through 32 alphanumeric characters. The default password is juniper.
- synchronization—The time that the server starts the route download operation each day. You specify the time in 24-hour format, for example 03:45:00.
Example
host1(config)#aaa route-download 1200 retry-interval 25 password dl1456atl synchronization 03:45:00
Use the no version to disable the route-download server.
See aaa route-download

aaa route-download now

Use to specify that the RADIUS route-download server immediately restart the route download operation.
If a download is currently in progress when you issue this command without the force keyword, the in-progress download continues until complete. No additional download is started.
Use the force keyword to start an immediate download; a currently running download is interrupted. The download is not retried if it fails.
Use the adjust-scheduler keyword to restart the configured download interval from the time of this download. However, if the download fails, the download interval is not changed and the download is not retried.
Example
host1#aaa route-download now force adjust-scheduler
There is no no version.
See aaa route-download now

aaa route-download suspend

Use to temporarily suspend the RADIUS route-download server operation.
Example
host1#aaa route-download suspend
Use the no version to restore the route download operation.
See aaa route-download suspend

clear ip routes download

Use to synchronize downloaded access routes and the routes that are installed in the routing tables of virtual routers.
Use the following options to synchronize downloaded routes for a specific virtual router:
- Specify a particular VRF whose downloaded routes you want synchronized. If you do not specify an optional VRF, the current virtual router is used.
- Specify the IP address and IP mask that identifies the subset of downloaded routes that you want cleared in the routing table of the current virtual router or in the specified VRF.
- Use the wildcard character (*) to clear all downloaded routes in the routing table of the current virtual router or in the specified VRF.
Use the following keywords to perform global clearing operations:
- all—Clears all downloaded routes from all virtual routers and VRFs.
- reload—Initiates a download of routes and then clear the routes from the routing table of all virtual routers and VRFs.
  Note: Clear commands fail if the route-download server is in the process of downloading routes from the RADIUS server.
Example 1—Clear all downloaded routes from the current virtual router
host1#clear ip routes download *
Example 2—Clear a subset of routes from a specific VRF
host1#clear ip routes download vrf NY12 192.168.50.102 255.255.0.0
Example 3—Clear all downloaded routes from all virtual routers and VRFs
host1#clear ip routes download all
There is no no version.
See clear ip routes download

radius route-download server

Use to configure a RADIUS route-download server and enter RADIUS Configuration mode. Specify the IP address of the RADIUS server that you want to download access routes.

Note: When the RADIUS route-download server is enabled, the router ignores the radius rollover-on-reject enable command—the radius rollover-on-reject enable command has no effect for a RADIUS route-download server.

You can configure a single instance of the route downloader on the router.
Example
host1(config)#radius route-download server 10.10.5.10 host1(config-radius)#
Use the no version to delete the instance of the RADIUS route-download server.
See radius route-download server