Subscriber Interfaces Overview

You can configure E Series routers to create subscriber interfaces statically or dynamically.

The following list shows the underlying (layer 2) interfaces on which you can currently configure each type of subscriber interface.

For information about platform support for subscriber interfaces, see Subscriber Interfaces Platform Considerations.

Dynamic Interfaces and Dynamic Subscriber Interfaces

Dynamic interfaces are created automatically and transparently in response to external events. For example, the router creates dynamic interfaces when a lower-layer link such as an ATM or VLAN receives data. The layers of a dynamic interface are created based on the packets received on the link and can be configured using profiles, RADIUS, or a combination of the two. Dynamic interfaces are used to terminate Broadband Residential Access Server (B-RAS) access such as: Point-to-Point Protocol over Ethernet (PPPoE), Point-to-Point Protocol over ATM (PPPoA), and Point-to-Point Protocol over Ethernet over ATM (PPPoEoA). A PPP session acts as logical separation between one subscriber session and the next. Multiple services using policies and QoS can be applied to the IP interface that is associated with the PPP session.

An example of a dynamic interface configuration is a PPPoE session running on top of a Gigabit Ethernet VLAN interface. Figure 16 shows an example of the dynamic interface stack.

Figure 16: Example of a Dynamic Interface Stack

Image g017350.gif

You can configure the lower layers of the stack (GE physical interface and VLAN major interface) either dynamically or statically, and dynamically configure the upper layers (VLAN subinterface, PPPoE, and IP). An interface is considered dynamic if at least one of the layers in the interface stack is configured dynamically.

The router creates dynamic subscriber interfaces (DSIs) on demand, in response to external events, such as when a Dynamic Host Configuration Protocol (DHCP) event occurs or when the router detects a packet. DSIs function in a manner similar to dynamic interfaces. However, DSIs have a more specific application than dynamic interfaces. You use DSIs when there are no PPPoE, PPPoA, or PPPoEoA sessions to provide separation between layers and when subscriber management is required. For example, on an Ethernet VLAN, multiple subscribers can enter the network from a Wi-Fi hotspot, as shown in Figure 17:

Figure 17: Example of a Dynamic Subscriber Interface

Image g017351.gif

In Figure 17, multiple subscribers share the same broadcast segment. Each subscriber is identified by an individual IP address or a group of subscribers can be identified with an IP network. When each subscriber is identified by an individual IP address, a dynamic subscriber interface is created for each subscriber. You can manage a group of subscribers identified with an IP network, on a single DSI. You can also manage a group of subscribers using a static subscriber interface (SSI). However, you must manually configure the SSI and you cannot use the same dynamic profiles and RADIUS that DSIs use.

Subscribers can be connected to a single broadcast segment without using dynamic or static subscriber interfaces. This configuration is useful when subscriber management is not required. Subscriber management usually refers to (but is not limited to) tailoring IP policies and QoS profiles to a specific address or a very small group of addresses. For detailed information about the uses for Dynamic Subscriber interfaces, see Configuring Dynamic Subscriber Interfaces.

Relationship to Shared IP Interfaces

A subscriber interface is an extension of a shared IP interface. A shared IP interface is one of a group of IP interfaces that use the same layer 2 interface.

Shared IP interfaces are unidirectional—they can transmit but not receive traffic. In contrast, subscriber interfaces are bidirectional—they can both receive and transmit traffic.

For details about shared IP interfaces, see the Shared IP Interfaces section in JunosE IP, IPv6, and IGP Configuration Guide .

Relationship to Primary IP Interfaces

A subscriber interface operates only with a primary IP interface—a normal IP interface on a supported layer 2 interface, such as Ethernet. You create a primary interface by assigning an IP address to the Ethernet interface. Although you can configure a subscriber interface directly on an Ethernet interface, the subscriber interface does not operate until you assign an IP address to the Ethernet interface.

To configure a subscriber interface you must associate either a source address or a destination address with the interface. The router receives packets on a subscriber interface after demultiplexing the packet according to the specified source address or destination address. You can associate multiple source addresses or multiple destination addresses with a subscriber interface. However, a single primary interface and its associated subscriber interfaces can only demultiplex source addresses or destination addresses at any given time.

For example, Figure 18 illustrates the relationship between subscriber interfaces, an associated primary IP interface, and an associated Ethernet interface.

Figure 18: Subscriber Interfaces over Ethernet

Image g013303.gif

When the router receives traffic on a primary interface, the primary interface performs a lookup in its demultiplexing table. If the result of the lookup is a subscriber interface, the traffic is received on the associated subscriber interface.

Note: You can use the set dhcp relay giaddr-selects-interface command to specify that the primary interface is identified by information in the giaddr field of DHCP ACK messages. By default, the router identifies the primary interface based on the interface used by the DHCP-destined packets. See Using the Giaddr to Identify the Primary Interface for Dynamic Subscriber Interfaces .

Ethernet Interfaces and VLANs

In the absence of VLANs, Ethernet does not have a demultiplexing layer. A subscriber interface adds a demultiplexing layer for an Ethernet interface that is configured without VLANs. Using subscriber interfaces, the router can demultiplex or separate the traffic associated with different subscribers.

You can configure subscriber interfaces with VLANs. If you do so, the E Series router demultiplexes packets by using first the VLAN and then the subscriber interface.

Moving Interfaces

A shared IP interface that has associated subscriber demultiplexing attributes retains these attributes when it moves.

For details about moving shared IP interfaces, see the Moving IP Interfaces section in JunosE IP, IPv6, and IGP Configuration Guide .

Preventing IP Spoofing

You can prevent IP spoofing on subscriber interfaces by using media access control (MAC) address validation.

For information about configuring MAC address validation, see the MAC Address Validation section in JunosE IP, IPv6, and IGP Configuration Guide.

For information about the relationship between the MAC address validation state and dynamically created subscriber interfaces, see Inheritance of MAC Address Validation State for Dynamic Subscriber Interfaces.

Routing Protocols

You configure unicast routing protocols on subscriber interfaces in the same way that you configure routing protocols on primary IP interfaces, provided that you configure them to use unicast addressing when communicating with a peer. You can also enable multicast routing protocols such as IGMP on subscriber interfaces; however, we do not recommend this type of configuration.

Policies and QoS

You can configure policies, such as rate limiting and filtering, and quality of service (QoS) for subscriber interfaces in the same way that you do for primary IP interfaces. For more information, see the JunosE Policy Management Configuration Guide and the JunosE Quality of Service Configuration Guide.

Applications

In a cable modem network, service providers can use subscriber interfaces to:

Directing Traffic Toward Special Local Content

Figure 19 shows an example of a cable modem network. Multiple cable modem termination systems (CMTSs) connect to multiple shared media access LANs. Many subscribers connect to each LAN.

In this example, the service provider uses subscriber interfaces to direct traffic toward special local content on the network: a voice over Internet Protocol (VoIP) service on network 10.11.0.0/16, or a local gaming service on network 10.12.0.0/16. Rate limits and policies on the subscriber interface customize the service level for the associated service. In this application, the E Series router is the first-hop router for the subscribers, and the subscriber interfaces demultiplex traffic based on the destination address.

Figure 19: Subscriber Interfaces in a Cable Modem Network

Image g013124.gif

For instructions on configuring the application shown in Figure 19, see Using a Destination Address to Demultiplex Traffic.

Differentiating Traffic for VPNs

Similarly, service providers can use subscriber interfaces to differentiate traffic for VPNs. Figure 20 shows an example of this application.

Customers on subnet A need to connect to VPN A, and customers on subnet B need to connect to VPN B. The E Series router connects to VPN A through virtual router A and to VPN B though virtual router B. Using two subscriber interfaces on the same primary interface (one on virtual router B and one on virtual router A), the E Series router can separate the traffic from subnets A and B. Because the E Series router is forwarding traffic in this application, the shared IP interface should demultiplex the traffic by using a source address.

Figure 20: Associating Subnets with a VPN Using Subscriber Interfaces

Image g013125.gif

For instructions on configuring the application shown in Figure 20, see Using a Source Address to Demultiplex Traffic.

Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.