Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Example: Configuring MX Series Universal Edge Routers for Service Convergence

 

This example details the steps required to configure Juniper Networks Unified Edge for combined residential and business subscriber management. Step-by-step instructions are provided for each type of device in the example configuration.

This section includes the following information:

Requirements

Table 1 lists the role of each device in the topology of the configuration example and includes the hardware used for each device. All MX Series devices in this example were tested with Juniper Networks Junos OS Release 13.3R3, which is the minimum software version required.

Table 1: Device Hardware

Device

Hardware

R0 (BNG) primarily performs subscriber management functions. For PPPoE traffic, it terminates sessions directly. If the RADIUS AAA server system returns L2TP tunnel attributes, R0 forwards PPP session traffic to the LNS over L2TP tunnels.

Chassis: MX960

RE0-RE1: RE-S-1800x4

Flexible PIC Concentrators (FPC2, FPC5, FPC8, FPC11): Modular Port Concentrator (MPC) Type 2 3D EQ

R1 and R3 (core routers) are responsible for IPv4 and IPv6 traffic forwarding and for MPLS traffic switching.

Chassis: MX480

RE0-RE1: RE-S-1800x4

FPC 0, FPC3: MPC type 1 3D Q

FPC 5: MPC type 2 3D EQ

R2 (LNS) terminates L2TP tunnels to provide a high-speed Internet wholesale service. It terminates IPv4/IPv6 dual-stack subscriber and forwarding traffic to or from the Internet.

Chassis: MX480

RE0: RE-S-2000

FR1: RE-S-2000

FPC 0 - FPC 1: MPC Type 2 3D EQ

RADIUS server provides subscriber authentication and accounting.

FreeRADIUS Version 2.1.5 on an Intel Linux server

Overview

This configuration example supports the following functions:

  • Residential BNG

    • Residential high-speed Internet

    • L2TP: L2TP access concentrator (LAC)

    • Video: video on demand (VOD), IPTV

    • VoIP

    • PPPv4 and dual-stack clients

    • IPoE sessions

    • Authentication, authorization, and accounting (AAA), and address assignment

    • Dynamic interface

    • Filters

    • Hierarchical QoS management

    • Carrier grade home agent and resiliency: graceful Routing Engine switchover (GRES), In-Service Software Upgrade (ISSU), nonstop active routing (NSR)

    • Ethernet, PPP, and DHCP Operation, Administration, and Maintenance (OAM) service and scalability

  • Business Provider Edge (PE) and Label Edge Router (LER)

    • Layer 2 (L2) VPNs

    • Business high-speed Internet

    • MPLS connectivity from the access edge

    • Video PE services

  • Business BNG (business subscriber management)

    • RADIUS and AAA support

    • Dynamic subscriber VLANs and services

    Note

    This configuration example uses L2 circuits in place of business subscribers (business services) for testing purposes.

Topology

Figure 1 illustrates the topology of this configuration example.

In this example, the BNG device (R0) performs subscriber management functions. For PPPoE traffic, it terminates sessions directly. If the RADIUS AAA server system returns L2TP tunnel attributes, it forwards PPP session traffic to the LNS over L2TP tunnels. The BNG also terminates DHCP (IPoE) traffic directly.

The core routers (R1 and R3) are responsible for IPv4 and IPv6 traffic forwarding and for MPLS traffic switching. The Intermediate System-to-Intermediate System (ISIS) protocol is employed to exchange link and loopback interface information between devices. Label Distribution Protocol (LDP) is enabled to exchange MPLS label information with neighbor routers.

R2, the L2TP network server (LNS), is directly connected to the core routing system. It terminates L2TP tunnels to provide a high-speed interface wholesale service. The configuration example is simple, as it is intended only to demonstrate that the BNG can relay PPP traffic to the LNS by way of L2TP tunnels. The LNS terminates IPv4/IPv6 dual-stack subscriber and forwarding traffic en route to or from the IPv4 and IPv6 Internet.

The configuration example includes:

  • Multiple routers

  • PPPoE over LAC over customer-dedicated dynamic VLAN

  • Dual-stack PPP subscribers over dynamic VLAN

  • Subscribers that have the following service attachments:

    • Ascend Data Filter (ADF) filters for IPv4 and IPv6

    • Services attached upon login

    • QoS classes per session

  • 16,000 residential PPPoE subscribers:

    • 25% L2TP

    • 0.5% lawful intercept

    • 50% IPTV customers

    • The balance are dual-stack PPPoE subscribers that are terminated on the MX Series router

  • Parameterized CoS and firewall support that allow implementation of customized filters for each subscriber session

  • ADF for dynamic firewall

On the core side, the configuration consists of the following:

  • 800,000 IPv4 and 100,000 IPv6 routes

  • 20,000 ISIS routes

  • 1000 targeted LDP sessions and 8 direct LDP sessions

  • 8 ISIS adjacencies with 8 uplinks

  • 4 Border Gateway Protocol (BGP) adjacencies

  • 500 L2 circuits in place of business subscribers for purposes of testing

  • AAA, Change of Authorization (CoA), and lawful intercept validation

  • Authorization

  • Authentication

  • Accounting

  • RADIUS-initiated disconnects

  • Lawful intercept CoA

  • Service activation and deactivation using CoA

  • ISSU

Configuration

The following sections present configuration information for the devices included in the example from left to right in the topology diagram. The sections include CLI quick configuration (for copy and paste), step-by-step instructions, and show command output that confirms the configuration.

Configuring the BNG Router, R0

CLI Quick Configuration

Figure 1 highlights the BNG router (R0) in the context of the reference example topology.

Figure 1: BNG Router in the Topology
BNG Router in the Topology

To quickly configure R0 as in this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

To configure R0:

  1. Create the VLAN dynamic client profile interface.

    The VLAN dynamic profile creates dual-tag VLANs that accept any TPID values by configuring the VLAN-tags statement and the $junos-vlan-id variable, and that accept only PPPoE encapsulation traffic.

  2. Configure a dynamic profile that defines the attributes of the dynamic dual-stack PPPoE subscriber interface, and implements per-subscriber CoS support.

    Define the variable defaults, and configure the routing instance, interface, router advertisement, and CoS parameters.

    1. Define the dynamic PPPoE client profile variable defaults.

    2. Configure the dynamic PPPoE client profile routing instance parameters.

    3. Configure the dynamic PPPoE client profile interface.

    4. Configure the dynamic PPPoE client profile router advertisement.

    5. Configure the dynamic PPPoE client profile CoS parameters.

  3. Configure a dynamic service profile for filters and CoS functionality to ensure VoIP service quality.
    1. Configure voice variables.

    2. Configure voice interfaces.

    3. Configure voice firewall parameters.

  4. Configure a dynamic service profile for incoming high-priority traffic that leverages hierarchical policers to ensure that the traffic is processed and forwarded to the network.
    1. Configure input QoS variables.

    2. Configure input QoS interfaces.

    3. Configure input QoS firewall parameters.

    4. Configure the hierarchical policers referenced in the QoS firewall configuration.

  5. Configure a dynamic service profile to guarantee unicast and multicast video services by classifying video traffic and assigning appropriate traffic forwarding classes.Note

    The variables defined inside the dynamic profile for unicast/multicast video traffic bandwidth are included here for example purposes only—they illustrate a method of communicating bandwidth information between the RADIUS AAA system and the BNG system.

    1. Configure video variables.

    2. Configure the video interface.

    3. Configure the IGMP video interface.

    4. Configure video firewall parameters.

  6. Configure system-level parameters.
    1. Establish the hostname.

    2. Configure DHCPv6 overrides, delay removal of access routes and access-internal routes after GRES, and establish a high threshold for resource monitoring.

    3. Direct the active Routing Engine to synchronize its candidate configuration to the backup Routing Engine. Improve commit performance by specifying that full inheritance paths of the configuration groups are built in the database instead of in the process memory.

    4. Configure distributed denial of service (DDoS) protection.

  7. Configure chassis-level parameters.
  8. Configure flow monitoring parameters.
  9. Configure L2TP parameters.
  10. Configure an access profile.
  11. Configure the interfaces.
    1. Configure the loopback interface.

    2. Configure core-facing interfaces.

    3. Configure access-facing interfaces.

  12. Configure forwarding options.
    1. Configure sampling parameters.

    2. Configure hash keys.

    3. Configure filters.

  13. Configure event options.
  14. Configure accounting options.
  15. Configure routing options.
  16. Configure and enable protocols.
    1. Configure MPLS.

    2. Configure BGP.

    3. Configure IS-IS.

    4. Configure LDP.

    5. Configure PIM.

    6. Configure L2 circuit interfaces.

  17. Configure policy options.
  18. Configure CoS parameters.
    1. Configure forwarding classes.

    2. Configure classifiers.

    3. Configure outbound traffic from the host.

    4. Configure drop profiles.

    5. Configure CoS interfaces.

    6. Configure CoS rewrite rules.

    7. Configure CoS scheduler maps.

    8. Configure CoS schedulers.

  19. Configure firewall filters.
    1. Configure firewall filters for IPv4.

    2. Configure firewall filters for IPv6.

  20. Configure RADIUS server access parameters.
  21. Configure access profile parameters.
    1. Configure the authentication order for RADIUS.

    2. Configure RADIUS parameters.

    3. Configure session options.

    4. Configure accounting parameters.

  22. Configure address assignment.
  23. Configure address protection.
  24. Configure report interface descriptions.
  25. Configure accounting backup options.

Results

  1. Confirm the dynamic VLAN profile interface configuration.

  2. Confirm the dynamic PPPoE client profile configuration.

  3. Confirm the voice parameter configuration.

  4. Confirm the input QoS parameter configuration.

  5. Confirm the video parameter configuration.

  6. Confirm the system configuration.

  7. Confirm the chassis level configuration.

  8. Confirm the flow monitoring configuration.

  9. Confirm the L2TP configuration.

  10. Confirm that the access profile was created.

  11. Confirm the interface configuration.

  12. Confirm the forwarding options configuration.

  13. Confirm the event option configuration.

  14. Confirm the accounting option configuration.

  15. Confirm the routing option configuration.

  16. Confirm the protocol configurations.

  17. Confirm the policy option configuration.

  18. Confirm the CoS configuration.

  19. Confirm the firewall configuration.

  20. Confirm the RADIUS server access configuration.

  21. Confirm the access profile configuration.

  22. Confirm the address assignment configuration.

  23. Confirm the address protection, report interface description, and accounting backup option configurations.

Configuring the Core Router, R1

CLI Quick Configuration

Figure 2 highlights the core router (R1) in the context of the reference example topology.

Figure 2: Core Router in the Topology
Core Router in the Topology

To quickly configure R1 as in this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

To configure R1:

  1. Establish the hostname.
  2. Configure the interfaces.
    1. Configure the loopback interface.

      The core router system’s primary address is configured under this interface.

    2. Configure the BNG system-facing interface.

      This interface forwards and receives traffic through the core networks.

    3. Configure the core router interlink.

      This interface handles traffic to and from the neighbor core router.

    4. Configure the LNS-facing interface.

      This interface handles traffic to and from retailer and ISP networks.

  3. Configure the router ID.
  4. Enable MPLS.

    MPLS must be enabled for all interfaces connected to BNG-facing and LNS-facing ports. Because IPv6 MPLS tunneling is enabled, IPv6 routes can be resolved over an MPLS network. This is accomplished by converting LDP and RSVP routes stored in the inet.3 routing table to IPv4-mapped IPv6 addresses, which are then copied into the inet6.3 routing table. The inet6.3 routing table can be used to resolve next hops for both inet6 and inet6-vpn routes.

  5. Configure IS-IS for IGP routing.
  6. Enable LDP.

    LDP must be enabled for BNG-facing and LNS-facing ports.

  7. Enable PIM.

    PIM is used for multicast group and source information exchange. Configure PIM sparse mode with all interfaces, and configure static RP.

Results

From configuration mode, confirm your configuration by entering the following show commands:

  1. Confirm the interface configurations.

  2. Confirm the router ID configuration.

  3. Confirm the protocol configurations.

Configuring the Second Core Router, R3

CLI Quick Configuration

Figure 3 highlights the second core router (R3) in the context of the reference example topology.

Figure 3: Second Core Router in the Topology
Second Core Router in the
Topology

To quickly configure R3 as in this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

To configure R3:

  1. Establish the hostname.
  2. Configure the interfaces.
    1. Configure the loopback interface.

      The core router system’s primary address is configured under this interface.

    2. Configure the BNG system-facing interface.

      This interface forwards and receives traffic through the core networks.

    3. Configure the LNS-facing interface.

      This interface handles traffic to and from retailer and ISP networks.

    4. Configure the core router interlink.

      This interface handles traffic to and from the neighboring core router.

  3. Configure the router ID.
  4. Enable MPLS.

    MPLS must be enabled for all interfaces connected to BNG-facing and LNS-facing ports. Because IPv6 MPLS tunneling is enabled, IPv6 routes can be resolved over an MPLS network. This is accomplished by converting LDP and RSVP routes stored in the inet.3 routing table to IPv4-mapped IPv6 addresses, which are then copied into the inet6.3 routing table. The inet6.3 routing table can be used to resolve next hops for both inet6 and inet6-vpn routes.

  5. Configure IS-IS for IGP routing.
  6. Enable LDP.

    LDP must be enabled for BNG-facing and LNS-facing ports.

  7. Enable PIM.

    PIM is used for multicast group and source information exchange. Configure PIM sparse mode with all intefaces, and configure static RP.

Results

From configuration mode, confirm your configuration by entering the following show commands:

  1. Confirm the interface configurations.

  2. Confirm the router ID configuration.

  3. Confirm the protocol configurations.

Configuring the LNS Device, R2

CLI Quick Configuration

Figure 4 highlights the LNS device (R2) in the context of the reference example topology.

Figure 4: L2TP Network Server Device in the Topology
L2TP Network Server Device
in the Topology

To quickly configure the R2 device as in this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

To configure R2:

  1. Configure dynamic profiles.

    Dynamic profiles are required for dynamic configuration of L2TP session interface characteristics such as address family type, address type, and filters.

  2. Configure system-level parameters.
    1. Establish the hostname.

    2. Configure DHCPv6 local server parameters.

      Override DHCPv6 configuration options, and specify an interface within a DHCPv6 group on which the DHCP local server is enabled.

  3. Configure assigned bandwidth for L2TP in-line and tunnel services.

    L2TP traffic is processed by the in-line service capability of the general network interface module rather than by a service dedicated module; line modules handle both L2TP and non-L2TP traffic.

  4. Configure L2TP tunnel group parameters.

    Configure an L2TP tunnel group with the L2TP gateway’s local address. Configure a pool of service interfaces and assign it to an L2TP tunnel group for traffic load balancing. The service device pool is required for dynamic LNS sessions.

  5. Specify the access profile to be used by the primary routing instance.
  6. Configure the interfaces.
    1. Configure the loopback interface.

      The loopback interface includes both inet and inet6 address families to enable a dual-stack routing environment.

  7. Enable inet and inet6 address families to allow in-line service to support IPv4 and IPv6 dual-stack traffic.
  8. Configure the RADIUS server-facing interface.
  9. Configure the network-facing interfaces.
  10. Configure the core-facing interfaces.
  11. Configure the interface for Ethernet private line (EPL) service to business customers.
  12. Configure the router ID.
  13. Configure and enable protocols.
    1. Configure MPLS.

      MPLS must be enabled for all interfaces connected to BNG-facing and LNS-facing ports. Because IPv6 MPLS tunneling is enabled, IPv6 routes can be resolved over an MPLS network. This is accomplished by converting LDP and RSVP routes stored in the inet.3 routing table to IPv4-mapped IPv6 addresses, which are then copied into the inet6.3 routing table. The inet6.3 routing table can be used to resolve next hops for both inet6 and inet6-vpn routes.

    2. Configure BGP.

    3. Configure IS-IS for routing information exchange.

    4. Configure LDP for BNG-facing and LNS-facing ports.

    5. Configure PIM.

      Configure PIM sparse mode with all interfaces, and configure static RP.

    6. Configure L2 Circuits.

  14. Configure policy options.
  15. Configure RADIUS server access parameters.
  16. Configure the parameters of PPP running over the L2TP tunnel.
  17. Configure L2TP access concentrator (LAC) parameters.
  18. Configure IPv4 and IPv6 local address pools.

    Subscriber end devices get addresses from the inet local address pool using PPP IPCP negotiation. Subscriber end devices get prefixes from the inet6 local address pool using DHCPv6.

Results

From configuration mode, confirm your configuration by entering the following show commands:

  1. Confirm the dynamic profile configuration.

  2. Confirm the system parameter configuration.

  3. Confirm the L2TP services bandwidth configuration.

  4. Confirm the L2TP tunnel group configuration.

  5. Confirm the access profile configuration.

  6. Confirm the interface configurations.

  7. Confirm the router ID configuration.

  8. Confirm the protocol configurations.

  9. Confirm the policy options configuration.

  10. Confirm the RADIUS server access configuration.

  11. Confirm the PPP configuration.

  12. Confirm LAC configuration.

  13. Confirm the local address pool configuration.

Configuring the Default User Profile for the RADIUS Server

Step-by-Step Procedure

Figure 5 highlights the RADIUS server in the context of the reference example topology.

Figure 5: RADIUS Server in the Topology
RADIUS Server in
the Topology

In this example, the RADIUS server has two user profiles. The first, DEFAULTUSER, is for PPPoE local termination with dynamic filter provisioning using ADF, dynamic CoS profile, and service activations for high-speed Internet (HSI), video, and voice services. The second, DEFAULTUSER@ABC1.COM, is for L2TP tunnel subscribers, to provide the L2TP tunnel destination (LNS address) and other attributes.

To configure user profiles for the RADIUS server:

  1. Include the following RADIUS attributes and values in the RADIUS user profile configurations:

Verification

The following sections show how to verify that the configuration is working properly. Within each group, verification steps are listed for the devices from left to right in the example topology.

Verify Route Summary Information

Purpose

Confirm that all routing protocols and routes are functional and active.

  • On R0, confirm inet, ISO, MPLS, inet6, and L2 circuit destinations and routes on router ID 100.0.0.1.

  • On R1, confirm inet, ISO, MPLS, and inet6 destinations and routes on router ID 101.0.0.1.

  • On R3, confirm inet, ISO, MPLS, and inet6 destinations and routes on router ID 103.0.0.1.

  • On R2, confirm inet, ISO, MPLS, inet6, and L2 circuit destinations and routes on router ID 102.0.0.1.

Action

On each device, run the show route summary command from operational mode.

user@host-R0>show route summary
user@host-R1>show route summary
user@host-R3>show route summary
user@host-R2>show route summary

Meaning

Destinations and routes are functional.

Verify the Loopback and Physical Ports

Purpose

On each device, test connections to the loopback and physical ports.

Action

On each device, run the show interfaces command from operational mode for each port to confirm that the interfaces are up. Then run the ping command to verify communication with each interface. For the loopback port, it is not necessary to run the show interfaces command, because the port is always up and running.

user@host-R0> ping 100.0.0.1 rapid
user@host-R0> ping 1000::1 rapid
user@host-R0> show interfaces xe-5/2/0 terse
user@host-R0> ping 20.20.50.2 rapid
user@host-R0> show interfaces ge-9/0/1 terse
user@host-R0> ping 20.20.70.2 rapid
user@host-R1> show interfaces lo0 terse
user@host-R1> ping 101.0.0.1 rapid
user@host-R1> ping 1001::1 rapid
user@host-R1> show interfaces xe-0/0/0 terse
user@host-R1> ping 20.20.50.3 rapid
user@host-R1> show interfaces ge-2/3/3 terse
user@host-R1> ping 20.20.60.2 rapid
user@host-R1> show interfaces ge-5/0/0 terse
user@host-R1> ping 20.20.90.2 rapid
user@host-R3> show interfaces lo0.0 terse
user@host-R3> ping 103.0.0.1 rapid
user@host-R3> ping 1003::1 rapid
user@host-R3> show interfaces ge-5/0/2 terse
user@host-R3> ping 20.20.70.3 rapid
user@host-R3> show interfaces xe-5/3/0 terse
user@host-R3> ping 20.20.80.3 rapid
user@host-R3> show interfaces ge-0/1/0 terse
user@host-R3> ping 20.20.90.3 rapid
user@host-R2> show interfaces lo0 terse
user@host-R2> ping 102.0.0.1 rapid
user@host-R2> ping 1002::1 rapid
user@host-R2> show interfaces ge-2/1/4 terse
user@host-R2> ping 20.20.60.3 rapid
user@host-R2> show interfaces xe-2/3/1 terse
user@host-R2> ping 20.20.80.2 rapid
user@host-R2> show interfaces ge-2/1/4 terse
user@host-R2> ping 200.0.1.1 rapid
user@host-R2> show interfaces ge-2/1/5 terse
user@host-R2> ping 3008:db8:ffff:3::3 rapid
user@host-R2> show interfaces ge-2/1/0 terse
user@host-R2> ping 9.0.0.1 rapid

Meaning

Loopback and physical port interfaces are functional and communicating.

Verify IS-IS Functionality

Purpose

On each device, display IS-IS interface, adjacency, and route information to confirm that all entities are functioning properly.

Action

On each device, run the show isis interface, show isis adjacency, show route protocol isis | match /32, show route protocol isis | match /128, and show route protocol isis commands from operational mode.

user@host-R0>show isis interface
user@host-R0>show isis adjacency
user@host-R0>show route protocol isis | match /32
user@host-R0>show route protocol isis | match /128
user@host-R0>show route protocol isis
user@host-R1>show isis interface
user@host-R1>show isis adjacency
user@host-R1>show route protocol isis | match /32
user@host-R1>show route protocol isis | match /128
user@host-R1>show route protocol isis
user@host-R3>show isis interface
user@host-R3>show isis adjacency
user@host-R3>show route protocol isis | match /32
user@host-R3>show route protocol isis | match /128
user@host-R3>show route protocol isis
user@host-R2>show isis interface
user@host-R2>show isis adjacency
user@host-R2>show route protocol isis | match /32
user@host-R2>show route protocol isis | match /128
user@host-R2>show route protocol isis

Meaning

IS-IS interfaces, adjacencies, and routes are functioning properly.

Verify LDP Functionality

Purpose

On each device, display LDP interface and neighbor information to confirm that the entities are functioning properly.

Action

On each device, run the show ldp interface and show ldp neighbor commands from operational mode.

user@host-R0>show ldp interface
user@host-R0>show ldp neighbor
user@host-R1>show ldp interface
user@host-R1>show ldp neighbor
user@host-R3>show ldp interface
user@host-R3>show ldp neighbor
user@host-R2>show ldp interface
user@host-R2>show ldp neighbor

Meaning

LDP interfaces and neighbors are operational.

Verify MPLS Interfaces

Purpose

On each device, display MPLS interface information to confirm the interfaces are Up.

Action

On each device, run the show mpls interface command from operational mode.

user@host-R0>show mpls interface
user@host-R1>show mpls interface
user@host-R3>show mpls interface
user@host-R2>show mpls interface

Meaning

MPLS interfaces are operational.

Verify CCC Interfaces and L2 Circuits on R0

Purpose

Display L2 circuit connection information to confirm that the interfaces and virtual circuits are functioning properly.

Action

On R0, run the show l2circuit connections summary and show l2circuit connections interface ge-2/1/0.1 commands from operational mode.

user@host-R0>show l2circuit connections summary
user@host-R0>show l2circuit connections interface ge-2/1/0.1

Meaning

CCC and L2 circuit interfaces are operational.

Verify Interface Accounting Files

Purpose

Display accounting filenames on the local router, along with the content of those files, to determine whether the system is able to collect input and output statistics from the business customer service interface.

Action

On R0, run the file list /var/log/ifstat* detail and file show /var/log/ifstat commands from operational mode.

user@host-R0>file list /var/log/ifstat* detail
user@host-R0>file show /var/log/ifstat

Meaning

For each interface being used for interface file accounting, the following information is recorded:

  • profile-layout

  • epoch-timestamp

  • interface-name

  • snmp-index

  • input-bytes

  • output-bytes

  • input-packets

  • output-packets

  • input-multicast

  • output-multicast

The accounting file size and backup file count should be updated if the system’s interface accounting component is working as expected.

Verify Inline Flow Monitoring

Purpose

Display inline flow accounting status and statistics for the specified FPC. Inline flow monitoring supports a sampling output format designated IP_FIX.

Action

On R0, run the show services accounting status inline-jflow fpc-slot 2 and fshow services accounting flow inline-jflow fpc-slot 2 commands from operational mode.

user@host-R0>show services accounting status inline-jflow fpc-slot 2
user@host-R0>show services accounting flow inline-jflow fpc-slot 2

Meaning

If the inline flow feature is enabled and working properly, the IPv4 and IPv6 flow counts should increase as traffic is forwarded using a line module.

Verify PPPoE over Dynamic VLAN Subscribers on R0

Purpose

Display PPPoE subscriber and other PPPoE over dynamic VLAN information to confirm that the interfaces are functioning properly.

The BNG system dynamically creates subscriber interfaces such as pp0.xyz and assigns system-generated interface unit numbers and session IDs for subscriber session identification purposes. These ID values are not fixed, because they are maintained by the system. Obtaining the interface name and session ID is the first step in the verification process.

Action

From operational mode, run the show subscribers, show subscribers detail, show route protocol access-internal, show subscribers extensive, show network-access aaa subscribers, show network-access aaa subscribers session-id 748, show network-access aaa subscribers session-id 748 detail, show firewall, show class-of-service traffic-control-profile, show class-of-service scheduler-hierarchy interface pp0.1073742493, show interfaces queue pp0.1073742493, show class-of-service interface pp0.1073742493, show class-of-service interface pp0.1073742493 detail, and show class-of-service interface pp0.1073742493 comprehensive commands.

user@host-R0>show subscribers
user@host-R0>show subscribers detail
user@host-R0>show route protocol access-internal
user@host-R0>show subscribers extensive
user@host-R0>show network-access aaa subscribers
user@host-R0>show network-access aaa subscribers session-id 748 detail
user@host-R0>show firewall
user@host-R0>show class-of-service traffic-control-profile
user@host-R0>show class-of-service scheduler-hierarchy interface pp0.1073742493
user@host-R0>show interfaces queue pp0.1073742493
user@host-R0>show class-of-service interface pp0.1073742493
user@host-R0>show class-of-service interface pp0.1073742493 detail
user@host-R0>show class-of-service interface pp0.1073742493 comprehensive

Meaning

These commands display the logical and physical interface associations for the classifier, rewrite rules, and scheduler map objects. If all services related to the CoS configuration have been activated successfully, the output should reflect the CoS queue and scheduler mapping status.

Verify DHCPv6 over PPPoE over Dynamic VLAN Subscribers on R0

Purpose

Display PPPoE subscriber, DHCPv6 server binding, inet6 route table, and AAA subscriber information to confirm that the interfaces are functioning properly.

The BNG system dynamically creates subscriber interfaces such as pp0.xyz and assigns system-generated interface unit numbers and DHCPv6 subscriber session IDs for subscriber session identification purposes. These ID values are not fixed, because they are maintained by the system. Obtaining the interface name and session ID is the first step in the verification process.

Action

From operational mode, run the show dhcpv6 server binding, show dhcpv6 server binding detail, show subscribers, show subscribers detail, show subscribers extensive, show network-access aaa subscribers, show network-access aaa subscribers session-id 752, and show network-access aaa subscribers session-id 752 detail commands.

user@host-R0>show dhcpv6 server binding
user@host-R0>show dhcpv6 server binding detail
user@host-R0>show subscribers
user@host-R0>show subscribers detail
user@host-R0>show subscribers extensive
user@host-R0>show route table inet6.0 protocol access
user@host-R0>show network-access aaa subscribers
user@host-R0>show network-access aaa subscribers session-id 752
user@host-R0>show network-access aaa subscribers session-id 752 detail

Meaning

DHCPv6 over PPPoE over dynamic VLAN interfaces are operational.

Verify PPP LAC Subscribers

Purpose

Display subscriber, network access AAA, CoS, and L2TP services information to confirm that the interfaces are functioning properly.

Action

From operational mode, run the show subscribers, show subscriber detail, show subscribers extensive, show network-access aaa subscribers, show network-access aaa subscribers session-id 754, show network-access aaa subscribers session-id 754 detail, show class-of-service traffic-control-profile, show class-of-service interface pp0.1073742495, show class-of-service scheduler-hierarchy interface pp0.1073742495, show class-of-service interface pp0.1073742495, show class-of-service interface pp0.1073742495 detail, show class-of-service interface pp0.1073742495 comprehensive, show services l2tp summary, show services l2tp destination, show services l2tp tunnel, show services l2tp session, show services l2tp destination detail, show services l2tp tunnel detail, and show services l2tp session detail commands.

user@host-R0>show subscribers
user@host-R0>show subscribers detail
user@host-R0>show subscribers extensive
user@host-R0>show network-access aaa subscribers
user@host-R0>show network-access aaa subscribers session-id 754 detail
user@host-R0>show class-of-service traffic-control-profile
user@host-R0>show class-of-service interface pp0.1073742495
user@host-R0>show class-of-service scheduler-hierarchy interface pp0.1073742495
user@host-R0>show class-of-service interface pp0.1073742495
user@host-R0>show class-of-service interface pp0.1073742495 detail
user@host-R0>show class-of-service interface pp0.1073742495 comprehensive
user@host-R0>show services l2tp summary
user@host-R0>show services l2tp destination
user@host-R0>show services l2tp tunnel
user@host-R0>show services l2tp session
user@host-R0>show services l2tp destination detail
user@host-R0>show services l2tp tunnel detail
user@host-R0>show services l2tp session detail

Meaning

The show services l2tp commands display a list of the active L2TP tunnels for the LAC. If an L2TP tunnel is established successfully, the system should display an L2TP session list and details.

Verify the AAA Access and RADIUS Server Configuration and Statistics on R0

Purpose

Display RADIUS server, domain map, and AAA information to confirm that that AAA and RADIUS are functioning properly.

Action

From operational mode, run the show network-access aaa accounting, show network-access aaa radius-servers detail, show network-access domain-map statistics, show network-access aaa statistics authentication, show network-access aaa statistics authentication detail, show network-access aaa statistics accounting, show network-access aaa statistics accounting detail, show network-access requests statistics, and show network-access requests pending commands.

user@host-R0>show network-access aaa accounting
user@host-R0>show network-access aaa radius-servers detail
user@host-R0>show network-access domain-map statistics
user@host-R0>show network-access aaa statistics authentication
user@host-R0>show network-access aaa statistics authentication detail
user@host-R0>show network-access aaa statistics accounting
user@host-R0>show network-access aaa statistics accounting detail
user@host-R0>show network-access requests statistics
user@host-R0>show network-access requests pending

Meaning

AAA and RADIUS server functions are correct.

Verify L2TP Functionality on R2

Purpose

Display subscriber, network access AAA, and L2TP services information to confirm that the interfaces are functioning properly.

Action

From operational mode, run the show subscribers, show subscriber summary, show subscribers detail, show network-access aaa subscribers, show network-access aaa subscribers session-id 4, show network-access aaa subscribers session-id 4detail, show route protocol access internal, show services l2tp summary, show services l2tp destination, show services l2tp tunnel, show services l2tp session, show services l2tp destination extensive, show services l2tp tunnel extensive, and show services l2tp session extensive commands.

user@host-R2>show subscribers
user@host-R2>show subscribers summary
user@host-R2>show subscribers detail
user@host-R2>show network-access aaa subscribers
user@host-R2>show network-access aaa subscribers session-id 4
user@host-R2>show network-access aaa subscribers session-id 4 detail
user@host-R2>show route protocol access-internal
user@host-R2>show services l2tp summary
user@host-R2>show services l2tp destination
user@host-R2>show services l2tp tunnel
user@host-R2>show services l2tp session
user@host-R2>show services l2tp destination extensive
user@host-R2>show services l2tp tunnel extensive
user@host-R2>show services l2tp session extensive

Meaning

L2TP LAC PPP over dynamic VLAN interfaces are operational.

Troubleshooting

This troubleshooting section focuses on subscriber management functions on the BNG platform. To troubleshoot these functions, see the following sections.

Note

For information on using the trace option, see Junos OS Tracing and Logging Operations.

MPLS L2 Circuit Pseudowire

Problem

MPLS L2 circuit pseudowires are not being established.

Solution

  1. On the BNG device, investigate each network layer’s operational status and error count. Start by ensuring that the operational status is Up for both L1 and L2, and that the error count is not increasing.

    user@host-BNG>show interfaces ge-2/1/0 extensive
  2. If the interface is a pseudo-service (PS) interface, check the status of the anchor interface as well.

    user@host-BNG>show configuration interfaces ge-2/1/0| display inheritance no-comments
    user@host-BNG>show interfaces ge-2/1/0 media
    user@host-BNG>show interfaces ge-2/1/0
    user@host-BNG>show interfaces ge-2/1/0 extensive
  3. Next, check the IP connectivity of the remote PE router (R2)’s loopback interface.

    user@host-BNG>ping 102.0.0.1 rapid count 1000
  4. Determine whether the IGP is stable, without any route flapping. The IS-IS neighbor state should be Full, and the age of the IS-IS database and route table should increase consistently without resetting to zero. The IP connectivity to the neighbor router’s loopback interface should be intact.

    user@host-BNG>show isis adjacency
    user@host-BNG>show route protocol isis | match /32
    user@host-BNG>show route protocol isis | match /128
    user@host-BNG>show route protocol isis
    user@host-BNG>ping 102.0.0.1 rapid count 1000
  5. Examine the MPLS pseudowire data path.

    user@host-BNG>ping mpls l2circuit virtual-circuit 1 count 10 destination 127.0.0.1 neighbor 101.0.0.1
    user@host-PE1>ping mpls l2circuit interface ge-2/1/0.1
    user@host-PE1>ping mpls l2circuit interface ge-2/1/0.1
    user@host-PE1>ping mpls l2circuit interface ge-2/1/0.1 detail
  6. Finally, verify that the MPLS L2 circuit status is Up. If it is not, consult the connection status code legend provided in the show command output for the reason.

    user@host-BNG>show l2circuit connections interface ge-2/1/0 extensive
    user@host-PE1>show l2circuit connections interface ge-2/1/0.1 extensive

Subscriber Sessions

Problem

Subscriber sessions are not being established.

Solution

  1. First, check the AAA status. Start by using the test aaa command to ascertain the authentication and address assignment operational status.

    user@host-BNG>test aaa ppp user SST_USER_VLAN_DEFAULT password <password>
    user@host-BNG>test aaa ppp user SST_USER_PPPOE_LT_DEFAULT password <password>
    user@host-BNG>test aaa ppp user SST_USER_PPPOE_L2TP_DEFAULT@ABC1.COM password <password>
  2. Check the RADIUS server’s operational status and statistics.

    user@host-BNG>show network-access aaa radius-servers detail
  3. Monitor incoming and outgoing subscriber protocol control traffic using the pseudo-service (PS) interface. Start by checking the subscriber access protocol negotiation status.

    user@host-BNG>monitor traffic interface ps0 no-resolve
  4. To monitor L2 header information, use the monitor traffic command with the layer2 option.

    user@host-BNG>monitor traffic interface ps0 layer2-headers no-resolve