Configure the BNG Router
Read this topic to learn how to configure the border network gateway (BNG) router to use Juniper Address Pool Manager (APM) as the IP address pool manager. You use APM to manage a central pool of IPv4 addresses across multiple pool domains on different BNG routers. APM requires BNG routers to be running a supported Junos OS Release.
For configuring the BNG CUPs for APM, see the Juniper BNG CUPS User Guide on Juniper.net.
APM and the BNG router communicate and send each other information over a gRPC channel. Upon initial connection or reconnection, APM initiates a process to synchronize pool domain information and to reconcile pool domains on the BNG against its own database. The BNG router monitors pool utilization and notifies APM over the gRPC channel when the number of free addresses in the pool domain crosses one of the following defined thresholds:
- Apportion threshold
- Reclaim threshold
For more information about thresholds, see How APM Works.
The general steps for configuring the BNG router is as follows:
- Configure secrets on the BNG. You must have already created the necessary keys and
certificates. See Additional Requirements.
- Root certificate authority (CA) certificate
- BNG certificate
- BNG private keypair
-
Set the source partition name by using the
set system services subscriber-management location partitionName statement.
- Create a routing instance and specify a domain profile that has information about allocating prefix addresses from the APM-managed partitions. See Configure a Routing Instance and the Pool Domain Attributes for APM.
Configure a Routing Instance and the Pool Domain Attributes for APM
Follow these steps to enable the BNG router to use APM and to configure the pool domain attributes that APM uses in creating a partition. You can create the domain profile in the default routing instance or for a specified routing instance.
- Enable the BNG to use APM.
[edit access] user@host# set address-pool-manager{ inet 192.168.0.0; port 20557; system-id test2;
-
(Optional) Secure the APM connection by configuring the secrets stanza. Copy the root CA’s certificate, BNG Certificate, and BNG private key to the BNG’s file system. Edit the
access address-pool-manager
statement and provide the full path to the key and certificate files.[edit access] address-pool-manager { secrets { certificate /var/home/regress/myBng.crt; key /var/home-regress/myBng.key; ca-cert /var/home/regress/rootCA.crt;
- Configure a profile name under the
[edit access address-assignment]
hierarchy. The profile name should match the framed pool name that is returned by the authentication server.[edit access address-assignment] user@host# set domain-profile profile-name family inet
- Configure pool domain information for APM to use in allocating prefixes. The pool domain
information includes the following:
- Prefix size that APM should use to provision the pool domain.
- The IP addresses that APM excludes from being allocated in the pool domain.
- (Optional) Support for install discard routes. When you enable
install-discard-routes
, the BNG router routes traffic to the subscriber with the assigned IP address and discards all other traffic in that subnetwork. To keep the static routes from timing out due to inactivity or disconnection, you must also set the purge timeout tonever
. - (Optional) A qualifier for the partition. The source partition qualifier name is
appended to the location name. If a qualifier name is not specified, then the BNG
router appends
default
to the location name.
[edit access address-assignment domain-profile profile-name family inet ] user@host# set preferred-prefix-length 25 user@host# set excluded-address last-octet 255 user@host# set excluded-address last-octet 0 user@host# set install-discard-routes user@host# set source-partition-qualifier name
Results
After following the steps above, use the show
command to verify the
results of your configuration.
user@host> show access address-assignment domain-profile profile test1 { family { inet { preferred-prefix-length 24; excluded-address last-octet [ 255 0 ]; install-discard-routes; source-partition-qualifier spq-name; } } }