Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Configure the BNG Router

Read this topic to learn how to configure the border network gateway (BNG) router to use Juniper Address Pool Manager (APM) as the IP address pool manager. You use APM to manage a central pool of IPv4 addresses across multiple pool domains on different BNG routers. APM requires BNG routers to be running a supported Junos OS Release.


For configuring the BNG CUPs for APM, see the Juniper BNG CUPS User Guide on

APM and the BNG router communicate and send each other information over a gRPC channel. Upon initial connection or reconnection, APM initiates a process to synchronize pool domain information and to reconcile pool domains on the BNG against its own database. The BNG router monitors pool utilization and notifies APM over the gRPC channel when the number of free addresses in the pool domain crosses one of the following defined thresholds:

  • Apportion threshold
  • Reclaim threshold

For more information about thresholds, see How APM Works.

The general steps for configuring the BNG router is as follows:

  1. Configure secrets on the BNG. You must have already created the necessary keys and certificates. See Additional Requirements.
    • Root certificate authority (CA) certificate
    • BNG certificate
    • BNG private keypair
  2. Set the source partition name by using the set system services subscriber-management location partitionName statement.

  3. Create a routing instance and specify a domain profile that has information about allocating prefix addresses from the APM-managed partitions. See Configure a Routing Instance and the Pool Domain Attributes for APM.

Configure a Routing Instance and the Pool Domain Attributes for APM

Follow these steps to enable the BNG router to use APM and to configure the pool domain attributes that APM uses in creating a partition. You can create the domain profile in the default routing instance or for a specified routing instance.

  1. Enable the BNG to use APM.
  2. (Optional) Secure the APM connection by configuring the secrets stanza. Copy the root CA’s certificate, BNG Certificate, and BNG private key to the BNG’s file system. Edit the access address-pool-manager statement and provide the full path to the key and certificate files.

  3. Configure a profile name under the [edit access address-assignment] hierarchy. The profile name should match the framed pool name that is returned by the authentication server.
  4. Configure pool domain information for APM to use in allocating prefixes. The pool domain information includes the following:
    1. Prefix size that APM should use to provision the pool domain.
    2. The IP addresses that APM excludes from being allocated in the pool domain.
    3. (Optional) Support for install discard routes. When you enable install-discard-routes, the BNG router routes traffic to the subscriber with the assigned IP address and discards all other traffic in that subnetwork. To keep the static routes from timing out due to inactivity or disconnection, you must also set the purge timeout to never.
    4. (Optional) A qualifier for the partition. The source partition qualifier name is appended to the location name. If a qualifier name is not specified, then the BNG router appends default to the location name.


After following the steps above, use the show command to verify the results of your configuration.