DHCP Subscriber Access Networks Overview
DHCP and Subscriber Management Overview
You use DHCP in broadband access networks to provide IP address configuration and service provisioning. DHCP, historically a popular protocol in LANs, works well with Ethernet connectivity and is becoming increasingly popular in broadband networks as a simple, scalable solution for assigning IP addresses to subscriber home PCs, set-top boxes (STBs), and other devices.
Junos OS subscriber management supports the following DHCP allocation models:
-
DHCP Local Server
-
DHCP Relay
-
DHCP Relay Proxy
DHCP uses address assignment pools from which to allocate subscriber addresses. Address-assignment pools support both dynamic and static address assignment:
-
Dynamic address assignment—A subscriber is automatically assigned an address from the address-assignment pool.
-
Static address assignment—Addresses are reserved and always used by a particular subscriber.
Note:Addresses that are reserved for static assignment are removed from the dynamic address pool and cannot be assigned to other clients.
- Extended DHCP Local Server and Subscriber Management Overview
- Extended DHCP Relay and Subscriber Management Overview
- DHCP Relay Proxy and Subscriber Management Overview
- Extended DHCP over Dynamic PPPoE Subscriber (IPv4, IPV6, and Dual stack) Interfaces (ACX7100 Devices)
Extended DHCP Local Server and Subscriber Management Overview
You can enable the services router to function as an extended DHCP local server. As an extended DHCP local server the services router, and not an external DHCP server, provides an IP address and other configuration information in response to a client request. The extended DHCP local server supports the use of external AAA authentication services, such as RADIUS, to authenticate DHCP clients.
Extended DHCP Relay and Subscriber Management Overview
You can configure extended DHCP relay options on the router and enable the router to function as a DHCP relay agent. A DHCP relay agent forwards DHCP request and reply packets between a DHCP client and a DHCP server. You can use DHCP relay in carrier edge applications such as video and IPTV to obtain configuration parameters, including an IP address, for your subscribers. The extended DHCP relay agent supports the use of external AAA authentication services, such as RADIUS, to authenticate DHCP clients.
DHCP Relay Proxy and Subscriber Management Overview
DHCP relay proxy mode is an enhancement to extended DHCP relay. DHCP relay proxy supports all DHCP relay features while providing additional features and benefits. Except for the ability to add DHCP relay agent options and the gateway address (giaddr) to DHCP packets, DHCP relay is transparent to DHCP clients and DHCP servers, and simply forwards messages between DHCP clients and servers. When you configure DHCP relay to operate in proxy mode, the relay is no longer transparent. In proxy mode, DHCP relay conceals DHCP server details from DHCP clients, which interact with a DHCP relay in proxy mode as though it is the DHCP server. For DHCP servers there is no change, because proxy mode has no effect on how the DHCP server interacts with the DHCP relay.
Extended DHCP over Dynamic PPPoE Subscriber (IPv4, IPV6, and Dual stack) Interfaces (ACX7100 Devices)
Support is provided for the DDOS protocol group ‘dhcpv4v6’ on ACX7100 which is a combined DDOS policer for the aggregated traffic of BBE protocols – DHCPv4, DHCPv6, PPPoE, PPP and L2TP.
-
DHCP (IP-DEMUX lite) & PPPoE subscribers (IPv4, IPV6, and Dual stack) with CoS Lawful Intercept and filter support.
DVLAN (Single and dual tag) with L2TP (LAC) DDOS policers configuration for BBE protocols. Individual BBE protocol and DDOS protocol group configuration is enabled. Only the aggregate DDOS protocol group ‘dhcpv4v6’ is active.
Subscriber scale qualification with Class of Support (CoS) for Layer 2 Tunneling Protocol (L2TP), L2TP access concentrator (LAC) Subscriber Interfaces for IPV4, IPV6 and dual stack.
Subscriber Access Operation Flow Using DHCP Relay
The subscriber management feature requires that a subscriber (for example, a DHCP client) send a discover message to the router interface to initialize dynamic configuration of that interface.
Figure 1 shows the flow of operations that occurs when the router is using DHCP relay to enable access for a subscriber.
The following general sequence occurs during access configuration for a DHCP client:
The client issues a DHCP discover message.
The router issues an authorization request to the RADIUS server.
The RADIUS server issues an authorization response to the router.
The router passes the DHCP discover message through to the DHCP server.
The DHCP server issues an IP address for the client.
The router DHCP component sends an acknowledgement back to the client.
The subscriber now has access to the network and the authorized service.
Defining Various Levels of Services for DHCP Subscribers
This topic discusses how to create dynamic profiles to define various levels of service for DHCP clients.
Before you configure dynamic profiles for client services:
Create a basic dynamic profile.
Configure a dynamic profile that enables DHCP clients access to the network.
See Configuring Dynamic DHCP Client Access to a Multicast Network
Note:You can create a basic dynamic profile that contains both access configuration and some level of basic service.
Ensure that the router is configured to enable communication between the client and the RADIUS server.
See Specifying the Authentication and Accounting Methods for Subscriber Access.
Configure all RADIUS values that you want the profiles to use when validating DHCP clients.
To configure an initial client access dynamic profile:
Example: Configuring a Tiered Service Profile for Subscriber Access
This example shows how to configure a tiered service profile for subscribers.
The profile contains three services:
Gold—Subscribers that pay for this service are allocated 10M bandwidth for data, voice, and video services.
Silver—Subscribers that pay for this service are allocated 5M bandwidth for data, voice, and video services.
Bronze—Subscribers that pay for this service are allocated 1M bandwidth for the data service only.
Each subscriber is allocated a VLAN that is created statically. Subscribers log in using DHCP and authenticate using RADIUS. The subscribers can migrate from one service to another when they change subscriptions.
To configure a profile for a tiered service:
Configure the VLAN interfaces associated with each subscriber. Enable hierarchical scheduling for the interface.
interfaces { ge-2/0/0 { description subscribers; hierarchical-scheduler; stacked-vlan-tagging; unit 1 { vlan-tags outer 100 inner 100; family inet { unnumbered-address lo0.0 preferred-source-address 127.0.0.2; } } unit 2 { family inet { vlan-tags outer 101 inner 101; unnumbered-address lo0.0 preferred-source-address 127.0.0.2; } } unit 3 { vlan-tags outer 102 inner 102; family inet { unnumbered-address lo0.0 preferred-source-address 127.0.0.2; } } } }Configure the static CoS parameters.
In this example, each offering (video, voice, and data) is assigned a queue, and each service (Gold, Silver, and Bronze) is assigned a scheduler.
class-of-service { forwarding-classes { queue 0 data; queue 1 voice; queue 2 video; } scheduler-maps { bronze_service_smap { forwarding-class data scheduler data_sch; } silver_service_smap { forwarding-class data scheduler data_sch; forwarding-class voice scheduler silver_voice_sch; forwarding-class video scheduler silver_video_sch; } gold_service_smap { forwarding-class data scheduler data_sch; forwarding-class voice scheduler gold_voice_sch; forwarding-class video scheduler gold_video_sch; } } schedulers { data_sch { transmit-rate percent 20; buffer-size remainder; priority low; } silver_voice_sch { transmit-rate percent 30; buffer-size remainder; priority high; } silver_video_sch { transmit-rate percent 30; buffer-size remainder; priority medium; } gold_voice_sch { transmit-rate percent 40; buffer-size remainder; priority high; } gold_video_sch { transmit-rate percent 40; buffer-size remainder; priority medium; } } }Configure the dynamic profile for the service.
The scheduler maps configured for each service are referenced in the dynamic profile.
dynamic-profiles { subscriber_profile { interfaces { "$junos-interface-ifd-name" { unit "$junos-underlying-interface-unit" { family inet; } } } class-of-service { traffic-control-profiles { subscriber_tcp { scheduler-map $smap; shaping-rate $shaping-rate; guaranteed-rate $guaranteed-rate; delay-buffer-rate $delay-buffer-rate; } } interfaces { "$junos-interface-ifd-name" { unit "$junos-underlying-interface-unit" { output-traffic-control-profile subscriber_tcp; } } } }Configure access for the subscribers.
The DHCP relay agent forwards DHCP request and reply packets between a DHCP client and a DHCP server. You use DHCP relay to obtain configuration parameters, including an IP address, for subscribers. In this example, one DHCP server, address 198.51.100.1, can be used by subscribers.
The DHCP relay configuration is attached to an active server group named service_provider_group.
The subscribers are grouped together within the subscriber_group, and identifies characteristics such as authentication, username info, and the associated interfaces for the group members. In this example, it also identifies the active server group and the dynamic interface that is used by the subscribers in the group.
forwarding-options { dhcp-relay { server-group { service_provider_group { 198.51.100.1; } } group subscriber_group { active-server-group service_provider_group; dynamic-profile subscriber_profile; interface ge-2/0/0.1; interface ge-2/0/0.2; interface ge-2/0/0.3; } } }