Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Dual Stack for PPPoE Access Networks Using NDRA

Configuring a PPPoE Dynamic Profile for Use with NDRA in a Dual-Stack Network

Configure a dynamic profile for IPv4 and IPv6 PPPoE subscribers that access the network. The dynamic profile defines the attributes of the dynamic PPPoE logical subscriber interface.

This dynamic profile is for configurations that use NDRA to assign a global IP address to the CPE WAN link.

To configure a PPPoE dynamic profile for NDRA:

  1. Create and name the dynamic profile.
  2. If you are using routing instances, add a routing instance to the profile and add an interface to the routing instance.
    • Specify the $junos-routing-instance variable for the routing instance. The routing instance variable is dynamically replaced with the routing instance the accessing subscriber uses when connecting to the BNG.

    • Specify the $junos-interface-name variable for the interface. The interface variable is dynamically replaced with the interface that the accessing subscriber uses when connecting to the BNG.

  3. Add a PPPoE logical interface (pp0) to the profile, and specify $junos-interface-unit as the predefined variable to represent the logical unit number for the interface. The variable is dynamically replaced with the actual unit number supplied by the network when the subscriber logs in.
  4. Configure the IPv4 family for the pp0 interface as follows:
    • If you are not using routing instances, assign an unnumbered address. The unnumbered address enables the local address to be derived from the specified interface and allows IP processing on the interface without assigning an explicit IP address to the interface.

      For example:

    • If you are using routing instances, assign the predefined variable $junos-loopback-interface.

      For example:

  5. Configure the IPv6 family for the pp0 interface, and assign $junos-ipv6-address as the predefined variable. Use this variable when you are using router advertisement with or without routing instances. This variable is replaced with the IPv6 address of the interface used for router advertisements.
  6. Specify $junos-underlying-interface as the predefined variable to represent the name of the underlying Ethernet interface on which the router creates the dynamic PPPoE logical interface. The variable is dynamically replaced with the actual name of the underlying interface.
  7. Define the router to act as a PPPoE server when a PPPoE logical interface is dynamically created.
  8. (Optional) Configure the PPP authentication protocol that is used to identify and authenticate the CPE. Specify either chap or pap (or both).
  9. (Optional) Enable keepalives and set an interval for keepalives. We recommend an interval of 30 seconds. For example:
  10. Configure the router advertisement protocol.
    1. Access the router advertisement configuration.
    2. Specify the interface on which the NDRA configuration is applied. Assign $junos-interface-name as the predefined variable. The variable is replaced with the actual name of the interface.
    3. Specify a prefix value contained in router advertisement messages sent to the CPE on interfaces created with this dynamic profile.

      If you specify the $junos-ipv6-ndra-prefix predefined variable, the actual value is obtained from a local pool or through AAA.

Configuring a Static PPPoE Logical Interface for NDRA

To configure a static PPPoE logical interface for static NDRA configurations:

  1. Specify the name and logical unit number of the interface.
  2. Configure a description for the interface.
  3. Specify the family inet6 source address.
  4. Configure an unnumbered address for family inet.
  5. Specify the underlying Ethernet interface.
  6. Define the router to act as a PPPoE server when the PPPoE logical interface is created.
  7. Access the router advertisement configuration, and specify the prefixes that the BNG sends in router advertisements for the static interface. Make sure that the prefixes match the source address configured for the static PPPoE logical interface configured in Step 3.

Configuring an Address-Assignment Pool Used for Router Advertisements

If you are using local address-assignment pools to be used for router advertisement, create a pool and add IPv6 prefixes to the pool.

You must configure separate pools for DHCPv6 prefix delegation, DHCPv6 IA_NA, and router advertisement.

To configure an NDRA address-assignment pool.

  1. Create a pool for IPv6 prefixes used by NDRA.
  2. Add IPv6 network prefixes to the pool.
  3. Configure the name of the IPv6 address range and define the range. For NDRA pools, specify the range by setting a prefix length of 64.
  4. Specify that the address-assignment pool is used for NDRA.

Configuring Duplicate IPv6 Prefix Protection for Router Advertisement

If you are using AAA to supply IPv6 prefixes for router advertisement, you can enable duplicate prefix protection to prevent prefixes from being used more than once. If enabled, the following attributes received from external servers are checked:

  • Framed-IPv6-Prefix

  • Framed-IPv6-Pool

The router then takes one of the following actions:

  • If a prefix matches a prefix in an address pool, the prefix is taken from the pool if it is available.

  • If the prefix is already in use, it is rejected as unavailable.

  • If the prefix length requested from the external server does not match the pool’s prefix length exactly, the authentication request is denied. If configured, the Acct-Stop message will include a termination cause.

To configure duplicate prefix protection:

  1. Enter the access configuration.
  2. Enable duplicate prefix protection.

Example: Configuring a Dual Stack That Uses ND/RA Over PPPoE

This example shows a dual stack configuration for a residential subscriber with a single PC. It uses ND/RA to provide a prefix used to obtain a global IPv6 address for the PC.

Requirements

This example uses the following hardware and software components:

  • MX Series 3D Universal Edge Router

  • Junos OS Release 11.4 or later

Overview

This design uses ND/RA in your subscriber access network as follows:

  • The access network is PPPoE.

  • ND/RA is used to assign a global IPv6 address on the WAN link. The prefixes used in router advertisements come from a local pool that is specified using AAA RADIUS.

Topology

Figure 1: PPPoE Subscriber Access Network with NDRA PPPoE Subscriber Access Network with NDRA

Table 1 describes the configuration components used in this example.

Table 1: Configuration Components Used in Dual Stack with ND/RA and DHCPv6 Prefix Delegation

Configuration Component

Component Name

Purpose

Dynamic Profiles

DS-dyn-ipv4v6-ndra

Profile that creates a PPPoE logical interface when the subscriber logs in.

Interfaces

ge-3/3/0

Underlying Ethernet interface.

lo0

Loopback interface for use in the access network. The loopback interface is automatically used for unnumbered interfaces.

Address-Assignment Pools

default-ipv4-pool-2

Pool that provides IPv4 addresses for the subscriber LAN.

ndra-2010

Pool that provides IPv6 prefixes used in router advertisements. These prefixes are used to create a global IPv6 address that is assigned to the CPE WAN link.

Configuration

To configure this example, perform these tasks:

CLI Quick Configuration

The following is the complete configuration for this example:

Configuring a Dynamic Profile for the PPPoE Logical Interface

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

Create a dynamic profile for the PPPoE logical interface. This dynamic profile supports both IPv4 and IPv6 sessions on the same logical interface.

To configure the dynamic profile:

  1. Create and name the dynamic profile.

  2. Configure a PPPoE logical interface (pp0) that is used to create logical PPPoE interfaces for the IPv4 and IPv6 subscribers.

  3. Specify $junos-interface-unit as the predefined variable to represent the logical unit number for the pp0 interface. The variable is dynamically replaced with the actual unit number supplied by the network when the subscriber logs in.

  4. Specify $junos-underlying-interface as the predefined variable to represent the name of the underlying Ethernet interface on which the router creates the dynamic PPPoE logical interface. The variable is dynamically replaced with the actual name of the underlying interface supplied by the network when the subscriber logs in.

  5. Configure the router to act as a PPPoE server when a PPPoE logical interface is dynamically created.

  6. Configure the IPv4 family for the pp0 interface. Specify the unnumbered address to dynamically create loopback interfaces.

  7. Configure the IPv6 family for the pp0 interface. Because the example uses router advertisement, assign the predefined variable $junos-ipv6-address.

  8. Configure one or more PPP authentication protocols for the pp0 interface.

  9. Enable keepalives and set an interval for keepalives. We recommend an interval of 30 seconds.

  10. Access the router advertisement configuration.

  11. Specify the interface on which the ND/RA configuration is applied.

  12. Specify a prefix value contained in router advertisement messages sent to the CPE on interfaces created with this dynamic profile. If you specify the $junos-ipv6-ndra-prefix predefined variable, the actual value is obtained from a local pool or through AAA.

Results

From configuration mode, confirm your configuration by entering the show command.

If you are done configuring the device, enter commit from configuration mode.

Configuring a Loopback Interface

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

To configure a loopback interface:

  1. Create the loopback interface and specify a unit number.

  2. Configure the interface for IPv4.

  3. Configure the interface for IPv6.

Results

From configuration mode, confirm your configuration by entering the show command.

If you are done configuring the device, enter commit from configuration mode.

Configuring a Static Underlying Ethernet Interface for Dynamic PPPoE Subscriber Interfaces

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

To configure the underlying Ethernet interface:

  1. Specify the name and logical unit number of the static underlying Ethernet interface to which you want to attach the IPv4 and IPv6 dynamic profile.

  2. Configure a description for the interface.

  3. Configure PPPoE encapsulation on the underlying interface.

  4. Configure the VLAN Id.

  5. Attach the dynamic profile to the underlying interface.

  6. (Optional) Prevent multiple PPPoE sessions from being created for the same PPPoE subscriber on the same VLAN interface.

Results

From configuration mode, confirm your configuration by entering the show command.

If you are done configuring the device, enter commit from configuration mode.

Specifying the BNG IP Address

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Best Practice:

We strongly recommend that you configure the BNG IP address to avoid unpredictable behavior if the interface address on a loopback interface changes.

Step-by-Step Procedure

To configure the IP address of the BNG:

  1. Access the routing-options configuration.

  2. Specify the IP address or the BNG.

Results

From configuration mode, confirm your configuration by entering the show command.

If you are done configuring the device, enter commit from configuration mode.

Configuring RADIUS Server Access

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

To configure RADIUS servers:

  1. Create a RADIUS server configuration, and specify the address of the server.

  2. Configure the required secret (password) for the server. Secrets enclosed in quotation marks can contain spaces.

  3. Configure the source address that the BNG uses when it sends RADIUS requests to the RADIUS server.

  4. (Optional) Configure the number of times that the router attempts to contact a RADIUS accounting server. You can configure the router to retry from 1 through 16 times. The default setting is 3 retry attempts.

  5. (Optional) Configure the length of time that the local router or switch waits to receive a response from a RADIUS server. By default, the router or switch waits 3 seconds. You can configure the timeout to be from 1 through 90 seconds.

Results

From configuration mode, confirm your configuration by entering the show command.

If you are done configuring the device, enter commit from configuration mode.

Configuring RADIUS Server Access Profile

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

To configure a RADIUS server access profile:

  1. Create a RADIUS server access profile.

  2. Specify the order in which authentication methods are used.

  3. Specify the address of the RADIUS server used for authentication and the server used for accounting.

  4. Configure RADIUS accounting values for the access profile.

Results

From configuration mode, confirm your configuration by entering the show command.

If you are done configuring the device, enter commit from configuration mode.

Specifying the RADIUS Server Access Profile to Use

CLI Quick Configuration

To quickly configure this example, copy the following command and paste it into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

To specify the RADIUS server access profile to use for authentication:

  1. Specify the access profile.

Results

From configuration mode, confirm your configuration by entering the show command.

If you are done configuring the device, enter commit from configuration mode.

Configuring Local Address-Assignment Pools

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

Configure three address-assignment pools for DHCPv4, DHCPv6 prefix delegation, and ND/RA.

To configure the address-assignment pools:

  1. Configure the address-assignment pool for DHCPv4.

  2. Configure the address-assignment pool for ND/RA.

  3. Specify that the address-assignment pool is used for NDRA.

  4. (Optional) Enable duplicate prefix protection.

Results

From configuration mode, confirm your configuration by entering the show command.

If you are done configuring the device, enter commit from configuration mode.

Verification

Confirm that the configuration is working properly.

Verifying Active Subscriber Sessions

Purpose

Verify active subscriber sessions.

Action

From operational mode, enter the show subscribers summary command.

Meaning

The fields under Subscribers by State show the number of active subscribers.

The fields under Subscribers by Client Type show the number of active DHCP and DHCPoE subscriber sessions.

Verifying Both IPv4 and IPv6 Address in Correct Routing Instance

Purpose

Verify that the subscriber has both an IPv4 and IPv6 address and is placed in the correct routing instance.

Action

From operational mode, enter the show subscribers command.

Meaning

The Interface field shows that there are two subscriber sessions running on the same interface. The IP Address field shows that one session is assigned an IPv4 address, and one session is assigned on IPv6 address.

The LS:RI field shows that the subscriber is placed in the correct routing instance and that traffic can be sent and received.

Verifying Dynamic Subscriber Sessions

Purpose

Verify that the dynamic subscriber session is active, and the IPv6 prefix obtained form the ND/RA pool.

Action

From operational mode, enter the show subscribers detail command.

Meaning

The IPv6 User Prefix field shows the prefix that was obtained from the ND/RA pool. The State field shows that the session is active.

Verifying the ND/RA Prefix Pool and Prefix Length

Purpose

Verify the pool used for ND/RA and the prefix length used with the pool

Action

From operational mode, enter the show subscribers extensive command.

Meaning

Under the PPPoE session, the IPv6 Delegated Address Pool field shows the name of the pool used for ND/RA prefixes. The IPv6 Delegated Network Prefix Length field shows the length of the prefix used to assign the IPv6 address for this subscriber session. The IPv6 Interface Address field shows the IPv6 address assigned to the CPE interface from the ND/RA pool.

Verifying the Status of the PPPoE Logical Interface

Purpose

Display status information about the PPPoE logical interface (pp0).

Action

From operational mode, enter the show interfaces pp0.logical command.

Meaning

The Local field under Protocol inet shows the IPv4 address of the pp0 interface. This is the IPv4 address configured for the loopback interface.

The Destination field under Protocol inet6 shows the IPv6 address obtained through ND/RA. This is the value of the $junos-ipv6-ndra-prefix variable configured in the dynamic profile.

The Local field under Protocol inet6 shows the value of the $junos-ipv6-address variable configured for family inet6 in the pp0 configuration of the dynamic profile.

Verifying Router Advertisements

Purpose

Verify that router advertisements are being sent, and router solicits are being received.

Action

From operational mode, enter the show ipv6 router-advertisement command.

If you have a large number of subscriber interfaces, you can display router advertisements for a specific interface.

Meaning

The display shows the number of advertisements that the router sent, the number of solicits and advertisements that the router received.

Example: Configuring a Dual Stack That Uses ND/RA and DHCPv6 Prefix Delegation Over PPPoE

Requirements

This example uses the following hardware and software components:

  • MX Series 3D Universal Edge Router

  • Junos OS Release 11.4 or later

Overview

This design uses ND/RA and DHCPv6 prefix delegation in your subscriber access network as follows:

  • The access network is PPPoE.

  • ND/RA is used to assign a global IPv6 address on the WAN link. The prefixes used in router advertisements come from a local pool that is specified using AAA RADIUS.

  • DHCPv6 prefix delegation is used for subscriber LAN addressing. It used a delegated prefix from a local pool that is specified using AAA RADIUS.

  • DHCPv4 is used for subscriber LAN addressing.

  • DHCPv6 subscriber sessions are layered over an underlying PPPoE subscriber session.

Topology

Figure 44: PPPoE Subscriber Access Network with ND/RA and DHCPv6 Prefix DelegationPPPoE Subscriber Access Network with ND/RA and DHCPv6 Prefix Delegation

Table 2 describes the configuration components used in this example.

Table 2: Configuration Components Used in Dual Stack with ND/RA and DHCPv6 Prefix Delegation

Configuration Component

Component Name

Purpose

Dynamic Profiles

DS-dyn-ipv4v6-ndra

Profile that creates a PPPoE logical interface when the subscriber logs in.

Interfaces

ge-3/3/0

Underlying Ethernet interface.

lo0

Loopback interface for use in the access network. The loopback interface is automatically used for unnumbered interfaces.

Address-Assignment Pools

default-ipv4-pool-2

Pool that provides IPv4 addresses for the subscriber LAN.

ndra-2010

Pool that provides IPv6 prefixes used in router advertisements. These prefixes are used to create a global IPv6 address that is assigned to the CPE WAN link.

dhcpv6-pd-pool

Pool that provides a pool of prefixes that are delegated to the CPE and are used for assigning IPv6 global addresses on the subscriber LAN.

Configuration

CLI Quick Configuration

The following is the complete configuration for this example:

Configuring a DHCPv6 Local Server for DHCPv6 over PPPoE

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

To layer DHCPv6 above the PPPoE IPv6 family (inet6), associate DHCPv6 with the PPPoE interfaces by adding the PPPoE interfaces to the DHCPv6 local server configuration. Because this example uses a dynamic PPPoE interface, we are using the pp0.0 (PPPoE) logical interface as a wildcard to indicate that a DHCPv6 binding can be made on top of a PPPoE interface.

To configure a DHCPv6 local server:

  1. Access the DHCPv6 local server configuration.

  2. Create a group for dynamic PPPoE interfaces and assign a name.

    The group feature groups a set of interfaces and then applies a common DHCP configuration to the named interface group.

  3. Add an interface for dynamic PPPoE logical interfaces.

Results

From configuration mode, confirm your configuration by entering the show command.

If you are done configuring the device, enter commit from configuration mode.

Configuring a Dynamic Profile for the PPPoE Logical Interface

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

Create a dynamic profile for the PPPoE logical interface. This dynamic profile supports both IPv4 and IPv6 sessions on the same logical interface.

To configure the dynamic profile:

  1. Create and name the dynamic profile.

  2. Configure a PPPoE logical interface (pp0) that is used to create logical PPPoE interfaces for the IPv4 and IPv6 subscribers.

  3. Specify $junos-interface-unit as the predefined variable to represent the logical unit number for the pp0 interface. The variable is dynamically replaced with the actual unit number supplied by the network when the subscriber logs in.

  4. Specify $junos-underlying-interface as the predefined variable to represent the name of the underlying Ethernet interface on which the router creates the dynamic PPPoE logical interface. The variable is dynamically replaced with the actual name of the underlying interface supplied by the network when the subscriber logs in.

  5. Configure the router to act as a PPPoE server when a PPPoE logical interface is dynamically created.

  6. Configure the IPv4 family for the pp0 interface. Specify the unnumbered address to dynamically create loopback interfaces.

  7. Configure the IPv6 family for the pp0 interface. Because the example uses router advertisement, assign the predefined variable $junos-ipv6-address.

  8. Configure one or more PPP authentication protocols for the pp0 interface.

  9. Enable keepalives and set an interval for keepalives. We recommend an interval of 30 seconds.

  10. Access the router advertisement configuration.

  11. Specify the interface on which the ND/RA configuration is applied.

  12. Specify a prefix value contained in router advertisement messages sent to the CPE on interfaces created with this dynamic profile. If you specify the $junos-ipv6-ndra-prefix predefined variable, the actual value is obtained from a local pool or through AAA.

Results

From configuration mode, confirm your configuration by entering the show command.

If you are done configuring the device, enter commit from configuration mode.

Configuring a Loopback Interface

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

To configure a loopback interface:

  1. Create the loopback interface and specify a unit number.

  2. Configure the interface for IPv4.

  3. Configure the interface for IPv6.

Results

From configuration mode, confirm your configuration by entering the show command.

If you are done configuring the device, enter commit from configuration mode.

Configuring a Static Underlying Ethernet Interface for Dynamic PPPoE Subscriber Interfaces

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

To configure the underlying Ethernet interface:

  1. Specify the name and logical unit number of the static underlying Ethernet interface to which you want to attach the IPv4 and IPv6 dynamic profile.

  2. Configure a description for the interface.

  3. Configure PPPoE encapsulation on the underlying interface.

  4. Configure the VLAN Id.

  5. Attach the dynamic profile to the underlying interface.

  6. (Optional) Prevent multiple PPPoE sessions from being created for the same PPPoE subscriber on the same VLAN interface.

Results

From configuration mode, confirm your configuration by entering the show command.

If you are done configuring the device, enter commit from configuration mode.

Specifying the BNG IP Address

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Best Practice:

We strongly recommend that you configure the BNG IP address to avoid unpredictable behavior if the interface address on a loopback interface changes.

Step-by-Step Procedure

To configure the IP address of the BNG:

  1. Access the routing-options configuration.

  2. Specify the IP address or the BNG.

Results

From configuration mode, confirm your configuration by entering the show command.

If you are done configuring the device, enter commit from configuration mode.

Configuring RADIUS Server Access

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

To configure RADIUS servers:

  1. Create a RADIUS server configuration, and specify the address of the server.

  2. Configure the required secret (password) for the server. Secrets enclosed in quotation marks can contain spaces.

  3. Configure the source address that the BNG uses when it sends RADIUS requests to the RADIUS server.

  4. (Optional) Configure the number of times that the router attempts to contact a RADIUS accounting server. You can configure the router to retry from 1 through 16 times. The default setting is 3 retry attempts.

  5. (Optional) Configure the length of time that the local router or switch waits to receive a response from a RADIUS server. By default, the router or switch waits 3 seconds. You can configure the timeout to be from 1 through 90 seconds.

Results

From configuration mode, confirm your configuration by entering the show command.

If you are done configuring the device, enter commit from configuration mode.

Configuring RADIUS Server Access Profile

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

To configure a RADIUS server access profile:

  1. Create a RADIUS server access profile.

  2. Specify the order in which authentication methods are used.

  3. Specify the address of the RADIUS server used for authentication and the server used for accounting.

  4. Configure RADIUS accounting values for the access profile.

  5. At the top of the configuration hierarchy, enter the following command to enable the access profile.

Results

From configuration mode, confirm your configuration by entering the show command.

If you are done configuring the device, enter commit from configuration mode.

Specifying the RADIUS Server Access Profile to Use

CLI Quick Configuration

To quickly configure this example, copy the following command and paste it into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

To specify the RADIUS server access profile to use for authentication:

  1. Specify the access profile.

Results

From configuration mode, confirm your configuration by entering the show command.

If you are done configuring the device, enter commit from configuration mode.

Configuring Local Address-Assignment Pools

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

Configure three address-assignment pools for DHCPv4, DHCPv6 prefix delegation, and ND/RA.

To configure the address-assignment pools:

  1. Configure the address-assignment pool for DHCPv4.

  2. Configure the address-assignment pool for DHCPv6 prefix delegation

  3. Configure the address-assignment pool for ND/RA.

  4. (Optional) Enable duplicate prefix protection.

Results

From configuration mode, confirm your configuration by entering the show command.

If you are done configuring the device, enter commit from configuration mode.

Specifying the Address-Assignment Pool to Be Used for DHCPv6 Prefix Delegation

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

To specify that the dhcpv6-pd-pool is used for DHCPv6 prefix delegation:

  1. Access the DHCPv6 local server configuration.

  2. Specify the address pool that assigns the delegated prefix.

Results

From configuration mode, confirm your configuration by entering the show command.

If you are done configuring the device, enter commit from configuration mode.

Verification

Confirm that the configuration is working properly.

Verifying Active Subscriber Sessions

Purpose

Verify active subscriber sessions.

Action

From operational mode, enter the show subscribers summary command.

Meaning

The fields under Subscribers by State show the number of active subscribers.

The fields under Subscribers by Client Type show the number of active DHCP and DHCPoE subscriber sessions.

Verifying Both IPv4 and IPv6 Address in Correct Routing Instance

Purpose

Verify that the subscriber has both an IPv4 and IPv6 address and is placed in the correct routing instance.

Action

From operational mode, enter the show subscribers command.

Meaning

The Interface field shows that there are two subscriber sessions running on the same interface. The IP Address field shows that one session is assigned an IPv4 address, and one session is assigned on IPv6 address.

The LS:RI field shows that the subscriber is placed in the correct routing instance and that traffic can be sent and received.

Verifying Dynamic Subscriber Sessions

Purpose

Verify dynamic PPPoE and DHCPv6 subscriber sessions. In this example configuration the DHCPv6 subscriber session should be layered over the underlying PPPoE subscriber session.

Action

From operational mode, enter the show subscribers detail command.

Meaning

When a subscriber has logged in and started both an IPv4 and an IPv6 session, the output shows the active underlying PPPoE session and the active DHCPv6 session.

The Session ID field for the PPPoE session is 87. The Underlying Session ID for the DHCP session is 87, which shows that the PPPoE session is the underlying session.

Verifying DHCPv6 Address Pools Used for NDRA and DHCPv6 Prefix Delegation

Purpose

Verify the pool used for ND/RA, the delegated address pool used for DHCPv6 prefix delegation and the length of the IPv6 prefixes that were delegated to the CPE.

Action

From operational mode, enter the show subscribers extensive command.

Meaning

Under the PPPoE session, the IPv6 Delegated Address Pool fields show the names of the pools used for DHCPv6 prefix delegation and for ND/RA prefixes. The IPv6 Delegated Network Prefix Length field shows the length of the prefix used to assign the IPv6 address for this subscriber session. The IPv6 Interface Address field shows the IPv6 address assigned to the CPE interface from the ND/RA pool.

Under the DHCP session, the IPv6 Delegated Address Pool fields show the name of the pool used for DHCPv6 prefix delegation. The IPv6 Delegated Network Prefix Length fields shows the length of the prefix used in DHCPv6 prefix delegation.

Verifying DHCPv6 Address Bindings

Purpose

Display the address bindings in the client table on the DHCPv6 local server.

Action

From operational mode, enter the show dhcpv6 server binding command.

If you have many active subscriber sessions, you can display the server binding for a specific interface.

Meaning

The Prefix field shows the DHCPv6 prefix assigned to the subscriber session from the pool used for DHCPv6 prefix delegation.

Verifying Router Advertisements

Purpose

Verify that router advertisements are being sent, and router solicits are being received.

Action

From operational mode, enter the show ipv6 router-advertisement command.

If you have a large number of subscriber interfaces, you can display router advertisements for a specific interface.

Meaning

The display shows the number of advertisements that the router sent, the number of solicits and advertisements that the router received.

Verifying the Status of the PPPoE Logical Interface

Purpose

Display status information about the PPPoE logical interface (pp0).

Action

From operational mode, enter the show interfaces pp0.logical command.

Meaning

The Underlying interface field shows the underlying Ethernet interface configured in the example.

The Destination field under Protocol inet6 shows the IPv6 address obtained through ND/RA. This is the value of the $junos-ipv6-ndra-prefix variable configured in the dynamic profile.

The Local field under Protocol inet6 shows the value of the $junos-ipv6-address variable configured for family inet6 in the pp0 configuration of the dynamic profile.

IP Demultiplexing Interfaces on Packet-Triggered Subscribers Services Overview

Packet triggered subscribers feature creates IP demultiplexing interfaces (IP demux IFL) on receiving a data packet from clients with preassigned IP address. On receiving the first packet, the control plane checks the IP address. If the source IP address matches one of the configured IP address ranges, the subscriber is authenticated with authenticating server. On successful authentication, the IP demux IFL is created using the dynamic profile specified in the CLI. The IP demux IFL adds the framed route and demux source for subscriber using the mask passed by the authenticating server. If the mask is not sent by the authenticating server, access and demux routes are installed using the mask specified in the CLI.

For IPv4, all traffic from single household has same source IPv4 public address. Hence, for every household only one IP demux IFL is created. For business subscribers, multiple public IP addresses are created using framed-routes. For IPv6, the source address of traffic coming from same household is different as each device has different source address. For scaling reason, it is not possible to have one IP demux IFL for each device in each household. Hence, all devices from the same household share the same IP demux IFL.

Note:

During IP demux IFL creation if the authentication fails, the IP demux IFL is still created but such IP demux IFL cannot forward any traffic. Any received traffic for the associated subscriber is dropped. All such rejected IP demux IFLs remains in configured state and is referred as configured subscribers. Creating IP demux IFL even if the authentication fails will avoid thrashing as subsequent packets will be dropped on the PFE and will not be punted to the RE. All subscribers in ‘Configured’ state will be periodically removed. Once these subscribers are removed any new packets received from the same source will get punted to the RE.

Benefits of IP Demultiplexing Interfaces on Packet-Triggered Subscribers Services

  • Supports packet triggered subscribers using authentication and service selection by RADIUS server and allows a maximum of 16 IPv4 and 16 IPv6 address ranges per underlying IFL.

  • Allows the authenticating server to pass in the dynamic-profile to use. When the authenticating server passes these values, they take precedence over values configured through CLI.

  • Provides throttling mechanism to mitigate DoS-like attack and limit the rate of exception packets sent to RE for IP demux authentication and creation. The throttling mechanism uses the existing DDoS mechanism.

Configuring Packet Triggered Subscribers Using IP Demux Interfaces in Dynamic Profiles

You can configure the packet triggered subscribers for demux interfaces for both IPv4 and IPv6 addresses. The packet triggered subscribers feature creates IP demux IFL on receiving a data packet from clients with preassigned IP address. Once the IP demux IFL is created framed route and demux source are added for subscriber using the mask passed by the authenticating server.

To enable the packet triggered subscribers feature, configure the demux options in a dynamic profile. Dynamic profiles enable you to dynamically apply configured values to the dynamic interfaces, making them easier to manage.

Before you begin:

Note:

If the MAC address changes for a packet-triggered subscriber after the subscriber has logged in and the session is up, the subscriber will not be able to log in from the new device with the same IP address. For example, a subscriber might log in from a laptop and then try to log in from a second laptop. You can avoid this by setting a period during which the session is monitored for subscriber activity. Use the client-idle-timeout option at the [edit access profile profile-name session-options] hierarchy level. When the timeout expires, the subscriber is gracefully logged out. The subscriber can then successfully log in from the second device. See Configuring Subscriber Session Timeout Options.

After you configure the dynamic profile, configure the packet triggered subscribers interfaces beginning with the demux interface:

  1. Specify that you want to configure the demux interface.
  2. Configure the family for the demux interfaces.
    1. Specify that you want to configure the family.

      For IPv4:

      For IPv6:

      Note:

      The remaining steps all show family inet, but are the same for either family.

  3. Specify the demux address type to be based on the source address.
  4. Configure the auto-configure details for the family.
  5. Begin the specific packet-triggered subscriber configuration.
  6. Under address range configure the following:
    1. Dynamic profile includes the details for network address, and the range for the demux interface for the family.
    2. Authentication includes the details for password to be included and the username profiles such as, delimiter, domain name, interface name, authentication server, source address and user prefix for the demux interface for the family.