Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

PPPoE Maximum Session Limit Overview

The maximum session limit for PPPoE subscriber interfaces specifies the maximum number of concurrent static or dynamic PPPoE logical interfaces (sessions) that the router can activate on the PPPoE underlying interface, or the maximum number of active static or dynamic PPPoE sessions that the router can establish with a particular service entry in a PPPoE service name table.

You can configure the PPPoE maximum session limit in one of two ways:

  • On a per-interface basis.

  • (Default) On a per-subscriber basis.

This overview describes the concepts you need to understand to configure the PPPoE maximum session limit, and covers the following topics:

Per-Interface Configuration for PPPoE Maximum Session Limit Using the CLI

When you configure the PPPoE maximum session limit for a particular interface, you can use the max-sessions statement to specify either or both of the following:

  • The maximum number of concurrent PPPoE sessions that the router can activate on the PPPoE underlying interface

  • The maximum number of active PPPoE sessions using either static or dynamic PPPoE interfaces that the router can establish with a particular named service entry, empty service entry, or any service entry in a PPPoE service name table

You can configure the PPPoE maximum session value from 1 through the platform-specific default for your router. The default value is equal to the maximum number of PPPoE sessions supported on your routing platform. If the number of active PPPoE sessions exceeds the value configured, the router prohibits creation of any new PPPoE sessions, and the PPPoE application on the router returns a PPPoE Active Discovery Session (PADS) packet with an error to the PPPoE client.

Changing the PPPoE maximum session value has no effect on dynamic PPPoE subscriber interfaces that are already active.

Per-Subscriber Configuration for PPPoE Maximum Session Limit Using RADIUS

To configure the PPPoE maximum session limit for a particular subscriber, you can use the value returned by the RADIUS server in the Max-Clients-Per-Interface Juniper Networks VSA [26-143] during the subscriber authentication process. For PPPoE clients, the Max-Clients-Per-Interface VSA returns the maximum number of sessions (PPPoE subinterfaces) per PPPoE major interface.

By default, the PPPoE maximum session value returned by RADIUS in the Max-Clients-Per-Interface VSA takes precedence over the PPPoE maximum session value configured with the max-sessions statement.

If you configure multiple subscribers on the same PPPoE underlying VLAN interface and RADIUS returns a different PPPoE maximum session value for each subscriber, the router uses the most recent PPPoE maximum session value returned by RADIUS to determine whether to override the current PPPoE maximum session value and create the new PPPoE session.

The following sequence describes how the router obtains the PPPoE maximum session value from RADIUS when a PPPoE subscriber logs in to initiate a session with the router. (In a PPPoE subscriber network, the router functions as a remote access concentrator, also known as a PPPoE server.)

  1. The PPPoE client and the router participate in the PPPoE Discovery process to establish the PPPoE connection.

  2. The PPP Link Control Protocol (LCP) negotiates the PPP link between the client and the router.

  3. The PPP application sends the subscriber authentication request to the AAA application.

  4. AAA sends the authentication request to an external RADIUS server.

  5. The RADIUS server returns the PPPoE maximum session value for that subscriber to AAA in the Max-Clients-Per-Interface VSA as part of an Access-Accept message.

    The RADIUS server does not return the Max-Clients-Per-Interface VSA in Change of Authorization Request (CoA-Request) messages.

  6. AAA passes the response from RADIUS to PPP.

  7. PPP validates the subscriber parameters and, if authentication succeeds, passes the PPPoE maximum session value returned by RADIUS to the PPPoE application.

  8. PPPoE uses the maximum session value returned by RADIUS to determine whether to override the current PPPoE maximum session value and create or tear down the new PPPoE session.

Override of PPPoE Maximum Session Limit from RADIUS

You can configure the router to ignore (clear) the PPPoE maximum session value returned by the RADIUS server in the Max-Clients-Per-Interface VSA. Configuring the router to ignore the VSA restores the PPPoE maximum session value on the underlying interface to the value configured in the CLI.

Session Limit Enforcement Using Circuit-ID and MAC address for PPPoE Subscribers

You can manage PPPoE subscriber sessions using Circuit-ID and MAC address information for session limit enforcement. This feature ensures session management by enforcing session limits even when ACI or ARI tags are unavailable. This feature combines Circuit-ID and source MAC address, for MAC address-based interface sets when agent circuit identifier (ACI) and agent remote identifier (ARI) tags are unavailable. The RG MAC address is replaced by a unique source MAC Address by the Access Node (AN). This feature allows service providers to efficiently manage and control the number of PPPoE sessions per household, even in diverse access node environments. Dynamic VLAN support ensures flexible and scalable subscriber session management, while high availability is maintained with Graceful Routing Engine Switchover (GRES) and in-service software upgrade (ISSU). By utilizing MAC address-triggered ACI VLANs, service providers can enforce session limits effectively, for consistent management across various types of network nodes. The MAC address line identity option is activated when no line identities are received and ACI VLANs are created based on MAC address received. See Standard and Vendor-Specific RADIUS Attributes.

Related Documentation