Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Example: Configuring Dynamic LNS MLPPP Subscribers

This example shows how to configure dynamic L2TP network server (LNS) multilink (MLPPP) subscribers.

Requirements

This example uses the following hardware and software components:

  • MX Series with MPC2s installed

  • Junos OS Release 13.3 or later

Before you configure dynamic LNS MLPPP subscribers, be sure you have:

Overview

An MLPPP subscriber consists of two IFLs (logical interfaces), a member link, and a bundle. For dynamic LNS MLPPP subscribers, you configure the dynamic member link IFLs using dynamic profiles. The member link dynamic profile includes the family mlppp statement containing the bundle dynamic profile and the service interface (si), or a pool of service interfaces. This information is then used to create the dynamic bundle IFL.

Each dynamic bundle accepts only one dynamic member link. If more than one dynamic member link attempts to join the same dynamic bundle, the system fails the new member session.

Figure 1 shows how the different types of traffic traverse through a network where the MX Series is acting as the LNS to terminate MLPPP bundles.

Topology

Figure 1: MLPPP Bundles Terminated at MX Series as the LNS NetworkMLPPP Bundles Terminated at MX Series as the LNS Network

The following three domains are shown passing traffic through the LNS network:

  • PPP domain—Contains data and voice traffic

  • MLPPP domain—Contains data traffic only

  • L2TP domain—Contains all types of traffic

Configuration

To configure dynamic LNS MLPPP subscribers, perform these tasks:

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Configuring a Tunnel Group with a Pool of Service Interfaces and L2TP Access Profile Attributes

Step-by-Step Procedure

The following example requires that you navigate various levels in the configuration hierarchy.

To configure a tunnel group with a pool of service interfaces and L2TP access profile attributes for dynamic LNS MLPPP subscribers:

  1. Create the access profile.

    [edit access]

    user@host# set profile ce-l2tp-profile2

  2. Configure an L2TP (LAC) access client.

    [edit access profile ce-l2tp-profile2]

    user@host# set client ce-lac-3

  3. Associate a group profile containing PPP attributes to apply for the PPP sessions being tunneled from this LAC client.

    [edit access profile ce-l2tp-profile2 client ce-lac-3]

    user@host# set user-group-profile ce-lac-1-gp

  4. Configure the following L2TP access profile attributes for this example:

    • L2TP client is multilink (MLPPP)-capable for subscribers. The multilink statement in the L2TP access client profile determines whether MLPPP is supported for subscribers coming in from the LAC peer.

    • Maximum number of sessions allowed in a tunnel from the client (LAC).

    • Tunnel password used to authenticate the client (LAC).

    • Dynamic profile name in the L2TP access client profile for dynamic LNS MLPPP subscribers.

      Note:

      If the dynamic-profile name is defined in the L2TP access client profile, it is used to create the dynamic LNS MLPPP member link; otherwise, the dynamic-profile name defined in the tunnel group is used. If neither profile contains the family mlppp statement, then the incoming LNS session fails.

    [edit access profile ce-l2tp-profile2 client ce-lac-3]

    user@host# set l2tp multilink

    user@host# set l2tp maximum-sessions-per-tunnel 2000

    user@host# set l2tp shared-secret password

    user@host# set dynamic-profile ml-lns-member-prof

  5. Create the tunnel group.

    [edit services l2tp]

    user@host# set tunnel-group dyn-l2tp-tunnel-group

  6. Set the tunnel access profile equal to the setting you defined for the access profile.

    [edit services l2tp tunnel-group dyn-l2tp-tunnel-group]

    user@host# set l2tp-access-profile ce-l2tp-profile2

  7. Set the L2TP AAA access profile.

    Note:

    You can specify the L2TP AAA access profile in either the [edit access] or [edit services] hierarchy levels, using the LNS access client profile or tunnel-group statements, respectively. An L2TP AAA access profile defined using the [edit access] hierarchy level overrides the L2TP AAA access profile defined for the tunnel-group using the [edit services] hierarchy level.

    [edit services l2tp tunnel-group dyn-l2tp-tunnel-group]

    user@host# set aaa-access-profile ce-authenticator

  8. Set the local gateway address for the L2TP tunnel.

    [edit services l2tp tunnel-group dyn-l2tp-tunnel-group]

    user@host# set local-gateway address 10.1.1.1

  9. Specify the pool of service interfaces for the dynamic LNS MLPPP subscribers.

    [edit services l2tp tunnel-group dyn-l2tp-tunnel-group]

    user@host# set service-device-pool pool1

  10. Specify the dynamic profile used to create the dynamic LNS MLPPP member link.

    [edit services l2tp tunnel-group dyn-l2tp-tunnel-group]

    user@host# set dynamic-profile ml-lns-member-prof

  11. If you are done configuring the device, commit the configuration.

Configuring a Dynamic Profile for Dynamic LNS Member Link IFL Without Mixed Mode Support

Step-by-Step Procedure

The following example requires that you navigate various levels in the configuration hierarchy.

You can configure the dynamic-profile name used to create the dynamic LNS member link IFL in either the L2TP client access profile or in the tunnel-group. See Configuring a Tunnel Group with a Pool of Service Interfaces and L2TP Access Profile Attributes.

The following example shows dynamic-profile configuration for LNS MLPPP and PPP subscribers. The family mlppp statement contains the dynamic-profile name, and either the service-interface or the service-device-pool, used to create the dynamic bundle IFL. If you configure a service-device-pool, an inline services (si) interface is selected from the pool to create the dynamic bundle IFL using a round-robin method.

You must also configure the family inet statement in the si member link dynamic profile interface for tunneled subscribers. The family inet statement enables the L2TP long route to be installed and supported for the lookup engine to steer control packets to the Routing Engine.

Note:

Optionally, you can configure the dynamic profile to support mixed mode to enable PPP subscribers to successfully log in using the dynamic profile. See Configuring a Dynamic Profile for Dynamic LNS Member Link IFL With Mixed Mode Support for the additional configuration commands required.

  1. Specify the dynamic profile that you used to create the dynamic LNS MLPPP member link previously in Configuring a Tunnel Group with a Pool of Service Interfaces and L2TP Access Profile Attributes.

    [edit dynamic-profiles]

    user@host# set ml-lns-member-prof

  2. Configure the interface for the dynamic profile by setting the predefined dynamic interface variable $junos-interface-ifd-name, and the logical interface unit by setting the predefined unit number variable $junos-interface-unit. The interface and unit number variables are dynamically replaced with the interface and unit number that the subscriber accesses when connecting to the MX Series.

    Note:

    The interface setting for a dynamic profile for PPPoE sessions can use either of the following code formats:

    • set interfaces pp0

      or

    • set interfaces “$junos-interface-ifd-name”

    This example uses set interfaces “$junos-interface-ifd-name”.

    [edit dynamic-profiles ml-lns-member-prof]

    user@host# set interfaces “$junos-interface-ifd-name” unit “$junos-interface-unit”

  3. For the $junos-interface-ifd-name interface, set the L2TP interface dial options to specify that the logical interface can host one session at a time (dedicated).

    [edit dynamic-profiles ml-lns-member-prof interfaces “$junos-interface-ifd-name” unit “$junos-interface-unit”]

    user@host# set dial-options l2tp-interface-id dont care dedicated

  4. Enable MLPPP support for LNS MLPPP subscribers and configure the dynamic bundle interface (IFL) by setting the predefined dynamic bundle interface variable $junos-bundle-interface-name.

    Note:

    The family mlppp statement determines whether MLPPP is supported for subscribers coming in from the underlying interface.

    [edit dynamic-profiles ml-lns-member-prof interfaces “$junos-interface-ifd-name” unit “$junos-interface-unit”]

    user@host# set family mlppp bundle “$junos-bundle-interface-name”

  5. Specify the pool of service interfaces for the dynamic LNS MLPPP subscribers.

    [edit dynamic-profiles ml-lns-member-prof interfaces “$junos-interface-ifd-name” unit “$junos-interface-unit” family mlppp]

    user@host# set service-device-pool pool1

  6. Specify the dynamic profile name for the bundle.

    [edit dynamic-profiles ml-lns-member-prof interfaces “$junos-interface-ifd-name” unit “$junos-interface-unit” family mlppp]

    user@host# set dynamic-profile ml-bundle-prof

  7. Enable support for LNS subscribers and the LNS long route.

    [edit dynamic-profiles ml-lns-member-prof interfaces “$junos-interface-ifd-name” unit “$junos-interface-unit”]

    user@host# set family inet

  8. If you are done configuring the device, commit the configuration.

Configuring a Dynamic Profile for Dynamic LNS Member Link IFL With Mixed Mode Support

Step-by-Step Procedure

The following example requires that you navigate various levels in the configuration hierarchy.

Optionally, you can configure the dynamic profile to support mixed mode to enable PPP subscribers to successfully log in using the dynamic profile.

The following example shows the additional configurations required to support mixed mode for dynamic profiles.

Note:

The following configuration commands are not included in the CLI Quick Configuration section.

  1. Specify the dynamic profile that you used to create the dynamic LNS MLPPP member link previously in Configuring a Tunnel Group with a Pool of Service Interfaces and L2TP Access Profile Attributes.

    [edit dynamic-profiles]

    user@host# set ml-lns-member-prof

  2. When the customer premises equipment (CPE) is for a dynamic virtual routing and forwarding (VRF) PPP subscriber, you must configure the routing instance and its interface.

    [edit dynamic-profiles ml-lns-member-prof]

    user@host# set routing-instances "$junos-routing-instance" interface "$junos-interface-name"

  3. Configure the access route for the routing options.

    [edit dynamic-profiles ml-lns-member-prof routing-instances "$junos-routing-instance" interface "$junos-interface-name"]

    user@host# set routing-options access route $junos-framed-route-ip-address-prefix

  4. Configure the next-hop, metric, and preference for the router.

    [edit dynamic-profiles ml-lns-member-prof routing-instances "$junos-routing-instance" interface "$junos-interface-name" routing-options access route $junos-framed-route-ip-address-prefix]

    user@host# set next-hop $junos-framed-route-nexthop

    user@host# set metric $junos-framed-route-cost

    user@host# set preference $junos-framed-route-distance

  5. Configure the internal access route for the routing options.

    [edit dynamic-profiles ml-lns-member-prof routing-instances "$junos-routing-instance" interface "$junos-interface-name"]

    user@host# set routing-options access-internal route $junos-subscriber-ip-address

  6. Configure the qualified next-hop for the internal route..

    [edit dynamic-profiles ml-lns-member-prof routing-instances "$junos-routing-instance" interface "$junos-interface-name" routing-options access-internal route $junos-subscriber-ip-address ]

    user@host# set qualified-next-hop $junos-interface-name

  7. Follow the procedure described in Configuring a Dynamic Profile for Dynamic LNS Member Link IFL Without Mixed Mode Support to configure the basic settings for the dynamic profile.

    Note:

    To enable mixed mode support, when the CPE is a PPP subscriber, you must also add an unnumbered address, and input and output filters to the family inet statement.

    [edit dynamic-profiles ml-lns-member-prof interfaces “$junos-interface-ifd-name” unit “$junos-interface-unit”]

    user@host# set family inet unnumbered-address $junos-loopback-interface

    user@host# set family inet filter input "$junos-input-filter" output "$junos-output-filter”

  8. When the CPE is a PPP subscriber, you must also configure class of service and define the traffic control profile.

    [edit dynamic-profiles ml-lns-member-prof class-of-service]

    user@host# set traffic-control-profiles tc-profile

  9. For the traffic-control profile, define the following settings: scheduler map, shaping rate, overhead accounting, guaranteed rate, and delay buffer rate.

    [edit dynamic-profiles ml-lns-member-prof class-of-service traffic-control-profiles tc-profile]

    user@host# set scheduler-map "$junos-cos-scheduler-map"

    user@host# set shaping-rate "$junos-cos-shaping-rate"

    user@host# set overhead-accounting "$junos-cos-shaping-mode" bytes "$junos-cos-byte-adjust"

    user@host# set guaranteed-rate "$junos-cos-guaranteed-rate"

    user@host# set delay-buffer-rate "$junos-cos-delay-buffer-rate"

  10. Configure the interface for the dynamic profile by setting the predefined dynamic interface variable $junos-interface-ifd-name, and the logical interface unit by setting the predefined unit number variable $junos-interface-unit.

    [edit dynamic-profiles ml-lns-member-prof class-of-service]

    user@host# set interfaces “$junos-interface-ifd-name” unit “$junos-interface-unit”

  11. For the dynamic profile interface, define the following settings: output traffic control profile, classifiers, and rewrite rules.

    [edit dynamic-profiles ml-lns-member-prof class-of-service interfaces “$junos-interface-ifd-name” unit “$junos-interface-unit”]

    user@host# set output-traffic-control-profile tc-profile

    user@host# set classifiers dscp GEN-CLASSIFIER-IN

    user@host# set rewrite-rules dscp GEN-RW-OUT-DSCP

  12. If you are done configuring the device, commit the configuration.

Configuring a Dynamic Profile for the Dynamic Bundle IFL

Step-by-Step Procedure

The following example requires that you navigate various levels in the configuration hierarchy.

To configure the dynamic profile for the dynamic bundle IFL, you specify the encapsulation multilink-ppp statement within the dynamic profile. The dynamic profile for the dynamic bundle IFL is referenced from the dynamic profile for dynamic PPPoE and LNS member link IFLs.

You must configure the fragmentation-maps statement statically using class-of-service and assign them in the bundle dynamic profile. You can also set these optional MLPPP parameters: MRRU, short sequence, and fragment-threshold. The following example shows how to configure the dynamic profile for the dynamic bundle IFL.

  1. Specify the dynamic profile name for the bundle.

    [edit dynamic-profiles}

    user@host# set ml-bundle-prof

  2. Although MLPPP member links process authentication and routing-instance assignments, if a non-default routing-instance is assigned, you must configure the bundle IFL under the assigned routing-instance. As a result, you must also configure routing-instances in the bundle dynamic-profile.

    [edit dynamic-profiles ml-bundle-prof]

    user@host# set routing-instances "$junos-routing-instance" interface "$junos-interface-name"

  3. Configure the access route for the routing options.

    [edit dynamic-profiles ml-bundle-prof routing-instances "$junos-routing-instance" interface "$junos-interface-name"]

    user@host# set routing-options access route $junos-framed-route-ip-address-prefix

  4. Configure the next-hop, metric, and preference for the router.

    [edit dynamic-profiles ml-bundle-prof routing-instances "$junos-routing-instance" interface "$junos-interface-name" routing-options access route $junos-framed-route-ip-address-prefix]

    user@host# set next-hop $junos-framed-route-nexthop

    user@host# set metric $junos-framed-route-cost

    user@host# set preference $junos-framed-route-distance

  5. Configure the internal access route for the routing options.

    [edit dynamic-profiles ml-bundle-prof routing-instances "$junos-routing-instance" interface "$junos-interface-name"]

    user@host# set routing-options access-internal route $junos-subscriber-ip-address

  6. Configure the qualified next-hop for the internal route.

    [edit dynamic-profiles ml-bundle-prof routing-instances "$junos-routing-instance" interface "$junos-interface-name" routing-options access-internal route $junos-subscriber-ip-address]

    user@host# set qualified-next-hop $junos-interface-name

  7. Configure the interface for the dynamic profile by setting the predefined dynamic interface variable $junos-interface-ifd-name, and the logical interface unit by setting the predefined unit number variable $junos-interface-unit. The interface and unit number variables are dynamically replaced with the interface and unit number that the subscriber accesses when connecting to the MX Series.

    [edit dynamic-profiles ml-bundle-prof]

    user@host# set interfaces “$junos-interface-ifd-name” unit “$junos-interface-unit”

  8. Configure the encapsulation multilink-ppp statement to enable MLPPP bundling for the dynamic profile.

    [edit dynamic-profiles ml-bundle-prof interfaces “$junos-interface-ifd-name” unit “$junos-interface-unit”]

    user@host# set encapsulation multilink-ppp

  9. Configure the following MLPPP options for this example:

    • mrru—Specifies the maximum received reconstructed unit value ranging from 1500 through 4500 bytes.

    • fragment-threshold—Applies to all packets and forwarding classes, ranging from 128 through 16,320 bytes.

    • short-sequence—Determines the header format for the MLPPP. Default is long-sequence.

    [edit dynamic-profiles ml-bundle-prof interfaces “$junos-interface-ifd-name” unit “$junos-interface-unit”]

    user@host# set mrru 1500

    user@host# set fragment-threshold 320

    user@host# set short-sequence

  10. Enable support for MLPP subscribers.

    [edit dynamic-profiles ml-bundle-prof interfaces “$junos-interface-ifd-name” unit “$junos-interface-unit”]

    user@host# set family inet

  11. To enable fragmentation-maps support, you must configure class-of-service and define the traffic control profile.

    [edit dynamic-profiles ml-bundle-prof class-of-service]

    user@host# set traffic-control-profiles tcp2

  12. For the traffic-control profile, define the following settings: scheduler map, shaping rate, guaranteed rate, and delay buffer rate.

    [edit dynamic-profiles ml-bundle-prof class-of-service traffic-control-profiles tcp2]

    user@host# set scheduler-map "$junos-cos-scheduler-map"

    user@host# set shaping-rate "$junos-cos-shaping-rate"

    user@host# set guaranteed-rate "$junos-cos-guaranteed-rate"

    user@host# set delay-buffer-rate "$junos-cos-delay-buffer-rate"

  13. Configure the underlying interface for the dynamic profile by setting the predefined dynamic interface variable $junos-interface-ifd-name, and the logical interface unit by setting the predefined unit number variable $junos-interface-unit. The interface and unit number variables are dynamically replaced with the interface and unit number that the subscriber accesses when connecting to the MX Series.

    [edit dynamic-profiles ml-bundle-prof class-of-service]

    user@host# set interfaces “$junos-interface-ifd-name” unit "$junos-interface-unit"

  14. For the dynamic profile interface, define the output traffic control profile.

    [edit dynamic-profiles ml-bundle-prof class-of-service interfaces “$junos-interface-ifd-name” unit "$junos-interface-unit"]

    user@host# set output-traffic-control-profile tcp2

  15. Define the fragmentation-map required for dynamic profile bundles and used to enable link fragmentation and interleaving (LFI).

    [edit dynamic-profiles ml-bundle-prof class-of-service interfaces “$junos-interface-ifd-name” unit "$junos-interface-unit"]

    user@host# set fragmentation-map fragmap-2

  16. If you are done configuring the device, commit the configuration.

Results

From configuration mode, confirm your configuration by entering the show access, show services, and show dynamic-profiles commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

Dynamic profile for dynamic LNS member link IFL without mixed mode:

Dynamic profile for dynamic LNS member link IFL with mixed mode:

Verification

Confirm that the configuration is working properly.

Verifying the Subscriber Information

Purpose

Verify that the subscriber information for dynamic MLPPP over LNS is correct.

Action

Meaning

Subscriber information for interface si-1/0/0.1073741824 has been configured for MLPPP with interface type of dynamic.

Verifying Mixed Mode Support with a Dynamic MLPPP-Capable Subscriber

Purpose

Verify that mixed mode interfaces negotiated correctly for the single link PPP using a dynamic MLPPP-capable subscriber.

Action

Meaning

When a dynamic MLPPP-capable subscriber negotiates a single link PPP, the results are the same as a non-MLPPP subscriber; no bundle IFL or SDB session is created.

Verifying Tunneled MLPPP Over LAC Interfaces

Purpose

Verify that the MLPPP over LAC member link IFL is correct.

Action

Meaning

When a PPPoE MLPPP session is tunneled, the bundle and member link binding remains. Although the bundle IFL does not participate in the control and forwarding path, it remains in the user-interface.