Supported Platforms
Agent Circuit Identifier-Based Dynamic VLANs Overview
You can configure the router to create dynamic virtual LAN (VLAN) subscriber interfaces for Dynamic Host Configuration Protocol (DHCP) and Point-to-Point Protocol over Ethernet (PPPoE) subscribers based on agent circuit identifier (ACI) information. To use ACI-based dynamic VLAN subscriber interfaces, you must configure them on Modular Port Concentrators/Modular Interface Cards (MPCs/MICs) that face the access side of the network in an MX Series router.
This overview covers the following topics:
VLAN Architectures and Subscriber Identification
The following VLAN architectures defined in the DSL Forum Technical Report (TR)-101, Migration to Ethernet-Based DSL Aggregation (April 2006), use different methods to uniquely identify subscribers in Ethernet-based subscriber access networks:
- 1:1 access model using customer VLANs
Configurations that use the 1:1 access model uniquely identify subscribers by means of VLAN encapsulation; that is, by using the VLAN ID and stacked VLAN (S-VLAN) ID. Subscriber packets received from the access node (such as a digital subscriber line access multiplexer, or DSLAM) that are either single-tagged with a VLAN ID or double-tagged with both an S-VLAN ID and a VLAN ID are examples of 1:1 VLAN configurations because they provide a one-to-one correspondence between an individual subscriber and the VLAN encapsulation.
In the 1:1 VLAN architecture, each customer premises equipment (CPE) or subscriber network has its own dedicated Layer 2 path to the router. Each subscriber network is separated by a customer VLAN (C-VLAN) that is dedicated to a particular customer. The services for each customer are transmitted from the router to the access node by means of that customer’s C-VLAN.
The ability to uniquely identify subscribers by means of VLAN encapsulation facilitates delivery of services such as authentication, authorization, and accounting (AAA); class of service (CoS); and filters (policers) to subscribers in a 1:1 VLAN configuration.
- N:1 access model using service VLANs
Configurations that use the N:1 access model do not uniquely identify subscribers by means of VLAN encapsulation. Instead, these configurations identify subscribers by means of the agent circuit identifier (ACI) information present in DHCP and PPPoE control packets. Subscriber packets received from the access node that are either single-tagged with the same VLAN ID for a group of subscribers or untagged are examples of N:1 VLAN configurations because they provide a many-to-one correspondence between individual subscribers and the VLAN encapsulation.
In the N:1 VLAN architecture, a service such as video, voice, or data is typically routed to a particular VLAN instead of having multiple services share a single VLAN, as is the case with the 1:1 VLAN architecture. Such VLANs, often referred to as service VLANs, enable service providers to route different services to different routers to functionally separate network services and reduce network complexity.
Because a VLAN in an N:1 configuration corresponds to a service rather than an individual subscriber, the router uses ACI information in DHCP and PPPoE control packets instead of VLAN encapsulation to uniquely identify subscribers and facilitate application of subscriber-based services.
ACI-Based Dynamic VLANs and Agent Circuit Identifier Interface Sets
For single-tagged, double-tagged, or untagged N:1 configurations that do not use VLAN encapsulation to uniquely identify subscribers, you can configure the router to create dynamic VLAN subscriber interfaces for DHCP and PPPoE subscribers based on ACI information. ACI-based dynamic VLANs uniquely identify subscribers on the router and facilitate application of subscriber-based services, such as CoS and interface-shared filters, to all subscribers that originate from a single household and share the same ACI information.
When you configure an ACI-based dynamic VLAN, the router examines the DHCP and PPPoE control packets to extract the ACI information in order to build a unique dynamic VLAN subscriber interface. The agent-circuit-identifier value is a string that uniquely identifies the subscriber’s access node and the digital subscriber line (DSL) on the access node. For DHCP traffic, the agent-circuit-identifier string is in the DHCP option 82 field of DHCP messages. For PPPoE traffic, the agent-circuit-identifier string is in the DSL Forum Agent-Circuit-ID VSA [26-1] of PPPoE Active Discovery Initiation (PADI) and PPPoE Active Discovery Request (PADR) control packets.
Configuring ACI-based dynamic VLAN subscriber interfaces is particularly useful in configurations with multiple DHCP and PPPoE subscriber sessions per household. Because DHCP and PPPoE control traffic sent to the router from the same household has the same unique agent-circuit-identifier string, the router groups these DHCP and PPPoE subscriber interfaces in the same ACI interface set. An ACI interface set is a logical collection of subscriber interfaces that originate at the same household or on the same access-loop port. Grouping subscriber interfaces into ACI interface sets enables unique subscriber identification and facilitates application of subscriber-based services, such as class of service (CoS) and interface-shared filters, on a per-household basis.
