Use Dynamic Address Pools in Juniper BNG CUPS
BNG User Plane high availability within Juniper BNG CUPS is based on subscriber groups. Each subscriber group tracks its own set of subscriber prefixes to successfully switchover all session states, including pool prefix routes, to a backup BNG User Plane. Therefore, subscriber groups are allocated their own set of pool prefixes. Rather than pre-provisioning a set of pools for each subscriber group, a dynamic prefix source is used.
Dynamic prefix sources used in the BNG CUPS Controller include the following:
- Address Pool Manager (APM)—APM is a cloud-native application that maintains a set of prefix partitions from which sub-prefixes may be apportioned for use as pool prefixes. APM communicates with the BNG CUPS Controller’s CPi through the APMi, a gRPC-based protocol. Currently, APM serves only IPv4 prefixes.
- Local reserve—Local reserve is a BNG CUPS Controller configured set of prefix partitions from which sub-prefixes may be apportioned for use as pool prefixes. Local reserve serves both IPv4 and IPv6 prefixes. Local reserve can also act as a backup prefix source for APM when the APMi is disconnected. Currently a local reserve must be used for IPv6 prefixes to assign IPv6 non-temporary addresses, delegated prefixes, and router advertisement prefixes.
As part of the BNG CUPS Controller’s configuration of the BNG User Planes, the
dynamic-address-pools stanza defines the source partition names
from which pool prefixes are apportioned and from which they will be reclaimed.
Following are the four types of partitions:
-
partition—IPv4 Partition name
-
v6-dp-partition—IPv6 delegated prefix partition name
-
v6-na-partition—IPv6 non-temporary address partition name
-
v6-ra-partition—IPv6 route advertisement partition name
Local Reserve
The local reserve is a BNG CUPS Controller configured set of partitions. Partitions
can be either IPv4 or IPv6. Local reserve partitions are configured under the
access address-pool-manager stanza. See the following
example:
access {
address-pool-manager {
inet 198.19.224.134;
port 20557;
auto-recovery drain-delay 120;
apportion-delay 60;
local-reserve {
partition middlesex {
family {
inet {
prefix 192.168.192.0/20;
}
}
}
partition v6-na-partition {
family {
inet6 {
prefix 173:162:1::/96;
}
}
}
partition v6-dp-partition {
family {
inet6 {
prefix 3000::/8;
}
}
}
}
}
The IPv4 partition (middlesex in this example) is a backup partition for a
partition of the same name in the APM configuration. In this case the
local-reserve partition has one prefix of private addresses. If
the connection to APM is lost, the subscriber groups associated with the BNG User
Planes that have specified middlesex as their IPv4 partition apportion
private prefixes from the local reserve after the APMi connection has been down for
the configured apportion delay time. Once the APM apportioned public pool prefixes
are exhausted, incoming subscribers in the subscriber group are allocated addresses
from the private pool prefixes sourced from the local reserve.
Subscribers may have limited access with private addresses, but they will be able to login to the network. Once the APMi connection is restored, it is desirable to readdress the subscribers who were allocated private addresses with public addresses from APM-sourced pools. After the configured auto recovery drain delay period, the BNG CUPS Controller enables an active drain on the pools apportioned from the local reserve. As subscribers reconnect, additional public pool prefixes are apportioned from APM and the subscribers are allocated public addresses and regain full service.
There are also two IPv6 partitions configured as part of the local reserve. These partitions apportion IPv6 pool prefixes for non-temporary addresses and prefix delegated addresses for IPv6 subscribers respectively. Since APM does not support IPv6 partitions, local reserve is the only option to source dynamic address pools for subscriber groups serving IPv6 subscribers.
Address Pool Manager
APM is a separate cloud-native application that can be deployed in the same Kubernetes cluster as the BNG CUPS Controller or in a different cluster altogether. APM can source IPv4 partitions for many BNG CUPS Controller control plane instances or integrated BNGs.
See the following APM configuration example:
apm {
inet-pool {
partition middlesex {
prefix 192.32.0.0/16 {
max-prefix-length 24;
}
}
}
entity-match cpi-massachusetts {
pool-domain-profile domainTemplate;
}
pool-domain-profile domainTemplate {
monitoring {
apportion-threshold 200;
reclaim-threshold 457;
}
auto-reclamation {
active always;
}
}
}
In the APM configuration, partition middlesex has a public IPv4 prefix from which pool prefixes are apportioned and reclaimed.
The entity-match stanza identifies the CPis that APM will accept
connections from. In this case, only CPi with the systemID of
cpi-massachusetts will be allowed to connect. The CPI uses apportion and
reclamation settings for created pool domains as defined by the
pool-domain-profile
domainTemplate.
The corresponding BNG Controller configuration elements necessary to use APM as a dynamic prefix source are shown in the following example:
groups {
bbe-common-0 {
access {
address-pool-manager {
inet 198.19.224.134;
port 20557;
}
address-assignment {
domain-profile v4FramedPoolName {
family {
inet {
preferred-prefix-length 24;
excluded-address-last-octet 255;
}
}
}
}
}
}
}
In the address-pool-manager stanza, the inet
statement contains the external IP address used by APM. This can be retrieved by
using the apm ip utility script command (see APM User Guide). The default port that APM
listens on is 20557. The system identifier that the control plane instance uses to
identify itself to APM is the control-plane-instance name (for
example, cpi-massachusetts). APM must have a corresponding
entity-match entry in its configuration.
In the address-assignment stanza, domain-profiles must match the
FramedPool names that are supplied during the subscriber
authentication phase and include the preferred prefix length to request pool
prefixes from the prefix source (either APM or local reserve) and any address
exclusions to use for the apportioned dynamic pools.
Domain Creation, Apportionment and Reclamation
The domain-profile statement configured under
the BNG CUPS Controller’s access address-assignment stanza in the
bbe-common-0 group aligns with the
address-pool or FramedPool attribute returned
during the authentication phase of subscriber login. The domain profile defines the
size of the prefix to apportion from the partition, any address exclusions, and
whether to install a discard route for each pool prefix.
See the following
domain-profile example
configuration:
domain-profile v4pool {
family {
inet {
preferred-prefix-length 24;
excluded-address last-octet 255;
install-discard-routes {
tag 77;
backup-tag 88;
}
}
}
}
domain-profile dpPool {
family {
inet6 {
partition-type delegated-prefix;
preferred-prefix-length 48;
allocation-length 56;
install-discard-routes {
tag 77;
backup-tag 88;
}
}
}
}
As a subscriber logs into the network, a FramedPool
attribute is returned from a successful authentication phase. If the
FramedPool matches a domain-profile in the
configuration, the CPi checks to see if a domain has been created for the associated
subscriber group. If no domain exists, the CPi coordinates with the partition source
(either APM or the local reserve) to create a domain name by connecting the values
of the FramedPool name, the subscriber group name, and the
associated routing instance.