Juniper BNG CUPS Theory of Operation
SUMMARY This section describes how Juniper operates and the configurations that you must make to operate Juniper BNG CUPS.
Operational Overview
The TR-459 Multi-Service Disaggregated BNG with CUPS. Reference Architecture, Deployment Models, Interface, and Protocol Specifications (TR-459) document was created by the Broadband Forum to define disaggregated BNG architecture. Figure 1 from the TR-459 specification shows the placement of functional blocks on the control plane and the user plane.
The combination of the control plane functions is referred to as a control plane of the disaggregated BNG. Similarly, a combination of the user plane specific functions is referred to as a user plane of the disaggregated BNG.
Three types of interfaces exist between the control plane and the user plane:
-
Management Interface (Mi)—Optionally used for centralized management of the BNG User Planes at the BNG CUPS Controller.
-
Control Packet Redirect Interface (CPRi)—Used to direct and exchange control protocol (DHCP, DHCPv6, PPPoE, PPP, L2TP, and so on) traffic between the BNG CUPS Controller and the BNG User Planes to negotiate subscriber sessions.
-
State Control Interface (SCi):
-
Used to establish associations between the BNG CUPS Controller and the BNG User Planes.
-
Used to program traffic detection and forwarding rules and subscriber state on the BNG User Planes for each subscriber session.
-
Used to report session statistics to the BNG CUPS Controller.
-
The control plane and user plane functions along with the interfaces constitute the disaggregated BNG Architecture as proposed by the TR-459 standard. You can find details in the TR-459 Multi-Service Disaggregated BNG with CUPS. Reference Architecture, Deployment Models, interface, and Protocol Specifications document from the Broadband Forum.
Juniper BNG CUPS Controller
The BNG CUPS Controller is a containerized application that runs in a Kubernetes environment. Kubernetes is a container orchestration environment that provides infrastructure to support application and hardware resiliency, automation, application monitoring, application upgrade and rollback, and service discovery.
The BNG CUPS Controller consists of the following micro services:
- Control plane instance—An instance of the subscriber management control plane. The control plane instance manages session states for various access models (for example, DHCP, PPPoE, and L2TP). It also provides AAA services, IP address allocation services, and maintains the SCi and CPRi interfaces to its BNG User Planes. The control plane instance may also interact with a dynamic pool prefix source (Address Pool Manager (remote) or local reserve) to maintain a source of addresses for address allocation. The control plane instance records the session state to the state cache pod. If the control plane instance pod restarts, it recovers its state from the state cache.
-
State cache—A persistent in-memory cache that stores subscriber session and other state information generated by the control plane instance. The state cache pod runs on a cluster node other than the node where the control plane instance runs. If the state cache pod restarts, it recovers its state from the control plane instance.
The BNG CUPS Controller components generate log messages through the syslog protocol. You can use the Broadband Edge Event Collection and Visualization (BBE ECAV) application to collect and record the log messages.
Supported Stacking Models
-
Juniper BNG CUPS supports the following stacking models:
-
DHCP Server single stack
-
DHCPv6 Server single stack
-
DHCP Server single session dual stack
-
DHCP Relay single stack
-
DHCPv6 Relay single stack
-
DHCP Relay single session dual stack
-
PPPoE single stack (IP or IPv6)
-
PPPoE dual stack
-
L2TP LAC
-
Dynamic VLANs (for DHCP and PPPoE)
-
Supported Scaling and Topology Requirements
A single BNG CUPS Controller supports the following number of subscribers and BNG User Planes:
-
One BNG CUPS Controller can support up to 512K subscribers.
-
One BNG CUPS Controller can support up to 16 BNG User Planes.
BNG CUPS Controller runs in a Kubernetes environment.
The Kubernetes environment requires the following devices:-
Control plane node (you must have at least three)
-
Worker nodes (you must have at least three)
Note:For system requirements, see Install Juniper BNG CUPS.
Configure BNG CUPS Controller
The BNG CUPS Controller configuration consists of the following configuration groups:
bbe-bng-director—Contains controller-wide configuration items such as BNG User Plane definitions, control plane instance definitions, BNG User Plane assignments, subscriber and load balancing group definitions.bbe-common-0—Contains the bulk of the subscriber management configurations including the following:-
Dynamic profiles
-
Class of service classifiers
-
Rewrite rules
-
Traffic control profiles
-
Schedulers and Scheduler maps
-
Firewall filters and policers
-
Authentication, authorization, and accounting (AAA) services at the access and access profile level
-
Figure 2 shows the configuration group hierarchy.
Configure the bbe-bng-director Group
The bbe-bng-director configuration group contains the
bng-controller stanza. You should minimally configure the
bng-controller-name, user-planes, and
control-plane-instances settings in the
bng-controller stanza.
See the following bbe-bng-director group configuration
example:
groups {
bbe-bng-director {
bng-controller {
bng-controller-name new-england;
user-planes {
billerica {
transport {
198.20.33.4;
}
dynamic-address-pools {
partition middlesex;
v6-na-partition v6-na-partition;
v6-dp-partition v6-dp-partition;
}
user-plane-profile up-std;
}
canton {
transport {
198.20.48.7;
}
dynamic-address-pools {
partition middlesex;
v6-na-partition v6-na-partition;
v6-dp-partition v6-dp-partition;
}
user-plane-profile up-std;
}
}
control-plane-instances {
cpi-boston {
control-plane-config-group bbe-common-0;
user-plane [billerica canton];
}
}
}
}
}
In the above example, there are two BNG User Planes defined (billerica and
canton). As part of the BNG User Plane configuration, the contact IP address of
the BNG User Plane is configured in the transport stanza.
Dynamic address pool partitions are configured under the
dynamic-address-pools stanza. Also, the
user-plane-profile, which defines the BNG User Plane's
interfaces and capabilities, is defined and assigned to each BNG User Plane.
The user-plane-profile is configured in the common configuration
group (for example, bbe-common-0). So, when the BNG User Plane
is configured or assigned to a control plane instance, its user plane profile
must be defined in the common configuration group assigned by the
control-plane-config for the control plane instance.
As part of the control plane instance configuration, you are configuring the following:
-
The control plane instance name—The control plane instance name must match the control plane instance name that you assigned to the control plane instance pod created during the
cpi addconfiguration in the initial setup of BNG CUPS Controller (see Juniper BNG CUPS Installation). -
The name of the configuration group (for example,
bbe-common-0) to use for subscriber management configuration. -
The list of BNG User Planes assigned to the control plane instance.
Configure the bbe-common-0 Group
The common configurations for subscriber management are configured in a common configuration group. Up to five common configuration groups can be defined. The name of the common configuration group is fixed. The name must be one of the following: bbe-common-0, bbe-common-1, bbe-common-2, bbe-common-3, or bbe-common-4.
See the following bbe-common-0 group
configuration example (for simplicity, the example is only partially elaborated)
:
groups bbe-common-0 {
system {
services {
dhcp-local-server {
dhcpv4 {
group dhcp-v4-client {
dynamic-profile dhcp-client-demux;
interface-tag access001;
}
}
}
}
}
access-profile acc001;
access {
address-pool-manager {
inet 198.19.224.134;
port 20557;
local-reserve {
partition v6-na-partition {
family {
inet6 {
prefix 173:162:1::/96;
}
}
}
partition v6-dp-partition {
family {
inet6 {
prefix 3000::/8;
}
}
}
}
}
radius-server {/* not elaborated */}
profile acc001 {/* not elaborated */}
address-assignment {
domain-profile v4pool {
family {
inet {
preferred-prefix-length 24;
excluded-address last-octet 255;
dhcp-gateway-address-last-octet 1;
install-discard-routes {
tag 77;
backup-tag 88;
}
}
}
domain-profile dpPool {
family {
inet6 {
partition-type delegated-prefix;
preferred-prefix-length 48;
allocation-length 56;
install-discard-routes {
tag 77;
backup-tag 88;
}
}
}
}
domain-profile naPool {
family {
inet6 {
partition-type non-temporary-address;
preferred-prefix-length 120;
allocation-length 128;
install-discard-routes {
tag 55;
backup-tag 66;
}
}
}
}
}
}
user-plane-profiles {
up-std {
interfaces xe-1/1/0 {
interface-tag access001;
auto-configure {
stacked-vlan-ranges {
dynamic-profile dhcp-server-demux {
accept [ dhcp-v4 dhcp-v6 ];
ranges {
any,any;
}
}
}
remove-when-no-subscribers;
}
}
}
}
dynamic-profiles {
dhcp-client-demux {/* not elaborated */}
}
}
In this common group configuration, the dhcp-local-server
group references an interface by its tagged name. An interface tag
is defined in the user-plane-profile configuration. This allows
the same DHCP server group configuration to be used for all BNG User Plane
logical ports assigned to the same interface tag.
A user plane profile is a template that is used for a BNG User Plane's interface configuration and other configuration such as lawful intercept, captive portal content delivery, resource monitor, and so on. It is assumed that most of your BNG User Planes will have similar configurations. The user plane profile allows you to avoid constantly having to repeat the BNG User Plane configuration. The DHCP local server can universally represent a BNG User Plane's interface by its tag name (instead of, up:billerica:xe-1/1/0). The combination of the tag name and the BNG User Plane context (provided by the BNG CUPS infrastructure) is sufficient enough to identify the interface to the DHCP local server component. This also allows the configuration to avoid specifying the interface for each logical port for each BNG User Plane to be assigned to the DHCP local server group. The same interface tag can be assigned to each logical interface and referenced once in the DHCP local server group.
The common group configuration also includes configurations for Address Pool Manager (APM). In this case, a remote APM instance is used for IPv4 partitions and a local reserve is defined for local IPv6 partitions used to source prefixes for IPv6 non-temporary addresses and delegated prefixes.Configure BNG User Planes
The BNG User Plane is responsible for applying the subscriber session state originated by the BNG CUPS Controller and acting as the forwarding plane for subscriber traffic. Also, it is responsible for redirecting control protocol packets to the BNG CUPS Controller to negotiate and configure the subscriber session..
The BNG User Plane configuration for subscriber management is a simpler configuration, because most of the configurations for subscriber management are done on the BNG CUPS Controller.
See the following BNG User Plane configuration example:
configuration-database {
max-db-size 419430400;
}
subscriber-management {
enable;
mode {
user-plane {
user-plane-name billerica;
transport {
inet 198.19.20.33;
}
control-plane {
control-plane-name cpi-boston;
}
}
}
}
Also, you will need to perform a similar configuration for BNG User Plane canton.
The user-plane mode configuration is performed under the
subscriber-management stanza. The IP address that the BNG
User Plane uses to communicate with the BNG CUPS Controller is defined under the
transport stanza. The BNG CUPS Controller name that the BNG
User Plane has been assigned to, and will accept associations from, is defined
under the control-plane stanza.
The rest of the BNG User Plane's configuration should be focused on other system configurations (for example, telemetry, routing, DDoS protections, resource monitoring, and so on).
Completing Your BNG CUPS Controller Deployment
After you complete the BNG CUPS Controller installation process (see the Juniper BNG
CUPS Installation Guide), only the state cache service is currently running. You can
verify this by running the dbng status command.
$ dbng status --context <cluster- context> scache 1/1 0
To complete the deployment of BNG CUPS Controller, you must create a control plane
instance. This is required before you configure control plane instances in the
bbe-bng-director configuration group. You create a control
plane instance using the cpi-add command.
$ sudo -E dbng cpi add –context <cluster-context> --version 23.4R2 cpi-test-1
This creates the control plane instance pod. You can run the dbng
status command again to verify that the control plane instance was
created. In this example, you can see that cpi-boston was
created.
$ dbng status --context <cluster-context> MICROSERVICE PODS RESTARTS cpi-boston 1/1 0 scache 1/1 0 Storage: Healthy
The name you assign to the control plane instance must match the name you use in the
bbe-bng-director group configuration for the control plane
instance. Now that the control plane instance is created, you can proceed to
configuring the BNG CUPS Controller by entering the CLI.
$ dbng cli –context <cluster-context> root@cpi-boston>
BNG CUPS Controller and BNG User Plane Protocol Operations
Now with the BNG User Planes (billerica and canton) both configured and the assigned control plane instance (cpi-boston), the BNG CUPS Controller and BNG User Planes form a disaggregated BNG system by signaling over the state control interface. The signaling consists of PFCP message exchanges to establish an association between the BNG CUPS Controller and each BNG User Plane assigned to it. The signaling also includes additional PFCP message exchanges before subscriber session negotiation and signaling proceeds.
The following diagram shows the initial PFCP message exchanges between the BNG CUPS Controller and each assigned BNG User Plane.
The initial PFCP exchanges occur in three basic steps before the BNG User Plane initiates the forwarding of control protocol packets (for example, PPPoE, PADI, DHCP DISCOVER, DHCPv6, SOLICIT) to the BNG CUPS Controller in step 4 below.
Each BNG User Plane that is assigned to a BNG CUPS Controller, goes through the following steps.
The BNG CUPS Controller initiates the heartbeat request to the BNG User Plane. The BNG User Plane responds to the heartbeat request and initiates its own heartbeat request to the BNG CUPS Controller.
The BNG CUPS Controller initiates an association to the BNG User Plane with an association setup request. The BNG User Plane does not initiate a PFCP association and waits to be contacted by the BNG CUPS Controller. If the request is from the configured
control-plane-name, the BNG User Plane responds with a PFCP association setup response. A BNG CUPS Controller association is then formed with the BNG User Plane.Heartbeat messages are sent bi-directionally between the BNG CUPS Controller and The BNG User Plane periodically based on the configured interval. It is recommended that the BNG CUPS Controller and the BNG User Planes use the same interval and retry configuration.
The
show user-planecommand can be performed from the BNG CUPS Controller to confirm a successful association with each assigned BNG User Plane.root@cpi-boston> show user-plane Name Address CPi State Health Up-time Active/Backup-sess billerica 198.20.33.4 cpi-boston connected healthy 00:03:07 0/0 canton 198.20.48.7 cpi-boston connected healthy 00:00:18 0/0
The BNG CUPS Controller initiates session establishment request exchanges to configure the following CPRi tunnels:
- The default CPRi to allow forwarding of control packets from the BNG User Plane to the BNG CUPS Controller to start subscriber session negotiations.
- If the user plane profile assigned to the BNG User Plane in the BNG CUPS
Controller configuration specifies interfaces configured for auto-sensed
VLANs, a logical port CPRi is created for each interface configured for
the auto-sensed VLANs. A session establishment request is initiated for
each interface and includes both the logical port name and the VLAN
ranges from the
auto-configurestanza for the interface. The logical port CPRi is used to support delayed session creation and thus the exchange of control protocol packets between the BNG User Plane and BNG CUPS Controller to negotiate subscriber sessions.
This step consists of three sub-steps. The sub-steps can occur in any order but are expected to occur before subscriber session negotiation is performed:
The BNG User Plane initiates one or more node-level network instance reports. The reports shows each configured network instance and its initial connectivity status (connected or isolated). This action is performed in accordance with TR-459.
The BNG User Plane initiates one or more node-level logical port reports. The reports show each access-facing logical port and its initial forwarding capacity. This action is performed in accordance with TR-459.
The BNG CUPS Controller initiates one or more association update request exchanges to create one or more provisioned subscriber groups. The assigned logical port from the BNG User Plane is included in the subscriber groups creation message.
The BNG CUPS Controller receives control protocol packets from the BNG User Plane over the default or logical-port CPRi. Subscriber session negotiation commences based on control packet exchanges between the BNG User Plane and BNG CUPS Controller, resulting in BNG CUPS Controller initiated session establishment requests to create a subscriber session CPRi.
Note the following:
The BNG User Plane does not forward received control protocol packets arriving from an access-facing logical port to the BNG CUPS Controller until a node-level subscriber group creation request for the logical port has been received from the BNG CUPS Controller.
The BNG CUPS Controller discards received control packets arriving on the CPRi until the association update response to create or modify the corresponding subscriber group for the logical port is received from the BNG User Plane.