Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Routes for DHCP and PPP Subscriber Access Networks

Access and Access-Internal Routes for Subscriber Management

DHCP and PPP on the router use both access routes and access-internal routes to represent either the subscriber or the networks behind the attached router. An access route represents a network behind an attached router, and is set to a preference of 13. An access-internal route is a /32 route that represents a directly attached subscriber, and is set to a preference of 12.

Access routes typically are used to apply the values of the RADIUS Framed-Route attribute [22] for IPv4 routes and the Framed-IPv6-Route attribute [99] for IPv6 routes. A framed route consists of a prefix that represents a public network behind the CPE, a next-hop gateway, and optional route attributes consisting of a combination of metric, preference, and tag. The only mandatory component of the framed route is the prefix. The next-hop gateway can be specified explicitly in the framed route, as 0.0.0.0, ::0, or the subscriber’s fixed address assigned by the Framed-IP-Address (8) or Framed-IPv6-Prefix (97) attribute (common practice for business subscribers). Alternatively, the absence of the gateway address implies address 0.0.0.0. The address 0.0.0.0 or ::0, whether implicit or explicitly configured, resolves to the subscriber’s assigned address (host route). Consequently, the convention is that the next-hop gateway is the subscriber’s IP address.

You can configure a dynamic profile to use predefined variables to dynamically configure access routes using the values specified in the RADIUS attribute. To configure access routes include the access stanza at the [edit dynamic-profiles profile-name routing-options] hierarchy level.

Starting in Junos OS Release 15.1, we recommend that you use only access routes for framed route support. We recommend that you do not use access-internal routes in the dynamic profile configuration. If the RADIUS Framed-Route attribute (22) or Framed-IPv6-Route attribute [99] does not specify the next-hop gateway—as is common—the variable representing the next-hop, $junos-framed-route-nexthop or $junos-framed-route-ipv6-nexthop, automatically resolves to the subscriber’s IP address. If you configure the access-internal statement in the dynamic profile, it is ignored.

Note:

Starting in Junos OS Release 15.1R4, the router no longer supports a configuration where a static route points to a next hop that is tied to a subscriber. Typically, this might occur when RADIUS assigns the next hop with the Framed-IP-Address attribute. An alternative to this misconfiguration is to have the RADIUS server provide a Framed-Route attribute that matches the static route.

Configuring Dynamic Access Routes for Subscriber Management

You can dynamically configure access routes for DHCP and PPP subscribers based on the values specified in the following RADIUS attributes:

  • For IPv4 access routes, use the variable, $junos-framed-route-ip-address-prefix. The route prefix variable is dynamically replaced with the value in Framed-Route RADIUS attribute [22].

  • For IPv6 access routes, use the variable, $junos-framed-route-ipv6-address-prefix. The variable is dynamically replaced with the value in Framed-IPv6-Route RADIUS attribute [99].

To dynamically configure access routes:

  1. Configure the route prefix for the access route as a variable.

    For IPv4:

    For IPv6:

  2. Configure the next-hop address as a variable.

    For IPv4:

    For IPv6:

  3. Configure the metric as a variable.

    For IPv4:

    For IPv6:

  4. Configure the preference as a variable.

    For IPv4:

    For IPv6:

  5. Configure the tag as a variable.

    IPv4:

    IPv6:

Starting in Junos OS Release 15.1, we recommend that you use only access routes for framed route support. We recommend that you do not use access-internal routes. If the RADIUS Framed-Route attribute (22) or Framed-IPv6-Route attribute [99] does not specify the next-hop gateway—as is common—the variable representing the next-hop, $junos-framed-route-nexthop, is automatically resolved. If you configure the access-internal statement in the dynamic profile, it is ignored.

Configuring Dynamic Access-Internal Routes for DHCP and PPP Subscribers

You can dynamically configure access-internal routes. In releases earlier than Junos OS 15.1, this configuration is optional; if you include it, the values from the access-internal variables are used if the next-hop value is missing in the relevant RADIUS attribute—Framed-Route [22] for IPv4 and Framed-IPv6-Route [99] for IPv6.

Starting in Junos OS Release 15.1R1, we no longer recommend that you always include the access-internal stanza in the dynamic-profile when the access stanza is present for framed route support. The subscriber’s address is stored in the session database entry before the dynamic profile installs the framed route, enabling the next-hop address to be resolved when it is not explicitly specified in the Framed-Route RADIUS attribute (22) or Framed-IPv6-Route attribute [99].

DHCP subscriber interfaces require the qualified-next-hop to identify the interface and the MAC address. For PPP subscriber interfaces, you do not need to specify the MAC address for access-internal routes.

To dynamically configure access-internal routes for DHCP or PPP subscribers:

  1. Specify that you want to configure the access-internal route.
  2. Configure the IP address and the qualified next-hop address as variables.
    Note:

    The variable used for qualified-next-hop is $junos-interface-name.

  3. (DHCP subscriber interfaces only) Configure the MAC address for the qualified next-hop as a variable.

Suppressing DHCP Access, Access-Internal, and Destination Routes

During the DHCP client binding operation, the DHCP process adds route information for the DHCP sessions by default. The DHCP process adds the following routes:

  • DHCPv4 sessions—access-internal and destination routes.

  • DHCPv6 sessions—access-internal and access routes.

An access route represents a network behind an attached video services router, and is set to a preference of 13.

An access internal route is a /32 route that represents a directly attached end user, and is set to a preference of 12.

These routes are used by the DHCP application on a video services router to represent either the end users or the networks behind the attached video services router.

In some scenarios, you might want to override the default behavior and prevent DHCP from automatically installing the route information.

For example, DHCP relay installs destination (host) routes by default—this action is required in certain configurations to enable address renewals from the DHCP server to work properly. However, the default installation of destination routes might cause a conflict when you configure DHCP relay with static subscriber interfaces.

To avoid such configuration conflicts you can override the default behavior and prevent DHCP relay from installing the routes.

Preventing DHCP from Installing Access, Access-Internal, and Destination Routes by Default

You can use the route suppression option to override the default route installation behavior. You can configure route suppression and prevent DHCP from installing specific types of routes for:

  • DHCP local server and DHCP relay agent

  • DHCPv4 and DHCPv6 sessions

  • Globally or for named interface groups

For DHCPv4 you can override the installation of destination routes only or access-internal routes (the access-internal option prevents installation of both destination and access-internal routes). For DHCPv6 you can specify access routes, access-internal routes, or both.

Example:

  • For DHCP local server route suppression (for example, a global configuration):

  • For DHCP relay (for example, a group-specific configuration):

  • For DHCPv6 local server (for example, a group-specific configuration):

  • For DHCPv6 relay (for example, a global configuration):

Note the following while configuring route suppression option:

  • You cannot suppress access-internal routes when the subscriber is configured with both IA_NA and IA_PD addresses over IP demux interfaces—the IA_PD route relies on the IA_NA route for next hop connectivity.

  • The no-arp statement supported in legacy DHCP is replaced by the route-suppression statement.

Verifying the Configuration of Access and Access-Internal Routes for DHCP and PPP Subscribers

Purpose

View configuration information for access routes and access-internal routes on DHCP and PPP subscribers. The access-internal routes are those that are automatically installed when a client profile is instantiated.

Action

  • To display extensive information about access routes and access-internal routes:

  • To display the configuration for access routes:

  • To display the configuration for access-internal routes:

Related Documentation

Change History Table

Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.

Release
Description
15.1R1
Starting in Junos OS Release 15.1R1, we no longer recommend that you always include the access-internal stanza in the dynamic-profile when the access stanza is present for framed route support.
15.1
Starting in Junos OS Release 15.1, we recommend that you use only access routes for framed route support.
15.1
Starting in Junos OS Release 15.1, we recommend that you use only access routes for framed route support.