Junos OS and Junos OS Evolved Enhanced Subscriber Management
Junos OS Enhanced Subscriber Management Overview
Junos OS enhanced subscriber management is a next-generation broadband edge software architecture for wireline subscriber management. Enhanced subscriber management enables you to take advantage of increased scaling and performance for configuring and managing dynamic interfaces and services for subscriber management.
Enhanced subscriber management delivers optimized scaling and performance for the existing dynamic subscriber management feature set. Enhanced subscriber management provides feature parity with the legacy Junos OS subscriber management feature set, with certain exceptions. For a list of these feature exceptions, see the latest Junos OS Release Notes for MX Series 5G Universal Routing Platforms for your Junos OS software.
In order to use dynamic profiles to create and manage dynamic subscriber interfaces and services, you must explicitly configure and enable enhanced subscriber management. When enhanced subscriber management is enabled, it handles all subscriber-management control protocol traffic (DHCP, PPP, PPPoE, L2TP, and dynamic VLAN creation) to direct the creation of subscriber sessions and their associated dynamic interfaces.
If you are using only static network configurations and static services in a business edge environment, you do not need to enable enhanced subscriber management to configure these static topologies. When enhanced subscriber management is not enabled, the following client applications do not support the use of dynamic profiles, the creation of dynamic interfaces, or dynamic authentication services:
Dynamic VLANs
PPPoE
PPP
L2TP
DHCP
From an operational perspective, enhanced subscriber management
introduces only minimal changes to existing subscriber management
configuration and verification procedures. For example, enhanced subscriber
management consolidates several subscriber management components previously
distributed across multiple processes into a single process. As a
result, enhanced subscriber management can display consolidated information
for subscriber management in a single show command.
- Routing Services and Enhanced Subscriber Management
- Enabling BGP over Dynamic PPPoE Subscriber Interfaces
- Address Resolution and Enhanced Subscriber Management
- Control Plane Resiliency
- Benefits of Enhanced Subscriber Management
Routing Services and Enhanced Subscriber Management
When client connections require additional routing protocols on dynamic interfaces, with the exception of IGMP and MLD, you must include routing services in the dynamic profile interface configuration. If you do not do so, then the pseudo logical interface is not created and routing services cannot be associated with the dynamic interface. The additional routing protocols cannot run on the dynamic subscriber interface.
You do not have to include routing services in the dynamic profile interface configuration when clients use only the standard access-internal routes, access routes, and framed routes. In other words, the routing service configuration is not required for simple client reachability purposes.
Routing service configuration is not required for IGMP or MLD, because these protocols are natively supported on enhanced subscriber management interfaces.
Distributed IGMP is not supported on subscriber management interfaces where routing-services are enabled.
When a dynamic profile containing the routing-services statement is instantiated, the router creates an enhanced
subscriber management logical interface, also referred to as a pseudo
logical interface, in the form demux0.nnnnnnnnnn (for example, demux0.3221225472). Any associated subscriber routes
or routes learned from a routing protocol running on the enhanced
subscriber management interface use this pseudo interface as the next-hop
interface.
Starting in Junos OS
Release 18.4R1, the routing-services statement is deprecated
and is replaced by the routing-service statement. Besides enabling or disabling routing services for all subscribers
on the dynamic interface, the routing-service statement enables
you to use RADIUS to selectively enable or disable routing services
for a specific subscriber during authentication if RADIUS returns
the Routing-Services VSA (26-212) in the Access-Accept message.
This RADIUS capability requires you to specify the $junos-routing-services predefined variable in the dynamic profile. A VSA value of one enables routing services for the subscriber; a value of zero disables routing services for the subscriber. Any value other than zero or one is rejected. If you configure the variable and RADIUS does not return the VSA, then routing services are disabled for the subscriber.
You can specify the variable in the dynamic profiles for PPPoE subscribers, the underlying VLAN, or both. When you include the variable in the VLAN dynamic profile, then you must also configure the VLAN to be authenticated; otherwise, routing services remain disabled for the underlying interface and therefore also disabled for the PPPoE subscriber.
You can optionally create dedicated dynamic VLAN profiles to
enable routing services for subscribers that require routing services.
You can then create dedicated profiles for subscribers that do not
need routing services by omitting the routing-service statement
from the profile. In the following code sample, vlan-profile1 enables
routing services; vlan-profile2 does not.
dynamic-profiles vlan-profile1 {
interfaces $junos-interface-ifd-name {
unit $junos-interface-unit {
routing-service {
enable;
}
}
}
}
dynamic-profiles vlan-profile2 {
interfaces $junos-interface-ifd-name {
unit $junos-interface-unit {
}
}
}
The VLAN profile is chosen based on the VLAN range associated
with the profile by the ranges statement at the [edit
interfaces] hierarchy level. In the following code sample, vlan-profile1
uses VLAN IDs in the range 100 through 500; vlan-profile2 uses IDs
in the range from 501 through 1000:
interfaces ge-0/0/1 {
auto-configure;
vlan-ranges {
dynamic-profile vlan-profile1 {
ranges 100-500;
}
dynamic-profile vlan-profile2 {
ranges 501-1000;
}
}
}
}
Enabling BGP over Dynamic PPPoE Subscriber Interfaces
Starting in Junos OS
Release 18.4R1, BGP is supported over dynamic PPPoE interfaces for
the IPv4 address family. You must enable routing
services with the routing-service statement in both
the PPPoE subscriber dynamic profile and the dynamic profile for the
underlying VLAN interface. If routing services are not enabled for
the dynamic underlying interface, then the PPPoE subscriber is rejected
during the first family profile activation. If the underlying VLAN
is static rather than dynamic, then routing services are not required
(or possible) on the underlying VLAN.
In this configuration, the PPPoE subscriber clients correspond
to BGP neighbors. This means that when you configure the BGP neighbors
with the [edit protocols bgp group name neighbor] stanza, you must use the PPPoE client IP addresses as the BGP neighbor
addresses. The BGP peer addresses cannot be dynamically provisioned.
Support for BGP over dynamic PPPoE subscriber interfaces includes the following:
Route advertisement over the BGP-established PPPoE neighbor.
End-to-end bidirectional traffic from the core to the IP prefix advertised in the BGP route.
Dedicated next hops are created by the routing daemon for subscriber routes, rather than reusing shared next hops and pseudo logical interfaces.
The BGP over dynamic PPPoE interfaces feature does not support the following:
Multihop BGP
IBGP, because it might involve multihops
BFD for the PPPoE subscribers
Interface sets for the PPPoE subscribers
Aggregated Ethernet targeting
IPv6 address family
More than one routing protocol besides BGP over the same subscriber
MPLS termination on the PPPoE subscriber next hop
Subscribers over pseudowire interfaces over redundant logical tunnel stacking
Subscribers over pseudowire interfaces over demux0 stacking
The following interface stacking configurations are supported for routing-service-enabled PPPoE:
PPPoE over dynamic VLANs
PPPoE over static VLANs
PPPoE over stacked VLANs (with inner and outer VLAN IDs)
The underlying VLAN for which routing services is enabled supports:
Stacking of routing-service-enabled and routing-service-disabled PPPoE subscribers.
Stacking of other access models such as DHCP.
The parent physical interface can be a leg in an aggregated Ethernet bundle.
Address Resolution and Enhanced Subscriber Management
Starting in Junos OS Release 18.4R1, several enhancements are available for address resolution with enhanced subscriber management. These enhancements affect only framed routes on dynamic VLANs. Framed routes associated with DHCP subscribers function the same as before this feature support.
Dynamic layer 2 MAC address resolution is supported for non-host routes. Users deploying statically addressed IP clients or a mix of statically addressed IP clients and DHCP clients can use network (/29) framed routes or host (/32) framed routes to establish reachability. The /29 routes are coupled with the dynamic Layer 2 address associated with a host framed route. This supports business users who use routers with multiple public addresses behind CPE routers. This feature is enabled by default and requires no special configuration.
In earlier releases, dynamic address resolution is supported only for host framed routes; network framed routes that resolve to an indirect next hop (such as a local gateway) are not supported.
By default, an IPv4 framed host route is permanently associated with the source MAC address from the trigger packet that created the dynamic VLAN. You can override this behavior by enabling dynamic ARP to resolve the MAC address for the framed host routes with the
ipoe-dynamic-arp-enablestatement. ARP protocol exchange resolves the Layer 2 address for the framed route.The router can compare the source MAC address received in a gratuitous ARP request or reply packet with the value in the ARP cache. The router updates the cache with the received MAC address if it determines this address is different from the cache entry. Include the
receive-gratuitous-arpstatement to enable this feature.This capability is useful when an IP address moves to a different device or NIC and consequently is associated with a different MAC address than before the move. The new device broadcasts a gratuitous ARP reply that the router compares to the MAC address in the cache.
When the statement is not included, the dynamic ARP times out. Before it is deleted from the cache, the router sends an ARP request for the target IP address. The client responds with the new MAC address, but a window may exist for the client where the MAC address does not match the NIC.
Control Plane Resiliency
Starting in Junos OS Release 19.1, several enhancements are available to improve control plane resiliency and the reliability of session database replication and state synchronization between primary and standby Routing Engines.
The primary and standby Routing Engines exchange detailed information about session database replication. This exchange enables the Routing Engines to better determine whether the replication is correct.
You can configure the router to detect shared memory corruption and to automatically recover by rebooting the primary or standby Routing Engines, or both. In earlier releases, a manual reboot is required to clear the corrupted shared memory; otherwise, it remains corrupted, causing processes that share the memory to generate core errors.
You can monitor Routing Engine resiliency with the
show system subscriber-management resiliencycommand. Thesummaryversion indicates whether the system is functioning normally or an unexpected condition exists. Thedetailandextensiveversions provide detailed statistics about the session database in shared memory per Routing Engine.
Benefits of Enhanced Subscriber Management
Optimizes scaling and performance for dynamic subscriber management features.
Required for the creation and management of dynamic profiles, dynamic interfaces, and dynamic subscribers.
Configuring Junos OS Enhanced Subscriber Management
Junos OS enhanced subscriber management is a next-generation broadband edge software architecture for wireline subscriber management. With enhanced subscriber management, you can take advantage of optimized scaling and performance for configuration and management of dynamic interfaces and services for subscriber management. It must be enabled to use dynamic profiles for creating and managing dynamic subscriber interfaces and services.
Enhanced subscriber management is supported on all MX Series 5G Universal Routing Platforms with Modular Port Concentrators (MPCs) installed. It is not supported for MS-DPCs. If the router has both MPC and MS-DPCs, a conflict between the MS-DPC and Enhanced Subscriber Management services can occur during ISSU that can result in an unscheduled shutdown of the device. To prevent this, do not run ISSU if the system has MS-DPCs installed, or only enable Enhanced Subscriber Management on device where no MS-DPCs are present.
Before you begin:
Download and install Junos OS Release 15.1R4 or later.
See Migration, Upgrade, and Downgrade Instructions in the Junos OS Release 15.1R4 Release Notes. You must reboot the router after the upgrade is validated and installed.
CAUTION:Because unified in-service software upgrade (unified ISSU) is not supported for subscriber management when you upgrade from a release that does not support enhanced subscriber management (Junos OS Release 14.2 or earlier) to a release that does support enhanced subscriber management (15.1R4 and later), all subscriber sessions and subscriber state are lost after the upgrade.
Starting in Junos OS Release 17.4R1, when enhanced IP network services and enhanced subscriber management are enabled, the amount of DRAM on the Routing Engine determines whether the subscriber management daemons on that Routing Engine all run in 32-bit mode or all run in 64-bit mode.
Less than 32 GB of RAM—32-bit mode
32 GB or more of RAM—64-bit mode
In releases earlier than Junos OS Release 17.4R1, only the subscriber management daemon, bbe-smgd, operates in either 32-bit or 64-bit mode depending on the DRAM.
All Routing Engines in the system must have the same amount of memory. This is universally true for subscriber management in all releases.
To configure Junos OS enhanced subscriber management for the first time:
Example
The following example shows a typical configuration to enable enhanced subscriber management.
[edit]
chassis {
network-services {
enhanced-ip;
}
redundancy {
graceful-switchover;
}
}
routing-options {
nonstop-routing;
}
system {
commit synchronize;
configuration-database {
max-db-size 300M;
}
services {
subscriber-management {
enable;
}
}
}
If you have configured graceful-restart, then
the following statement will be displayed in the example instead of nonstop-routing:
routing-options {
graceful-restart;
}
Verifying and Managing Junos OS Enhanced Subscriber Management
Purpose
View information about class of service (CoS), routing tables, active subscribers, and the subscriber database for Junos OS enhanced subscriber management.
Action
To display dynamic subscriber interface associations for CoS classifers, rewrite rules, and scheduler maps:
user@host> show class-of-service interface interface-name
To display CoS associations for a dynamic interface set:
user@host> show class-of-service interface-set interface-set-name
To display the mapping of CoS schedulers to forwarding classes:
user@host> show class-of-service scheduler-map
To display CoS traffic shaping and scheduling profiles:
user@host> show class-of-service traffic-control-profile
To display the active entries in the routing table:
user@host> show route
To display detailed information about active subscribers whose IP address matches the specified address:
user@host> show subscribers address address detail
To display information about how routes are mapped to specific enhanced subscriber management interfaces:
user@host> show system subscriber-management route
To display summary information for the subscriber management database:
user@host> show system subscriber-management summary
To verify whether subscriber management daemons are running in 32-bit mode or 64-bit mode:
user@host> show system processes | grep libexec[36]
Starting in Junos OS Release 17.4 R1, when enhanced IP network services and enhanced subscriber management are enabled and a Routing Engine in the system has at least 32 GB of RAM, subscriber management daemons on that Routing Engine run in 64-bit mode. For consistent operation, all Routing Engines in the system must have the same amount of memory.
64-bit mode:
user@host> show system processes | grep libexec[36] PID TT STAT TIME COMMAND 21149 - S 0:01.37 /usr/libexec64/pfed -N 21195 - S 0:00.46 /usr/libexec64/smid -N 21214 - S 0:05.04 /usr/libexec64/bbe-smgd -b -N 21270 - S 0:04.26 /usr/libexec64/authd -N 21498 - S 0:02.37 /usr/libexec64/rpd -N 21504 - S 0:00.84 /usr/libexec64/cosd 21539 - S 0:00.37 /usr/libexec64/dfwd -N 21740 - S 0:00.95 /usr/libexec64/jpppd -N
32-bit mode:
user@host> show system processes | grep libexec[36] PID TT STAT TIME COMMAND 21149 - S 0:01.37 /usr/libexec32/pfed -N 21195 - S 0:00.46 /usr/libexec32/smid -N 21214 - S 0:05.04 /usr/libexec32/bbe-smgd -b -N 21270 - S 0:04.26 /usr/libexec32/authd -N 21498 - S 0:02.37 /usr/libexec32/rpd -N 21504 - S 0:00.84 /usr/libexec32/cosd 21539 - S 0:00.37 /usr/libexec32/dfwd -N 21740 - S 0:00.95 /usr/libexec32/jpppd -N
Change History Table
Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.
routing-services statement is deprecated
and is replaced by the routing-service statement.routing-services statement is deprecated
and is replaced by the routing-service statement.