ANCP Agent Neighbors and Operations
ANCP and the ANCP Agent Overview
This topic describes the Access Node Control Protocol (ANCP) and the ANCP agent. The ANCP agent is the Junos OS process that manages subscriber access lines with ANCP. The agent monitors subscriber access lines, reports subscriber traffic rates on the access lines between the subscribers and the access nodes, and modifies the traffic rates, all in support of CoS traffic shaping.
- Overview
- Topology Discovery
- Subscriber Services
- ANCP Interfaces and Access Loop Circuit Identifiers
- Mapping Access Lines to Interfaces and Interface Sets
- ANCP Neighbors
- Partitions
- Adjacency Update Messages
- Generic Response Messages and Result Codes
- Benefits of Access Node Control Protocol
Overview
ANCP acts as a control plane between a service-oriented Layer 3 edge device and a Layer 2 access node. The access nodes—ANCP neighbors—are network devices that terminate access loops from subscribers; for DSL access loops, the access node is a DSL access multiplexer (DSLAM). Queuing and scheduling mechanisms for subscriber traffic must avoid congestion within the access network while contending with multiple flows and distinct CoS requirements. These mechanisms require the edge device—a router acting as a broadband network gateway (BNG), often also called a network access server (NAS)—to provide information about the access network and subscriber traffic.
The ANCP agent can map an access line to an interface or interface set either statically or dynamically. The agent provides that information to both CoS and AAA. The agent passes on to both CoS and AAA the traffic shaping attributes for each subscriber access line that the access node sent to the ANCP agent. In addition, the agent sends to AAA all DSL Forum attributes that were sent by the access node. AAA can use these attributes during RADIUS accounting and authentication for both DHCP IP demux and PPPoE subscriber sessions. The traffic rates can also be used for shaping L2TP tunnel traffic.
You can monitor ANCP agent events and operations by including
the traceoptions statement at the [edit protocols
ancp] hierarchy level.
Junos OS supports Class of Service (CoS) traffic shaping on the following interface types for ANCP:
Static VLAN interfaces, except those created by Extensible Subscriber Services Manager (ESSM)
Static VLAN demux interfaces, except those created by ESSM
Static interface sets, including those created by ESSM
Dynamic interface sets
Dynamic VLAN-tagged interface sets
Dynamic agent circuit identifier (ACI) interface sets, also known as ACI sets or ACI VLANs
Dynamic PPPoE and DHCP IP demux subscriber interfaces
Dynamic VLAN demux interfaces with Ethernet-VPLS encapsulation
ANCP was developed as an extension of RFC 3292, General Switch Management Protocol (GSMP) V3, but is now defined in RFC 6320, Protocol for Access Node Control Mechanism in Broadband Networks.
Topology Discovery
The router uses topology discovery to collect information from the access node. The information includes the following:
Topology of the access network
DSL line state
Actual upstream and downstream net data rates of a synchronized DSL link
Maximum attainable upstream and downstream net data rates
Interleaving delay
Subscriber Services
The router receives the service profile for the subscribers from a RADIUS server. Most of the services are enforced by the router itself. The router shapes the aggregate egress traffic to subscribers based on the local loop throughput reported by the DSLAM. This traffic shaping optimizes traffic flow while avoiding traffic drops in the access node.
Some service attributes, such as interleaving delay and multicast channel information, are enforced at the access node. The ANCP agent provides the line configuration mechanism that the edge device can use to pass the line configuration to the access nodes. Typically, multiple profiles are provisioned on the access node. The router instructs the access node which profile to use for a given subscriber.
Subscribers typically receive some combination of voice, data, and video services. Each service can be provisioned on a VLAN. A subscriber might receive only a single service over a single VLAN configured on a logical interface. A group of VLANs carrying services to a subscriber is an interface set.
Subscribers have operational states, but they do not have administrative states because they cannot be configured in the CLI.
Subscribers have one of the following operational states which represent the DSL line state as it is reported in the ANCP Port Up and Port Down messages sent by an access node:
Idle—Ports are not configured and the subscriber cannot log in.
Silent—Ports are configured and the subscriber is connected, but the DSL modem is not ready to transfer data.
Showtime—Ports are configured, the subscriber is connected, and the DSL modem is online and ready to transfer data.
For information about ANCP for business subscribers and services, see Layer 2 Wholesale with ANCP-Triggered VLANs Overview.
ANCP Interfaces and Access Loop Circuit Identifiers
The access loop or access line in an ANCP topology consists of the physical elements between the subscriber device (CPE) and the access node. An identifier associated with the access loop serves to identify the subscriber as well. This identifier is an alphanumeric string that actually identifies the interface on the DSLAM from which subscriber requests originate. It can be referred to by various names.
In ANCP messages, a TLV carries the access loop circuit ID, also referred to as the access line identifier, access loop circuit identifier, or access identifier.
DHCP discovery packets can identify the line with the Agent Circuit ID suboption in the Option 82 field.
PPPoE discovery packets can identify the line with the Agent-Circuit-ID subattribute in the DSL Forum vendor-specific tag.
Each of these identifiers is abbreviated as ACI. When the ANCP agent receives a port management message from an access node, it uses the access loop circuit identifier contained in the message to determine which logical interface or interface set corresponds to the subscriber.
You can associate an identifier with an ANCP access line by
static configuration. When you configure a logical interface by specifying
the interface name at the [edit protocols ancp interfaces] hierarchy level, include the access-identifier statement
to associate the access loop circuit identifier with the interface.
When you configure an interface set by including the interface-set statement at the [edit protocols ancp interfaces] hierarchy
level, associate the access loop circuit identifier with the interface
set by including the access-identifier statement at the [edit protocols ancp interfaces interface-set interface-set-name] hierarchy level.
When the DHCP or PPPoE discovery packet includes an ACI, the ANCP agent can dynamically map the ACI to the subscriber interface or interface set. VLANs for the subscribers are created according to a dynamic profile; these are called agent circuit identifier-based or ACI-based dynamic VLANs.
ANCP agent support for RADIUS authentication and accounting requires that both static and dynamic ACIs must be unique across the network. No two interfaces across multiple neighbors (access nodes) can share the same identifier. The DHCP and PPPoE processes do not have information about the access node IP addresses and consequently cannot distinguish between duplicate identifiers. This situation prevents the AAA services framework from correlating a DHCP or PPPoE client session with an access line for RADIUS authentication and accounting.
Mapping Access Lines to Interfaces and Interface Sets
The ANCP agent maps the ACI for subscriber access lines to an interface or interface set to apply DSL attributes received from the access node to CoS traffic shaping for the access line. The access line mapping can be statically configured with the access-identifier statement, or dynamically derived during subscriber authentication. Static mapping always supersedes dynamic mapping.
The ANCP agent can remap an access line to a different interface or interface set than its original mapping. Remapping can also be static or dynamic. For example, an access line might be first dynamically mapped to a subscriber interface and then statically configured to an interface set.
You can statically configure mapping with the statement only for interface and interface set types that have configured or deterministic names:
Static VLAN interfaces
Static VLAN demux interfaces
Static interface sets
Dynamic interface sets
Dynamic VLAN-tagged interface sets
Static configuration with the statement is required for mapping an access line to static interface sets, dynamic interface sets, and dynamic VLAN-tagged interface sets. This is true regardless of the presence of an ACI in the PPPoE or DHCP IP demux subscriber’s discovery packet, because the use of the ACI is irrelevant to the creation of these types of interface sets.
You cannot statically configure mapping with the statement for the following interface and interface set types, because they have nondeterministic, automatically generated names:
Dynamic VLAN demux interfaces
Dynamic ACI interface sets (ACI VLANs)
Dynamic PPPoe and DHCP IP demux subscriber interfaces
In the context of Layer 2 wholesale services, the ANCP agent can map access lines to dynamic VLAN demux interfaces that have Ethernet-VPLS encapsulation. The ANCP agent triggers the creation of these interfaces with the ANCP Port UP message, which always includes the ACI for the access line. The agent can then dynamically map the interface to an access line for CoS traffic shaping.
Dynamic mapping works as follows:
If the subscriber interface is a member of an interface set, the ANCP agent maps the ACI for the access line to the interface set.
If the subscriber interface is not a member of an interface set, the ANCP agent maps the ACI for the access line to the subscriber interface.
The ANCP agent does not support static or dynamic mapping for the following interface types, regardless of the presence of the access line’s ACI in the subscriber’s discovery packet:
Static VLAN interfaces created by ESSM.
Static VLAN demux interfaces created by ESSM.
Dynamic VLAN interfaces.
Dynamic VLAN demux interfaces that do not have Ethernet-VPLS encapsulation.
ANCP Neighbors
The ANCP agent can report traffic only for access nodes that
are configured as ANCP neighbors (also referred to as ANCP peers).
Neighbors can establish TCP connections with the router. Include the neighbor statement at the [edit protocols ancp] hierarchy
level to configure an access node as an ANCP neighbor.
The ANCP agent exchanges adjacency messages with neighbors.
If an adjacency message is not received from a neighbor within the
expected period, then the neighbor is considered to be down and is
disconnected. You can adjust how long the ANCP agent waits for adjacency
messages from all neighbors by including the adjacency-timer statement at the [edit protocols ancp] hierarchy level.
The interval between adjacency messages is negotiated between router
and the neighbor during adjacency establishment. The larger of two
timer values—either the value received in the ANCP SYN message
or the configured value—is selected. Loss of synchronization
between the router and a neighbor is declared when no valid messages
are received for a period of time that exceeds three times the negotiated
value.
The ANCP TCP connection is not established and consequently ANCP neighbors do not come up in either of the following circumstances:
When the neighbor address (numbered or unnumbered) has a /32 mask.
When the unnumbered local address for ANCP dynamic logical interfaces is configured to use a preferred source address.
ANCP neighbors have one of the following administrative states, which simply represent the configuration of the neighbor:
enabled—The neighbor is configured in the CLI.
disabled—The neighbor is not configured, meaning either that it has never been configured or that the configuration has been deleted.
ANCP neighbors in the enabled state have one of the following operational states, which represent the state of adjacency negotiations:
Configured—The neighbor has been configured, but has never established an adjacency.
Establishing—Adjacency negotiations are in progress.
Established—Adjacency negotiations have succeeded and an ANCP session has been established.
Not Established—The neighbor has lost a previously established adjacency, but is ready to begin negotiations.
You can also configure parameters for a specific neighbor that
override global or default configurations by including any of the
following statements at the [edit protocols ancp neighbor ip-address] hierarchy level:
adjacency-timer—Adjust the interval between adjacency messages exchanged with this neighbor.ietf-mode—Prevent the ANCP agent from operating in a backward-compatible mode for this neighbor; for neighbors that use the current IETF implementation of ANCP.maximum-discovery-table-entries—Specify how many discovery table entries are accepted from this neighbor. Include this statement at the[edit protocols ancp]hierarchy level to set the number of entries globally for all neighbors.pre-ietf-mode—Enable the ANCP agent to operate in a backward-compatible mode for this neighbor; for neighbors that use the original IETF implementation of ANCP (GSMPv2) rather than the current implementation. Include this statement at the[edit protocols ancp]hierarchy level to operate in backward-compatible mode globally for all neighbors.
RFC 6320, Protocol for Access Node Control Mechanism in Broadband Networks, defines ANCP Version 1. ANCP was originally implemented based on General Switch Management Protocol (GSMP) version 3, sub-version 1. However, the Internet community has made so many extensions and modifications to GSMPv3 in the course of developing ANCP that ANCP is no longer interoperable with GSMPv3. Consequently, ANCP neighbors must be able to dynamically detect the version that each peer supports. A joint registry codifies the GSMP and ANCP version numbers.
When an ANCP neighbor opens adjacency negotiations, it indicates the highest version of ANCP that it supports, either 0x31 for GSMPv3 or 0x32 for ANCP Version 1. (Version 1 may also be called Version 50, referring to the decimal conversion from the hexadecimal value.) If the receiving neighbor supports that version of ANCP, it returns that value when it responds to the sending neighbors. If it does not support that version, the receiving neighbor simply drops the message.
The ANCP agent stores information about active ANCP subscribers in the Junos shared database, including DSL attributes for the access lines. This storage is persistent and is removed from the database only when you delete the interface or interface set for the access line or issue one of the following commands:
The persistence of the storage enables PPPoE and DHCP IP demux subscribers to be properly managed by RADIUS for authentication and accounting, with their DSL attributes, even when the ANCP connection has been temporarily terminated.
Partitions
ANCP supports the division of an access node into logical partitions. Each partition creates an adjacency with a router; each partition on an access node can form adjacencies with different routers. Partition negotiation takes place during ANCP adjacency negotiation. ANCP messages carry the following fields relating to the partition negotiation:
The partition type (PType) field indicates whether the access node is partitioned and how the partition identifier is negotiated. The field has one of the following values negotiated during the formation of the adjacency:
0—The access node is not partitioned or does not support partitions.
1—The number of partitions is fixed and the router requests the access node to use the identifier it places in the partition identifier field.
2—The number of partitions is fixed and the access node has assigned the partition identifier.
The partition ID field that indicates one of the following scenarios for ANCP agent support of the neighbor:
Zero partition ID—The ANCP agent supports each neighbor on an IP address over a single TCP session with a partition ID of zero. This is the default support case. This value is required when the partition type is zero.
Single nonzero partition ID—The ANCP agent supports each neighbor on an IP address over a single TCP session with a nonzero partition ID. This case requires partition ID learning to be enabled with the
gsmp-syn-waitstatement at the[edit protocols ancp]hierarchy level.
The partition flag (PFlag) field indicates the type of partition request being made. A value of one specifies a new adjacency.
The following partitioning schemes are supported
Each partition has an independent ANCP session and channel to an adjacent router. All partitions have a fixed partition ID of zero.
Each partition has an independent ANCP session and channel to an adjacent router. Each partition has a dedicated, nonzero partition ID.
Adjacency Update Messages
After an adjacency has been established, the ANCP agent uses
adjacency update messages to inform routers that control the same
partition about each other. Once more than one router has established
an adjacency to a given partition, the ANCP agent sends an adjacency
update message to each of these routers to report how many established
adjacencies the partition currently supports. When an adjacency is
lost, an update message is sent to the remaining routers to report
the change in status. You can use the show ancp neighbor detail command to display the number of adjacencies currently established
on a particular partition.
Generic Response Messages and Result Codes
ANCP neighbors and the router can reply to messages either with a specific response message or a generic response message. A generic response message is typically sent when no information needs to be sent to the peer other than a success or failure result. If the response is about a failure, then a result code is included that specifies the kind of failure; a limited amount of diagnostic data can also be included. A generic response message can also be sent independently of a request if the adjacency is being shut down because of the failure. In this case, the sender of the message zeros out the Transaction ID field in the message header and the Message Type field in the Status-Info TLV.
Table 1 describes the result codes that can be included in a generic response message.
Code Value |
Description |
Detected By |
|---|---|---|
0x02 |
Although the request message is properly formed, it is invalid because it violates the protocol, either because of timing issues such as a race condition or the direction in which the message was transmitted. |
ANCP agent |
0x06 |
One or more of the specified ports is down because of a state mismatch between the router and an ANCP control application. |
Control applications (none yet available) |
0x13 |
ANCP is out of resources. This result code is sent only by the access node; the problem is probably not related to the access lines, but can be related to a specific request. |
ANCP protocol layer or control applications (none yet available) |
0x51 |
The type of request message is not implemented because of a mismatch in protocol versions or capability state between the peers, or possibly because the message type is optional for an ANCP capability. |
ANCP agent |
0x53 |
The message is malformed either because it was corrupted in transit or an implementation error occurred at one end of the connection. |
ANCP agent |
0x54 |
One or more mandatory TLVs is missing from the request. |
ANCP agent |
0x55 |
The contents of one or more TLVs in the request are invalid because they do not match the TLV specification. |
ANCP agent |
0x500 |
One or more of the ports specified in a request does not exist, possibly because of a configuration mismatch between the access node and the router or AAA. |
Control applications (none yet available) |
Although Junos OS supports both sending and receiving generic response messages, currently the ANCP agent only receives these messages. When one of these messages is received, the router generates a system log, increments the generic message counters, and increments the result code counters. When the ANCP agent receives an incorrect or unexpected generic response message from an ANCP neighbor, it immediately drops the packet, generates a system log notice message, and takes no further action.
Generic response messages usually include the Status-Info TLV, which includes supplemental information about a warning or error condition. The Status-Info TLV is required when the result code indicates any of the following: a port is down or does not exist, a mandatory TLV is missing, or a TLV is invalid. The Status-Info TLV can also be included in other ANCP message types.
Benefits of Access Node Control Protocol
Simplify the configuration and maintenance of access lines between access nodes and subscribers.
Perform CoS-related adjustments on upstream and downstream data rate attributes to both accurately provide services and control congestion in the network.
Provide access network information, such as DSL attributes to backend applications such as operations support systems (OSS) for service management.
Store DSL attributes in the session database for use during RADIUS authentication and accounting of PPPoE sessions.
See Also
ANCP Operations in Different Network Configurations
This topic describes different types of supported network configurations and the sequence of events for ANCP operations in representative sample network topologies.
You can configure the ANCP agent for any of the following interface types:
Static VLAN interfaces, except those created by Extensible Subscriber Services Manager (ESSM)
Static VLAN demux interfaces, except those created by ESSM
Static interface sets, including those created by ESSM
Dynamic interface sets
Dynamic VLAN-tagged interface sets
Dynamic agent circuit identifier (ACI) interface sets, also known as ACI sets or ACI VLANs
Dynamic PPPoE and DHCP IP demux subscriber interfaces
Dynamic VLAN demux interfaces with Ethernet-VPLS encapsulation
Subscriber sessions are dynamically created as needed for each of the devices in a household. Each household can include multiple CPE devices that access the Internet. In all cases, each household is identified by a unique ACI that is assigned by the access node. Additional identifiers are used in some configurations.
- 1:1 and N:1 Traffic Shaping Models
- Business Services Traffic Shaping Model
- ANCP Network Using N:1 and 1:1 Configuration Models without Interface Sets
- Sequence of ANCP Events: Static VLAN or VLAN Demux Interfaces over Ethernet Without Interface Sets
- ANCP Network Using N:1 Configuration Model with Interface Sets
- Sequence of ANCP Events: Static VLAN Interfaces over Ethernet with Interface Sets
- ANCP Network Using 1:1 Configuration Model with Interface Sets
- Sequence of ANCP Events: Static VLAN Demux Interfaces over Aggregated Ethernet with Interface Sets
1:1 and N:1 Traffic Shaping Models
The 1:1 and N:1 traffic shaping models determine how VLANs are correlated with households. These models are also referred to as access models or configuration models. A network can include one or both of the models:
1:1 model—A household has only one PPPoE or DHCP IP demux subscriber session. One or more such households can exist on a single VLAN or VLAN demux interface. In the case of a single household, either the subscriber interface or its underlying VLAN or VLAN demux interface can represent the household. In the case of multiple households, the corresponding subscriber interfaces represent the households. In either case, the interface representing a household must be mapped to the ACI for its access line.
Table 2 describes the types of interfaces supported for the ANCP 1:1 access model when interface sets are not involved, and whether the PPPoE or DHCP IP demux discovery packets must include the ACI for the subscriber access lines.
Table 2: ACI Mapping by Interface Type for the ANCP 1:1 Model Interface Type
Description
Presence of ACI in Discovery Packets
Dynamic PPPoE or DHCP IP demux interface
When ACI is present in discovery packets, the ANCP agent maps the ACI to the subscriber interface. The name of the interface is automatically generated and nondeterministic.
Required.
Static VLAN or VLAN demux interface
The name of the interface is statically configured. The ANCP agent configuration must include the
access-identifierstatement to statically map the ACI to the interface.Not present.
N:1 model—A household can have more than one PPPoE or DHCP IP demux subscriber session. The household can have more than one VLAN or VLAN demux interface. In either case, all the interfaces must be grouped into an interface set. The interface set in turn must be mapped to the ACI for the household’s access line.
An interface set groups the dynamic PPPoE or DHCP IP demux sessions for a household. The subscribers are placed into interface sets by one several methods. Table 3 describes the types of interface sets supported in the ANCP N:1 access model, how they are created, and how the ACI is mapped to the interface set.
Table 3: ACI Mapping by Interface Set Type for the ANCP N:1 Access Model Type of Interface Set
Description
Interface Type
Presence of ACI in Discovery Packets
ACI-based VLAN interface sets
When the router receives a DHCP or PPPoE discovery packet that includes an ACI embedded within the DSL Forum vendor-specific tag, it dynamically creates the VLAN and the interface set. The router generates a nondeterministic name for the interface set, such as aci-1003-ge-1/0/0.1073741832.
The ANCP agent automatically maps the ACI from the discovery packet to the dynamically created interface set.
All DHCP IP demux or PPPoE sessions that have the same ACI are mapped to the same interface set.
Dynamic VLAN and VLAN demux interfaces.
Required.
Dynamic interface sets
A dynamic profile dynamically creates the interface set and places interfaces in the set. The profile can either have the name of the interface set explicitly configured or a variable that represents the interface set name. If a variable is used, then the interface set name is provided by RADIUS when it returns an Access-Accept message for the subscriber.
The ANCP agent configuration must include the
access-identifierstatement to statically map the ACI to the interface set.All DHCP IP demux and PPPoE sessions are mapped to an interface set according to the rules of the dynamic profile.
DHCP IP demux subscriber interfaces, PPPoE subscriber interfaces, or VLAN interfaces.
Irrelevant.
Static interface sets
The interface set and set name are statically configured and include multiple static interfaces.
The ANCP agent configuration must include the
access-identifierstatement to statically map the ACI to the interface set.Static VLAN and VLAN demux interfaces.
Irrelevant.
VLAN-tagged interface sets
When the router receives a DHCP or PPPoE discovery packet that includes a VLAN ID, it dynamically creates the VLAN and the interface set. The interface set is given a deterministic name consisting of the physical interface name and the VLAN tags, for example, ge-1/0/0-101.
The ANCP agent configuration must include the
access-identifierstatement to statically map the ACI to the interface set.All DHCP IP demux or PPPoE sessions that have the same VLAN ID tag are mapped to the same interface set.
Dynamic VLAN and VLAN demux interfaces.
Irrelevant.
CoS traffic shaping is based on the subscriber downstream traffic rate that the ANCP agent receives from the access node and then passes to CoS. CoS can shape subscriber traffic at the level of the household or the session:
Household shaping—Only aggregate traffic to the household is shaped. Household shaping results from applying a CoS traffic-control profile to the static VLAN or VLAN demux interface or to the interface set.
Session shaping—The traffic rate to individual devices in the household is shaped. Session shaping results from specifying a CoS traffic-control profile in the dynamic PPPoE profile that creates the subscriber session. Depending on the network configuration, session shaping may employ shared priority queues to shape all sessions identically or individual priority queues to shape the sessions separately.
Business Services Traffic Shaping Model
In addition to the N:1 and 1:1 traffic shaping models, the ANCP agent also supports a business services traffic shaping model. In this model, the Extensible Subscriber Services Manager (ESSM) classifies a PPPoE session as either residential household or business subscriber. Classification occurs during RADIUS authentication and authorization. The ANCP agent applies CoS traffic shaping differently depending on the classification.
Before RADIUS authentication and authorization, the PPPoE session represents a residential household in the ANCP 1:1 model. The ANCP agent dynamically maps the household’s access line to the corresponding subscriber interface and applies CoS traffic shaping to that interface. The household line’s ACI is present in the PPPoE discovery packet.
When ESSMD subsequently classifies a PPPoE session as a business subscriber session during RADIUS authentication and authorization, it creates and groups multiple management and data plane static VLAN interfaces into a static interface set. then it statically maps the access line for the PPPoE session to this interface set according to the CLI configuration. The ANCP agent removes CoS traffic shaping from the subscriber interface and applies it to the static interface set. Removing the CoS traffic shaping means that the CoS application applies the next rate in its default or configured adjustment control profile to the interface or interface set. The new business subscriber interface set cannot contain a mix of static and dynamic interfaces. That prohibition is not limited to dynamic VLANs and the PPPoE session that triggered the creation of the interface set.
An exception to the ANCP agent’s general support for CoS traffic shaping and RADIUS authentication and accounting on static VLAN and VLAN Demux interfaces is that it does not support these interfaces if they are created by ESSM. These interfaces are different from the ESSM-created interface sets, which are supported by the ANCP agent.
From the perspective of the ANCP agent, the business dervices model effectively overrides a dynamically derived access-line-to-interface mapping with a statically configured access-line-to-interface-set mapping. This action triggers the ANCP agent to reapply CoS traffic shaping accordingly.
The business services model is typically used in a Layer 2 wholesale network. For detailed information, see Layer 2 Wholesale with ANCP-Triggered VLANs Overview.
ANCP Network Using N:1 and 1:1 Configuration Models without Interface Sets
In this sample topology, two households are configured for one underlying static VLAN or VLAN demux interface (N:1; dual-tagged VLAN) and a single household is configured for another underlying interface (1:1; single-tagged VLAN) (Figure 1). In addition to the unique ACI assigned by the access node, each household is further identified by the VLAN, which is mapped to the identifier in the ANCP agent configuration. CoS traffic shaping for sessions can employ only shared priority queues to shape all sessions identically; individual priority queues to shape the sessions separately are not supported.
Sequence of ANCP Events: Static VLAN or VLAN Demux Interfaces over Ethernet Without Interface Sets
The following sequence of events is for the topology in Figure 1 with static VLAN interfaces over Ethernet without interface sets.
A network device in the household initiates PPPoE discovery.
PPPoE creates a dynamic PPPoE session on the underlying static VLAN or VLAN demux interface and applies the advisory options configured on the VLAN to the session.
The access node independently provides the ANCP agent with the ANCP DSL attributes for an access line identified by an ACI.
The ANCP agent sends CoS the adjusted downstream data rate for the static VLAN or demux VLAN mapped to the ACI. The ANCP agent stores all DSL attributes, including the adjusted upstream data rate, in the router’s shared database.
AAA correlates the dynamic PPPoE session with the access line by matching the underlying interface of the session to the static VLAN or VLAN demux interface associated with the ACI in the ANCP agent configuration.
AAA retrieves the ANCP DSL attributes for the access line from the router’s shared database and maps them to the Juniper Networks DSL VSAs in the RADIUS Access-Request and Accounting-Request messages. If the DSL attributes are unavailable, the session’s advisory upstream and downstream data rates are mapped to the Upstream-Calculated-Qos-Rate VSA (26-142) and Downstream-Calculated-Qos-Rate (26–141) VSAs, respectively. These VSAs are then included in the RADIUS messages.
ANCP Network Using N:1 Configuration Model with Interface Sets
In this topology, multiple households are configured for each underlying static VLAN or VLAN demux interface (Figure 2). The VLANs are dual-tagged. Each household includes several CPE devices that access the Internet. In addition to the unique ACI assigned by the access node, the household is further identified by the interface set. The interface set groups the dynamic PPPoE sessions for the individual subscriber devices. It is either explicitly configured in the dynamic PPPoE profile or specified in the RADIUS Access-Accept message during PPPoE session authentication. Session shaping can employ shared priority queues to shape all sessions identically or individual queues to shape the sessions separately.
In this N:1 model with interface sets, the access node must add the DSL Forum VSA to the PPPoE PADI and PADR discovery packets that it passes to the router during the establishment of dynamic PPPoE sessions. The VSA includes the ACI for the household. This inclusion enables AAA to correlate the PPPoE sessions with their respective subscriber access lines and DSL attributes during RADIUS authentication and accounting. If the ACI is not present, AAA cannot make the correlation and subsequently reports only the advisory upstream and downstream data rates to RADIUS Authentication and Accounting.
When the dynamic PPPoE profile is configured with the $junos-interface-set-name predefined variable, the configuration of the access node, router,
and RADIUS server must be synchronized with regard to the ACI and
interface set:
The RADIUS Access-Accept message must contain the Juniper Networks Qos-Interface-Set-Name VSA (26-130).
The CoS Layer 2 configuration must explicitly identify the interface set that is named in the Qos-Interface-Set-Name VSA (26-130).
The ANCP agent configuration must map an ACI to the interface set that is named in the Qos-Interface-Set-Name VSA (26-130).
Sequence of ANCP Events: Static VLAN Interfaces over Ethernet with Interface Sets
The following sequence of events is for the topology in Figure 2 with static VLAN interfaces over Ethernet with interface sets.
A network device in the household initiates PPPoE discovery.
The access node adds the DSL Forum VSA tag with the ACI for the household to the PPPoE PADI and PADR discovery packets. (The identifier is known to PPPoE as the agent circuit identifier.)
PPPoE creates a dynamic PPPoE session with the provided ACI on the underlying static VLAN and applies the advisory options configured on the VLAN to the session.
The access node independently provides the ANCP agent with the ANCP DSL attributes for an access line identified by an ACI.
The ANCP agent provides CoS with the adjusted downstream data rate for the interface set mapped to the ACI. The ANCP agent stores all ANCP DSL attributes, including the adjusted upstream and downstream data rates, in the router’s shared database.
AAA correlates the dynamic PPPoE session with the access line by matching the session identifier received in the DSL Forum VSA to the ACI configured for the interface set in the ANCP agent configuration.
AAA retrieves the ANCP DSL attributes for the access line from the router’s shared database and maps them to the Juniper Networks DSL VSAs in the RADIUS Access-Request and Accounting-Request messages. If the DSL attributes are unavailable, the session’s advisory upstream and downstream data rates are mapped to the Upstream-Calculated-Qos-Rate VSA (26-142) and Downstream-Calculated-Qos-Rate (26–141) VSAs, respectively. These VSAs are then included in the RADIUS messages.
When authentication is completed, the dynamic PPPoE session is placed into the interface set configured in the dynamic PPPoE profile. The profile specifies a named interface set or the
$junos-interface-set-namepredefined variable, which indicates that the interface set is named in the RADIUS Access-Accept message.
ANCP Network Using 1:1 Configuration Model with Interface Sets
In this topology, a single household is configured for each underlying static VLAN or VLAN demux interface (Figure 3). The VLANs are dual-tagged. Each household includes several CPE devices that access the Internet. In addition to the unique ACI assigned by the access node, the household is further identified by the interface set. The interface set is either explicitly configured in the dynamic PPPoE profile or specified in the RADIUS Access-Accept message during PPPoE session authentication. Session shaping can employ shared priority queues to shape all sessions identically or individual queues to shape the sessions separately.
In this 1:1 model with interface sets, the ANCP agent configuration must map the underlying interface for the PPPoE sessions in an interface set to both the ACI and the interface set. This configuration enables AAA to correlate the PPPoE sessions with their respective subscriber access lines and DSL attributes during RADIUS authentication and accounting.
When the dynamic PPPoE profile is configured with the $junos-interface-set-name predefined variable, the
configuration of the access node, router, and RADIUS server must be
synchronized with regard to the ACI and interface set:
The RADIUS Access-Accept message must contain the Juniper Networks Qos-Interface-Set-Name VSA (26-130).
The CoS Layer 2 configuration must explicitly identify the interface set that is named in the Qos-Interface-Set-Name VSA (26-130).
The ANCP agent configuration must map an ACI to the interface set that is named in the Qos-Interface-Set-Name VSA (26-130).
Sequence of ANCP Events: Static VLAN Demux Interfaces over Aggregated Ethernet with Interface Sets
The following sequence of events is for the topology in Figure 3 with static VLAN demux interfaces over aggregated Ethernet with interface sets.
A network device in the household initiates PPPoE discovery.
PPPoE creates a dynamic PPPoE session with the provided ACI on the underlying static VLAN demux interface and applies the advisory options configured on the VLAN to the session.
The access node independently provides the ANCP agent with the ANCP DSL attributes for an access line identified by an ACI.
The ANCP agent provides CoS with the adjusted downstream data rate for the interface set mapped to the ACI. The ANCP agent stores all ANCP DSL attributes, including the adjusted upstream and downstream data rates, in the router’s shared database.
AAA correlates the dynamic PPPoE session with the access line by matching the underlying interface of the session to the underlying interface configured for the interface set in the ANCP agent configuration.
AAA retrieves the ANCP DSL attributes for the access line from the router’s shared database and maps them to the Juniper Networks DSL VSAs in the RADIUS Access-Request and Accounting-Request messages. If the DSL attributes are unavailable, the session’s advisory upstream and downstream data rates are mapped to the Upstream-Calculated-Qos-Rate VSA (26-142) and Downstream-Calculated-Qos-Rate (26–141) VSAs, respectively. These VSAs are then included in the RADIUS messages.
When authentication is completed, the dynamic PPPoE session is placed into the interface set configured in the dynamic PPPoE profile. The profile specifies a named interface set or the
$junos-interface-set-namepredefined variable, which indicates that the interface set is named in the RADIUS Access-Accept message.
Configuring the ANCP Agent
You can configure the ANCP agent to enable a service-oriented Layer 3 edge device to discover information about the topology of a connected access network. The ANCP agent can also provide details about subscriber traffic and enable the adjustment of QoS traffic shaping for subscribers.
To configure the ANCP agent:
Configuring ANCP Neighbors
You must configure each neighboring access node that you want the ANCP agent to monitor and potentially shape traffic for. Some neighbor settings override globally configured values.
To configure an ANCP neighbor:
Associating an Access Node with Subscribers for ANCP Agent Operations
The ANCP agent on the router uses the access loop circuit identifier (ACI) to distinguish individual ANCP subscribers. Because the agent uses the ACI to associate (map) each subscriber to an interface or interface set, each ACI must be unique across all ANCP neighbors connected to the router.
We recommend that the ACIs be unique across your ANCP network.
Access lines can be statically or dynamically mapped to interfaces or interface set. When the subscriber’s DHCP or PPPoE discovery packets contain the ACI, then the agent can dynamically map it to the interface or interface set. Otherwise, the ACI must be statically configured. A static configuration overrides dynamic mapping of ACIs—and therefore subscribers—to interfaces or sets.
You can use the access-identifier statement only
for interface and interface set types that have configured or deterministic
names: static VLAN interfaces, static VLAN demux interfaces, static
interface sets, dynamic interface sets, and dynamic VLAN-tagged interface
sets.
The access-identifier statement is required for mapping
an access line to static interface sets, dynamic interface sets, and
dynamic VLAN-tagged interface sets. This is true regardless of the
presence of an ACI in the PPPoE or DHCP IP demux subscriber’s
discovery packet, because the use of the ACI is irrelevant to the
creation of these types of interface sets.
You cannot use the access-identifier statement for
the following interface and interface set types, because they have
nondeterministic, automatically generated names: dynamic VLAN demux
interfaces, dynamic ACI interface sets (ACI VLANs), and dynamic PPPoe
and DHCP IP demux subscriber interfaces.
To associate an ACI with a set of VLAN interfaces for subscribers:
Specify the name of the interface set and the unique ACI for the access node.
[edit protocols ancp interfaces] user@host# set interface-set vlan5 access-identifier “dslam port 2/3”
To associate an ACI with a single VLAN:
Specify the logical interface and the unique ACI for the access node.
[edit protocols ancp interfaces] user@host# set ge-1/0/4.12 access-identifier “dslam port-2-10”
To associate an ACI with a static VLAN demux interface:
Specify the logical interface and the unique ACI for the access node.
[edit protocols ancp interfaces] user@host# set demux0.100 access-identifier aci_100_1_0
Specifying the Interval Between ANCP Adjacency Messages
When the ANCP agent and a neighbor negotiate to establish an adjacency, each proposes a value for the interval between the adjacency messages that they exchange after it is established. The larger of the values proposed by the agent and the neighbor is selected for the interval between subsequent adjacency messages exchanged by the agent and the neighbor. You can specify the interval value that the ANCP agent proposes for either all neighbors or a specific neighbor.
To configure the proposed interval between ANCP adjacency messages for all neighbors:
Specify the time in seconds.
[edit protocols ancp] user@host# set adjacency-timer 20
To configure the proposed interval between ANCP adjacency messages for a specific neighbor:
Specify the time in seconds.
[edit protocols ancp neighbor 203.0.113.234] user@host# set adjacency-timer 20
Specifying the Maximum Number of Discovery Table Entries
You can specify the maximum number of discovery table entries accepted from all neighbors or from a particular neighbor.
To configure the maximum number of entries for all neighbors:
Specify the number of entries.
[edit protocols ancp] user@host# set maximum-discovery-table-entries 5000
To configure the maximum number of entries for a specific neighbor:
Specify the number of entries.
[edit protocols ancp neighbor 203.0.113.234] user@host# set maximum-discovery-table-entries 5000
Configuring the ANCP Agent for Backward Compatibility
You can configure the ANCP agent to operate in a mode compatible with the protocol as it was initially proposed to operate. This backward-compatible or pre-IETF mode is compatible with Internet draft draft-wadhwa-gsmp-l2control-configuration-00.txt, GSMP extensions for layer2 control (L2C). Setting this backward-compatible mode enables interoperation with devices that are not compatible with the later ANCP Internet drafts or RFC 6320, Protocol for Access Node Control Mechanism in Broadband Networks.
When this mode is configured globally for all neighbors, you can override it for a particular neighbor that supports the IETF draft or standard.
To configure the ANCP agent to operate in a backward-compatible mode for all neighbors:
Specify the pre-IETF mode.
[edit protocols ancp] user@host# set pre-ietf-mode
To configure the ANCP agent to operate in a backward-compatible mode for a specific neighbor:
Specify the pre-IETF mode.
[edit protocols ancp neighbor 203.0.113.234] user@host# set pre-ietf-mode
To override the globally configured backward-compatible mode for a specific neighbor:
Specify the IETF mode.
[edit protocols ancp neighbor 203.0.113.234] user@host# set ietf-mode
Specifying How Long Processes Wait for the ANCP Agent Restart to Complete
You can specify how long other processes wait for the ANCP agent to restart. The ANCP agent sends a keepalive message to CoS at intervals equal to one-third the value of the maximum helper restart time. For example, when you configure the maximum restart time to 120 seconds, the ANCP agent sends a keepalive message every 40 seconds.
If CoS does not receive a keepalive message within the maximum helper restart time, it considers the ANCP agent to be down and immediately reverts any traffic shaping updates that were implemented as a result of ANCP agent monitoring to the configured values. Consequently, traffic to the subscribers is not effectively shaped, potentially resulting in traffic drops in the DSLAMs The configured values are maintained until the ANCP agent comes back up and sends fresh traffic shaping updates to CoS.
To configure how long other processes wait for the ANCP agent to restart:
Specify the time in seconds.
[edit protocols ancp] user@host# set maximum-helper-restart-time 150
Configuring the ANCP Agent to Learn ANCP Partition IDs
By default, the ANCP agent expects ANCP partition IDs to be zero, meaning that the access node is not divided into logical partitions that can each form adjacencies with routers. You can configure the ANCP agent to support nonzero partition IDs. When you do so, the agent waits a configurable period to receive a SYN message from a neighbor during adjacency initiation. When the agent receives such a message, it uses the partition information contained in the Partition ID, PType, and PFlag fields to generate in turn a SYN message that it sends to the neighbor to continue adjacency negotiation.
To configure the ANCP agent to learn partition ID information from neighbors:
For example, to enable partition ID learning and force the ANCP agent to wait 45 seconds for a SYN message:
[edit protocols ancp] user@host# set gsmp-syn-wait user@host# set gsmp-syn-timeout 45
Example: Configuring an ANCP Network with Interface Sets and N:1 Static Demux VLANs over Aggregated Ethernet
This example describes how to configure an ANCP network topology that manages subscriber access for several households by grouping individual devices into interface sets, providing access and services through one dedicated C-VLAN per household, and shaping traffic on a per-household basis. In this N:1 configuration, dual-tagged VLANs are configured over a single, underlying, static VLAN demux interfaces over aggregated Ethernet.
Requirements
This example uses the following hardware and software components:
MX Series 5G Universal Routing Platform with only MPCs installed for VLAN demux support
RADIUS server
DSLAM access node
Before you begin configuring the example, be sure you have:
Thoroughly read and understood the following topics:
Configured your access node.
Configured your RADIUS server.
Overview
ANCP provides a means to configure, maintain, and monitor local access lines between access nodes (DSLAMs) and subscribers. Associated CoS configurations shape the downstream subscriber traffic. ANCP can enable more accurate traffic shaping by adjusting net data rates to discount the packet overhead of the access lines and then providing these adjusted rates to CoS.
The network topology in this example includes a dual-tagged (C-VLAN/S-VLAN) VLAN configuration over a static VLAN demux interface that is in turn configured over aggregated Ethernet for redundancy. This topology is an N:1 configuration model because—although each C-VLAN corresponds to one subscriber household—all the C-VLANs are configured over the same underlying VLAN demux interface. Multiple end-user devices in each household—or rather the dynamic PPPoE sessions established by each device—are grouped by household into interface sets. The grouping is accomplished by a separate dynamic profile configured for each C-VLAN. The ANCP agent configuration maps the ACI for the household’s access line to an interface set. CoS applies a traffic-control profile to each interface set to shape the subscriber-directed traffic on a per-household basis. The CoS shaping rate is dynamically updated based upon the DSL attributes provided by the access node for each household’s access line.
Figure 4 shows S-VLAN 103, configured on demux0, servicing the access node. C-VLANs 1, 2, and 3 each service a single household (subscriber). The respective households are identified by unique ACIs. The dynamic PPPoE sessions for devices in each household are grouped for monitoring and traffic shaping into interface sets 10301, 10302, and 10303.
Topology
Table 4 describes the configuration components used in this example.
Configuration Component or Property |
Component Name or Setting |
Description |
|---|---|---|
Dynamic profiles |
ancp-10301 ancp-10302 ancp-10303 |
Each profile defines the dynamic PPPoE session created when any of the devices for a particular subscriber household accesses the network. Each profile specifies the following:
|
Predefined variables |
$junos-interface-unit |
Instantiates the logical interface for each PPPoE session. |
$junos-underlying-interface |
Instantiates the logical underlying PPP interface on which each dynamic PPPoE logical interface is created when a subscriber logs in. |
|
Interfaces |
ae0 |
Aggregated Ethernet interface that is the underlying interface for the VLAN demux interfaces. The interface includes the following configuration:
|
demux0 |
VLAN demux interface that runs over the underlying aggregated Ethernet interface. |
|
demux0.10301 demux0.10302 demux0.10303 |
VLAN demux logical interfaces that correspond to the C-VLANs for individual subscriber households. Each logical interface includes the following configuration:
|
|
ge-1/0/1 |
Primary member link in the aggregated Ethernet bundle. |
|
ge-1/0/2 |
Backup member link in the aggregated Ethernet bundle. |
|
lo0.0 |
Loopback interface for use in the access network. The loopback interface is automatically used for unnumbered interfaces. |
|
pp0 |
PPP interface on which the PPPoE subscriber logical interfaces are created. |
|
Interface sets |
10301 10302 10303 |
Set of interfaces in which the sessions for the devices in a particular household are created. Each interface set is specified in a dynamic profile for that household. ANCP associates each interface set with an ACI and a VLAN demux logical interface (C-VLAN). CoS applies a traffic-control profile to each interface set. |
Advisory traffic rates |
downstream-rate |
Recommended rate for downstream traffic in the absence of traffic rate information from the access node. |
upstream-rate |
Recommended rate for upstream traffic in the absence of traffic rate information from the access node. |
|
Traffic-control profile |
tcp1 |
CoS profile that shapes the downstream subscriber traffic rate; in this example, shaping is adjusted for ATM packet overhead. The profile is applied to the interface sets. |
IP addresses |
203.0.113.1 |
Address of the ANCP access node that monitors the subscriber households. |
127.0.50.1/28 |
Address of the loopback interface, lo0. |
|
198.51.100.191 |
Address of the RADIUS accounting server and authentication server. |
|
Access circuit loop identifiers |
192.168.61.65/0.0.0.0 eth 1/1:7; 192.168.61.65/0.0.0.0 eth 1/2:7; 192.168.61.65/0.0.0.0 eth 1/3:7; |
Identifier for the local access circuit from the access node to the subscriber household. It identifies the household. ANCP associates each identifier with an interface set. |
The ANCP agent configuration includes the following elements:
The IP address for the access node (DSLAM) is specified as 203.0.113.1. The interval between ANCP adjacency messages sent between neighbors is set to 5 seconds.
The ANCP agent is enabled to report adjusted data rates to CoS to improve the accuracy of downstream traffic shaping. The ANCP agent adjusts the net data rates for ADSL lines by ninety percent and for ADSL2 lines by ninety-five percent.
Each interface set is associated with both the ACI unique to the subscriber household and the relevant underlying VLAN demux interface.
The RADIUS configuration on the router includes the following elements:
The IP address (198.51.100.191) for the authentication and accounting server, as well as the secret password for accessing the server.
The subscriber access profile, radius-profile, specifies that RADIUS is used for authentication.
Juniper Networks DSL VSAs are included in RADIUS request messages, but the DSL Forum VSA attributes are excluded from RADIUS messages
Accounting sessions are configured to be recognized in decimal format.
Configuration
The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode.
To configure an ANCP network with static N:1 demux VLANs to the subscriber households, perform these tasks:
- CLI Quick Configuration
- Configuring the Dynamic PPPoE Profiles
- Configuring the Static VLAN Demux Interface over Aggregated Ethernet
- Configuring Class of Service
- Configuring ANCP
- Configuring RADIUS Authentication and Accounting
CLI Quick Configuration
To quickly configure the ANCP network described in this example, copy the following commands, paste them in a text file, remove any line breaks, and then copy and paste the commands into the CLI.
# Dynamic Profiles edit dynamic-profiles ancp-10301 set interfaces interface-set 10301 interface pp0 unit "$junos-interface-unit" edit interfaces pp0 unit "$junos-interface-unit" set ppp-options chap set ppp-options pap set pppoe-options underlying-interface "$junos-underlying-interface" set keepalives interval 30 set family inet unnumbered-address lo0.0 top edit dynamic-profiles ancp-10302 set interfaces interface-set 10302 interface pp0 unit "$junos-interface-unit" edit interfaces pp0 unit "$junos-interface-unit" set ppp-options chap set ppp-options pap set pppoe-options underlying-interface "$junos-underlying-interface" set keepalives interval 30 set family inet unnumbered-address lo0.0 top edit dynamic-profiles ancp-10303 set interfaces interface-set 10303 interface pp0 unit "$junos-interface-unit" edit interfaces pp0 unit "$junos-interface-unit" set ppp-options chap set ppp-options pap set pppoe-options underlying-interface "$junos-underlying-interface" set keepalives interval 30 set family inet unnumbered-address lo0.0 top # # Aggregated Ethernet Interfaces and VLAN Demux Interfaces set interfaces ge-1/0/1 hierarchical-scheduler set interfaces ge-1/0/1 gigether-options 802.3ad ae0 set interfaces ge-1/0/1 gigether-options 802.3ad primary set interfaces ge-1/0/2 hierarchical-scheduler set interfaces ge-1/0/2 gigether-options 802.3ad ae0 set interfaces ge-1/0/2 gigether-options 802.3ad backup set interfaces ae0 hierarchical-scheduler set interfaces ae0 stacked-vlan-tagging set interfaces ae0 aggregated-ether-options link-protection set interfaces demux0 unit 10301 proxy-arp set interfaces demux0 unit 10301 vlan-tags outer 103 set interfaces demux0 unit 10301 vlan-tags inner 1 set interfaces demux0 unit 10301 demux-options underlying-interface ae0 set interfaces demux0 unit 10301 family pppoe duplicate-protection set interfaces demux0 unit 10301 family pppoe dynamic-profile ancp-10301 set interfaces demux0 unit 10301 advisory-options downstream-rate 16m set interfaces demux0 unit 10301 advisory-options upstream-rate 1m set interfaces demux0 unit 10302 proxy-arp set interfaces demux0 unit 10302 vlan-tags outer 103 set interfaces demux0 unit 10302 vlan-tags inner 2 set interfaces demux0 unit 10302 demux-options underlying-interface ae0 set interfaces demux0 unit 10302 family pppoe duplicate-protection set interfaces demux0 unit 10302 family pppoe dynamic-profile ancp-10302 set interfaces demux0 unit 10302 advisory-options downstream-rate 16m set interfaces demux0 unit 10302 advisory-options upstream-rate 1m set interfaces demux0 unit 10303 proxy-arp set interfaces demux0 unit 10303 vlan-tags outer 103 set interfaces demux0 unit 10303 vlan-tags inner 3 set interfaces demux0 unit 10303 demux-options underlying-interface ae0 set interfaces demux0 unit 10303 family pppoe duplicate-protection set interfaces demux0 unit 10303 family pppoe dynamic-profile ancp-10303 set interfaces demux0 unit 10303 advisory-options downstream-rate 16m set interfaces demux0 unit 10303 advisory-options upstream-rate 1m set interfaces lo0 unit 0 family inet address 127.0.50.1/28 top # # Class of Service edit class-of-service set traffic-control-profiles tcp1 shaping-rate 16m set traffic-control-profiles tcp1 overhead-accounting cell-mode set interfaces interface-set 10301 output-traffic-control-profile tcp1 set interfaces interface-set 10302 output-traffic-control-profile tcp1 set interfaces interface-set 10303 output-traffic-control-profile tcp1 top # # ANCP edit protocols ancp set traceoptions file ancpd set traceoptions file size 512m set traceoptions flag config set traceoptions flag cos set qos-adjust set adjacency-timer 5 set maximum-helper-restart-time 90 set qos-adjust-adsl 90 set qos-adjust-adsl2 95 set interfaces interface-set 10301 access-identifier "192.168.61.65/0.0.0.0 eth 1/1:7;" set interfaces interface-set 10302 access-identifier "192.168.61.65/0.0.0.0 eth 1/2:7;" set interfaces interface-set 10303 access-identifier "192.168.61.65/0.0.0.0 eth 1/3:7;" set interfaces interface-set 10301 underlying-interface demux0.10301 set interfaces interface-set 10302 underlying-interface demux0.10302 set interfaces interface-set 10303 underlying-interface demux0.10303 set neighbor 203.0.113.1 top # # RADIUS edit access set radius-server 198.51.100.191 secret "$ABC123$ABC123$ABC123" edit access profile radius-profile set authentication-order radius set radius authentication-server 198.51.100.191 set radius accounting-server 198.51.100.191 set radius options accounting-session-id-format decimal set radius options juniper-dsl-attributes set radius attributes exclude dsl-forum-attributes access-request set radius attributes exclude dsl-forum-attributes accounting-start set radius attributes exclude dsl-forum-attributes accounting-stop top
Configuring the Dynamic PPPoE Profiles
Step-by-Step Procedure
In this procedure, you configure a dynamic profile for each C-VLAN: ancp-10301, ancp-10302, and ancp-1033.
Configure the interface set that the PPPoE sessions on this C-VLAN are placed in.
[edit dynamic-profiles ancp-10301] user@host1# edit interfaces interface-set 10301
Configure the logical interfaces to be dynamically instantiated for the interface set.
[edit dynamic-profiles ancp-10301 interfaces interface-set 10301] user@host1# set interface pp0 unit “$junos-interface-unit”
Configure CHAP and PAP authentication as properties of the dynamic PPPoE logical interfaces.
[edit dynamic-profiles ancp-10301 interfaces pp0 unit “$junos-interface-unit”] user@host1# set ppp-options chap user@host1# set ppp-options pap
Configure the logical underlying interface on which the router creates the dynamic PPPoE logical interface; this is the interface on which the subscriber logs in.
[edit dynamic-profiles ancp-10301 interfaces pp0 unit “$junos-interface-unit”] user@host1# set pppoe-options underlying-interface “$junos-underlying-interface”
Specify the interval between successive keepalive requests.
[edit dynamic-profiles ancp-10301 interfaces pp0 unit “$junos-interface-unit”] user@host1# set keepalives interval 30
Configure the IPv4 protocol family and that the local (unnumbered) address can be derived from the loopback address for the dynamic PPPoE logical interfaces.
[edit dynamic-profiles ancp-10301 interfaces pp0 unit “$junos-interface-unit”] user@host1# set family inet unnumbered-address lo0.0
Repeat Steps 1 through 6 for the second dynamic profile, ancp-10302, and the third dynamic profile, ancp-10303.
Results
From configuration mode, confirm the dynamic profile configuration by entering the show dynamic-profiles command.
[edit]
user@host# show dynamic-profiles
ancp-10301 {
interfaces {
interface-set 10301 {
interface pp0 {
unit "$junos-interface-unit";
}
}
pp0 {
unit "$junos-interface-unit" {
ppp-options {
chap;
pap;
}
pppoe-options {
underlying-interface "$junos-underlying-interface";
}
keepalives interval 30;
family inet {
unnumbered-address lo0.0;
}
}
}
}
}
ancp-10302 {
interfaces {
interface-set 10302 {
interface pp0 {
unit "$junos-interface-unit";
}
}
pp0 {
unit "$junos-interface-unit" {
ppp-options {
chap;
pap;
}
pppoe-options {
underlying-interface "$junos-underlying-interface";
}
keepalives interval 30;
family inet {
unnumbered-address lo0.0;
}
}
}
}
}
ancp-10303 {
interfaces {
interface-set 10303 {
interface pp0 {
unit "$junos-interface-unit";
}
}
pp0 {
unit "$junos-interface-unit" {
ppp-options {
chap;
pap;
}
pppoe-options {
underlying-interface "$junos-underlying-interface";
}
keepalives interval 30;
family inet {
unnumbered-address lo0.0;
}
}
}
}
}
When you are done configuring the device, enter commit from configuration mode.
Configuring the Static VLAN Demux Interface over Aggregated Ethernet
Step-by-Step Procedure
Enable hierarchical scheduling on this interface.
[edit interfaces ge-1/0/1] user@host1# set hierarchical-scheduler
Specify this interface as the primary member of the aggregated Ethernet bundle.
[edit interfaces ge-1/0/1] user@host1# set gigether-options 802.3ad ae0 primary
Enable hierarchical scheduling on a second interface.
[edit interfaces ge-1/0/2] user@host1# set hierarchical-scheduler
Specify this interface as the backup member of the aggregated Ethernet bundle.
[edit interfaces ge-1/0/2] user@host1# set gigether-options 802.3ad ae0 backup
Enable hierarchical scheduling on the aggregated Ethernet interface.
[edit interfaces ae0] user@host1# set hierarchical-scheduler
Enable stacked VLAN tagging for all logical interfaces on the aggregated Ethernet interface.
[edit interfaces ae0] user@host1# set stacked-vlan-tagging
Enable link protection as a property of the aggregated Ethernet interface.
[edit interfaces ae0] user@host1# set aggregated-ether-options link-protection
Configure VLAN demux interface demux0.10301.
Configure the router to respond to ARP requests on the interface.
[edit interfaces demux0 unit 10301] user@host1# set proxy-arp
Configure the outer VLAN tag to identify the access node (S-VLAN) and the inner VLAN tag to identify the subscriber port on the access node (C-VLAN).
[edit interfaces demux0 unit 10301] user@host1# set vlan tags outer 103 inner 1
Specify that the VLAN demux interface runs on the underlying aggregated Ethernet interface.
[edit interfaces demux0 unit 10301] user@host1# set demux-options underlying-interface ae0
Prevent multiple PPPoE sessions from being created for the same PPPoE subscriber on this VLAN demux interface.
[edit interfaces demux0 unit 10301] user@host1# set family pppoe duplicate-protection
Configure the dynamic profile that is instantiated on the VLAN demux interface.
[edit interfaces demux0 unit 10301] user@host1# set family pppoe dynamic-profile ancp-10301
Configure the recommended upstream and downstream traffic rates.
[edit interfaces demux0 unit 10301] user@host1# set advisory-options upstream-rate 1m user@host1# set advisory-options downstream-rate 16m
Configure VLAN demux interface demux0.10302.
Configure the router to respond to ARP requests on the interface.
[edit interfaces demux0 unit 10302] user@host1# set proxy-arp
Configure the outer VLAN tag to identify the access node (S-VLAN) and the inner VLAN tag to identify the subscriber port on the access node (C-VLAN).
[edit interfaces demux0 unit 10302] user@host1# set vlan tags outer 103 inner 2
Specify that the VLAN demux interface runs on the underlying aggregated Ethernet interface.
[edit interfaces demux0 unit 10302] user@host1# set demux-options underlying-interface ae0
Prevent multiple PPPoE sessions from being created for the same PPPoE subscriber on this VLAN demux interface.
[edit interfaces demux0 unit 10302] user@host1# set family pppoe duplicate-protection
Configure the dynamic profile that is instantiated on the VLAN demux interface.
[edit interfaces demux0 unit 10302] user@host1# set family pppoe dynamic-profile ancp-10302
Configure the recommended upstream and downstream traffic rates.
[edit interfaces demux0 unit 10302] user@host1# set advisory-options upstream-rate 1m user@host1# set advisory-options downstream-rate 16m
Configure VLAN demux interface demux0.10303.
Configure the router to respond to ARP requests on the interface.
[edit interfaces demux0 unit 10303] user@host1# set proxy-arp
Configure the outer VLAN tag to identify the access node (S-VLAN) and the inner VLAN tag to identify the subscriber port on the access node (C-VLAN).
[edit interfaces demux0 unit 10303] user@host1# set vlan tags outer 103 inner 3
Specify that the VLAN demux interface runs on the underlying aggregated Ethernet interface.
[edit interfaces demux0 unit 10303] user@host1# set demux-options underlying-interface ae0
Prevent multiple PPPoE sessions from being created for the same PPPoE subscriber on this VLAN demux interface.
[edit interfaces demux0 unit 10303] user@host1# set family pppoe duplicate-protection
Configure the dynamic profile that is instantiated on the VLAN demux interface.
[edit interfaces demux0 unit 10303] user@host1# set family pppoe dynamic-profile ancp-10303
Configure the recommended upstream and downstream traffic rates.
[edit interfaces demux0 unit 10303] user@host1# set advisory-options upstream-rate 1m user@host1# set advisory-options downstream-rate 16m
Configure the IPv4 protocol family and the address of the loopback interface.
[edit interfaces lo0] user@host1# set unit 0 family inet address 127.0.50.1/28
Results
From configuration mode, confirm the static VLAN demux configuration by entering the show interfaces command.
[edit]
user@host# show interfaces
ge-1/0/1 {
hierarchical-scheduler;
gigether-options {
802.3ad {
ae0;
primary;
}
}
}
ge-1/0/2 {
hierarchical-scheduler;
gigether-options {
802.3ad {
ae0;
backup;
}
}
}
ae0 {
hierarchical-scheduler;
stacked-vlan-tagging;
aggregated-ether-options {
link-protection;
}
}
demux0 {
unit 10301 {
proxy-arp;
vlan-tags outer 103 inner 1;
demux-options {
underlying-interface ae0;
}
family pppoe {
duplicate-protection;
dynamic-profile ancp-10301;
}
advisory-options {
downstream-rate 16m;
upstream-rate 1m;
}
}
unit 10302 {
proxy-arp;
vlan-tags outer 103 inner 2;
demux-options {
underlying-interface ae0;
}
family pppoe {
duplicate-protection;
dynamic-profile ancp-10302;
}
advisory-options {
downstream-rate 16m;
upstream-rate 1m;
}
}
unit 10303 {
proxy-arp;
vlan-tags outer 103 inner 3;
demux-options {
underlying-interface ae0;
}
family pppoe {
duplicate-protection;
dynamic-profile ancp-10303;
}
advisory-options {
downstream-rate 16m;
upstream-rate 1m;
}
}
lo0 {
unit 0 {
family inet {
address 127.0.50.1/28
}
}
}
}
When you are done configuring the device, enter commit from configuration mode.
Configuring Class of Service
Step-by-Step Procedure
Configure the traffic-control profile with the shaping rate and specify the overhead accounting mode to account for ATM cell encapsulation.
[edit class-of-service] user@host1# set traffic-control-profiles tcp1 shaping-rate 16m user@host1# set traffic-control-profiles tcp1 overhead-accounting cell-mode
Apply the traffic-control profile to the interface sets.
[edit class-of-service] user@host1# set interfaces interface-set 10301 output-traffic-control-profile tcp1 user@host1# set interfaces interface-set 10302 output-traffic-control-profile tcp1 user@host1# set interfaces interface-set 10303 output-traffic-control-profile tcp1
Results
From configuration mode, confirm the class of service configuration by entering the show class-of-service command.
[edit]
user@host# show class-of-service
traffic-control-profiles {
tcp1 {
shaping-rate 16m;
overhead-accounting cell-mode;
}
}
interfaces {
interface-set 10301 {
output-traffic-control-profile tcp1;
}
interface-set 10302 {
output-traffic-control-profile tcp1;
}
interface-set 10303 {
output-traffic-control-profile tcp1;
}
}
When you are done configuring the device, enter commit from configuration mode.
Configuring ANCP
Step-by-Step Procedure
Configure the access node address.
[edit protocols ancp] user@host1# set neighbor 203.0.113.1
Configure the ANCP agent to report adjusted downstream traffic rates to CoS.
[edit protocols ancp] user@host1# set qos-adjust
Specify an overhead adjustment of the traffic on ADSL and ADSL2 lines to 90 percent and 95 percent, respectively, of the net data rate.
[edit protocols ancp] user@host1# set qos-adjust-adsl 90 user@host1# set qos-adjust-adsl2 95
Specify an interval of 5 seconds between adjacency messages sent to all ANCP neighbors.
[edit protocols ancp] user@host1# set adjacency-timer 5
Associate the ACI with the interface sets for each C-VLAN.
[edit protocols ancp] user@host1# set interfaces interface-set 10301 access-identifier "192.168.61.65/0.0.0.0 eth 1/1:7;" user@host1# set interfaces interface-set 10302 access-identifier "192.168.61.65/0.0.0.0 eth 1/2:7;" user@host1# set interfaces interface-set 10303 access-identifier "192.168.61.65/0.0.0.0 eth 1/3:7;"
Specify the underlying interface for the interface sets.
[edit protocols ancp] user@host1# set interfaces interface-set 10301 underlying-interface demux0.10301 user@host1# set interfaces interface-set 10302 underlying-interface demux0.10302 user@host1# set interfaces interface-set 10303 underlying-interface demux0.10303
Configure the size of the ANCP trace log files.
[edit protocols ancp traceoptions] user@host1# set file ancpd size 512m
Configure flags for tracing ANCP configuration and CoS operations.
[edit protocols ancp traceoptions] user@host1# set flag config user@host1# set flag cos
Results
From configuration mode, confirm the ANCP agent configuration by entering the show ancp command.
[edit]
user@host# show ancp
traceoptions {
file ancpd size 512m;
flag config;
flag cos;
}
qos-adjust;
adjacency-timer 5;
qos-adjust-adsl 90;
qos-adjust-adsl2 95;
interfaces {
interface-set {
10301 {
access-identifier "192.168.61.65/0.0.0.0 eth 1/1:7;";
underlying-interface demux0.10301;
}
10302 {
access-identifier "192.168.61.65/0.0.0.0 eth 1/2:7;";
underlying-interface demux0.10302;
}
10303 {
access-identifier "192.168.61.65/0.0.0.0 eth 1/3:7;";
underlying-interface demux0.10303;
}
}
}
neighbor 203.0.113.1;
When you are done configuring the device, enter commit from configuration mode.
Configuring RADIUS Authentication and Accounting
Step-by-Step Procedure
Configure the password for the RADIUS server.
[edit access] user@host1# set radius-server 198.51.100.191 secret "$ABC123$ABC123$ABC123"
Specify that RADIUS is used to authenticate subscribers.
[edit access] user@host1# set profile radius-profile authentication-order radius
Configure the RADIUS authentication and accounting server.
[edit access] user@host1# set profile radius-profile radius authentication-server 198.51.100.191 user@host1# set profile radius-profile radius accounting-server 198.51.100.191
Configure options for the RADIUS server: The format used to identify the accounting session and that Juniper Networks DSL VSAs are added to RADIUS request messages.
[edit access] user@host1# set profile radius-profile radius options accounting-session-id-format decimal user@host1# set profile radius-profile radius options juniper-dsl-attributes
Exclude DSL Forum VSA attributes from being included in RADIUS messages.
[edit access] user@host1# set profile radius-profile radius attribute exclude dsl-forum-attributes access-request user@host1# set profile radius-profile radius attribute exclude dsl-forum-attributes accounting-start user@host1# set profile radius-profile radius attribute exclude dsl-forum-attributes accounting-stop
Results
From configuration mode, confirm the RADIUS configuration by entering the show access command.
[edit]
user@host# show access
radius-server {
198.51.100.191 secret "$ABC123$ABC123$ABC123"; ## SECRET-DATA
}
profile radius-profile {
radius {
authentication-server 198.51.100.191;
accounting-server 198.51.100.191;
options {
accounting-session-id-format decimal;
juniper-dsl-attributes;
}
attributes {
exclude {
dsl-forum-attributes [ access-request accounting-start accounting-stop ];
}
}
}
}
When you are done configuring the device, enter commit from configuration mode.
Verification
To confirm that the configuration is working properly, perform these tasks:
- Verifying the Aggregated Ethernet Interface Configuration
- Verifying the Traffic Scheduling and Shaping Parameters for the Interface Set
- Verifying the demux0 Interface Configuration
- Verifying the pp0 Interface Configuration
- Verifying the ANCP Agent Configuration
Verifying the Aggregated Ethernet Interface Configuration
Purpose
Verify that the interface values match your configuration, the link is up, and traffic is flowing.
Action
From operational mode, enter the show interfaces redundancy command.
user@host> show interfaces redundancy Interface State Last change Primary Secondary Current status ae0 On primary ge-1/0/1 ge-1/0/2 both up
From operational mode, enter the show interfaces ae0 command.
user@host> show interfaces ae0
Physical interface: ae0, Enabled, Physical link is Up
Interface index: 128, SNMP ifIndex: 606
Link-level type: Ethernet, MTU: 1522, Speed: 1Gbps, BPDU Error: None,
MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled,
Flow control: Disabled, Minimum links needed: 1, Minimum bandwidth needed: 0
Device flags : Present Running
Interface flags: SNMP-Traps Internal: 0x4000
Current address: 00:00:5E:00:53:c0, Hardware address: 00:00:5E:00:53:c0
Last flapped : 2012-03-11 13:24:18 PST (2d 03:34 ago)
Input rate : 1984 bps (2 pps)
Output rate : 0 bps (0 pps)
Logical interface ae0.32767 (Index 69) (SNMP ifIndex 709)
Flags: SNMP-Traps 0x4004000 VLAN-Tag [ 0x0000.0 ] Encapsulation: ENET2
Statistics Packets pps Bytes bps
Bundle:
Input : 371259 2 46036116 1984
Output: 0 0 0 0
Protocol multiservice, MTU: Unlimited
Flags: Is-PrimaryMeaning
The show interfaces redundancy output shows the redundant link configuration and that both link interfaces are up. The show interfaces ae0 output shows that the aggregated Ethernet interface is up and that traffic is being received on the logical interface.
Verifying the Traffic Scheduling and Shaping Parameters for the Interface Set
Purpose
Verify that the traffic scheduling and shaping parameters are configured and applied properly.
Action
user@host> show class-of-service
Verifying the demux0 Interface Configuration
Purpose
Verify that the VLAN demux interface displays the configured PPPoE family attributes and the member links in the aggregated Ethernet bundle.
Action
From operational mode, enter the show interfaces demux0 command for each VLAN.
user@host> show interfaces demux0.10301
Logical interface demux0.10301 (Index 76) (SNMP ifIndex 61160)
Flags: SNMP-Traps 0x4000 VLAN-Tag [ 0x8100.100 ]
Encapsulation: ENET2
Demux:
Underlying interface: ae0 (Index 199)
Link:
ge-1/0/1
ge-1/0/2
Input packets : 2
Output packets: 18575
Protocol pppoe
Dynamic Profile: ancp-10301,
Service Name Table: None,
Max Sessions: 16000, Duplicate Protection: On,
AC Name: pppoe-server-1Alternatively, you can enter show pppoe underlying-interfaces detail to display the state and PPPoE family configuration for all configured underlying interfaces.
Meaning
The output shows the name of the underlying interface, the member links of the aggregated bundle, and the PPPoE family configuration. The output shows packet counts when traffic is present on the logical interface.
Verifying the pp0 Interface Configuration
Purpose
Verify that the interface values match your configuration.
Action
From operational mode, enter the show interfaces pp0 command.
user@host> show interfaces pp0.100
Logical interface pp0.100 (Index 71) (SNMP ifIndex 710)
Flags: Point-To-Point SNMP-Traps 0x4000 Encapsulation: PPPoE
PPPoE:
State: SessionUp, Session ID: 1,
Session AC name: pppoe-server-1, Remote MAC address: 00:00:5E:00:53:34,
Underlying interface: demux0.10301 (Index 70)
Link:
ge-5/0/3.32767
ge-5/1/2.32767
Input packets : 18572
Output packets: 18572
Keepalive settings: Interval 10 seconds, Up-count 1, Down-count 3
Keepalive: Input: 0 (never), Output: 18566 (00:00:02 ago)
LCP state: Opened
NCP state: inet: Opened, inet6: Not-configured, iso: Not-configured, mpls:
Not-configured
CHAP state: Closed
PAP state: Success
Protocol inet, MTU: 1500
Flags: Sendbcast-pkt-to-re
Addresses, Flags: Is-Primary
Local: 203.0.113.45Meaning
This output shows information about the PPPoE logical interface created on the underlying VLAN demux interface. The output includes the PPPoE family and aggregated Ethernet redundant link information, and shows input and output traffic for the PPPoE interface.
Verifying the ANCP Agent Configuration
Purpose
Verify that the ANCP values match your configuration and that traffic is flowing.
Action
From operational mode, enter the show ancp subscriber command.
user@host> show ancp subscriber detail Interface State Last change Primary Secondary Current status ae0 On primary ge-1/0/1 ge-1/0/2 both up
From operational mode, enter the show ancp cos command.
user@host> show ancp cos Qos Adjust Flag: TRUE Keepalive Timer: 30 secs Cos State: WRITE_READY Connect Time: Mon Mar 19 15:03:01 2012 Session Time: Mon Mar 19 15:03:13 2012 Routing Instance Time: Mon Mar 19 15:03:14 2012 Keepalive Time: Not Set Rate Update Time: Mon Mar 19 15:03:15 2012 Type Name Index Pending Update Last Update iflset 10301 1 None 64 Kbps iflset 10302 2 None 64 Kbps iflset 10303 71 None 64 Kbps
Meaning
The show ancp subscriber output shows subscriber line information such as state and the various traffic rates collected by the ANCP agent—displayed for each subscriber as identified by the ACI. The show ancp cos output shows that the ANCP agent is configured to send adjusted rate data to CoS, that keepalives are configured for a 30-second interval, and that the interface sets 10301, 10302, and 10303 are configured and their traffic rates are updating