- play_arrow AAA for Subscriber Management
- play_arrow AAA for Subscriber Management
- play_arrow RADIUS for Subscriber Management
- RADIUS Servers and Parameters for Subscriber Access
- Storage and Reporting of Interface Descriptions to Uniquely Identify Subscribers
- Session Options for Subscriber Access
- RADIUS NAS Port Attributes and Options
- RADIUS Logical Line Identification
- RADIUS Authentication and Accounting Basic Configuration
- RADIUS Reauthentication As an Alternative to RADIUS CoA for DHCP Subscribers
- Configuring RADIUS Reauthentication for DHCP Subscribers
- RADIUS Accounting for Subscriber Access
- Verifying and Managing Subscriber AAA Information
- Session Termination Causes and RADIUS Termination Cause Codes
- AAA Termination Causes and Code Values
- DHCP Termination Causes and Code Values
- L2TP Termination Causes and Code Values
- PPP Termination Causes and Code Values
- VLAN Termination Causes and Code Values
- play_arrow Domain Maps for Subscriber Management
- play_arrow Testing and Troubleshooting AAA
- play_arrow RADIUS Dictionary Files
- Junos OS Release 15.1 Subscriber Management RADIUS Dictionary [DCT]
- Junos OS Release 16.1 Subscriber Management RADIUS Dictionary [DCT]
- Junos OS Release 16.2 Subscriber Management RADIUS Dictionary [DCT]
- Junos OS Release 17.1 Subscriber Management RADIUS Dictionary [DCT]
- Junos OS Release 17.4 Subscriber Management RADIUS Dictionary [DCT]
- Junos OS Release 18.2 Subscriber Management RADIUS Dictionary [DCT]
- Junos OS Release 18.4 Subscriber Management RADIUS Dictionary [DCT]
-
- play_arrow IPv6 for Subscriber Management
- play_arrow IPv6 for Subscriber Management
- Introduction to IPv6 Addresses
- Migration to IPv6 Using IPv4 and IPv6 Dual Stack
- IPv6 WAN Link Addressing with NDRA
- IPv6 WAN Link Addressing with DHCPv6 IA_NA
- Subscriber LAN Addressing with DHCPv6 Prefix Delegation
- WAN and LAN Addressing Using DHCPv6 IA_NA and DHCPv6 Prefix Delegation
- Designs for IPv6 Addressing in a Subscriber Access Network
- Dual-Stack Access Models in a DHCP Network
- Dual-Stack Access Models in a PPPoE Network
- Best Practices for Configuring IPv4 and IPv6 Dual Stack in a PPPoE Access Network
- Dual Stack for PPPoE Access Networks Using DHCP
- Dual Stack for PPPoE Access Networks Using NDRA
- IP Demultiplexing Interfaces on Packet-Triggered Subscriber Services
- Conservation of IPv4 Addresses for Dual-Stack PPP Subscribers Using On-Demand IPv4 Address Allocation
- Dual Stack Subscribers Monitoring and Management
-
- play_arrow DHCPv6 for Subscriber Management
- play_arrow Packet Triggered Subscriber Services
- play_arrow Packet Triggered Subscriber Services
-
- play_arrow Address-Assignment Pools for Subscriber Management
- play_arrow Address-Assignment Pools for Subscriber Management
-
- play_arrow DNS Addresses for Subscriber Management
- play_arrow DNS Addresses for Subscriber Management
-
- play_arrow M:N Subscriber Redundancy
- play_arrow Access Node Control Protocol and the ANCP Agent for Subscriber Services
- play_arrow Access Node Control Protocol and the ANCP Agent for Subscriber Services
-
- play_arrow Diameter Base Protocol and its Applications
- play_arrow Diameter Base Protocol and its Applications
- Diameter Base Protocol
- Gx-Plus for Provisioning Subscribers
- 3GPP Policy and Charging Control for Wireline Provisioning and Accounting
- NASREQ for Authentication and Authorization
- JSRC for Subscriber Provisioning and Accounting
- JSRC and Subscribers on Static Interfaces
- Monitoring and Management Diameter Information
- Tracing Diameter Base Protocol Events for Troubleshooting
- Troubleshooting Diameter Networks
- Monitoring and Managing Static Subscriber Information
- Tracing Static Subscriber Events for Troubleshooting
-
- play_arrow Configuration Statements and Operational Commands
DHCP Lease Times for IP Addresses
DHCP Lease Timers
Subscriber management supports configurable timers that you can use to manage the DHCPv4 and DHCPv6 address leases provided by address-assignment pools. In addition to the maximum-lease-time timer, which sets the maximum time for which the DHCP local server can grant a lease, you can use DHCP client-specific attributes to configure timers that govern the lifetimes of existing leases that have been obtained from an address-assignment pool. Starting in Junos OS Release 17.2R1, this feature is supported for both DHCPv4 and DHCPv6; in earlier releases, only DHCPv6 is supported.
The following list describes the configurable timers for DHCPv4 and DHCPv6 address-assignment pools:
preferred-lifetime—Length of time that a valid address is in the preferred state and can be used without any restrictions. When the preferred-lifetime expires, the address becomes deprecated. A deprecated address should not be used for new communications, but might continue to be used for existing communications in certain cases.
If the valid-lifetime is also configured, the preferred-lifetime must be less than the valid-lifetime. The preferred-lifetime and the maximum-lease-time are mutually exclusive and cannot both be configured.
valid-lifetime—Length of time that an address remains in the valid state, during which the address can be used for new or existing communications. When the valid-lifetime expires, the address becomes invalid, and can no longer be used.
If the preferred-lifetime is also configured, the valid-lifetime must be greater than the preferred-lifetime. The valid-lifetime and the maximum-lease-time are mutually exclusive and cannot both be configured.
t1 percentage—Percentage of the
preferred-lifetime
that the client waits before contacting the DHCP local server that originally granted the lease to request that the address lease be extended. T1 is also called the renewal time.t1-renewal-time—Time in seconds that the client waits before contacting the DHCP local server that originally granted the lease to request that the address lease be extended. T1 is also called the renewal time.
t2 percentage—Percentage of the
preferred-lifetime
that the client waits before sending a request to any available DHCP local server to extend the address lease. T2 is also called the rebind time.t2-rebinding-time—Time in seconds that the client waits before broadcasting a request to all available DHCP local servers to request that the address lease be extended. T2 is also called the rebind time.
Benefits of Configuring DHCP Timers in Address Pools
Using address pools to configure values for these timers gives you fine-grained control over which clients get specific values.
DHCP Lease-Time Validation Overview
In a subscriber access environment, a DHCP server obtains an address lease from either local configuration or from an external DHCP server, and assigns the lease to the DHCP client address.
Obtaining leases from external sources can present issues when the external source is owned or managed by a third party—the third party might configure the external source to provide address leases that are unsuitable for the subscriber access environment. For example, extremely short lease times can create unnecessary traffic that results in reduced performance in the network.
To avoid potential issues caused by short DHCP lease times, subscriber management provides a lease-time validation feature. Lease-time validation enables you to explicitly configure a threshold for the minimum lease time allowed in your subscriber access environment, and to specify a violation action (such as dropping the lease offer) the router takes when a short lease time is offered by a third party. You can specify the following violation actions:
drop
—(DHCPv4 and DHCPv6 relay agent) The third-party lease offer is dropped and the client binding fails.override-lease
—(DHCPv4 and DHCPv6 local server) The third-party lease time is overridden by the specified threshold value.strict
—(DHCPv4 and DHCPv6 local server) The third-party lease is ignored and the client binding fails.no action—If you do not specify a violation action, DHCP binds the client using the third-party lease but marks the binding as lease-time violating.
A lease-time violation can occur during the initial lease grant or during a rebinding or renewal operation. To reduce excessive and redundant log messages, the router consolidates lease-time violation reporting, as shown in Table 1.
Event | syslog | Extended DHCP Traceoptions |
---|---|---|
Initial lease-time violation for the specific DHCP server | warning | warning |
Number of lease-time violations return to zero for the specific DHCP server | warning | warning |
Status of lease-time violations caused by specific DHCP
server, reported in the interval configured in | warning | – |
Violation action of | – | warning |
Violation action of | – | warning |
Lease-time violation | – | warning |
Benefits of DHCP Lease Time Validation
Enables you to avoid unnecessary traffic that can reduce performance when third-party DHCP leases are too short by configuring a minimum allowed lease time and actions taken for invalid leases.
Configuring a DHCP Lease-Time Threshold
Starting in Junos OS Release 14.1, subscriber management provides a lease-time validation feature that enables you to specify the minimum DHCP lease time allowed in your subscriber access environment. When you configure lease-time validation, you specify the lease-time threshold and the action the router performs when an offered lease time is less than the threshold (such as dropping the lease).
Lease-time validation ensures that leases that are offered by third-party DHCP servers or address assignment pools always meet the requirements of your network. For example, you want short leases to be rejected because they can result in excessive renewal traffic that can impact network performance.
You can configure lease-time validation on DHCPv4 and DHCPv6 local servers, and DHCPv4 and DHCPv6 relay agents, and for individual interfaces or interface groups. DHCP relay proxy also supports lease-time validation.
The following procedure describes the steps you use to configure lease-time validation. This example describes a configuration for DHCP relay agent. You use similar steps at the appropriate hierarchy levels for DHCP local server, DHCPv6 local server, and DHCPv6 relay agent.
To configure lease time validation for DHCP relay agent:
DHCP Asymmetric Leasing Overview
Starting in Junos OS Release 17.1R1, asymmetric leasing provides a way to send a DHCP client a lease that is shorter than the actual lease granted by the DHCP local server. In some networks, you might need to change an existing DHCP address assignment before the granted lease time has expired, or learn as soon as possible that a client is no longer using an address. The shorter lease is called the asymmetric lease or the short lease. The originally granted lease is called the long lease or simply, the lease.
You can configure asymmetric leasing on either the DHCP relay agent or the DHCP local server. In a typical configuration, you configure it on the relay agent. When the DHCP local server receives a discover packet from a DHCP client, it returns an offer packet to the client. The client selects a local server and requests an address assignment. The DHCP local server sends an acknowledgment packet containing the address, lease duration and other information to the client. Rather than forwarding this packet, the relay agent saves the lease information and then generates a new acknowledgment packet with a short lease and forwards that to the client.
When the DHCP client makes a subsequent request for lease renewal, the relay agent does not pass the request to the local server. Instead, the relay agent recreates the short lease from the saved information and returns it to the client in an acknowledgment packet. The relay agent continues to renew the short leases for the client until the long lease renew time expires. By default, the long lease renew time is equal to one-half the duration of the long lease.
When the long lease renew time expires, the asymmetric lease is no longer valid. Subsequent renewal requests from the client are forwarded by the relay agent to the local server. If the local server acknowledges the request, it renews the long lease and the process begins again, with the relay agent generating a short lease for the client instead of sending the long lease. Otherwise, the lease is not renewed.
With asymmetric leasing, there is also a renew time for the short lease. The client sends renewal requests to the relay agent at intervals equal to the short lease renew time. By default, this period is equal to one-half the short lease duration. If the DHCP client does not request renewal of the lease before the short lease time expires, the relay agent notifies the local server that the lease is no longer in use and the address can be reassigned.
Benefits of Asymmetric DHCP Lease Timing
Allows the early renewal of DHCP client leases without requiring device support for a forced renewal. Because the lease can be administratively rescinded on the DHCP local server or DHCP relay agent, the next short-duration lease refresh cycle can trigger a full renegotiation of the client lease. This capability reduces the number of devices that must be managed to trigger a new address allocation cycle.
Enables early detection of inactive client leases. The asymmetric lease includes an upstream notification from the DHCP client back to the lease grantor, effectively providing a liveness detection that enables unused addresses to be reclaimed sooner. Because this mechanism is all within DHCP, the service provider does not have to rely on the set of devices involved in address allocation to be configured with other protocols that support some kind of liveness detection, such as bidirectional forwarding detection (BFD).
Configuring DHCP Asymmetric Leasing
You can configure asymmetric leasing to provide a DHCP or DHCPv6 client with a lease that is shorter than the lease granted by the DHCP local server. The shorter lease duration means that the client must renew the lease more frequently. When it does not renew the lease, the address is freed up sooner than when the client uses the original long lease. You configure asymmetric leasing by overriding the DHCP configuration at the global level, for a named group of interfaces, or for a specific interface within a named group.
For simplicity, the procedures in this topic show only the global-level configuration. For information about overriding the DHCP configuration at other levels, see Overriding the Default DHCP Relay Configuration Settings and Overriding the Default DHCP Local Server Configuration Settings.
You can configure asymmetric leasing on either the DHCP relay agent or the DHCP local server. For most networks, the relay agent configuration is more useful.
To configure asymmetric leasing for DHCP relay agent for DHCPv4:
To configure asymmetric leasing for DHCP relay agent for DHCPv6:
Specify that you want to configure override options.
content_copy zoom_out_map[edit forwarding-options dhcp-relay dhcpv6] user@host# edit overrides
Configure the duration of the short (asymmetric) lease for DHCPv4 clients and separately for DHCPv6 clients.
content_copy zoom_out_map[edit forwarding-options dhcp-relay dhcpv6 overrides] user@host# set asymmetric-lease-time seconds user@host# set asymmetric-prefix-lease-time seconds
To configure asymmetric leasing for DHCP local server for DHCPv4:
Specify that you want to configure override options.
content_copy zoom_out_map[edit system services dhcp-local-server] user@host# edit overrides
Configure the duration of the short (asymmetric) lease.
content_copy zoom_out_map[edit system services dhcp-local-server overrides] user@host# set asymmetric-lease-time seconds
To configure asymmetric leasing for DHCP local server for DHCPv6:
Specify that you want to configure override options.
content_copy zoom_out_map[edit system services dhcp-local-server dhcpv6] user@host# edit overrides
Configure the duration of the short (asymmetric) lease for DHCPv4 clients and separately for DHCPv6 clients.
content_copy zoom_out_map[edit system services dhcp-local-server dhcpv6 overrides] user@host# set asymmetric-lease-time seconds user@host# set asymmetric-prefix-lease-time seconds
Change History Table
Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.