Juniper Broadband Subscriber Access Protocols User Manual

Junos® OS

Broadband Subscriber Access Protocols

User Guide

Published

2021-03-10

ii

Juniper Networks, Inc. 1133 nn v n Way Sunnyvale, California 94089 USA

408-745-2000 www.juniper.net

Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their r s c v owners.

Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right

to change, modify, transfer, or otherwise revise this b c		n without n c
Junos® OS Broadband Subscriber Access Protocols User Guide
Copyright © 2021 Juniper Networks, Inc. All rights reserved.
The n rm	n in this document is current as of the date on the		page.

YEAR 2000 NOTICE

Juniper Networks hardware and s ftw r products are Year 2000 compliant. Junos OS has no known m r

m ns through the year 2038. However, the NTP c n is known to have some c y in the year 2036.

END USER LICENSE AGREEMENT

The Juniper Networks product that is the subject of this technical						c m n	n consists of (or is intended for use
with) Juniper Networks s ftw r	Use of such s		ftw r	is subject to the terms and c n				ns of the End User License
Agreement ("EULA") posted at	s s	r	n r n	s	r	. By downloading, installing or using such
s ftw r you agree to the terms and c n		ns of that EULA.

iii

Table of Contents

About This Guide | xxii

1Broadband Subscriber Access Network Overview

Broadband Subscriber Access Network Overview | 2

Subscriber Access Network Overview | 2

Ms rv c Access Node Overview | 3

Ethernet MSAN	r	n	ns | 5
LDP Pseudowire Autosensing Overview | 7

Layer 2 Services on Pseudowire Service Interface Overview | 10

Broadband Access Service Delivery	ns | 19
Broadband Delivery and FTTx | 21

Understanding BNG Support for Cascading DSLAM Deployments Over Bonded DSL Channels | 22

c n of Backhaul Line n rs and	n r n of Intermediate Node Interface
Sets | 26

High Availability for Subscriber Access Networks | 30

nISSU for High Availability in Subscriber Access Networks | 31

	Verifying and Monitoring Subscriber Management			n	ISSU State | 32
	Graceful R		n Engine Switchover for Subscriber Access Networks | 33
	Minimize		r c Loss Due to Stale Route Removal	ft r a Graceful R		n Engine Switchover | 34
Routes for DHCP and PPP Subscriber Access Networks | 36
	Access and Access-Internal Routes for Subscriber Management | 36
	C n	r n	Dynamic Access Routes for Subscriber Management | 37
	C n	r n	Dynamic Access-Internal Routes for DHCP and PPP Subscribers | 39
	Suppressing DHCP Access, Access-Internal, and			s n	n Routes | 40
	r v n	n	DHCP from Installing Access, Access-Internal, and s n			n Routes by Default | 41

iv

	Verifying the C	n	r	n of Access and Access-Internal Routes for DHCP and PPP
	Subscribers | 42
Subscribers with		n	c	Framed Routes | 44

2DHCP Subscriber Access Networks

DHCP Subscriber Access Networks Overview | 47

	DHCP and Subscriber Management Overview | 47
	Subscriber Access					r	n Flow Using DHCP Relay | 49
		n n	Various Levels of Services for DHCP Subscribers | 50
	Example: C			n	r n	a Tiered Service r		for Subscriber Access | 51
DHCP Snooping for Network Security | 55
	DHCP Snooping Support | 55
	C n		r n	DHCP Snooped Packets Forwarding Support for DHCP Local Server | 57
	Enabling and Disabling DHCP Snooped Packets Support for DHCP Relay Agent | 59
	C n		r n	DHCP Snooped Packets Forwarding Support for DHCP Relay Agent | 66
	Disabling DHCP Snooping Filters | 69
	Example: C n				r n	DHCP Snooping Support for DHCP Relay Agent | 71
		Requirements | 71
		Overview | 71
		C n		r	n | 71
	Example: Enabling DHCP Snooping Support for DHCPv6 Relay Agent | 74
		Requirements | 74
		Overview | 75
		C n		r	n | 75
		V r	c		n | 78
	r v n n			DHCP S		n	| 80

DHCPv4 Duplicate Client Management | 81

DHCPv4 Duplicate Client In Subnet Overview | 82

Guidelines for C n r n Support for DHCPv4 Duplicate Clients | 82

v

	C n	r n	the Router to	s	n	s Between DHCPv4 Duplicate Clients Based on	n 82
	n	rm	n | 83
	C n	r n	the Router to	s	n	s Between DHCPv4 Duplicate Clients Based on Their
	Incoming Interfaces | 85
DHCPv6 Duplicate Client Management | 87
	DHCPv6 Duplicate Client DUIDs | 87
	C n	r n	the Router to Use Underlying Interfaces to s n s Between DHCPv6 Duplicate
	Client DUIDs | 88

3PPP Subscriber Access Networks

PPP Subscriber Access Networks Overview | 92

Dynamic

r

s for PPP Subscriber Interfaces Overview | 92

Understanding How the Router Processes S bscr b r

n

PPP Fast Keepalive Requests | 93

RADIUS-Sourced C nn c

n Status Updates to CPE Devices | 96

C n

r n

Dynamic r

s for PPP | 101

r v n

n

the V

n of PPP Magic Numbers During PPP Keepalive Exchanges | 102

How to C n

r RADIUS-Sourced C nn c

n Status Updates to CPE Devices | 104

c

n

Dynamic

r

s to S

c PPP Subscriber Interfaces | 105

M

r

n

S

c PPP Subscriber C n

r

ns to Dynamic

r

s Overview | 105

C

n

r n

Local

n

c

n in Dynamic

r

s for S

c Terminated IPv4 PPP

Subscribers | 107

C

n

r n

Tag2

r b

s in Dynamic

r

s for S

c Terminated IPv4 PPP Subscribers | 109

C n

r n

Dynamic

n

c

n for PPP Subscribers | 110

Modifying the CHAP Challenge Length | 112

Example: Minimum PPPoE Dynamic

r

| 114

Verifying and Managing PPP C n

r

n for Subscriber Management | 114

PPP Network Control Protocol N

n | 116

PPP Network Control Protocol N		n Mode Overview | 116
Controlling the N	n Order of PPP	n c n Protocols | 120

vi

	C n		r n	the PPP Network Control Protocol N			n Mode | 122
	Ensuring IPCP N				n for Primary and Secondary DNS Addresses | 124
Tracing PPP Service Events for r b s						n | 126
	C	n	r n	the PPP Service Trace Log Filename | 128
	C	n	r n	the Number and Size of PPP Service Log Files | 128
	C	n	r n	Access to the PPP Service Log File | 129
	C	n	r n	a Regular Expression for PPP Service Messages to Be Logged | 129
	C	n	r n	Subscriber Filtering for PPP Service Trace			r ns | 130
	C	n	r n	the PPP Service Tracing Flags | 131
	C	n	r n	the Severity Level to Filter Which PPP Service Messages Are Logged | 132

4L2TP Subscriber Access Networks

L2TP for Subscriber Access Overview | 134

	L2TP for Subscriber Access Overview | 134
	L2TP Terminology | 137
	L2TP m			m n	n | 138
	Retransmission of L2TP Control Messages | 141
	C n		r n	Retransmission r b		s for L2TP Control Messages | 142
	Enabling Tunnel and Global Counters for SNMP S s cs C c n | 144
	Verifying and Managing L2TP for Subscriber Access | 145
L2TP Tunnel Switching For M						m n Networks | 148
	L2TP Tunnel Switching Overview | 148
	Tunnel Switching c				ns for L2TP AVPs at the Switching Boundary | 153
	C n		r n	L2TP Tunnel Switching | 159
	S	n	the L2TP Receive Window Size | 161
	S	n	the L2TP Tunnel Idle Timeout | 162
	S	n	the L2TP Destruct Timeout | 163

vii

C n

r n

the L2TP

s

n

n Lockout Timeout | 163

Removing an L2TP

s

n

n from the

s

n

n Lockout List | 164

C n

r n

L2TP Drain | 165

Using the Same L2TP Tunnel for n

c n and

c n of IP Packets | 166

L2TP LAC Subscriber C n

r

n | 167

C n

r n

an L2TP LAC | 167

C n

r n

How the LAC Responds to Address and Port Changes Requested by the LNS | 168

LAC n

r

r

n with Third-Party LNS Devices | 171

Globally C

n

r n

the LAC to Interoperate with Cisco LNS Devices | 172

L2TP LAC Tunneling for Subscribers | 173

LAC Tunnel S

c

n Overview | 174

L2TP Session Limits Overview | 192

m n

the Number of L2TP Sessions Allowed by the LAC or LNS | 198

S

n

the Format for the Tunnel Name | 201

C

n

r n

a Tunnel

r

for Subscriber Access | 202

C n

r n

the L2TP LAC Tunnel S

c

n Parameters | 205

C

n

r n

LAC Tunnel S

c

n Failover Within a Preference Level | 205

C

n

r n

Weighted Load Balancing for LAC Tunnel Sessions | 206

C

n

r n

s

n

n

q

Load Balancing for LAC Tunnel Sessions | 207

Enabling the LAC for IPv6 Services | 207

s n

L2TP Tunnel C n

r

ns from the LAC | 208

L2TP Subscriber Access Lines and C

nn c

n Speeds | 211

Subscriber Access Line n

rm

n Handling by the LAC and LNS Overview | 211

Transmission of Tx and Rx C nn c

n Speeds from LAC to LNS | 226

Transmission of the Receive Connect Speed AVP When Transmit and Receive Connect Speeds

are Equal

| 236

C n

r n

the Method to Derive the LAC C nn c

n Speeds Sent to the LNS | 237

viii

C

n

r n

the R

r

n

and Processing of Subscriber Access Line n

rm

n | 240

r v n

n

the LAC from Sending Calling Number AVP 22 to the LNS | 245

Override the C

n

S

n

Format for the Calling Number AVP | 246

Specifying a R

m

n

Service

r

for L2TP C nn c n Speeds | 248

L2TP LNS Inline Service Interfaces | 254

C

n

r n

an L2TP LNS with Inline Service Interfaces | 254

Applying PPP

r b

s to L2TP LNS Subscribers per Inline Service Interface | 256

Applying PPP

r b

s to L2TP LNS Subscribers with a User Group

r

| 259

C n

r n

an L2TP Access

r

on the LNS | 261

C n

r n

a AAA Local Access r

on the LNS | 263

C

n

r n

an Address-Assignment Pool for L2TP LNS with Inline Services | 264

C

n

r n

the L2TP LNS Peer Interface | 266

Enabling Inline Service Interfaces | 267

C

n

r n

an Inline Service Interface for L2TP LNS | 269

C

n

r n

ns for the LNS Inline Services Logical Interface | 270

LNS 1:1 Stateful Redundancy Overview | 271

C

n

r n

1:1 LNS Stateful Redundancy on Aggregated Inline Service Interfaces | 271

Verifying LNS Aggregated Inline Service Interface 1:1 Redundancy | 274

L2TP Session Limits and Load Balancing for Service Interfaces | 278

Example: C n

r n

an L2TP LNS | 281

Requirements | 282

Overview | 283

C n

r

n | 285

C

n

r n

an L2TP Tunnel Group for LNS Sessions with Inline Services Interfaces | 297

Applying Services to an L2TP Session Without Using RADIUS | 299

C

n

r n

a Pool of Inline Services Interfaces for Dynamic LNS Sessions | 309

C n

r n

a Dynamic

r

for Dynamic LNS Sessions | 310

ix

IP Packet Reassembly on Inline Service Interfaces | 313

	IP Packet Fragment Reassembly for L2TP Overview | 314
	C	n	r n	IP Inline Reassembly for L2TP | 317
Peer R sync				r n z	n	r an L2TP Failover | 319
	L2TP Failover and Peer R sync r						n z	n | 319
	C n		r n	the L2TP Peer R sync r n z				n Method | 320
Tracing L2TP Events for r						b s	n	| 323
	C n		r n	the L2TP Trace Log Filename | 324
	C n		r n	the Number and Size of L2TP Log Files | 324
	C	n	r n	Access to the L2TP Log File | 325
	C	n	r n	a Regular Expression for L2TP Messages to Be Logged | 325
	C	n	r n	Subscriber Filtering for L2TP Trace					r ns | 326
	C	n	r n	the L2TP Tracing Flags | 327
	C	n	r n	the Severity Level to Filter Which L2TP Messages Are Logged | 328

5C n r n MPLS Pseudowire Subscriber Logical Interfaces

MPLS Pseudowire Subscriber Logical Interfaces | 331

Pseudowire Subscriber Logical Interfaces Overview | 331

Anchor Redundancy Pseudowire Subscriber Logical Interfaces Overview | 335

C	n	r n	a Pseudowire Subscriber Logical Interface | 338
C n		r n the Maximum Number of Pseudowire Logical Interface Devices Supported on the
	Router | 340
C	n	r n	a Pseudowire Subscriber Logical Interface Device | 341
Changing the Anchor Point for a Pseudowire Subscriber Logical Interface Device | 343
C	n	r n	the Transport Logical Interface for a Pseudowire Subscriber Logical Interface | 346
C	n	r n	Layer 2	Circuit Signaling for Pseudowire Subscriber Logical Interfaces | 347
C	n	r n	Layer 2	VPN Signaling for Pseudowire Subscriber Logical Interfaces | 348
C	n	r n	the Service Logical Interface for a Pseudowire Subscriber Logical Interface | 350

6

7

8

x

Wi-Fi Access Gateways

Wi-Fi Access Gateways | 356

Wi-Fi Access Gateway Overview | 356

Wi-Fi Access Gateway Deployment Model Overview | 358

Supported Access Models for Dynamic-Bridged GRE Tunnels on the Wi-Fi Access Gateway | 360

Wi-Fi Access Gateway C n r n Overview | 361
C	n	r n	a Pseudowire Subscriber Logical Interface Device for the Wi-Fi Access Gateway | 361
C n		r n	C n	ns for Enabling Dynamic-Bridged GRE Tunnel Cr	n | 363
C	n	r n VLAN Subscriber Interfaces for Dynamic-Bridged GRE Tunnels on Wi-Fi Access
	Gateways | 366
C	n	r n Untagged Subscriber Interfaces for Dynamic-Bridged GRE Tunnels on Wi-Fi Access
	Gateways | 371

Fixed Wireless Access Networks

Fixed Wireless Access Networks | 375

Fixed Wireless Access Network Overview | 375

How to C n r Fixed Wireless Access | 387

Verifying and Monitoring Fixed Wireless Access | 391

Tracing Fixed Wireless Access Events for r b s						n | 392
	C	n	r n	the Fixed Wireless Access Trace Log Filename | 393
	C	n	r n	the Number and Size of Fixed Wireless Access Log Files | 394
	C	n	r n	Access to the Fixed Wireless Access Log File | 394
	C	n	r n	a Regular Expression for Fixed Wireless Access Messages to Be Logged | 395
	C	n	r n	the Fixed Wireless Access Tracing Flags | 395
C n			r	n Statements
		cc ss r		(L2TP LNS) | 404
aaa-context (AAA					ns) | 405
			ns (Access r		) | 407

xi

	ns (PPP		r	) | 409
access (Dynamic Access Routes) | 411
access-internal (Dynamic Access-Internal Routes) | 413
access-line (Access-Line Rate Adjustment) | 415
cc ss	n	n rm		n (L2TP) | 431
cc ss	r	(AAA		ns) | 433
address (L2TP			s n	n) | 435
address (L2TP Tunnel				s n	n) | 436
address (LNS Local Gateway) | 438
address (Tunnel			r	Remote Gateway) | 440
address (Tunnel			r	Source Gateway) | 441
address-change-immediate-update | 443
r		n n	s rv c s		ns (Aggregated Inline Services) | 444
allow-snooped-clients | 447
w ys wr			n	2 | 449
anchor-point (Pseudowire Subscriber Interfaces) | 451
assignment-id-format (L2TP LAC) | 454
n	c	n (S	c and Dynamic PPP) | 456
avp (L2TP Tunnel Switching) | 457
bandwidth (Inline Services) | 459
bandwidth (Tunnel Services) | 461
bearer-type (L2TP Tunnel Switching) | 464
bfd | 465
calling-number (L2TP Tunnel Switching) | 468
challenge-length (S				c and Dynamic PPP) | 469

xii

chap | 472

chap (Dynamic PPP) | 474 chap (L2TP) | 475

cisco-nas-port-info (L2TP Tunnel Switching) | 477

client | 479
delimiter (Access			r	) | 482
s	n	n (L2TP) | 484
s	n	n q		b nc n (L2TP LAC) | 486
s r c		m	(L2TP) | 488

cn m | 489

device-count (Pseudowire Subscriber Interfaces) | 491 dhcp-local-server | 493

dhcp-relay | 506

dhcpv6 (DHCP Local Server) | 523 dhcpv6 (DHCP Relay Agent) | 530

ns	| 538
ns (Dynamic r		s) | 541

disable-calling-number-avp (L2TP LAC) | 543 disable-failover-protocol (L2TP) | 544

drain | 546

dual-stack-group (DHCP Local Server) | 548 dual-stack-group (DHCP Relay Agent) | 551

duplicate-clients (DHCPv6 Local Server and Relay Agent) | 554 duplicate-clients-in-subnet (DHCP Local Server and DHCP Relay Agent) | 556

yn m c r (L2TP) | 559

xiii

yn	m c	r	(PPP) |	560
yn	m c	r	s | 562

enable-ipv6-services-for-lac (L2TP) | 576

n b snm nn s s cs (L2TP) | 578

enforce-strict-scale-limit-license (Subscriber Management) | 579

equals (Dynamic r	) | 581
failover-resync | 583

failover-within-preference (L2TP LAC) | 585

rc n | 586

x b	v n	n	| 588
forward-snooped-clients (DHCP Local Server) | 590
forward-snooped-clients (DHCP Relay Agent) | 592
fpc (MX Series 5G Universal R n						rms) | 594
gateway-name (LNS Local Gateway) | 596
gateway-name (Tunnel				r	Remote Gateway) | 598
gateway-name (Tunnel				r	Source Gateway) | 600
r s r		s	y (Subscriber Management) | 601
group (DHCP Local Server) | 603
group (DHCP Relay Agent) | 608
r	r	(Group	r		) | 615

hierarchical-scheduler (Subscriber Interfaces on MX Series Routers) | 617

holddown-interval | 620
hello-interval (L2TP) | 622
n c	n (Tunnel r	) | 623
m	(Access) | 625

xiv

m(L2TP) | 627

ignore-magic-number-mismatch (Access Group							r	) | 629
ignore-magic-number-mismatch (Dynamic r							s) | 631
n		nc (Dynamic and S				c PPP) | 633
inline-services (PIC level) |						635
input-hierarchical-policer | 637
interface (Dynamic R					n	Instances) | 639
interface (Service Interfaces) | 640
interface-id | 642
interfaces (S				c and Dynamic Subscribers) | 644
ip-reassembly | 651
ip-reassembly (L2TP) | 653
ip-reassembly-rules (Service Set) | 654
c	s	s	ns		n | 656
keepalive | 658
keepalives | 660
keepalives (Dynamic					r	s) | 662
l2tp | 664
l2tp ( r		)	|	668
2	cc ss		r	| 674
l2tp-maximum-session (Service Interfaces) | 675
y r2		v n	ss	c	n (Receive) | 677
y r2		v n ss		c	n (Send) | 679
c	r n			n | 682
v n ss			c	n | 684

xv

c	n c	n (Dynamic PPP			ns) | 686
local-gateway (L2TP LNS) | 688
c	m	(L2TP	s n	n Lockout) | 689
logical-system (Tunnel r			)	| 691
mac | 693

mac-address (Dynamic Access-Internal Routes) | 694

m c	r c	n (IP Reassembly Rule) | 696
maximum-sessions (L2TP) | 698
maximum-sessions-per-tunnel | 700
max-sessions (Tunnel			r	) | 702
medium (Tunnel r			) | 703
method | 705
metric (Dynamic Access-Internal Routes) | 708
minimum-interval | 710
minimum-receive-interval | 712
m n m m r		r nsm ss	n	m	(L2TP Tunnel) | 714
mtu | 716
m	r | 720
name (L2TP		s n	n) | 722
name (L2TP Tunnel			s n	n) | 724

nn | 726

nas-port-method (L2TP LAC) | 727 nas-port-method (Tunnel r ) | 729 next-hop (Dynamic Access Routes) | 730 next-hop-service | 732

xvi

no-allow-snooped-clients | 734 no-gratuitous-arp-request | 736

no-snoop (DHCP Local Server and Relay Agent) | 738

on-demand-ip-address | 740

ns (Access r	) | 742
override (RADIUS	ns) | 752

overrides (DHCP Relay Agent) | 754

overrides (Enhanced Subscriber Management) | 757

pap | 760
pap (Dynamic PPP) | 762
pap (L2TP) | 764
rs r c	n (Access r	) | 765
pic (M Series and T Series Routers) | 767
pool (Service Interfaces) | 769
pp0 (Dynamic PPPoE) | 771
ppp (Group r	) | 774
ns | 777
ns (Dynamic PPP) | 780
ns (L2TP) | 783

preference (Subscriber Management) | 786

preference (Tunnel r

) | 788

primary-interface (Aggregated Inline Services) | 789 r (Access) | 791

proxy-mode | 799

ps0 (Pseudowire Subscriber Interfaces) | 801

xvii

pseudowire-service (Pseudowire Subscriber Interfaces) | 802

qn x (Dynamic Access-Internal Routes) | 804

radius (Access		r	) | 806
reject-unauthorized-ipv6cp | 810
r y	n	2 | 812
remote-gateway (Tunnel r				) | 815

report-ingress-shaping-rate (Dynamic CoS Interfaces) | 816

request services l2tp s n	n unlock | 818
retransmission-count-established (L2TP) | 820

retransmission-count-not-established (L2TP) | 822 route (Access) | 824

route (Access Internal) | 826

route-suppression (DHCP Local Server and Relay Agent) | 828

r	n	ns	nc	(Tunnel	r		) | 830
r	n	ns	nc	(L2TP	s	n	n) | 831
r	n	ns	nc	(L2TP Tunnel			s n n) | 833
r	n	ns	nc s (Dynamic			r	s) | 835
r	n		ns (Dynamic			r	s) | 837

rule (IP Reassembly) | 840 rx-connect-speed-when-equal (L2TP LAC) | 842 rx-window-size (L2TP) | 843

secondary-interface (Aggregated Inline Services) | 845

secret (Tunnel r	) | 847
service-device-pool (L2TP) |		848

service-device-pools (Service Interfaces) | 850

xviii

service-interface (L2TP Processing) | 852

s rv c r (L2TP) | 854

service-rate-limiter (Access) | 856 session-mode | 858

s ss n

ns | 860

sessions-limit-group (L2TP) | 864

s	r	| 866
source-gateway (Tunnel			r	) | 869
stacked-vlan-tagging | 870
s	s	cs (Access r	) | 872
strip-user-name (Access			r	) | 873
subscriber-context (AAA				ns) | 875

subscriber-management (Subscriber Management) | 877 tag (Access) | 880

tag2 (Dynamic Access Routes) | 882

threshold (		c n m ) | 883
threshold (transmit-interval) | 886
s r	c	(L2TP) | 888
trace (DHCP Relay Agent) | 889
r c	ns (Services L2TP) | 891
r c	ns (Protocols PPP Service) | 896
r c	ns (Subscriber Management) | 900

transmit-interval | 902

tunnel (L2TP) | 904
tunnel (Tunnel r	) | 906

xix

tunnel-group | 908
nn	r		(L2TP Tunnel Switching) | 910
nn	r		(Tunnel		r	) | 912
nn	sw	c	r		(L2TP Tunnel Switching,		c	n) | 914
nn	sw	c	r		(L2TP Tunnel Switching,		n	n) | 915
tx-address-change (L2TP LAC) | 917
tx-connect-speed-method (L2TP LAC) | 920
type (Tunnel			r	) | 923
unit (Dynamic PPPoE) | 925
unit (Dynamic			r	s Standard Interface) | 928
untagged | 933
username-include (Local						n c n) | 934
version (BFD) | 936
weighted-load-balancing (L2TP LAC) | 939
vlan-id (Dynamic				r	s) | 940
vlan-tagging | 942
vlan-tagging (Dynamic) | 945
vlan-tags | 947

9	r	n Commands
	clear services l2tp		s	n	n | 952
	clear services l2tp		s	n	n lockout | 954
	clear services l2tp session | 957
	clear services l2tp session s				s	cs | 961
	clear services l2tp tunnel | 964
	clear services l2tp tunnel s				s	cs | 967

xx

request interface (revert | switchover) (Aggregated Inline Service Interfaces) | 969

show ancp subscriber | 972 show bfd subscriber session | 983

show yn m c r session | 990

show interfaces ps0 (Pseudowire Subscriber Interfaces) | 997

show interfaces redundancy | 1005
show ppp interface | 1009
show ppp s	s cs | 1032
show ppp summary | 1043
show services	x	w r	ss	cc ss s		s cs | 1045
show services inline ip-reassembly s					s	cs | 1048
show services l2tp client | 1057
show services l2tp		s	n	n | 1060
show services l2tp		s	n	n lockout | 1066
show services l2tp session | 1069
show services l2tp session-limit-group | 1083
show services l2tp summary | 1086
show services l2tp tunnel | 1095
show services l2tp tunnel-group | 1104
show services l2tp tunnel-switch s					n	n | 1107

show services l2tp tunnel-switch session | 1113

show services l2tp tunnel-switch summary | 1121 show services l2tp tunnel-switch tunnel | 1123

show services s r tunnel | 1132

show subscribers | 1136

xxi

show subscribers summary | 1188

show system subscriber-management s s cs | 1198

show system subscriber-management summary | 1209

test services l2tp tunnel | 1215

xxii

About This Guide

Use this guide to understand how to c n

r the primary methods for accessing the subscriber

network:

•

DHCP provides IP address c

n

r

n and service provisioning.

•

PPP enables a point-to-point direct c

nn c

n to the network and service provider. Dynamic

r

s

apply c n

r

ns and services to

n

c

subscribers.

•

L2TP separates the rm n

n of access technologies from the

rm n

n of PPP and subsequent

access to a network. This s

r

n enables service providers to outsource their access

technologies. L2TP provides ISPs the capability to supply VPN service; private enterprises can reduce

or avoid investment in access technologies for remote workers.

•

MPLS pseudowire interfaces extend MPLS domains from the

cc ss

r

n network to the

service edge.

•

Wi-Fi access gateways provide public Wi-Fi access from r s

n

or business Wi-Fi networks so

that mobile subscribers can be

n

c

and connected regardless of their physical c

n

• Fixed wireless access enables service providers to manage subscribers over a wireless network to the home instead of having to run b r to the building. The wireless network reduces last-mile

ns n and maintenance costs and gives providers the ability to increase services to underserved end users.

RELATED DOCUMENTATION

C	n	r n	the Broadband Edge as a Service Node Within Seamless MPLS Network Designs
C	n	r n	MX Series Universal Edge Routers for Service Convergence

1

CHAPTER

Broadband Subscriber Access

Network Overview

Broadband Subscriber Access Network Overview | 2 High Availability for Subscriber Access Networks | 30

Routes for DHCP and PPP Subscriber Access Networks | 36 Subscribers with n c Framed Routes | 44

2

Broadband Subscriber Access Network Overview

IN THIS SECTION
	Subscriber Access Network Overview |				2
	M s rv c Access Node Overview | 3
	Ethernet MSAN	r	n	ns |	5
	LDP Pseudowire Autosensing Overview |					7
	Layer 2 Services on Pseudowire Service Interface Overview | 10
	Broadband Access Service Delivery				ns | 19
	Broadband Delivery and FTTx | 21
	Understanding BNG Support for Cascading DSLAM Deployments Over Bonded DSL Channels | 22
	c n of Backhaul Line		n	rs and		n r n of Intermediate Node Interface Sets | 26

Subscriber Access Network Overview

A subscriber access environment can include various components, including subscriber access

technologies and	n c	n protocols.
The subscriber access technologies include:
• Dynamic Host C n	r	n Protocol (DHCP) server

•Local DHCP server

•External DHCP server

•Point-to-Point Protocol (PPP)

The subscriber

n c n protocols include the RADIUS server.

3

Figure 1 on page 3 shows an example of a basic subscriber access network.

Figure 1: Subscriber Access Network Example

NOTE: This feature requires a license. To understand more about Subscriber Access Licensing, see, Subscriber Access Licensing Overview. Please refer to the Juniper Licensing Guide for general n rm n about License Management. Please refer to the product Data Sheets at MX Series Routers for details, or contact your Juniper Account Team or Juniper Partner.

M	s rv c		Access Node Overview
A m	s rv c	access node is a broader term that refers to a group of commonly used				r	n
devices. These devices include digital subscriber line access m					x rs (DSLAMs) used in xDSL
networks,		c	line rm n	n (OLT) for PON/FTTx networks, and Ethernet switches for			c v
Ethernet c nn c			ns Modern MSANs ft n support all of these c		nn c ns as well as providing
c nn c	ns for		n circuits such as plain old telephone service (referred to as POTS) or Digital
Signal 1 (DS1 or T1).
The	n n	nc	n of a m	s rv c access node is to aggregate	r c from m	subscribers. At

the physical level, the MSAN also converts r c from the last mile technology (for example, ADSL) to Ethernet for delivery to subscribers.

You can broadly categorize MSANs into three types based on how they forward r c in the network:

4

• Layer–2 MSAN—This type of MSAN is				ss n y a Layer 2 switch (though typically not a fully
nc	n n	switch) with some relevant enhancements. These MSANs use Ethernet (or ATM)
switching to forward r c The MSAN forwards all subscriber r					c upstream to an edge router
that acts as the centralized control point and prevents direct subscriber-to-subscriber
c mm	n c	n Ethernet Link	r	n (LAG) provides the resiliency in this type of network.
Layer 2 DSLAMs cannot interpret IGMP, so they cannot s c v					y replicate IPTV channels.

• Layer–3 aware MSAN—This IP-aware MSAN can interpret and respond to IGMP requests by locally

r	c	n	a m	c s stream and forwarding the stream to any subscriber r q					s n	it. Layer 3
awareness is important when s					r n	IPTV	r c to perform channel changes (s			m m s
referred to as channel zaps). S					c IP-aware MSANs always receive all m			c s	television channels.
They do not have the ability to request that s							c c channels be forwarded to the DSLAM. Dynamic
IP-aware DSLAMs, however, can inform the network to begin (or sc n n								) sending individual
channels to the DSLAM. C n					r n IGMP proxy or IGMP snooping on the DSLAM accomplishes
this	nc		n
• Layer–3 MSAN—These MSANs use IP r						n	nc n y rather than Layer 2 technologies to
forward		r	c The advantage of this forwarding method is the ability to support m							upstream
links going to				r n upstream routers and improving network resiliency. However, to accomplish
this level of resiliency, you must assign a separate IP subnetwork to each MSAN, adding a level of
complexity that can be more					c to maintain or manage.

In choosing a MSAN type, refer to Figure 2 on page 4:

Figure 2: Choosing an MSAN Type

5

Ethernet MSAN r

n

ns

IN THIS SECTION
	Direct C	nn c	n | 6	nn c n | 6
	Ethernet	r	n Switch C
	Ring	r	n C nn c n |	6

Each MSAN can connect directly to an edge router (broadband services router or video services router), or an intermediate device (for example, an Ethernet switch) can aggregate MSAN r c before being

sent to the services router. Table 1 on page 5 lists the possible MSAN

r

n methods and under

what c

n

ns they are used.

Table 1: Ethernet MSAN

r

n Methods

Method

When Used

Direct c

nn c

n

Each MSAN connects directly to the broadband services router and

n

video services router.

Ethernet

r

n

Each MSAN connects directly to an intermediate Ethernet switch. The

switch c

nn c

n

switch, in turn, connects to the broadband services router or

n

video services router.

Ethernet ring

Each MSAN connects to a ring topology of MSANs. The head-end MSAN

r

n c

nn c

n

(the device closest to the upstream edge router) connects to the

broadband services router.

You can use

r n

r

n methods in

r n

r

ns of the network. You can also create

m

layers of r

c

r

n within the network. For example, an MSAN can connect to a central

c terminal (COT), which, in turn, connects to an Ethernet

r

n switch, or you can create

m

levels of Ethernet

r

n switches prior to c nn c n to the edge router.

6

Direct C nn c		n
In the direct c	nn c	n method, each MSAN has a point-to-point c nn c n to the broadband services
router. If an intermediate central			c	exists,	r c from m	MSANs can be combined onto a
single c nn c	n using wave-division m				x n (WDM). You can also connect the MSAN to a video
services router. However, this c			nn c	n method requires that you use a Layer 3 MSAN that has the
ability to determine which link to use when forwarding r						c

When using the direct c nn c n method, keep the following in mind:

•We recommend this approach when possible to simplify network management.

•Because m MSANs are used to connect to the services router, and Layer 3 MSANs generally

require a higher equipment cost, this method is rarely used in a m	subscriber management
model.
• Direct c nn c n is typically used when most MSAN links are	z less than 33 percent and there

is value in combining r c from m MSANs.

Ethernet		r	n Switch C nn c			n
An Ethernet		r	n switch aggregates r			c from m		downstream MSANs into a single
c nn c	n to the services router (broadband services router or								n video services router).
When using the Ethernet				r	n switch c	nn c	n method, keep the following in mind:
• Ethernet		r	n is typically used when most MSAN links are						z over 33 percent or to
aggregate		r	c from lower speed MSANs (for example, 1 Gbps) to a higher speed c nn c n to the
services router (for example, 10 Gbps).
• You can use an MX Series router as an Ethernet							r	n switch. For n rm n about
c n	r n	the MX Series router in Layer 2 scenarios, see the Ethernet Networking User Guide for
MX Series Routers.
Ring	r		n C nn c		n

In a ring topology, the remote MSAN that connects to subscribers is called the remote terminal (RT). This

device can be located in the outside plant (OSP) or in a remote central		c (CO). r c traverses the
ring n it reaches the central	c terminal (COT) at the head-end of the ring. The COT then connects

directly to the services router (broadband services router or video services router).

NOTE: The RT and COT must support the same ring resiliency protocol.

7

You can use an MX Series router in an Ethernet ring		r	n topology. For n rm	n about
c n	r n the MX Series router in Layer 2 scenarios, see the Ethernet Networking User Guide for MX
Series Routers.

LDP Pseudowire Autosensing Overview

IN THIS SECTION
	Pseudowire Ingress	rm n n Background | 7
	Pseudowire Autosensing Approach | 8
	Sample C n r	n | 10

A pseudowire is a virtual link that is used to transport a Layer 2 service across an MPLS edge or access network. In a typical broadband edge or business edge network, one end of a pseudowire is terminated as a Layer 2 circuit on an access node, and the other end is terminated as a Layer 2 circuit on a service

node that serves as either an	r		n node or an MPLS core network. r				n	y both endpoints
are provisioned manually through c n			r	n LDP pseudowire autosensing introduces a new
provisioning model that allows pseudowire endpoints to be						m c y provisioned and deprovisioned
on service nodes based on LDP signaling messages. This model can facilitate the provisioning of
pseudowires on a large scale. An access node uses LDP to signals both pseudowire								n y and
r b s to a service node. The		n	y is	n c	by a RADIUS server, and then used together
with the r b s signaled by LDP and the				r b s passed down by the RADIUS server to create the
pseudowire endpoint c n	r	n including the Layer 2 circuit.

Pseudowire Ingress rm n n Background

In a seamless MPLS-enabled broadband access or business edge network, Ethernet pseudowires are commonly used as virtual interfaces to connect access nodes to service nodes. Each pseudowire carries

the b r c n r c of one or m	broadband subscribers or business edge customers between
an access node and a service node pair. The establishment of the pseudowire is usually n				by the
access node, based on either s c c n	r	n or dynamic	c n of a new broadband subscriber
or business edge customer arriving on a client-facing port on the access node.

Ideally, the access node should create one pseudowire per client port, where all subscribers or customers hosted by the port are mapped to the pseudowire. The rn v is where there is one pseudowire per client port (S-VLAN), and all subscribers or customers sharing a common S-VLAN on the port are mapped to the pseudowire. In either case, the pseudowire is signaled in the raw mode.

8

The S-VLAN, if not used to delimit service on the service node or combined with C-VLAN to		s n s
subscribers or customers, will be stripped	before the r c is encapsulated in pseudowire payload
and transported to the service node. Individual subscribers or customers may be s n s		by C-

VLAN, or a Layer 2 header such as DHCP and PPP, which will be carried in pseudowire payload to the service node. On the service node, the pseudowire is terminated. Individual subscribers or customers are then m x and modeled as broadband subscriber interfaces, business edge interfaces (for example, PPPoE), Ethernet interfaces, or IP interfaces. Ethernet and IP interfaces may be further

cto service instances, such as VPLS and Layer 3 VPN instances.

In Junos OS, pseudowire ingress rm n n on service nodes is supported through the use of pseudowire service physical and logical interfaces. This approach is considered as superior in scalability

to the old logical tunnel interface based approach, due to its capability of m		x n and
m	x n subscribers or customers over a single pseudowire. For each pseudowire, a pseudowire

service physical interface is created on a selected Packet Forwarding Engine, which is called an anchor Packet Forwarding Engine. On top of this pseudowire service physical interface, a ps.0 logical interface (transport logical interface) is created, and a Layer 2 circuit or Layer 2 VPN is created to host the ps.0 logical interface as an c m n interface.

The Layer 2 circuit or Layer 2 VPN enables pseudowire signaling towards the access node, and the ps.0 logical interface serves the role of customer edge facing interface for the pseudowire. Further, one or m ps.n logical interfaces (also known as service logical interfaces, where n>0) may be created on the pseudowire service physical interface to model individual subscriber/customer fl ws as logical interfaces. These interfaces can then be c to desired broadband and business edge services or Layer 2 or Layer 3 VPN instances.

NOTE: Note that the purpose of the anchor Packet Forwarding Engine is to designate the Packet Forwarding Engine to process the b r c n r c of the pseudowire, including nc s n

cs n VLAN mux or demux, QoS, policing, shaping, and many more.

For Junos OS Release 16.2 and earlier, the cr						n and	n of the pseudowire service physical
interfaces, pseudowire service logical interfaces, Layer 2 circuits, and Layer 2 VPNs for pseudowire
ingress		rm n		n rely on s	c c n r	n This is not considered as the best		n from the
rs	c	v	of scalability,		c ncy and fl x b y especially in a network where each service node may
	n	y host a large number of pseudowires. The b c v					is to help service providers come out of
s	c c	n	r	n in provisioning and deprovisioning pseudowire ingress rm n				n on service nodes.

Pseudowire Autosensing Approach

In the pseudowire autosensing approach, a service node uses the LDP label mapping message received from an access node as a trigger to dynamically generate c n r n for a pseudowire service physical interface, a pseudowire service logical interface, a Layer 2 circuit. Likewise, it uses the LDP label withdraw message received from the access node and LDP session down event as triggers to remove