Mailing List Archive

Cisco to Juniper BNG
Hello,

    I have decided to investigate reorganizing how I terminate customer
broadband sessions and I have some questions about differences in Cisco
vs Juniper radius profiles:

    Currently in radius, I have a number of attributes I push out upon
authentication which can include things like Framed-IP-Address,
Framed-IP-Netmask,  Framed-Route and Filter-id. I know these are pretty
standard and likely are supported out of the box on Cisco and likely
juniper too. However, I also do rate limiting in radius since my BNGs
are cisco, and these rely on the 'Cisco-Service-Info' attribute with
values like "QU;30000000;5625000;11250000;D;30000000;5625000;11250000",
which establishes a 30m/30m pipe. I like using radius for this but most
of what I have seen says I need instead to establish profiles on the
Junos box itself in advance and reference them by name. This seems
really inconvenient. I have done some poking around and see there is
some dynamic profile support, but I am just not connecting the dots how
I would get a similar feature to allow me to set the shaping rates in
radius for juniper. If it matters, my primary access method is PPPoE but
in the future I will move to a DHCP / CGNAT arrangement but still want
to have the filtering/shaping functionality.

Thank you.

Mike-

_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: Cisco to Juniper BNG [ In reply to ]
You can control shaping from RADIUS fairly easily.

Define a dynamic-profile which configures your subscriber as you need:
PPPOE-PROFILE {
predefined-variable-defaults {
cos-shaping-rate 1m;
cos-byte-adjust -4;
}
interfaces {
pp0 {
unit "$junos-interface-unit" {
actual-transit-statistics;
no-traps;
ppp-options {
chap;
}
pppoe-options {
underlying-interface "$junos-underlying-interface";
server;
}
keepalives interval 30;
family inet {
rpf-check;
unnumbered-address "$junos-loopback-interface";
}
family inet6 {
rpf-check;
address $junos-ipv6-address;
}
}
}
}
class-of-service {
traffic-control-profiles {
SUBSCRIBER-TCP {
scheduler-map SUB_MAP;
shaping-rate "$junos-cos-shaping-rate";
overhead-accounting frame-mode-bytes
"$junos-cos-byte-adjust";
}
}
interfaces {
pp0 {
unit "$junos-interface-unit" {
output-traffic-control-profile SUBSCRIBER-TCP;
}
}
}
}
}

You can then populate the various CoS parameters using VSA 26-108
CoS-Parameter-Type
https://www.juniper.net/documentation/us/en/software/junos/subscriber-mgmt-sessions/topics/topic-map/radius-std-attributes-vsas-support.html#id-juniper-networks-vsas-supported-by-the-aaa-service-framework

On Fri, 17 Sept 2021 at 17:14, Mike via juniper-nsp <
juniper-nsp@puck.nether.net> wrote:

> Hello,
>
> I have decided to investigate reorganizing how I terminate customer
> broadband sessions and I have some questions about differences in Cisco
> vs Juniper radius profiles:
>
> Currently in radius, I have a number of attributes I push out upon
> authentication which can include things like Framed-IP-Address,
> Framed-IP-Netmask, Framed-Route and Filter-id. I know these are pretty
> standard and likely are supported out of the box on Cisco and likely
> juniper too. However, I also do rate limiting in radius since my BNGs
> are cisco, and these rely on the 'Cisco-Service-Info' attribute with
> values like "QU;30000000;5625000;11250000;D;30000000;5625000;11250000",
> which establishes a 30m/30m pipe. I like using radius for this but most
> of what I have seen says I need instead to establish profiles on the
> Junos box itself in advance and reference them by name. This seems
> really inconvenient. I have done some poking around and see there is
> some dynamic profile support, but I am just not connecting the dots how
> I would get a similar feature to allow me to set the shaping rates in
> radius for juniper. If it matters, my primary access method is PPPoE but
> in the future I will move to a DHCP / CGNAT arrangement but still want
> to have the filtering/shaping functionality.
>
> Thank you.
>
> Mike-
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp