Junos
Reply
Contributor
Aleksandr
Posts: 38
Registered: ‎10-03-2011
0
Accepted Solution

Activate/Deactivate service on MX B-RAS without SRC

Good day!

 

There is at somebody an experience on adjustment BRAS for platform МХ:

 

1) Whether it is possible Activate/Deactivate services hurriedly for subscribers without mechanism SRC use? As for example it is made on BRAS E-series with use Service Manager and macro-files.

 

2) Whether it is possible in attribute [26-65] Activate-Service to fill out a name dinamic-profile adjusted on MX BRAS which makes active new service?

 

3)In the document "Juniper Networks VSAs Supported by the AAA Service Framework" it is told that attributes [26-65] Activate-Service and [26-66] Deactivate-Service aren't supported CoA. How in that case it is supposed to change on-fly (Activate/Deactevate/Modify) services for subscribers?

Super Contributor
Super Contributor
Ulf
Posts: 141
Registered: ‎11-13-2008

Re: Activate/Deactivate service on MX B-RAS without SRC

Hi,

 

1) Yes.

 

2) Yes.

 

3) That's a doc bug, that should be fixed in the 11.4 docs. So you can use these VSAs.

 

Best Regards

 

Ulf

 

P.S. In case you're wondering about the details and esp. the how:

 

- this should be supported since junos 10.4

 

- dynamic-profiles (the ones which one is used to are called client-profiles and are once used to create the dyn-interface of the subscriber, the other kind is called service-profile) are (also) used for this

 

- with a CoA referring to these service-profiles you can add attributes to the interface-config that weren't there before (like mcast.)

 

- to change existing parameters already specified in the client-profile you just overwrite them in the CoA-request

 

(but that's all hearsay and I don't have any official docs either)

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Contributor
Aleksandr
Posts: 38
Registered: ‎10-03-2011
0

Re: Activate/Deactivate service on MX B-RAS without SRC

[ Edited ]

Many thanks for answer Ulf ! :smileyhappy:

 

Thus through attribute Activate-Service, in package Access-Accept, it is possible to appoint to the subscriber simultaneously some services. For example:
 

<Access-Accept>

                          User-Name='user1'                                                              

                         Session-Timeout=3600                                                                

                          Activate-Service-1='internet_20Mbit'                                      

                          Service-Stats-1='time-volume'                                                       

                          Activate-Service-2='internet_50Mbit'                                                    

                          Service-Stats-2='time-volume'

 

Everyone Activate-Service-1 and Activate-Service-2 is separate dynamic-profile. 

 

Whether and it is possible to limit in that case speed of session/service to means firewall (filter rate-limit) and then to apply it to dynamic-prifile?

 

Whether can realize without use SRC function re-authentication on inquiry of a quota services of subscribers at which achievement there will be a redirection on a portal? 

Super Contributor
Super Contributor
Ulf
Posts: 141
Registered: ‎11-13-2008
0

Re: Activate/Deactivate service on MX B-RAS without SRC

Hi,

 

I should have known this couldn't be that easy ;-)

 

- according to my understanding your access-accept doesn't make much sense, as the same service "internet" with two different speeds (but I assume you meant "either ... or ...")

 

- the string in "active-service" is going to trigger a specific dyn-profile, which should then contain a reference to a fwf which then refers to policer (easy, right?)

 

- but afaik there is currently no possibility to trigger a change in service based on usage

 

Best Regards

 

Ulf

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Contributor
Aleksandr
Posts: 38
Registered: ‎10-03-2011
0

Re: Activate/Deactivate service on MX B-RAS without SRC

[ Edited ]

Hi, Ulf ! 

Once again thanks that don't throw me :smileyhappy:.  But the question needs to be disassembled because it is not enough literature :smileysad:.

 

Concerning Access-Accept in my example. Names dynamic-profiles internet_20Mbit/internet_50Mbit certainly only for only for an example :smileyhappy:. Meant different dyn-profiles representing different services. For example Internet and local resources of the provider. 

 

Then for restriction of speed of subscribers there is use of attributes traffic-control-profiles in section class-of-service.

[edit dynamic-profiles profile-name class-of-service traffic-control-profiles profile-name]

 

But here restriction of the proceeding traffic is adjusted only (parameter $junos-cos-shaping-rate).  

It is impossible to influence the incoming traffic :smileysad: ?

Contributor
Terebok
Posts: 57
Registered: ‎12-17-2010
0

Re: Activate/Deactivate service on MX B-RAS without SRC

Hello Alex, 

Did you check if this attribute is supported for CoA in the latest versions of Junos? 

 

Super Contributor
Super Contributor
Ulf
Posts: 141
Registered: ‎11-13-2008

Re: Activate/Deactivate service on MX B-RAS without SRC

Hi,

 

ingress traffic can not be influenced by QoS as ingress-QoS is not supported: http://www.juniper.net/techpubs/en_US/release-independent/junos/topics/reference/general/mpc-mx-seri... (and afaik no imminent plans to do so). So you need to do this via FWFs with policiers.

 

Best Regards

 

Ulf

 

P.S. There is CoA-support for QoS: http://www.juniper.net/techpubs/en_US/junos11.4/topics/reference/general/aaa-subscriber-access-radiu... (VSAs 108 and 146)

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Contributor
Aleksandr
Posts: 38
Registered: ‎10-03-2011
0

Re: Activate/Deactivate service on MX B-RAS without SRC

[ Edited ]

hi Terebok !

I changed "hurriedly" services at subscribers. Disconnect-Request also work. I class-of-service through the CoA is not used.

Contributor
Aleksandr
Posts: 38
Registered: ‎10-03-2011
0

Re: Activate/Deactivate service on MX B-RAS without SRC

[ Edited ]

Hi Ulf ! 

 

All has appeared easier. The entering and proceeding traffic is limited through static policers in section firewall filter. On which there is a reference in dynamic profiles which represent service of the subscriber. For example:

 

On BRAS there is a tariff:

 

Unlim_All_Internet_2M {
        interfaces {
            pp0 {
                unit "$junos-interface-unit" {
                    family inet {
                        filter {
                            input Internet_All_Unlim_2M_in precedence 50;
                            output Internet_All_Unlim_2M_out precedence 50;
                        }
                    }
                }
            }
        }
    }

 

In which Internet_All_Unlim_2M_in and Internet_All_Unlim_2M_out are links to static filters:

}
firewall {
    family inet {
        filter Internet_All_Unlim_2M_in {
            interface-specific;
            term pass-service {
                from {
                    service-filter-hit;
                }
                then {
                    count service-passed;
                    accept;
                }
            }
            term Unlim_2M-input {
                then {
                    policer Restrict_Unlim_2M;
                    service-accounting;
                    service-filter-hit;
                    accept;
                }
            }
        }
        filter Internet_All_Unlim_2M_out {
            interface-specific;
            term pass-service {
                from {
                    service-filter-hit;
                }
                then {
                    count service-passed;
                    accept;
                }
            }
            term Unlim_2M-output {
                then {
                    policer Restrict_Unlim_2M;
                    service-accounting;
                    service-filter-hit;
                    accept;
                }
            }
        }

 In which Restrict_Unlim_2M a reference to a specific poliser:

policer Restrict_Unlim_2M {
        if-exceeding {
            bandwidth-limit 2m;
            burst-size-limit 16k;
        }
        then discard;
    }

 

There is a correct restriction of speed of access at the given service in 2Mbit/sec.

 

Here so :-)

Contributor
Aleksandr
Posts: 38
Registered: ‎10-03-2011
0

Re: Activate/Deactivate service on MX B-RAS without SRC

All many thanks for the help in decision search.

P.S. Especially Ulf :smileyhappy:.

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.