Junos OS

Let's say I have two Juniper access concentrators (AC) and a CPE wishes to establish a PPPoE session, how would I force the session to be established on the AC of my choosing?

I cannot seem to find a statement where I could for example delay the response to a PADI packet from the CPE.

The reason I'm asking this is because I'm working on a setup where both hold certain PPPoE sessions and that I could smoothly transfer sessions from one AC to another to be able to do maintenance on the first one.

I'm happy to hear your thoughts.

HI  Beeelzebub,

          You can use "max-sessions" knob and set it to 1. This wouldn't log out the active susccriber , but only limit the new ones which are dialing in. Check the link below: 

https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/max-sessions-edit-interfaces-pppoe-underlying-options.htm 

        Depending on what your configuration is you can use it either on dynamic-profile or on the interface. 

Please note : You cannot make changes to a dynamic profile (if its in use and have a subscriber)  and Versioning is not enabled. And to enable   dynamic-profile-options vesioning ,  you need to logout all the subscribers. But its good to have versioning and its worth the pain to draining all the subsribers once as you can use make changes on the fly from next time. Please refer to link below.

https://www.juniper.net/documentation/en_US/junos/topics/topic-map/dynamic-profiles-versioning.html

       Please share the complete config if you can. 

Hope this helps !!

Regards

Arpit

Hi Beeelzebub,

     I see that you have opened a new thread for “Applying service name table to a demux0 interface” I’ll try to check and respond to that.

     I didn’t suggest the “service-name-tables” because this is something you need to have before the subscriber logs in. Since your query was more towards draining the existing one in a graceful manner,  thought

max-session is more appropriate.

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !

+++++++++++++++++++++++++++++++++++++++++++++

Regards

Arpit

Hi arpitch, 

Beeelzebub (Contributor) posted a new reply in Junos on 08-30-2019 12:47 AM: 

Re: Multiple access concentrators

Hi arpitch,

Thanks for the max-session statement link, I will probably use something like that.

And I'm aware of the versioning statement, been using this since day one 🙂

I guess my question should have more been towards the configuration of a primary and secundairy pppoe server on my network.

So the secundairy pppoe server would need to send delayed PADO packet responses to clients.

I believe this is done via service name tables, below is my complete config.

ae10 consists out of 2 ethernet interfaces towards two different core devices.

The demux0 and ae10 association is required or otherwise pppoe establishment doesn't work on ae interfaces.

Hoewever, the service name table doesn't seem to do anything. The CPE, without a service-name specified in its pppoe client configuration, does not wait 5 seconds until the pppoe session is established.

pppoe { service-name-tables dynamic-pppoe-table { service empty { delay 5; } } } ae10 { flexible-vlan-tagging; native-vlan-id 1; mtu 9192; aggregated-ether-options { lacp { active; periodic fast; } } unit 0 { encapsulation ppp-over-ether; vlan-id 1; pppoe-underlying-options { service-name-table dynamic-pppoe-table; } } } demux0 { unit 150 { description "EVPN primairy VLAN"; vlan-id 150; demux-options { underlying-interface ae10; } family pppoe { duplicate-protection; dynamic-profile PPPoE-PROFILE-PRIMAIR; } } unit 151 { description "EVPN secundairy VLAN"; vlan-id 151; demux-options { underlying-interface ae10; } family pppoe { duplicate-protection; dynamic-profile PPPoE-PROFILE-SECUNDAIR; } } }

Hey Arpitch,

Yeah, that's right. 

Right after replying with the service-name-table statement I immediately thought I'd better create a new topic.

mriyaz already replied to my post and I have accepted his answer. 

So when I configure "max-sessions 1" and I would then issue the "clear pppoe interfaces (no-confirm)" command, all sessions would re-establish on the other AC? Assuming the other AC is correctly configured. 

Hi Beeelzebub,

        I'm glad that you got a part of solution on the other theread. 

        For this one,  after you have configured "max-sessions 1" ; you can use the following command to logout jusr one subsriber and test if its successfully terminated on other AC:

clear network-access aaa subscriber username <username>

Once its confirmed that the subscriber is successfully terminated on other AC , you can either do the following  depending on your requirement : 

1. Wait for a day to two and see if the subscriber cound on one is decreasing and the other is increasing.  This is slow. Eventually the other AC will get all the subscriber. 
2. Create the list of subscribers that you want move and log them out using "clear network-access aaa subscriber username <username>".
3. If you want to logout all the subscribers of a single interface , you can disable the insterface if some-tme and wait. Subscribers will logout due to keepalive failure and will connect to other AC automatically. This is the fastest procedure. (set interface ge-x/x/x or ae-y/y/y disable)

Please let me know if you have any more concerns. 

Hope this helps !!

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !

+++++++++++++++++++++++++++++++++++++++++++++

Regards

Arpit

Hey arpitch,

I tried any of the 3 options you provided. The subscribers did connect to the second AC, except that I can't get them to connect back to the first AC again.

At this point, the first AC sees the PADI packets coming in and sends out PADO packets in return, but the CPE's do not see them and keep sending PADI packets to FF:FF:FF:FF:FF:FF

10:10:16.109304  In PPPoE PADI [Host-Uniq UTF8]
10:10:16.110298 Out PPPoE PADO [AC-Name "PPPOE-CONCENTRATOR"] [Host-Uniq UTF8] [Service-Name]
10:10:17.150654  In PPPoE PADI [Host-Uniq UTF8]
10:10:17.151418 Out PPPoE PADO [AC-Name "PPPOE-CONCENTRATOR"] [Host-Uniq UTF8] [Service-Name]
10:10:18.081835  In PPPoE PADI [Host-Uniq UTF8]
10:10:18.082585 Out PPPoE PADO [AC-Name "PPPOE-CONCENTRATOR"] [Host-Uniq UTF8] [Service-Name]
10:10:19.043112  In PPPoE PADI [Host-Uniq UTF8]
10:10:19.044159 Out PPPoE PADO [AC-Name "PPPOE-CONCENTRATOR"] [Host-Uniq UTF8] [Service-Name]
10:10:19.924332  In PPPoE PADI [Host-Uniq UTF8]
10:10:19.925090 Out PPPoE PADO [AC-Name "PPPOE-CONCENTRATOR"] [Host-Uniq UTF8] [Service-Name]
10:10:21.045769  In PPPoE PADI [Host-Uniq UTF8]
10:10:21.046512 Out PPPoE PADO [AC-Name "PPPOE-CONCENTRATOR"] [Host-Uniq UTF8] [Service-Name]
10:10:22.107108  In PPPoE PADI [Host-Uniq UTF8]
10:10:22.108685 Out PPPoE PADO [AC-Name "PPPOE-CONCENTRATOR"] [Host-Uniq UTF8] [Service-Name]
10:10:23.081835  In PPPoE PADI [Host-Uniq UTF8]
10:10:23.082582 Out PPPoE PADO [AC-Name "PPPOE-CONCENTRATOR"] [Host-Uniq UTF8] [Service-Name]

The second AC does not get to see PADI packets anymore, so that's good.

And when I configure the second AC back to normal, the PPPoE client establishes a session immediately.

Even changing the source MAC address of a client doesn't change a thing. It will still only establish on the second AC.

Would this have to do anything with the AC-NAME or its MAC address?

We found the source, one of the core routers doesn't seem to have a route back to the clients MAC address, which it should have learned via EVPN.