Configuring Enhanced Subscriber Management with CLI

This section provides information to configure subscriber management features using the command line interface. It is assumed that the reader is familiar with VPLS and IES services.

Topics in this section include:

  1. Configuring RADIUS Authentication of DHCP Sessions
  2. Configuring Enhanced Subscriber Management
    1. Basic Configurations
    2. Configuring Enhanced Subscriber Management Entities
      1. Configuring a Subscriber Identification Policy
      2. Configuring a Subscriber Profile
      3. Configuring an SLA Profile
      4. Configuring Explicit Mapping Entries
    3. Applying the Profiles and Policies
    4. Configuring Dual Homing
  3. Python Script Support for ESM
  4. Sample Python Scripts

Configuring RADIUS Authentication of DHCP Sessions

When RADIUS authentication for subscriber sessions is enabled, DHCP messages from subscribers are temporarily held by the BSA, while the user’s credentials are checked on a RADIUS server.

Configuring RADIUS authentication for subscriber sessions is done in two steps:

  1. First define an authentication-policy in the config>subscriber-mgmt>authentication-policy context.
  2. Then apply the policy to one or more SAPs in the config>service>vpls>sap>authentication-policy auth-plcy-name context (for a VPLS service).
    Or apply the policy to one or more interfaces config>service>ies>if>authentication-policy auth-plcy-name context (for an IES service):

The following example displays a partial BSA configuration with RADIUS authentication:

A:ALA-1>config>service# info
----------------------------------------------
subscriber-management
    authentication-policy BSA_RADIUS create 
        description "RADIUS policy for DHCP users Authentication"
        password "mysecretpassword"
        radius-authentication-server
            server 1 address 10.100.1.1 secret "radiuskey" 
            retry 3
            timeout 10
        exit    
        re-authentication
        user-name-format circuit-id
    exit    
exit    
...
vpls 800 customer 6001 
    description "VPLS with RADIUS authentication”
    sap 2/1/4:100 split-horizon-group DSL-group create
        authentication-policy BSA_RADIUS
    exit    
    sap 3/1/4:200 split-horizon-group DSL-group create
        authentication-policy BSA_RADIUS
    exit
    no shutdown
exit
...
----------------------------------------------
A:ALA-1>config>service#

TCP MSS adjustment for ESM Hosts

TCP MSS adjustment is supported to prevent fragmentation of TCP packets from/to ESM hosts. See the TCP MSS Adjustment for ESM Hosts section of the Multiservice Integrated Service Adapter Guide.

Configuring Enhanced Subscriber Management

Basic Configurations

Configuring and applying the Enhanced Subscriber Management profiles and policies are optional. There are no default Profiles or policies.

The basic Enhanced Subscriber Management profiles and policies must conform to the following:

  1. Unique profile or policy names (IDs)
  2. Profiles and/or policies must be associated with a VPLS or IES service to facilitate Enhanced Subscriber Management.
  3. QoS and IP filter entries configured in Enhanced Subscriber Management profiles and policies override the defaults and/or modified parameters or the default policies.
  4. The Enhanced Subscriber Management profiles and policies must be configured within the context of VPLS or IES.

Subscriber Interface Configuration

The following output displays a basic subscriber interface configuration.

*A:ALA-48>config>service>ies>sub-if# info
----------------------------------------------
                description "Routed CO - Antwerp 2018"
                address 192.168.2.254/24
                address 192.168.3.254/24
                address 192.168.4.254/24
                address 192.168.5.254/24
                address 192.168.6.254/24
                group-interface "DSLAM_01" create
                    description "Routed CO - vlan / subscriber"
                    sap 1/1/2:1001 create
                        static-host ip 192.168.2.2 create
                        exit
                    sap 1/1/2:1002 create
                        static-host ip 192.168.2.2 create
                        exit
                    sap 1/1/2:1004 create
                        static-host ip 192.168.2.4 create
                        exit
                    sap 1/1/2:1100 create
                        static-host ip 192.168.2.100 create
                        exit
                    exit
                exit
----------------------------------------------
*A:ALA-48>config>service>ies>sub-if#
 

Configuring Enhanced Subscriber Management Entities

  1. Configuring a Subscriber Identification Policy
  2. Configuring a Subscriber Profile
  3. Configuring a Subscriber Identification Policy
  4. Configuring Explicit Mapping Entries
  5. Applying the Profiles and Policies

Configuring a Subscriber Identification Policy

The following displays an example of a subscriber identification policy configuration:

A:ALA-48>config>subscr-mgmt# info
----------------------------------------------
...
        sub-ident-policy "Globocom" create
            description "Subscriber Identification Policy Id Globocom"
            sub-profile-map
                entry key "1/1/2" sub-profile "ADSL Business"
            exit
            sla-profile-map
                entry key "1/1/2" sla-profile "BE-Video"
            exit
            primary
                script-url "primaryscript.py"
                no shutdown
            exit
            secondary
                script-url "secundaryscript.py"
            exit
            tertiary
                script-url "tertiaryscript.py"
                no shutdown
            exit
        exit
...
----------------------------------------------
A:ALA-48>config>subscr-mgmt#

Configuring a Subscriber Profile

Enhanced Subscriber Management subscriber profile configurations specify existing QoS scheduler profiles. In the following example, “BE-Video-max100M” is specified in the sub-profile “ADSL Business” for the ingress-scheduler-policy. “Upload” is specified in the sub-profile egress-scheduler-policy.

#--------------------------------------------------
echo "QoS Policy Configuration"
#--------------------------------------------------
    qos
        scheduler-policy "BE-Video-max100M" create
            description "Scheduler Policy Id BE-Video-max100M"
            tier 1
                scheduler "tier1" create
                    description "Scheduler Policy Id BE-Video-max100M Tier 1 tier1"
                exit
            exit
        exit
        scheduler-policy "Upload" create
            description "Scheduler Policy Id Upload"
            tier 3
                scheduler "tier3" create
                    description "Scheduler Policy Id Upload Tier 3 tier3"
                exit
            exit
        exit
        sap-ingress 2 create
            description "Description for Sap-Ingress Policy id # 2"
            queue 1 create
            parent "tier1"
            exit
            queue 11 multipoint create
            parent "tier1"
            exit
        exit
        sap-egress 3 create
            description "Description for Sap-Egress Policy id # 3"
            queue 1 create
            parent "tier3"
            exit
        exit
    exit
#-----------------------
 

The following displays an example of a subscriber identification policy configuration:

A:ALA-48>config>subscr-mgmt# info
----------------------------------------------
...
        sub-profile "ADSL Business" create
            description "Subscriber Profile Id ADSL Business"
            ingress-scheduler-policy "BE-Video-max100M"
                scheduler "tier1" rate 99
            exit
            egress-scheduler-policy "Upload"
                scheduler "tier3" rate 1 cir 1
            exit
            sla-profile-map
                entry key "1/1/3" sla-profile "BE-Video"
            exit
        exit
----------------------------------------------
A:ALA-48>config>subscr-mgmt#

Configuring an SLA Profile

The following displays an example of a SLA Profile configuration:

A:ALA-48>config>subscr-mgmt# info
--------------------------------------------------
    subscriber-mgmt
        sla-profile "BE-Video" create
            description "SLA Profile Id BE-Video"
            ingress
                qos 2
                    queue 1
                    exit
                exit
            exit
            egress
                qos 3
                    queue 1
                    exit
                exit
            exit
        exit
----------------------------------------------
A:ALA-48>config>subscr-mgmt#
 

Configuring Explicit Mapping Entries

The following displays an example of a explicit subscriber mapping:

A:ALA-7>config>subscr-mgmt# info
--------------------------------------------------
A:ALA-48>config>subscr-mgmt# info
----------------------------------------------
...
        explicit-subscriber-map
            entry key "1/1/1:1111" sub-profile "ADSL GO" alias "Sub-Ident-1/1/1:
1111" sla-profile "BE-Video"
        exit
...
----------------------------------------------
A:A:ALA-48>config>subscr-mgmt#

Routed CO with Basic Subscriber Management Features

The following displays the output of an IES service configured with and without enhanced subscriber management and only applies to the 7750 SR.

A:term17>config>service>ies# inf
----------------------------------------------
            subscriber-interface "s2" create
                address 11.20.1.1/16
                dhcp
                    gi-address 11.20.1.1
                exit
                group-interface "g3" create
                    description "With Enhanced Subscriber Mgmt"
                    arp-populate
                    dhcp
                        server 12.1.1.1
                        trusted
                        lease-populate 8000
                        no shutdown
                    exit
                    sap lag-1:11 create
                        sub-sla-mgmt
                            def-sub-profile "subProf"
                            def-sla-profile "slaProf"
                            sub-ident-policy "foo"
                            multi-sub-sap
                            no shutdown
                        exit
                        host ip 11.20.1.10 mac 00:00:aa:aa:aa:dd subscriber "One" sub-
profile "subProf" sla-profile "slaProf"
                    exit
                exit
            exit
            subscriber-interface "s3" create
                address 11.39.1.1/16
                dhcp
                    gi-address 11.39.1.1
                exit
                group-interface "g5" create
                    description "Without Enhanced Subscriber Mgmt"
                    arp-populate
                    dhcp
                        server 12.1.1.1
                        trusted
                        lease-populate 8000
                        no shutdown
                    exit
                    sap 4/1/1:24.4094 create
                    exit
                exit
            exit
            no shutdown
----------------------------------------------
A:term17>config>service>ies#

Applying the Profiles and Policies

Note:

Subscriber interfaces operate only with basic (or enhanced) subscriber management. At the very least, a host, either statically configured or dynamically learned by DHCP must be present in order for the interface to be useful. This note applies to the 7750 SR only.

Apply the Enhanced Subscriber Management profiles and policies to the following entities:

  1. SLA Profile
  2. Subscriber Identification Policy
  3. Subscriber Profile

SLA Profile

The following syntax applies to the 7450 ESS:

CLI Syntax:
configure>service>ies service-id
interface ip-int-name
sap sap-id
host {[ip ip-address] [mac ieee-address} [subscriber sub-ident-string] [sub-profile sub-profile-name] [sla-profile sla-profile-name]

The following syntax applies to the 7750 SR:

CLI Syntax:
configure>service>ies service-id
interface ip-int-name
sap sap-id
host {[ip ip-address] [mac ieee-address} [subscriber sub-ident-string] [sub-profile sub-profile-name] [sla-profile sla-profile-name]
sub-sla-mgmt
def-sla-profile default-sla-profile-name
single-sub-parameters
non-sub-traffic sub-profile sub-profile-name sla-profile sla-profile-name [subscriber sub-ident-string]
subscriber-interface ip-int-name
group-interface ip-int-name
sap sap-id
host ip ip-address [mac ieee-address] [subscriber sub-ident-string] [sub-profile sub-profile-name] [sla-profile sla-profile-name]
sub-sla-mgmt
def-sla-profile default-sla-profile-name
single-sub-parameters
non-sub-traffic sub-profile sub-profile-name sla-profile sla-profile-name [subscriber sub-ident-string]

The following syntax applies to the 7450 ESS and 7750 SR:

CLI Syntax:
configure>service>vpls service-id
sap sap-id
host {[ip ip-address] [mac ieee-address]} [subscriber sub-ident-string] [sub-profile sub-profile-name] [sla-profile sla-profile-name]
sub-sla-mgmt
def-sla-profile default-sla-profile-name
single-sub-parameters
non-sub-traffic sub-profile sub-profile-name sla-profile sla-profile-name [subscriber sub-ident-string]

The following syntax applies to the 7750 SR:

CLI Syntax:
configure>service>vprn service-id
interface ip-int-name
sap sap-id
host {[ip ip-address] [mac ieee-address]} [subscriber sub-ident-string] [sub-profile sub-profile-name] [sla-profile sla-profile-name]

The following syntax applies to the 7450 ESS and 7750 SR:

CLI Syntax:
configure>subscriber-mgmt
explicit-subscriber-map
entry key sub-ident-string [sub-profile sub-profile-name] [alias sub-alias-string] [sla-profile sla-profile-name]
sub-ident-policy sub-ident-policy-name
sla-profile-map
entry key sla-profile-string sla-profile sla-profile-name
sub-profile sla-profile-map
sla-profile-map
entry key sla-profile-string sla-profile sla-profile

Configuring Dual Homing

The following displays an example of a dual homing configuration a. The configuration shows dual homing with a peer node with a system address of 1.1.1.23. The DHCP server returns a default route with a 11.21.1.3 next hop. This example only applies to the 7750 SR.

A:ALA-48#
#--------------------------------------------------
echo "Redundancy Configuration"
#--------------------------------------------------
    redundancy
        multi-chassis
            peer 1.1.1.23 create
                sync
                    srrp
                    sub-mgmt
                    port lag-100 sync-tag "Tag1" create
                    exit
                    no shutdown
                exit
                no shutdown
            exit
        exit
    exit
#--------------------------------------------------
echo "Service Configuration"
#--------------------------------------------------
    service
        customer 1 create
            description "Default customer"
        exit
        sdp 23 create
            far-end 1.1.1.23
            no shutdown
        exit
        ies 40 customer 1 create
            redundant-interface "r40-1" create
                address 2.1.1.1/31
                spoke-sdp 23:1 create
                exit
            exit
            subscriber-interface "s40-1" create
                address 11.21.1.1/16 gw-ip-address 11.21.1.3
                dhcp 
                    gi-address 11.21.1.1
                exit
                group-interface "g40-1" create
                    dhcp
                        server 12.1.1.1
                        lease-populate 8000
                        no shutdown
                    exit
                    redundant-interface r40-1
                    remote-proxy-arp
                    sap lag-100:1 create
                        sub-sla-mgmt
                            def-sub-profile "subProf"
                            def-sla-profile "slaProf"
                            sub-ident-policy "subIdentPolicy"
                            multi-sub-sap                            
                            no shutdown
                        exit
                    exit
                    sap lag-100:4094 create
                    exit
                    srrp 1 create
                        message-path lag-100:4094
                        no shutdown
                    exit
                exit
            exit
            no shutdown
        exit
exit
...
----------------------------------------------
A:ALA-48#

SHCV Policies

Under the group-interface, the host-connectivity-verify configuration was used as a reference timer for some event triggered SHCV while other used hardcoded values. The SHCV-policy and separated out every type of SHCV and allowed each type to have their individual configurable timer values. Furthermore, individual SHCV trigger types can be shut down. The SHCV policy can be applied to one or more group interfaces and can be configured differently for IPv4 vs. IPv6 hosts.There are various types of triggered SHCV:

  1. ip-conflict: Sent when a SAP detects that there is a IP address or prefix conflict on the SAP.
  2. host-limit-exceeded: Sent when a subscriber has exceeded a configured host-limit. Host-limits are set on sla-profile host-limit, ipoe-session sap-session-limit, and ipoe-session session-limit.
  3. inactivity: Category-map configured under sla-profile can trigger an SHCV once the subscriber host has become idle.
  4. mobility: Intended for mobility applications such as WiFi. When a subscriber moves between SAPs and requests for the same IP address, a triggered SHCV is sent to verify if the old host is still connected before removing the old host entry.
  5. mac-learning: For IP-only static-host MAC learning. The trigger SHCV is sent to learn the subscriber MAC when a no shutdown command is executed on the CLI for the static host.

Note that some SHCVs are triggered based on a host’s DHCP messages. These DHCP messages are not buffered. The SHCV is used only to perform a verification check on an old host to verify if the host is still connected to the BNG. Therefore, the BNG still requires the new hosts to retransmit their DHCP messages once the SHCV removes the disconnected host.

SHCV Policy

Under the group-interface, the host-connectivity-verify configuration was used as a reference timer for some event triggered SHCV while other used hardcoded values. The SHCV-policy and separated out every type of SHCV and allowed each type to have their individual configurable timer values. Furthermore, individual SHCV trigger types can be shut down. The SHCV policy can be applied to one or more group interfaces and can be configured differently for IPv4 vs. IPv6 hosts.There are various types of triggered SHCV:

  1. ip-conflict: Sent when a SAP detects that there is a IP address or prefix conflict on the SAP.
  2. host-limit-exceeded: Sent when a subscriber has exceeded a configured host-limit. Host-limits are set on sla-profile host-limit, ipoe-session sap-session-limit, and ipoe-session session-limit.
  3. inactivity: Category-map configured under sla-profile can trigger an SHCV once the subscriber host has become idle.
  4. mobility: Intended for mobility applications such as WiFi. When a subscriber moves between SAPs and requests for the same IP address, a triggered SHCV is sent to verify if the old host is still connected before removing the old host entry.
  5. mac-learning: For IP-only static-host MAC learning. The trigger SHCV is sent to learn the subscriber MAC when a no shutdown command is executed on the CLI for the static host.

Note that some SHCVs are triggered based on a host’s DHCP messages. These DHCP messages are not buffered. The SHCV is used only to perform a verification check on an old host to verify if the host is still connected to the BNG. Therefore, the BNG still requires the new hosts to retransmit their DHCP messages once the SHCV removes the disconnected host.

Subscriber Identification Policy

The following syntax applies to the 7450 ESS:

CLI Syntax:
configure>service>ies service-id
interface ip-int-name
sap sap-id
host {[ip ip-address] [mac ieee-address} [subscriber sub-ident-string] [sub-profile sub-profile-name] [sla-profile sla-profile-name]

The following syntax applies to the 7750 SR:

CLI Syntax:
configure>service>ies service-id
interface ip-int-name
sap sap-id
host {[ip ip-address] [mac ieee-address} [subscriber sub-ident-string] [sub-profile sub-profile-name] [sla-profile sla-profile-name]
sub-sla-mgmt
single-sub-parameters
non-sub-traffic sub-profile sub-profile-name sla-profile sla-profile-name [subscriber sub-ident-string]
sub-ident-policy sub-ident-policy-name

Subscriber Profile

The following syntax applies to the 7450 ESS:

CLI Syntax:
configure>service>ies service-id
interface ip-int-name
sap sap-id
host {[ip ip-address] [mac ieee-address} [subscriber sub-ident-string] [sub-profile sub-profile-name] [sla-profile sla-profile-name]

The following syntax applies to the 7750 SR:

CLI Syntax:
configure>service>ies service-id
interface ip-int-name
sap sap-id
host {[ip ip-address] [mac ieee-address} [subscriber sub-ident-string] [sub-profile sub-profile-name] [sla-profile sla-profile-name]
sub-sla-mgmt
def-sub-profile default-subscriber-profile-name
single-sub-parameters
non-sub-traffic sub-profile sub-profile-name sla-profile sla-profile-name [subscriber sub-ident-string]

The following syntax applies to the 7450 ESS and 7750 SR:

CLI Syntax:
configure>service>vpls service-id
sap sap-id
host {[ip ip-address] [mac ieee-address]} [subscriber sub-ident-string] [sub-profile sub-profile-name] [sla-profile sla-profile-name]
sub-sla-mgmt
def-sub-profile default-sub-profile-name
single-sub-parameters
non-sub-traffic sub-profile sub-profile-name sla-profile sla-profile-name [subscriber sub-ident-string]

The following syntax applies to the 7450 ESS and 7750 SR:

CLI Syntax:
configure>subscriber-mgmt
sub-profile subscriber-profile-name
explicit-subscriber-map
entry key sub-ident-string [sub-profile sub-profile-name] [alias sub-alias-string] [sla-profile sla-profile-name]
sub-ident-policy sub-ident-policy-name
sub-profile-map
entry key sub-profile-string sub-profile sub-profile-name