Juniper MX BRAS – Part 1

 

In last few weeks, I Spent most of my time working on Juniper MX and try to evaluate it as a BRAS. Previously I was working on Juniper E Series Broadband routers and now some of my customers need to move to the new MX especially after EOL announcement of E series platform. So let’s start

 

Part 1: Introduction To PPP Protocol

Part2: Juniper Mx BRAS Configuration

Part3: Juniper Steel-Belted Radius Configuration

Part4: Final Thoughts and wrapping up!

 

First Here’s my topology that I will work on it

image

 

Nodes Name and Function

Node Name

Platform

PPPoE_Client Windows 7 with PPPoE Interface
PPPoE_server Juniper vMX router working as BRAS and with SM license installed on it RE14.1
AAA Juniper Steel-Belted Radius (SBR)
LDAP Any Open source LDAP , OpenLdap is OK

 

All nodes are installed on VMWare ESXI v5 server and networked together using the vSwitch networking such that the traffic outgoing from PPPoE_Client is tagged with vlan 800 while the traffic accepted in vMX is white (Accept all vlans)

I will try to dig deeper on every packet detail as possible so please bear with me!

 

Introduction to PPP Protocol Suite (The Transporter Network!)

The first question that came to service provider guy, How would you transport the Ethernet frame over a legacy ATM network and POTS? then how to transport it to BRAS that accept only Ethernet?

Essentially, a PPPoE packet is a PPP packet encapsulated in an Ethernet frame, as shown below

clip_image001

clip_image002 

PPP Call Flow

clip_image003

Now let’s discuss the PPP above stages in detail and content of each message

1. Discovery

The following sequence occurs when a PPPoE subscriber logs in to the network.

1. The PPPoE client broadcasts a PPPoE Active Discovery Initiation (PADI) packet to all remote access concentrators in the network.

clip_image004

  • PADI Packet Structure (Initiated from CPE = PPPoE Client)
  • The Code value is 0x09.
  • The SESSION_ID value is 0x0000.

clip_image005

SRC MAC : Vmware_b6:25:41 //PPPoE Client

DST MAC : Broadcast

2. One or more remote access concentrators respond to the PADI packet by sending a PPPoE Active Discovery Offer (PADO) packet, indicating that they can service the client request. The PADO packet includes the name of the access concentrator from which it was sent.

clip_image006

    • PADO Packet Structure (Initiated from BNG = PPPoE Server)
    • The Code value is 0x07.
    • The SESSION_ID value is 0x0000.

clip_image007

SRC MAC : Vmware_90:a3:20 //PPPoE Server

DST MAC : Vmware_b6:25:41 //PPPoE Client

3. The client sends a unicast PPPoE Active Discovery Request (PADR) packet to the access concentrator it selects using the MAC-Address

clip_image008

  • PADR Packet Structure (Initiated from CPE= PPPoE Client)
  • The Code value is 0x19.
  • The SESSION_ID value is 0x0000.

 

clip_image009

SRC MAC : Vmware_b6:25:41 //PPPoE Client

DST MAC : Vmware_90:a3:20 //PPPoE Server

 

4. On receipt of the PADR packet on the underlying interface associated with a PPPoE dynamic profile, the Juniper MX router uses the attributes configured in the dynamic profile to create the dynamic PPPoE logical interface. We will take on BRAS configuration later on

5.The router sends a PPPoE Active Discovery Session (PADS) packet to confirm establishment of the PPPoE connection.

clip_image010

  • PADS Packet Structure (Initiated from BNG = PPPoE Server)
  • The Code value is 0x65.
  • The SESSION_ID value is determined for future communications

clip_image011

SRC MAC : Vmware_90:a3:20 //PPPoE Server

DST MAC : Vmware_b6:25:41 //PPPoE Client

Session ID: 0x0001  //Finally Set

====End Of Text====

2. Session Stage

1. LCP : negotiate link c/ch

clip_image012

PPPoE Client: I suggest MTU = 1480

PPPoE Client: I support Protocol Field Compression

 

clip_image013

PPPoE Server: I suggest MTU = 1492

PPPoE Server: I support PAP

 

clip_image014

PPPoE Server: I Reject your configuration, Please use mine

 

clip_image015

PPPoE Client: I Accept your configuration

 

2. Identification: (Who’re you?!)

clip_image016

PPPoE Client: I Need to identify myself, I’m running MSFT implementation of PPPoE

 

3.Authentication

Authenticate the subscriber that located in PPP packet (No IP assignment till now) using either PAP or CHAP agreed in LCP stage

clip_image017

PPPoE Client: Here’s my UserName and Password sent using PAP protocol as we agreed before

 

clip_image018

PPPoE Server: Accept

Note that they still use the Session ID for communication identification between them in PPPoE

 

4.NCP

Assign IP address to interface sides using IPCP protocol (part of PPP stack) and assign DNS –> Require to configure Loopback in BRAS to communicate, Otherwise it will fail and PADT will be sent

clip_image020

PPPoE Client: I will start the IPCP stage and I need IP address & DNS

 

clip_image021

PPPoE Server: Sorry, I don’t have the DNS

 

clip_image022

PPPoE Client: Ok, Please send me only the IP address

 

clip_image023 

PPPoE Server: Here’s the IP Address

 

clip_image024

PPPoE Client: Ok here’s my final IPCP configuration, OK?

 

clip_image025

PPPoE Server: OK

 

clip_image026

PPPoE Server: Take this loopback address also

 

clip_image027

PPPoE Client:OK

====End Of Text====

3. Traffic

 

I know this might not be in call flow but I want to show you how real traffic is encapsulated inside PPP packet then inside PPPoE frame afterthen

clip_image028

 

4.Termination

clip_image030

  • PADT Packet Structure (Initiated from CPE= PPPoE Client)
  • The Code value is 0xa7.
  • The SESSION_ID value is the one the we agree on before.

clip_image031

-Termination Request Over LCP (indicate the failure is on LCP stage)

clip_image032

-Final PADT message

 

Now PPP stage is finished and Client should have full connectivity to BRAS. in next part we will move on Juniper MX BRAS and will configure it step by step.

 

 

Advertisements

5 thoughts on “Juniper MX BRAS – Part 1

  1. we implemented x2 mx480s in a VC running subscriber mgmt (pppoe) everything works fine however there is a small percentage of customers that are having to change their “adjust-mss” field on cisco devices to get it to work and some sonicwalls are having problems. With the older Juniper E-series there was a setting we used to fix this “ip tcp adjust-mss 1452” does anything like this exist on the mx? Great article btw

  2. Right now in the ISP where I work, we are going to implement MX5-t to change the current solution (server with freeBSD and mpd / ppoe). By chance (excusing the lack of patience), you will not have a virtual image with the license or demo to perform tests to share, otherwise, it is understood. Excellent post !! And thanks again!

Share you opinion to benefit others :)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s