Juniper MX BRAS – Part 3

As you notice from previous configuration. We have to configure the unit 1 with static VLAN (800) to create only ONE SUBSCRIBER INTERFACE . However in real world scenario this not necessarily the case. we need to make MX check the incoming vlan id from DSLAM and handle the creation of both VLANS and Units that hold the PPPoE sessions. BTW, Here’s a golden rule. One Vlan per Unit!



You can find below the interface structure in dynamic configuration. The physical interface is ae(Active Ethernet) and beneath it the auto-configure command that “instantiate” the VLAN and SVLAN from dynamic-profile


Read More »


Introduction to Diameter Protocol – Part 1


Diameter is an authentication, authorization, and accounting protocol. used primarily for Service provider networks . It evolved from and replaces the much less capable RADIUS protocol that preceded it.

in this presentation I will try to familiarize you with the new AAA protocol and deep dive into the diameter protocol details, Credit Control Application (Gx,Gy and GZ) and sample use case for peering Sandvine PTS (Working as PCEF) with freePCRF.server and finally introduce you with seagull, a popular test tool to test different diameter-based scenarios

Hope You like it.

Juniper MX BRAS – Part 2

In this post I will continue to deep dive into the Juniper MX configuration and tweak it to work as a BRAS. Please refer to my previous blog post for more information on PPP protocol Stack

Let’s start

to configure MX as a BRAS,  The Following configuration is needed on BRAS

Basics Configuration

  • Interface creation –>configuration inside dynamic profile
    • Vlan Interface
    • PPP Interface
  • PPP Handling(PAP) –>configuration inside dynamic profile
  • Creating loopback
  • Radius Authentication – – >configuration inside access-profile
  • Radius Accounting – – >configuration inside access-profile
  • Address Assignment – – >configuration inside access-profileService and speed allocation


  • Advanced QoS
  • Change Of Authorization
  • Captive portal/redirection configuration
  • Wholesale

Read More »

Juniper MX BRAS – Part 1


In last few weeks, I Spent most of my time working on Juniper MX and try to evaluate it as a BRAS. Previously I was working on Juniper E Series Broadband routers and now some of my customers need to move to the new MX especially after EOL announcement of E series platform. So let’s start


Part 1: Introduction To PPP Protocol

Part2: Juniper Mx BRAS Configuration

Part3: Juniper Steel-Belted Radius Configuration

Part4: Final Thoughts and wrapping up!


First Here’s my topology that I will work on it



Nodes Name and Function

Node Name


PPPoE_Client Windows 7 with PPPoE Interface
PPPoE_server Juniper vMX router working as BRAS and with SM license installed on it RE14.1
AAA Juniper Steel-Belted Radius (SBR)
LDAP Any Open source LDAP , OpenLdap is OK


Read More »

Understanding Juniper Steel-Belted Radius(SBR) Attributes

Radius attribute is one of the core part in radius protocol. it allow you to shape and control the subscriber behavior and give BRAS the ability to assign correct services to subscriber and information like routing, IP Address, VRF and other important info. Below I will illustrate type of attributes

1-Attribute without specific value (to be provided by Administrator)


Here you should provide value to this attribute. other examples are Framed-IP-Address, Service-Info, Framed-Routing..etc


Read More »

How to add new vendor to Juniper Steel-Belted Radius (SBR)

0-Head to /opt/JNPRsbr/radius

1-Add the vendor definition in vendor.ini inside radius directory


-note the dictionary name and the “send-class-attribute” either set to yes or no

-if you’ve multiple products for same vendor, then you need to write multiple instances for the previous section and make it point to same dictionary file.

2-Create a new file (<VendorName>.dct) inside radius directory and define the required attributes (first thing is to include the radius.dct dictionary)


3-Include the vendor name inside dictiona.dcm file


4-restart the SBR and check for any errors appear in logs

How Does it work?

Dictionary files must be placed in the same directory as the Steel-Belted Radius Carrier daemon. During initialization, Steel-Belted Radius Carrier reads the file dictiona.dcm in the server directory to get a list of files with an extension of .dct (standard dictionary files) and uses the list to create a “master dictionary, which includes all known attributes.

Monitoring Juniper Steel-Belted Radius (SBR)


    Proactive monitoring of an important service like AAA is a mandatory task for any ISP. it allow you get insight reports on what’s going on in your network. You can get valuable information on subscriber behavior, Subscriber Management IP allocations beside it show you (with a little tweaking and scripts) number of online sessions.

    Connecting that with DPI monitoring will allow you to get nearly complete picture on Subscriber Management Network

Read More »