BNG Use Cases and Sample Configurations

This appendix describes the various BNG use cases and sample configurations:

BNG over Pseudowire Headend

Sample Topology for BNG over Pseudowire Headend

For an overview of BNG over Pseudowire Headend, see BNG over Pseudowire Headend.

This figure shows a sample topology for BNG over Pseudowire Headend:

Figure 1. Sample Topology for BNG over Pseudowire Headend


Deployment Models for Subscribers on Pseudowire Headend

Residential Subscribers on Pseudowire Headend

The deployment models available for residential subscribers on PWHE are:

N:1 model

This figure shows the n:1 deployment model for residential subscribers on PWHE:

Figure 2. N:1 deployment model for residential subscribers on PWHE


This model does not have subscriber VLANs. All subscribers connected to the DSLAM are aggregated into an S-VLAN and sent to the BNG, over a pseudowire. In most cases, there is only one pseudowire for each DSLAM in this deployment model. In this model, the pseudowire can be negotiated for VC type 4 and the subscriber can be terminated on the PWHE main interface. The pseudowire can also be negotiated for VC type 5 and be matched with the PWHE sub-interface that is configured for the S-VLAN (if VLAN is retained in the pseudowire).

1:1 model

This figure shows the 1:1 deployment model for residential subscribers on PWHE:

Figure 3. 1:1 deployment model for residential subscribers on PWHE


In this model, the subscriber traffic comes in VLANs to the DSLAM and one pseudowire is created per DSLAM. Here, the pseudowire is negotiated for VC type 5, and therefore, the S-VLAN is not retained in the pseudowire. The subscriber VLANs can be matched with the PWHE sub-interface configuration. There cannot be a matching sub-interface for each subscriber VLAN. As a result, ambiguous VLANs must be enabled on the PWHE sub-interfaces to accommodate multiple unique subscriber VLANs.

Residential and Business Subscribers on Pseudowire Headend

The deployment models available for residential and business subscribers on PWHE are:

Model 1

This figure shows the deployment model 1 for residential and business subscribers on PWHE:

Figure 4. Deployment Model 1 for Residential and Business Subscribers on PWHE


In this model, all services from the access network are enabled on different sub-interfaces on the same pseudowire. The PW is negotiated for VC type 5. This solution model provides up to service level aggregation; an aggregate shaper may not be applied on the main interface.

Model 2

This figure shows the deployment model 2 for residential and business subscribers on PWHE:

Figure 5. Deployment Model 2 for Residential and Business Subscribers on PWHE


In this model, all services from the access network are enabled on PWHE sub-interfaces configured on different pseudowires. The PW is negotiated for VC type 5. An aggregate shaper can also be applied on both the PWHE interfaces.

Configuration and Verification of BNG over Pseudowire Headend

Configuration Commands for BNG over Pseudowire Headend

These are some of the common commands to be used to configure BNG over Pseudowire Headend:

Table 1. Configuration Commands for BNG over Pseudowire Headend
Command Purpose
pw-class class-name

Configures the pseudowire class template name to use for the pseudowire.

encapsulation mpls

Configures the pseudowire encapsulation to MPLS.

protocol ldp

Sets pseudowire signaling protocol to LDP.

xconnect group group-name

Configures a cross-connect group name using a free-format 32-character string.

l2overhead bytes

Sets layer 2 overhead size.

generic-interface-list bytes

Configures a generic interface list.

attach generic-interface-list interface_list_name

Attaches the generic interface list to the PW-Ether or PW-IW interface.

encapsulation dot1q vlan-id

Assigns the matching VLAN-Id and Ethertype to the interface.

QoS Commands
service-policy output policy-name [subscriber-parent resource-id value]

Configures egress SVLAN policy on PW-Ether sub interface.

service-policy output policy-name [shared-policy-instance instance-name ]

Configures egress policy (with or without shared-policy-instance) on PWHE subscriber interface.


Note

For more information about the PWHE feature and the related configuration procedures in Cisco ASR9K router, see the Implementing Multipoint Layer 2 Services chapter in the L2VPN and Ethernet Services Configuration Guide for Cisco ASR 9000 Series Routers. For complete command reference of the PWHE-specific commands in Cisco ASR9K router, see the VPN and Ethernet Services Command Reference for Cisco ASR 9000 Series Routers.

For more information about QoS features and the related configuration in Cisco ASR9K router, see the Modular QoS Configuration Guide for Cisco ASR 9000 Series Routers. For complete command reference of the QoS-specific commands in Cisco ASR9K router, see the Modular Quality of Service Command Reference for Cisco ASR 9000 Series Routers.

Verification Commands for BNG over Pseudowire Headend

This table lists the verification commands for BNG over Pseudowire Headend.

Command Purpose
show run l2vpn Displays the running configuration of L2VPN.
show run interface PW-Ether interface-name Displays the running configuration of pw-ether interface.
show run mpls ldp Displays the running configuration of MPLS ldp.
show run generic-interface-list Displays the running configuration of generic-interface-list.
show l2vpn xconnect detail Displays the configuration details of L2VPN cross-connect.
show l2vpn xconnect detail | include packet Displays the configuration details of L2VPN cross-connect with lines that match packet .
show controller np counters all Displays the counter statistics of network processors.
BNG-specific commands:
show subscriber session all summary Displays the summary of subscriber session information.
show subscriber manager disconnect history Displays the disconnect history of subscriber manager.
show tech-support subscriber [ipoe | memory | pta] Collects the output of relevant BNG subscriber related commands, and saves it to the local disk.
QoS commands:
show policy-map interface Displays the policy configuration information for all classes configured for all service policies on the specified interface.
show policy-map shared-policy-instance Displays the statistics for all details of the shared policy instance.

Sample Configurations for BNG over Pseudowire Headend

This section provides the sample configurations for BNG over Pseudowire Headend (without QoS).

  • PWHE Configuration 

    
//l2vpn pw-class
l2vpn
 pw-class deep
  encapsulation mpls
   protocol ldp
   control-word
   transport-mode vlan
!
!
!

//l2vpn xconnect group
l2vpn
 xconnect group xc1
  p2p 101
   interface PW-Ether101
   neighbor 3.3.3.3 pw-id 2300
    pw-class deep

//Generic interface list configuration
generic-interface-list double1
 interface GigabitEthernet0/3/0/1
 interface Bundle-Ether 101
!

//pw-ether interface configuration
interface pw-ether101
 l2overhead 64
 attach generic-interface-list double1
mac-address <mac-address>
!

interface pw-ether 101.1
  encapsulation dot1q 10
 ipv6 address 1001::1/64
 ipv4 address 162.162.1.2 255.255.255.0
!

  • Subscriber Configuration on PWHE access-interface 

    
//IPoE
interface PW-Ether1.1
 ipv4 unnumbered Loopback200
  service-policy type control subscriber ISN_CNTRL_1
  ipsubscriber ipv4 l2-connected
  initiator dhcp
  initiator unclassified-source
 encapsulation ambiguous dot1q 73 second-dot1q any
!

//PPPoE
interface PW-Ether1.4
ipv6 enable
pppoe enable
service-policy type control subscriber pppoe_pxy
encapsulation dot1q 104
!

This section provides the sample configurations for BNG over Pseudowire Headend (with QoS).

  • Egress SVLAN policy configuration on PW-Ether sub interface: 

    
interface pw-ether 2.1
 ipv4 address 11.11.11.11 255.255.255.0
 encapsulation dot1q 100
 service-policy output policy1 subscriber-parent
!

  • Egress policy (with or without shared-policy-instance) on PWHE subscriber interface: 

    
interface pw-ether 2.1
 service-policy output policy1 shared-policy-instance
!

  • Policy application on PWHE subscriber interface, with service accounting enabled: 

    
dynamic-template
type ppp ppp1
ppp ipcp peer-address pool ppp_pool
ipv4 unnumbered Loopback10
!
type service S1
service-policy output test acct-stats
accounting aaa list default type service
!
!

  • Policy application on PWHE subscriber through Radius CoA (pQoS): 

    
qos-policy-{in | out}={add-class | remove-class} (sub,<parent-class, child-class>,<action-list>)
2 – level policy-map definition
Each vsa defines one class and its actions

CoA / Access-Accept {
qos-policy-out=add-class(sub, (class-default), shape(2000))
qos-policy-out=add-class(sub, (class-default, data), shape(500), bw-rpct(25))
qos-policy-out=add-class(sub, (class-default, class-default), queue-limit(20000))
}

policy-map type qos __policy1_out
class class-default
shape average 2000 kbps
service-policy child1
!
end-policy-map

policy-map type qos __policy1_child1
class data
shape average 500 kbps
bandwidth remaining percent 25
!
class class-default
queue-limit 20000 packets
!
end-policy-map

Dual-Stack Subscriber Sessions

The BNG supports dual-stack for subscriber sessions, whereby an IPv4 address and an IPv6 address can co-exist for the same subscriber.

The figure below shows a deployment model of dual-stack subscriber sessions.

Figure 6. Deployment Model of Dual-Stack Subscriber Sessions


IP Address Assignment for Clients

The following figure shows various IP address assignment options available for IPv6 clients, and the supported local address assignment functions.

Figure 7. IPv6 Client Address Assignment Models


The framed-ipv6-address RADIUS attribute can also be used to provide an IP address from the RADIUS server to the subscriber. This address is then advertised through a Stateless Address Auto Configuration - Neighbor Advertisement or Neighbor Discovery (SLAAC - NA or ND) message for both PPPoE and IPoE sessions.

If DHCPv6 is not used for the IPoE sessions, an additional Vendor-Specific Attribute ipv6:ipv6-default-gateway is used to specify the default router.

Sample IPv6 Addressing and Configurations

IPv6 Address Mapping

The following figure shows the sample IPv6 address mapping with prefix-delegation in place, for the dual-stack subscriber. The respective sample CPE configurations and the sample DHCPv6 Server configurations are discussed in subsequent sections.

Figure 8. Sample IPv6 Address Mapping for Dual-Stack Subscriber


CPE Configurations

Sample Configuration for the Client Side of the CPE

This section provides the sample configurations for the client side of the Customer Premises Equipment (CPE). 


interface GigabitEthernet0/2
description to switch fa0/15
ip address 192.168.1.1 255.255.255.0
no ip unreachables
ip nat inside
ip virtual-reassembly
duplex full
speed 100
media-type rj45
negotiation auto
ipv6 address prefix-from-provider ::1:0:0:0:1/64
ipv6 enable

Sample Configuration for the WAN Side of the CPE

This section provides the sample configurations for the WAN side of the Customer Premises Equipment (CPE). 


interface FastEthernet2/0.50
encapsulation dot1Q 50
ipv6 address autoconfig default
ipv6 enable
ipv6 dhcp client pd prefix-from-provider

DHCPv6 Server Configuration

Sample Configuration for the DHCPv6 Server

This section gives the sample configurations for the DHCPv6 Server. 


ipv6 unicast-routing 
ipv6 dhcp pool dhcpv6
prefix-delegation pool dhcpv6-pool1 lifetime 6000 2000
ipv6 route 2001:60:45:28::/64 2005::1
ipv6 route 2001:DB8:1200::/40 2005::1
ipv6 route 200B::/64 2005::1
ipv6 route 2600:80A::9/128 4000::1
ipv6 local pool dhcpv6-pool1 2001:DB8:1200::/40 48

Note

BNG supports only a single IA-NA and IA-PD for the subscribers. Therefore, if the ASR9K is configured as a DHCP server, and if the BNG subscriber sends a DHCPv6 SOLICIT message with more than one IA-NA and IA-PD, then the DHCP ADVERTISEMENT response from the ASR9K fails. And, the subscriber will not get the IPv6 address in such scenarios.

Operation and Call Flow of Dual-Stack Sessions

The ASR9K router considers the IPv4 and IPv6 stacks as a single subscriber. Therefore, only a single Access Request message and a single accounting record are generated for both the stacks. However, in scenarios such as the one where an accounting request is generated, the two stacks are considered as being two separate entities.


Note

  • When the first address-family (AF) comes up, the Access Request message that is generated must contain, for the session, information about both the IPv4 and the IPv6. A second request is not generated for the other AF.

  • When the first AF comes up, the BNG router generates an Accounting Start message and sends it to the AAA server. The BNG waits for a pre-determined period of time and generates a single accounting start record for both address-families. As another option, an interim accounting record is triggered by the BNG when the second AF comes up.

Generic Call Flow of Dual-Stack Session

The figure below shows the generic call flow of dual-stack session. The interactions with other servers, such as the DHCP server, are not displayed in this figure.

Figure 9. Generic Call Flow of Dual-Stack Session


The details of the call flow between the BNG router and the AAA server are listed here:

  • A single authentication process for the first and the second address-family (AF1 and AF2) is triggered when the first AF1 comes up.

  • A single Accounting Start message is triggered when the AF1 is set up. The framed-address for the AF1 that is set up, is sent from the AAA server back to the BNG router.

  • The statistics for the AF that is currently set up (AF1 in this case) is sent through periodic Accounting Interim messages.

  • The AF2 is set up next, and the statistics for the AF2 is sent through triggered Accounting Interim messages.

  • The statistics for each AF and the aggregated statistics for both the address-families that are set up are sent by periodic Accounting Interim messages.

Detailed Call Flows - PPPoE Dual-Stack

Scenario 1: SLAAC-Based Address Assignment

The figure below shows the detailed call flow of PPPoE dual-stack, where the address assignment is SLAAC-based.

Figure 10. PPPoE Dual-Stack - SLAAC-Based Address Assignment


Scenario 2: DHCPv6-Based Address Assignment

The figure below shows the detailed call flow of PPPoE dual-stack, where the address assignment is DHCPv6-based.

Figure 11. Call Flow of PPPoE Dual-Stack - DHCPv6-Based Address Assignment


Detailed Call Flows - IPoE Dual-Stack

Scenario 1 - IPv4 Address-Family Starts First

The figure below shows the detailed call flow of IPoE dual-stack, where the IPv4 address-family (AF) starts first.

Figure 12. Call Flow of IPoE Dual-Stack - IPv4 Address-Family Starts First


Scenario 2 - IPv6 Address-Family Starts First

The figure below shows the detailed call flow of IPoE dual-stack, where the IPv6 address-family (AF) starts first.

Figure 13. Call Flow of IPoE Dual-Stack - IPv6 Address-Family Starts First


Sample Topology for Dual-Stack

The figure below shows a sample topology for the dual-stack.

Figure 14. Sample topology for Dual-Stack


Configuration Examples for Dual-Stack

This section provides configuration examples for a dual-stack. 


hostname bng
logging console debugging

The RADIUS server is configured with the server listening on the IP address 5.5.5.2 with auth-port on 1645 and accounting-port on 1646. 


radius-server host 5.5.5.2 auth-port 1645 acct-port 1646
key 7 010107000A5955
!

The CoA server or policy-server with IP address 5.5.5.2 is configured. 


aaa server radius dynamic-author
client 5.5.5.2 vrf default server-key 7 03165A0F575D72
!
aaa group server radius RADIUS
server 5.5.5.2 auth-port 1645 acct-port 1646
!
aaa accounting   service default group radius
aaa accounting   subscriber default group radius
aaa authorization subscriber default group radius
aaa authentication subscriber default group radius
!

The DHCPv6 address pool is defined locally within the BNG router and the local pool is used for IPv6 address assignment to the IPv6 BNG clients. 


pool vrf default   ipv6 ipv6_address_pool
address-range 2001::2 2001::7dff
!

The DHCPv4 server with IP address 20.20.20.2 is deployed externally and this IPv4 address must be reachable from the BNG router. The routing protocols must take care of the reachability of the IP address 20.20.20.2 from the BNG router. The DHCPv4 proxy is configured, thus: 


dhcp ipv4
profile IPoEv4 proxy
helper-address vrf default 20.20.20.2 giaddr 10.10.10.1

The DHCPv4 proxy is enabled on the bundle sub-interface. 


interface Bundle-Ether1.10 proxy profile IPoEv4
!

The DHCPv6 server is configured and the previously-configured DHCPv6 address pool is referred within the DHCPv6 server configuration. The DHCPv6 profile along with the address-pool is configured, thus: 


dhcp ipv6
   profile IPoEv6 server
   address-pool ipv6_address_pool
!

The DHCPv6 address pool is referred on the bundle sub-interface. 


interface Bundle-Ether1.10 server profile IPoEv6
!
interface Bundle-Ether1
bundle maximum-active links 1
!

The bundle sub-interface with the dot1q encapsulation is configured with a single tag. The subscriber traffic from the CPE should come with the single dot1q tag and this VLAN tag must match the VLAN-ID 10 configured under the bundle sub-interface. In Dual-Stack IPoE configuration, the initiator dhcp command is configured under the IPv4 or IPv6 l2-connected configuration mode. The name of the policy-map type control is referred with the service-policy. 


interface Bundle-Ether1.10
ipv4 point-to-point
ipv4 unnumbered Loopback1
ipv6 enable
service-policy type control subscriber pm-src-mac
encapsulation dot1q 10
ipsubscriber ipv4 l2-connected
initiator dhcp
!

ipsubscriber ipv6 l2-connected
initiator dhcp
!
!

The IPv4 address 10.10.10.1 is the default-gateway IP address for the pool of IPv4 addresses allocated to the dual-stack BNG clients. 


interface Loopback1
ipv4 address 10.10.10.1 255.255.255.0
ipv6 enable
!

The physical interface GigabitEthernet0/0/0/0 is configured as the bundle interface. 


interface GigabitEthernet0/0/0/0
bundle id 1 mode on
negotiation auto
transceiver permit pid all
!

The dual-stack dynamic-template is configured for the dual-stack initiation. The IPv6 enable, IPv4 unnumbered address and IPv4 urpf are configured under the dual-stack template. 


dynamic-template
   type ipsubscriber Dual_stack_IPoE
     accounting aaa list default type session periodic-interval 5
     ipv4 verify unicast source reachable-via rx
     ipv4 unnumbered Loopback1
     ipv6 enable
!
!

The class-map is configured for the dual-stack scenario in order to match the DHCPv6 - SOLICIT and DHCPv4 - DISCOVER messages as the first-sign-of-life (FSOL) packets. 


class-map type control subscriber match-any dual_stack_class_map
   match protocol dhcpv4 dhcpv6
   end-class-map
!

The dual_stack_class_map class-map is referred within the policy-map. The event session-start is matched based on the DHCPv4 or DHCPv6 FSOL and the Dual_stack_IPoE dynamic-template is activated. The subscriber Mac-Address is used for subscriber identification, and this address is authorized with the AAA server. 


policy-map type control subscriber pm-src-mac
event session-start match-all
   class type control subscriber dual_stack_class_map do-all
     1 activate dynamic-template Dual_stack_IPoE
     2 authorize aaa list default identifier source-address-mac password cisco
!
!
end-policy-map
!
end

Verification Steps for Dual-Stack

This section provides the list of commands that can be used for verifying dual-stack configuration. For details of these commands, see Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Command Reference.

Command Purpose
show subscriber session all

Displays active IPv4 or IPv6 client sessions.

show subscriber session all detail

Displays details of active IPv4 or IPv6 client sessions.

show dhcp ipv4 proxy binding

Displays IPoEv4 clients created. It displays the ip-address , mac-address , the interface on which the IPoEv4 clients are created, the vrf-name , and so on.

show dhcp ipv4 proxy binding detail

Displays details of IPoEv4 clients created.

show dhcp ipv6 server binding

Displays IPv6 address allocated from the DHCPv6 local pool.

eBGP over PPPoE

Sample Topology for eBGP over PPPoE

This figure shows a sample topology for eBGP over PPPoE:

Figure 15. Sample topology for eBGP over PPPoE


All Provide Edge (PE) routers shown in the figure, are in the service provider Autonomous System (AS), representing the core of the network. The CPE1 and CPE2 are in customer AS, peering with the PEs (PE1 and PE2 respectively) as eBGP neighbors. A statically-configured loopback address on CPE and PE, is used for BGP peering. There are networks behind the CPE, and the CPE advertises respective prefixes to the PE routers through eBGP.

PE1 and PE2 that are configured as BNG, provide reachability to the same CPE. Along with site bring-up, CPE1 and CPE2 tries to establish subscriber sessions with PE1 and PE2 respectively. These can be PPPoE PTA sessions. As part of authentication, BNG receives RADIUS attributes (through an Access-accept message) and brings-up subscribers on the respective customer VRF. The Access-accept message also contains a Framed-Route attribute that sets up a route to the CPE loopback through the subscriber interface.

When the subscriber session is up, the BGP on the CPE and the PE discover each other as neighbors and start exchanging prefixes. Based on the BGP configuration on the BNG, a label is allocated for each prefix that is advertised by the CPE. As CPE1 and CPE2 are advertising routes for the same network (For example, 10.0.0.0/24), both PE1 and PE2 allocate a label for the same prefix and distribute it to each other, and to PE3. All PEs have eiBGP multi-path enabled through the configuration, and they keep multiple paths active in the FIB chain. For example, PE3 can reach 10.0.0.0/24 through PE1 or PE2. Similarly, PE1 can reach the network through CPE1 or through PE2-CPE1. The traffic is equally distributed across all available paths. The PE1 and PE2 must be configured such that when the same prefix is advertised, a loop does not occur due to multiple path creation. In that case, only PE1 accepts the route, and PE2 must be configured to reject multiple paths.

Configuration and Verification of eBGP over PPPoE

Configuration Commands

These are some of the common BGP and MPLS commands used to configure eBGP over PPPoE:

Table 2. Configuration Commands for eBGP over PPPoE
Command Purpose
maximum-paths eibgp num_path

Configures the maximum number of eibgp multi-paths allowed under a VRF.

maximum-paths ibgp num_path

Configures the maximum number of ibgp paths allowed under a VRF.

ebgp-multihop num_hop

Sets the number of hops by which the ebgp neighbor is from the PE.

label mode per-prefix

Sets the label mode as per-prefix, for prefixes learnt over eBGP.

cef load-balancing

Configures the load-balancing functionality at each node.

For details on BGP configurations, see Implementing BGP chapter in Routing Configuration Guide for Cisco ASR 9000 Series Routers. For complete command reference of BGP Commands, see Border Gateway Protocol Commands chapter in Routing Command Reference for Cisco ASR 9000 Series Routers.

For details on MPLS configurations, see Implementing MPLS Label Distribution Protocol chapter in MPLS Configuration Guide for Cisco ASR 9000 Series Routers. For complete command reference of MPLS Commands, see MPLS Command Reference for Cisco ASR 9000 Series Routers.

Troubleshooting Steps for eBGP over PPPoE

As part of troubleshooting eBGP over PPPoE, verify these:

  • Ensure that the maximum-paths eibgp command is configured for eiBGP multi-path.

  • If iBGP multi-path is failing, verify the metric or cost. If they are unequal, configure the maximum-paths ibgp num_path unequal-cost command for iBGP.

  • If traffic is not flowing on all paths, verify cef load-balancing . It must have at least L3 hash, and traffic must be sent with different source and destination IP addresses.

  • If multi-path is not working, perform these:

    • Verify whether both Routing Information Base (RIB) and Cisco Express Forwarding (CEF) have two paths.

    • Verify BGP neighbors, whether routers do get exchanged.

    • Verify whether eBGP neighbor is reachable through static route, and ensure that ebgp multi-hop is configured in BGP configuration.

Verification Commands for eBGP over PPPoE

These show commands are used to verify the eBGP over PPPoE configurations:

Table 3. Verification Commands for eBGP over PPPoE
Command Purpose
show route vrf vrf_name network_IP detail

Displays the current contents of the RIB. This can be used to verify whether both RIB and CEF have two paths, when multi-path is not working.

show cef vrf vrf_name detail

Displays the CEF-related information for a VRF.

show bgp vpnv4 unicast network_IP

Displays entries related to VPNv4 unicast address families in BGP routing table.

show bgp vpnv4 unicast neighbors

Displays detailed information on TCP and BGP neighbor connections.

show bgp neighbors

Displays information about BGP neighbors, including configuration inherited from neighbor groups, session groups, and address family groups.

Sample Configurations for eBGP over PPPoE

This section provides some sample configurations for eBGP over PPPoE:

  • PE1 Configuration 

    
//VRF Configuration

vrf CPE_1_VRF_1
address-family ipv4 unicast
  import route-target
   200:1
   200:3
   200:4
  !
  export route-target
   200:1
  !
!
!

vrf CPE_4_VRF_1
address-family ipv4 unicast
  import route-target
   200:1
   200:3
   200:4
  !
  export route-target
   200:4
  !
!
!

//BGP Configuration

route-policy EBGP_ROUTE_POLICY
pass
end-policy

router bgp 200
 address-family ipv4 unicast
 !
 address-family vpnv4 unicast
 !
 neighbor 65.0.0.2 --->PE2
  remote-as 200
  update-source Loopback0
  address-family vpnv4 unicast
  !
 !
 neighbor 65.0.0.3 --->PE3
  remote-as 200
  update-source Loopback0
  address-family vpnv4 unicast
  !
 !

//maximum-paths and per-prefix label mode configurations

vrf CPE_1_VRF_1
  rd 65001:1
  address-family ipv4 unicast
   maximum-paths eibgp 8 
   label mode per-prefix 
  !
  neighbor 101.0.0.1 --->CPE1
   remote-as 65535
   ebgp-multihop 5
   update-source Loopback1
   address-family ipv4 unicast
    route-policy EBGP_ROUTE_POLICY in
    route-policy EBGP_ROUTE_POLICY out
   !
  !
 !

vrf CPE_4_VRF_1
  rd 65004:1
  address-family ipv4 unicast
   maximum-paths eibgp 8
   label mode per-prefix
  !
  neighbor 104.0.0.1 --->CPE4
   remote-as 65533 
   update-source Loopback5001
   address-family ipv4 unicast
    route-policy EBGP_ROUTE_POLICY in
    route-policy EBGP_ROUTE_POLICY out
   !
  !
 !

//RADIUS Configuration

DEFAULT Cleartext-Password :=cisco, Nas-Port-Id == "0/0/50/2"
        Framed-Protocol = PPP,
        Framed-IP-Address = 11.11.0.1,
        Framed-Route = "101.0.0.1 255.255.255.255 0.0.0.0 6 tag 7",
        Service-Type = Framed-User,
        Cisco-Avpair += "ipv4:ipv4-unnumbered=Loopback1",
        Cisco-avpair += "subscriber:vrf-id=CPE_1_VRF_1",

//MPLS Configuration

mpls ldp
router-id 65.0.0.1 --->Local IP
interface GigabitEthernet0/0/1/9
!
interface GigabitEthernet0/0/0/19
!
!
cef load-balancing --->For load-balancing
fields l3 global
!

router ospf MPLS_CORE
area 200
interface Loopback0
!
interface GigabitEthernet0/0/0/19
!
interface GigabitEthernet0/0/1/9
!
!
!

//BNG - PPPoE Configuration

pppoe bba-group PPPoE-BBA-GRP1
service selection disable
!
class-map type control subscriber match-all PPPOE_CLASS
match protocol ppp
end-class-map
!
!
policy-map type control subscriber PPPOE_POLICY
event session-start match-first
class type control subscriber PPPOE_CLASS do-all
1 activate dynamic-template PPPOE_TEMPLATE
!
! 
event session-activate match-first
class type control subscriber PPPOE_CLASS do-until-failure
1 authenticate aaa list default
!
!
end-policy-map
!
end	
dynamic-template
type ppp PPPOE_TEMPLATE
ppp chap hostname ASR9k_BNG_PE1
ppp authentication chap pap
keepalive 60
!
!
interface Bundle-Ether50
bundle maximum-active links 1
!
interface Bundle-Ether50.1
vrf CPE_1_VRF_1
service-policy type control subscriber PPPOE_POLICY
pppoe enable bba-group PPPoE-BBA-GRP1
encapsulation dot1q 2
!

  • PE2 Configuration 

    
//VRF Configuration

vrf CPE_1_VRF_1
 address-family ipv4 unicast
  import route-target
   200:1
   200:3
   200:4
  !
  export route-target
   200:1
  !
 !
!

//BGP Configuration

router bgp 200
 address-family ipv4 unicast
  redistribute connected
 !
 address-family vpnv4 unicast
 !
 neighbor 65.0.0.1
  remote-as 200
  update-source Loopback0
  address-family vpnv4 unicast
  !
 !
 neighbor 65.0.0.3
  remote-as 200
  update-source Loopback0
  address-family vpnv4 unicast
  !
 !

//label-mode configuration

vrf CPE_1_VRF_1
  rd 65002:1
  address-family ipv4 unicast
   label mode per-prefix
   redistribute connected
  !
  neighbor 101.0.0.1
   remote-as 65535
   ebgp-multihop 5
   update-source Loopback1
   address-family ipv4 unicast
    route-policy EBGP_ROUTE_POLICY in
    route-policy EBGP_ROUTE_POLICY out
   !
  neighbor 102.0.0.1
   remote-as 65535
   ebgp-multihop 5
   update-source Loopback1
   address-family ipv4 unicast
    route-policy EBGP_ROUTE_POLICY in
    route-policy EBGP_ROUTE_POLICY out
   !
  !
 !

//MPLS Configuration
mpls ldp
 log
  neighbor
 !
 router-id 65.0.0.2 --->local
 interface GigabitEthernet0/2/1/1 --->connected to PE3
 !
  interface GigabitEthernet0/2/1/19 --->connected to PE1

 !
!
cef load-balancing
 fields l3 global
!

router ospf CORE
 area 200
  interface Loopback0
  !
  interface GigabitEthernet0/2/1/1
  !
  interface GigabitEthernet0/2/1/19
  !
 !
!

//BNG - PPPoE Configuration

interface Bundle-Ether60
!
interface Bundle-Ether60.1
 vrf CPE_1_VRF_1
 service-policy type control subscriber PPPOE_POLICY
 pppoe enable bba-group PPPoE-BBA-GRP1
 encapsulation dot1q 2
!
pppoe bba-group PPPoE-BBA-GRP1
 service selection disable
! 
class-map type control subscriber match-all PPPOE_CLASS
 match protocol ppp 
 end-class-map
! 
! 

policy-map type control subscriber PPPOE_POLICY
 event session-start match-first
  class type control subscriber PPPOE_CLASS do-all
   1 activate dynamic-template PPPOE_TEMPLATE
  !
 !
 event session-activate match-first
  class type control subscriber PPPOE_CLASS do-until-failure
   1 authenticate aaa list default
  !
 !
 end-policy-map
!

  • PE3 Configuration 

    
//VRF Configuration

vrf CPE_3_VRF_1
 address-family ipv4 unicast
  import route-target
   200:1
   200:2
   200:4
  !
  export route-target
   200:4
  !
 !
!

//BGP Configuration

router bgp 200
 address-family ipv4 unicast
 ! 
 address-family vpnv4 unicast
 ! 
 neighbor 65.0.0.1
  remote-as 200
  update-source Loopback0
  address-family vpnv4 unicast
  !
 !
 neighbor 65.0.0.2
  remote-as 200 
  update-source Loopback0
  address-family vpnv4 unicast
  !
 !

//maximum-paths and label-mode configuration

 vrf CPE_3_VRF_1
  rd 65003:1
  address-family ipv4 unicast
   label mode per-prefix
   maximum-paths ibgp 8 unequal-cost
  !
  neighbor 103.0.0.1
   remote-as 102
   ebgp-multihop 5
   update-source Loopback1
   address-family ipv4 unicast
    route-policy PASS_ALL_POLICY in
    route-policy PASS_ALL_POLICY out
   !
  !
 !
!

//MPLS Configuration

mpls ldp
 router-id 65.0.0.3
 interface GigabitEthernet0/0/0/9
 !
 interface GigabitEthernet0/1/0/9
 !
!

Routed Subscriber Sessions

Routed Subscriber Deployment Topology and Use Cases

This figure depicts a sample deployment topology for routed subscriber sessions:

Figure 16. Sample Deployment Topology for Routed Subscriber Sessions


This table lists some of the use cases supported for routed subscriber sessions in BNG:

Description

Stack

Off-Box DHCP, with access and subscriber in the same VRF on BNG, and static cover route for the subscriber subnet.

IPv4 or IPv6

Off-Box DHCP, with access and subscriber in cross or different VRF on BNG, and static cover route for the subscriber subnet.

IPv4 or IPv6

Standalone DHCPv6 proxy on BNG, with access and subscriber in the default VRF, and cover route added by DHCPv6 for PD prefixes pointing to LL address of CPE.

IPv6

Standalone DHCPv6 proxy on BNG, with access in the default VRF, and subscriber in the non-default VRF; cover route added by DHCPv6 for PD prefixes pointing to LL address of CPE.

IPv6

Standalone DHCPv6 server on BNG, with access and subscriber in the default VRF; cover route added by DHCPv6 for PD prefixes pointing to LL address of CPE.

IPv6

Standalone DHCPv6 server on BNG, with access in the default VRF, and subscriber in the non-default vrf; cover route added by DHCPv6 for PD prefixes pointing to LL address of CPE.

IPv6

These use cases are not supported for routed subscriber sessions in BNG:

Description

Stack

On-Box DHCP standalone proxy or server, with access in the default VRF, and subscriber in the non-default VRF on BNG; /32 cover route added by DHCP, and the first hop router is proxy or relay.

IPv4

On-Box DHCP standalone proxy or server, with access and subscriber in the same VRF (default or non-default) on BNG.

IPv4

Off-Box DHCP, with access and subscriber in the same VRF (default or non-default);subscriber prefix-length matching with cover-route prefix-length is not supported.

IPv4 or IPv6

Sample Configurations for Routed Subscriber Session

This section provides the sample configurations for a use case scenario of packet-triggered routed subscriber session in BNG.

These are the sample configurations: 


//Interface Configuration:

interface Bundle-Ether1
 [bundle load-balancing hash src-ip] --->optional
 lacp switchover suppress-flaps 2500
 bundle wait-while 1
 dampening 4
 bundle maximum-active links 2
!
interface Bundle-Ether1.201
 ipv4 address 15.15.15.1 255.255.255.0
 ipv6 address 15:15:15::1/64
 service-policy type control subscriber PL
 encapsulation dot1q 201
 ipsubscriber ipv4 routed
  initiator unclassified-ip
 !
 ipsubscriber ipv6 routed
  initiator unclassified-ip 
 !
!

//Class-map Configuration:

class-map type control subscriber match-any ISN_CM_V6_1
 match source-address ipv6 2004:1:1::/48
 end-class-map
!
class-map type control subscriber match-any ISN_CM_V4_1
 match source-address ipv4 14.0.0.1 255.0.0.0
 end-class-map
!

//Dynamic Template Configuration:
dynamic-template
 type ipsubscriber ISN_TEMPLATE_V6_4
  ipv6 enable
 !
 type ipsubscriber ISN_TEMPLATE_V4_1
  ipv4 unnumbered Loopback1
 !
 type service httpr_service_temp_coa
  service-policy type pbr httpr-redirect-policy
 !

//Policy-map Configuration:

policy-map type control subscriber p_map_cntl_1
 event session-start match-all
  class type control subscriber ISN_CM_V6_1 do-until-failure
   1 activate dynamic-template ISN_TEMPLATE_V6_1
   2 authorize aaa list default format VID password cisco123
  !
  class type control subscriber ISN_CM_V4_1 do-until-failure
   1 activate dynamic-template ISN_TEMPLATE_V4_1
   2 authorize aaa list default format VID password cisco123
  !
 !
 event authorization-failure match-all
  class type control subscriber ISN_CM_V6_1 do-until-failure
   1 activate dynamic-template httpr_service_temp_coa
   2 set-timer T1 60
 class type control subscriber ISN_CM_V4_1 do-until-failure
   1 activate dynamic-template httpr_service_temp_coa
   2 set-timer T1 60
  !
 !

event account-logon match-all
  class type control subscriber ISN_CM_V6_1 do-until-failure
   1 authenticate aaa list default
   2 stop-timer T1
   3 deactivate dynamic-template httpr_service_temp_coa
  !
  class type control subscriber ISN_CM_V4_1 do-until-failure
   1 authenticate aaa list default
   2 stop-timer T1
   3 deactivate dynamic-template httpr_service_temp_coa
  !
 event account-logoff match-all
  class type control subscriber ISN_CM_V6_1 do-until-failure
   1 disconnect
  !
  class type control subscriber ISN_CM_V4_1 do-until-failure
   1 disconnect
  !
 !

event timer-expiry match-all
  class type control subscriber ISN_CM_V6_1 do-until-failure
   11 disconnect
  !
  class type control subscriber ISN_CM_V4_1 do-until-failure
   11 disconnect
   !
 end-policy-map
!

lpts punt police location 0/0/CPU0
 protocol unclassified rate 75
!
lpts punt police location 0/1/CPU0
 protocol unclassified rate 75
!

//Static Route Configuration:

router static
 address-family ipv4 unicast
  8.0.0.0/8 8.44.0.1
13.0.0.0/8 13.0.0.2
14.0.0.0/16 12.0.0.2 ---> summary route to subscriber network

dhcp ipv6
 profile pf1 server
  lease 0 0 10
  prefix-pool p1
 !
 profile pf3 proxy
  helper-address vrf red 2003::2
 !
 interface Bundle-Ether1.1 server profile pf1
 interface Bundle-Ether2.1 proxy profile pf3
!
pool vrf default ipv6 p1
 prefix-length 56
 prefix-range 2004:1:1:100:: 2004:1:1:100::
!

//RADIUS Configuration:

radius-server host 8.45.12.251 auth-port 1812 acct-port 1813
 key 7 094F471A1A0A
!
aaa server radius dynamic-author
 port 1700
 client 8.45.12.251 vrf default
  server-key 7 02050B5A
 !
!
radius-server source-port extended
aaa accounting network default start-stop group radius
aaa accounting service default group radius
aaa accounting subscriber default group radius
aaa authorization subscriber default group radius
!

Verification of Routed Subscriber Session Configurations

These show commands can be used to verify the routed subscriber session configurations in BNG.

SUMMARY STEPS

  1. show ipsubscriber access-interface
  2. show ipsubscriber summary
  3. show ipsubscriber interface brief
  4. show ipsubscriber interface
  5. show ipsubscriber interface
  6. show subscriber session all summary
  7. show subscriber session filter
  8. show subscriber session filter

DETAILED STEPS

Step 1

show ipsubscriber access-interface

Displays the access-interface information for IP subscriber.

Example:


RP/0/RSP0/CPU0:router#
show ipsubscriber access-interface bundle-Ether 1.201

---
---
Mon Sep  1 18:05:15.899 UTC
Interface: Bundle-Ether1.201
  State: UP
  Type: Plain
  Interface Type: Routed
  Created Sep  1 17:54:17 (age 00:10:58)
  Initiator DHCP disabled
    Session count 0
    FSOL packets 0
    FSOL dropped packets 0
    FSOL flow rate dropped packets 0
    FSOL session limit dropped packets 0
  Initiator Packet-Trigger enabled
    Session count 1
    FSOL packets 3, bytes 300
    FSOL dropped packets 2, bytes 200
    FSOL flow rate dropped packets 0
    FSOL session limit dropped packets 0
  Initiator DHCPv6 disabled
    Session count 0
    FSOL packets 0
    FSOL dropped packets 0
    FSOL flow rate dropped packets 0
    FSOL session limit dropped packets 0
  Initiator Packet-Trigger-IPv6 enabled
    Session count 1
    FSOL packets 1, bytes 100
    FSOL dropped packets 0, bytes 0
    FSOL flow rate dropped packets 0
    FSOL session limit dropped packets 0
  Session limits per-vlan
    All sources 0
    Unclassified-source 0

Step 2

show ipsubscriber summary

Displays the summary information for IP subscriber interfaces.

Example:


RP/0/RSP0/CPU0:router#
show ipsubscriber summary

Mon Sep  1 18:05:48.610 UTC
IPSUB Summary for all nodes

Interface Counts:
                                    DHCP  Pkt Trigger
                              ---------- ------------
                     Invalid:          0            0
                 Initialized:          0            0
    Session creation started:          0            0
    Control-policy executing:          0            0
     Control-policy executed:          0            0
    Session features applied:          0            0
              VRF configured:          0            0
            Adding adjacency:          0            0
             Adjacency added:          0            0
                          Up:          0            1
                        Down:          0            0
                     Down AF:          0            0
            Down AF Complete:          0            0
               Disconnecting:          0            0
                Disconnected:          0            0
                       Error:          0            0
                              ---------- ------------
                       Total:          0            1

                                  DHCPv6 PktTrig-IPv6
                              ---------- ------------
                     Invalid:          0            0
                 Initialized:          0            0
    Session creation started:          0            0
    Control-policy executing:          0            0
     Control-policy executed:          0            0
    Session features applied:          0            0
              VRF configured:          0            0
            Adding adjacency:          0            0
             Adjacency added:          0            0
                          Up:          0            1
                        Down:          0            0
                     Down AF:          0            0
            Down AF Complete:          0            0
               Disconnecting:          0            0
                Disconnected:          0            0
                       Error:          0            0
                              ---------- ------------
                       Total:          0            1

Routes Per VRF (1 VRFs) [Packet-Trigger]:
                              IPv4 Count IPv6 Count
                              ---------- ----------
                     default:          1          1

Access Interface Counts (1 interfaces):

                                    DHCP  Pkt Trigger
                              ---------- ------------
                FSOL Packets:          0            3
                  FSOL Bytes:          0          300

                                  DHCPv6 PktTrig-IPv6
                              ---------- ------------
                FSOL Packets:          0            1
                  FSOL Bytes:          0          100

Step 3

show ipsubscriber interface brief

Displays the brief summary of IP Subscriber access-interface status and configuration.

Example:


RP/0/RSP0/CPU0:router#
show ipsubscriber interface brief

Mon Sep  1 18:06:33.713 UTC
Codes: INV - Invalid, INIT - Initialized, STRTD - Session Creation Started, 
       CPEXCTG - Control-Policy Executing, CPEXCTD - Control-Policy Executed, 
       FTAPPLD - Session Features Applied, VRFCFGD - VRF Configured, 
       ADJADDG - Adding Adjacency, ADJADDD - Adjacency Added, UP - Up, 
       DOWN - Down, DISCG - Disconnecting, DISCD - Disconnected, ERR - Error, 
       UNKWN - Unknown State, PKT - Packet Trigger Initiation, 
       PKTv6 - Packet Trigger Initiation for IPv6,
       DHCP - DHCP Initiation, DHCPv6 - DHCPv6 Initiation

Interface              Proto  Subscriber IP      MAC Address        Sublabel   VRF        State     
---------------------- ------ ------------------ ------------------ ---------- ---------- ----------
BE1.201.ip1            PKT    1.10.10.1          0000.0000.0003     0x41       default    UP        
BE1.201.ip2            PKTv6                     0001.0001.0000     0xc3       default    UP

Step 4

show ipsubscriber interface

Displays the interface information for the IP subscriber interfaces.

Example:


RP/0/RSP0/CPU0:router#
show ipsubscriber interface Bundle-Ether 1.201.ip1

Mon Sep  1 18:06:54.213 UTC
Interface: Bundle-Ether1.201.ip1
  Type: Routed
  Access Interface: Bundle-Ether1.201
  Subscriber IPv4: 1.10.10.1
  Subscriber Label: 0x41
  IPv4 Initiator: Packet-Trigger
  VLAN ID: 201
  Created: Sep  1 17:58:24 (age 00:08:30)
  VRF: default, IPv4 Table: default
  IPv4 State: Up (old: Adjacency added)
       Last state change: Sep  1 17:58:25 (00:08:29 in current state)

Step 5

show ipsubscriber interface

Displays the interface information for the IP subscriber interfaces.

Example:


RP/0/RSP0/CPU0:router#
show ipsubscriber interface Bundle-Ether 1.201.ip2

Mon Sep  1 18:06:57.846 UTC
Interface: Bundle-Ether1.201.ip2
  Type: Routed
  Access Interface: Bundle-Ether1.201
  Subscriber IPv6: 2001:0:1:1::1
  Subscriber IPv6 Prefix: 2001:0:1:1::/64
  Subscriber Label: 0xc3
  IPv6 Initiator: Packet-Trigger-IPv6
  VLAN ID: 201
  Created: Sep  1 17:58:59 (age 00:07:58)
  VRF: default, IPv6 Table: default
  IPv6 State: Up (old: Adjacency added)
       Last state change: Sep  1 17:59:00 (00:07:57 in current state)

Step 6

show subscriber session all summary

Displays the session summary information for all nodes.

Example:


RP/0/RSP0/CPU0:router#
show subscriber session all summary

Mon Sep  1 18:07:29.791 UTC

Session Summary Information for all nodes 

                Type            PPPoE           IPSub           IPSub
                                                (DHCP)          (PKT)
                ====            =====           ======          =====

Session Counts by State:
        initializing            0               0               0
          connecting            0               0               0
           connected            0               0               0
           activated            0               0               2
                idle            0               0               0
       disconnecting            0               0               0
                 end            0               0               0
              Total:            0               0               2


Session Counts by Address-Family/LAC:
         in progress            0               0               0
           ipv4-only            0               0               1
           ipv6-only            0               0               1
     dual-partial-up            0               0               0
             dual-up            0               0               0
                 lac            0               0               0
              Total:            0               0               2

Step 7

show subscriber session filter

Displays the subscriber management session information based on the filter criteria.

Example:


RP/0/RSP0/CPU0:router#
show subscriber session filter interface bundle-ether 1.201.ip1 detail


Mon Sep  1 18:09:51.381 UTC
Interface:                Bundle-Ether1.201.ip1
Circuit ID:               Unknown
Remote ID:                Unknown
Type:                     IP: Packet-trigger
IPv4 State:               Up, Mon Sep  1 17:58:25 2014
IPv4 Address:             1.10.10.1, VRF: default
Mac Address:              Unknown
Account-Session Id:       0001137f
Nas-Port:                 Unknown
User name:                unknown
Outer VLAN ID:            201
Subscriber Label:         0x00000041
Created:                  Mon Sep  1 17:58:24 2014
State:                    Activated
Authentication:           unauthenticated
Authorization:            unauthorized
Access-interface:         Bundle-Ether1.201
Policy Executed: 
policy-map type control subscriber PL
  event Session-Start match-first [at Mon Sep  1 17:58:24 2014]
    class type control subscriber class-default do-all [Succeeded]
      10 activate dynamic-template ptrigger [Succeeded]
Session Accounting: disabled
Last COA request received: unavailable

Step 8

show subscriber session filter

Displays the subscriber management session information based on the filter criteria.

Example:


RP/0/RSP0/CPU0:router#
show subscriber session filter interface bundle-ether 1.201.ip2 detail


Mon Sep  1 18:10:45.883 UTC
Interface:                Bundle-Ether1.201.ip2
Circuit ID:               Unknown
Remote ID:                Unknown
Type:                     IP: Packet-trigger
IPv6 State:               Up, Mon Sep  1 17:59:00 2014
IPv6 Address:             2001:0:1:1::1, VRF: default
IPv6 Interface ID:        ........ (00 00 00 00 00 00 00 01)
Mac Address:              Unknown
Account-Session Id:       00011380
Nas-Port:                 Unknown
User name:                unknown
Outer VLAN ID:            201
Subscriber Label:         0x000000c3
Created:                  Mon Sep  1 17:58:59 2014
State:                    Activated
Authentication:           unauthenticated
Authorization:            unauthorized
Access-interface:         Bundle-Ether1.201
Policy Executed: 
policy-map type control subscriber PL
  event Session-Start match-first [at Mon Sep  1 17:58:59 2014]
    class type control subscriber class-default do-all [Succeeded]
      10 activate dynamic-template ptrigger [Succeeded]
Session Accounting: disabled
Last COA request received: unavailable