b-ras module 4
TRANSCRIPT
Copyright © 2007, Juniper Networks, Inc.
E-series B-RAS Configuration Basics
Module 4: PPP over Ethernet
.
E-series B-RAS Configuration
Module 4: PPP over Ethernet 4-2
Copyright© 2007, Juniper Networks, Inc.
Module Objectives
After successfully completing this module, you will be ableto:
– List the benefits of using PPP over Ethernet– Describe the two stages of PPP over Ethernet– Describe the basic life of a packet for PPP over Ethernet– Configure the E-series router for PPP over Ethernet– Verify PPP-over-Ethernet operation using show commands and
logging
This Chapter Discusses:• The benefits of using PPP over Ethernet;
• The life of a packet for PPP over Ethernet;• Comparing and contrasting ATM access networks and Ethernet access networks;
• Configuring the E-series router for PPP over Ethernet; and
• Verifying PPP-over-Ethernet operation using show commands and logging.
E-series B-RAS Configuration
Module 4: PPP over Ethernet 4-3
Copyright© 2007, Juniper Networks, Inc.
Agenda: PPP over Ethernet Overview of PPP over Ethernet
PPP-over-Ethernet in Ethernet Access Network
PPP-over-Ethernet Configuration and Troubleshooting
Overview of PPP over EthernetThe slide lists the topics we discuss in this chapter. We discuss the highlighted topic first.
E-series B-RAS Configuration
Module 4: PPP over Ethernet 4-4
Copyright© 2007, Juniper Networks, Inc.
Narrowband Remote Access
Traditional remote access:– Relatively slow access rates using dedicated POTS line– Point-to-point session between the PC and the RAS– RAS terminated the PPP session– Packets sent to appropriate routers
Modem
Modem
RAS
Routers
ISP1
ISP2
PPP Session
RADIUS
RADIUS
Narrowband Remote AccessRecall that with narrowband remote access, a single remote user had a single phone line to establish a point-to-point connection with a remote access server (RAS). A strict peer-to-peer—or one-to-one—relationship wasestablished.
When a PC initiated a PPP session, the PC sent out PPP Link Control Protocol (LCP) packets across the link.Only one other device was on this dedicated, point-to-point connection: the RAS. Consequently, the only devicecapable of receiving these packets, and thus responding to these packets, was the RAS. Establishing aconnection, authenticating the connection, and managing the connection was a fairly straightforward process,given this point-to-point scenario.
E-series B-RAS Configuration
Module 4: PPP over Ethernet 4-5
Copyright© 2007, Juniper Networks, Inc.
Multiple Clients per Logical Interface
PPP over Ethernet:– High-speed access using shared POTS line– Multiple users per DSL modem– Multiple PPP sessions per logical interface
Connection methods:– ATM PVC or VLAN per CPE– Multiple PPP sessions per PVC
DSLModem
DSLModem
DSLAMATM
Switch
ATM
ISP1
ISP2
DSLAM
PPP Session
PPP Session
PPP over EthernetIn this second PPP B-RAS environment, we address a small office or home with multiple PCs on an Ethernetnetwork, which is connected to the DSL modem.
Unlike the traditional RAS environment, or even the PPP-over-ATM environment, no dedicated, point-to-pointconnection exists in a PPP-over-Ethernet (PPPoE) environment. In the old days, if a PC transmitted an LCPrequest, only one other device on the network could possibly receive it—the RAS. Now, using a shared LAN, thePC has no way of knowing where the RAS server is. In addition, the PC must know the specific MAC address ofthe RAS server because it sits on a LAN. It can no longer indiscriminately transmit PPP LCP requests. BeforePPP negotiations can occur, the PC must determine where the B-RAS server is, what its MAC address is, and itmust establish a session with it. Only then can the PC initiate a PPP session. Additionally, we need a means tosupport multiple PPP sessions across the same shared media. The solution to this problem is PPP over Ethernet.Initially, most PPPoE installations used DSL as the connection method and, consequently, most DSLAMs wereATM based. In this environment, the E-series router supports multiple clients on a single ATM subinterface. Inother words, a one-to-many relationship is formed—one PVC, many clients. To support this configuration, eachDSL modem or group of users uses a single ATM PVC. We then configure PPPoE to support multiple usersacross this PVC. Finally, we configure a PPP interface per user.
More networks are transitioning from ATM to Ethernet. We discuss this topic later in the chapter.
E-series B-RAS Configuration
Module 4: PPP over Ethernet 4-6
Copyright© 2007, Juniper Networks, Inc.
PPPoE―RFC 2516
RFC 2516:– General frame format– PC requirements– Two stages of PPPoE:
Discovery stage
PPP session stage
ISP2
ISP1
ISP2
MAC=X
MAC=A
EtherType=0x8864DA MAC=XSA MAC=A
Physical
PPPoE HeaderSessionID=0x123
PPP Header
DA IP=2.2.2.2SA IP=1.1.1.2
RFC 2516When the user PC transmits IP data, the PC creates an IP datagram, encapsulates the IP datagram in PPP andPPPoE, and finally inserts this data into an Ethernet frame addressed to the E-series router—hence, the namePPP over Ethernet.
To transmit data using PPPoE, the user's PC requires special PPPoE software that installs a shim between theexisting dial-up networking PPP stack and the Ethernet driver, which enables PPP sessions to be carried directlyin standard Ethernet frames. Although the PC uses PPPoE, the actual user experience mirrors dial-upnetworking—a familiar experience to most current remote access users.Because the PPP frames are encapsulated in Ethernet frames, multiple users can share the same DSL line.
PPPoE has two distinct stages:
• Discovery stage: When a PC initiates a PPPoE session, it performs the discovery stage to determinewhich B-RAS to use, the Ethernet MAC address of the B-RAS, and a unique session ID. This discoverystage is a client-server relationship, where the PC is the client and the E-series router is the PPPoEserver.
PPP session stage: Once the PC determines which B-RAS to use, the B-RAS MAC address, and the session ID,the connection transitions into a peer-to-peer relationship and initiates a standard PPP session using LCP.
E-series B-RAS Configuration
Module 4: PPP over Ethernet 4-7
Copyright© 2007, Juniper Networks, Inc.
PPPoE Discovery Stage
ISP2
ISP1
ISP2
MAC=A
DA=FFSA=A
Type=Disc
PPPoEServices
PPPoE ActiveDiscovery Initiation
PADI
MAC=X
PPPoE ActiveDiscovery Offer
PADO
DA=ASA=X
Type=DiscPPPoE
SessionID=0000
PPPoE ActiveDiscovery Request
PADR
DA=XSA=A
Type=DiscPPPoE
SessionID=0000
PPPoE ActiveDiscovery Session
ConfirmationPADS
DA=ASA=X
Type=DiscPPPoE
SessionID=1234
PPPE Discovery StageFour steps exist in the discovery stage. When this stage completes, both peers know the PPPoE session ID andthe peer's MAC address. Collectively, these attributes uniquely define the PPPoE session. The following listoutlines the four steps:
• Initially, the PC broadcasts a PPPoE active discovery initiation (PADI), searching for all B-RAS serversthat can provide the services the PC requests using the service-name tag. In our network, only the E-series router processes the PADI.
• If the B-RAS can service the request, it responds to the discovery packet with a unicast PPPoE activediscovery offer (PADO) where the session ID is all zeros. If the B-RAS cannot provide the requestedservice, it does not respond with a PADO.
• If multiple B-RAS receive the PADI, the PC might receive multiple PADOs. In this case, the PC mustchoose one. In the diagram on the slide, the PC receives just one PADO from the B-RAS. The PCresponds with a unicast PPPoE active discovery request (PADR) to the server it chooses to use. ThePC now knows the MAC address of the B-RAS and needs the unique session ID.
• Finally, the B-RAS responds with a PPPoE active discovery session-confirmation (PADS). This packetcontains the unique session ID or the PPPoE session.
At any time, either the client or the server can send a PPPoE active discovery terminate (PADT) packet to indicatethat a PPPoE session is terminated. The Ethertype field for the discovery stage is 0x8863.
E-series B-RAS Configuration
Module 4: PPP over Ethernet 4-8
Copyright© 2007, Juniper Networks, Inc.
ISP2
ISP1
ISP2
MAC=X
MAC=A
PPP LCP
DA=XSA=A
Type=PPPPPPoE
SessionID=1234 PPP LCP
DA=ASA=X
Type=PPPPPPoE
SessionID=1234
PPPoE PPP Session Stage
PPP data is sent like any other PPP session
PPPoE PPP Session StageOnce the PPPoE session is established, the PPP session stage begins. The PPP session stage is just like anyother standard PPP session, starting with LCP negotiations and IP NCP negotiations. All Ethernet frames areunicast between the PC and the E-series router. The Ethertype field for PPP sessions is 0x8864.
E-series B-RAS Configuration
Module 4: PPP over Ethernet 4-9
Copyright© 2007, Juniper Networks, Inc.
PPP over Ethernet―Life of a Packet
DSLBridge
IP=1.1.1.2
MAC=A
MAC=BVPI/VCI 0/33 MAC=C
MAC=D
IP=2.2.2.2
MAC=FMAC=E
DA IP=2.2.2.2SA IP=1.1.1.2
EtherType=0x0800DA MAC=DSA MAC=C
Physical
DA IP=2.2.2.2SA IP=1.1.1.2
EtherType=0x0800DA MAC=FSA MAC=E
Physical
IP/PPP/PPPoE Connection Terminatedon the E-series Router
EtherType=0x8864DA MAC=BSA MAC=A
Layer 1
Layer 2
Layer 3
Physical
PPPoE HeaderSessionID=0x123
PPP Header
DA IP=2.2.2.2SA IP=1.1.1.2
RFC 2684PID=0x000-07
OUI=0x00-80-C2LLC=0xAA-AA-03
ATM VPI/VCI=0/33
Physical
PPPoE HeaderSessionID=0x123
PPP Header
DA IP=2.2.2.2SA IP=1.1.1.2
EtherType=0x8864DA MAC=BSA MAC=A
Life of a PacketIn the PPP-over-Ethernet environment using ATM as the Layer 2 connection method, a DSL-capable bridge ormodem is installed at the customer's location. The bridge is connected over a phone line to a DSLAM, which is inturn connected using ATM to the E-series router. An ATM PVC is provisioned from the E-series router to thecustomer's CPE device. Each PC has PPP-over-Ethernet client software installed. If a user at the customer'slocation wants access to the Internet, the basic packet flow is as follows:
• The user's PC generates an IP packet that is encapsulated in a PPP frame. A PPPoE header is addedto this frame, which is then encapsulated in an Ethernet frame addressed to the E-series router. TheEthernet type field indicates that the upper-layer protocol is PPPoE.
• The DSL bridge receives the Ethernet frame and encapsulates the entire frame into an ATM cell. AnRFC 2684 header is added at the beginning of the cell, indicating that the cell contains a bridgedEthernet frame.
• The cell(s) are then transmitted across PVC to the E-series router.
• The E-series router receives the cell, strips off the bridged Ethernet header, strips off the Ethernetframe, and verifies that the type field is PPP over Ethernet. If the type field is not PPP over Ethernet, theE-series router discards the frame. If it is PPP over Ethernet, the router strips the PPP frame and looksat the destination IP address, and determines the next-hop interface.
• The router encapsulates the IP datagram in the appropriate Layer 2 frame and transmits the data ontothe Internet.
E-series B-RAS Configuration
Module 4: PPP over Ethernet 4-10
Copyright© 2007, Juniper Networks, Inc.
PPPoE over ATM Interface Columns
OCxc/STMx
ATMMajor Interface
PPP Interface1 per User
IP Interface
PPPoE Subinterface1 per User
ATM PVCATM Subinterface
1 per Modem
PPPoEMajor Interface1 per Modem
PPP Interface1 per User
IP Interface
PPPoE Subinterface1 per User
PPP Interface1 per User
IP Interface
PPPoE Subinterface1 per User
PPP Interface1 per User
IP Interface
PPPoE Subinterface1 per User
ATM PVCATM Subinterface
1 per Modem
PPPoEMajor Interface1 per Modem
[email protected] [email protected]@isp1.com [email protected]
PPPoE over ATM Interface ColumnsIn a PPP-over-Ethernet environment, each modem can support multiple users or IP interfaces using multiple PPPinterfaces. Therefore, for each modem, you must configure an ATM subinterface and ATM PVC. Then a newPPPoE major interface is created. Finally, for each user, a new PPPoE subinterface is created. Each PPPoEsubinterface supports a PPP interface and an IP interface.
Remember that IP interfaces can be created statically or dynamically. In this example, we statically defined theATM subinterfaces, the ATM PVCs, the PPPoE major interfaces, the PPPoE subinterfaces, and the PPPinterfaces. Each IP interface is dynamically created using information from RADIUS or a profile definition.
E-series B-RAS Configuration
Module 4: PPP over Ethernet 4-11
Copyright© 2007, Juniper Networks, Inc.
Overview of PPP over Ethernet
PPP-over-Ethernet in Ethernet Access Network
PPP-over-Ethernet Configuration and Troubleshooting
Agenda: PPP over Ethernet
PPP over Ethernet in Ethernet Access NetworksThe slide highlights the topic we discuss next.
E-series B-RAS Configuration
Module 4: PPP over Ethernet 4-12
Copyright© 2007, Juniper Networks, Inc.
Ethernet-Based Access Networks
DSLAM
Ethernet-Based access networks :– Broadcast TV, VoD, VoIP, and gaming require higher bit rates
and advanced QoS– Reduce the distance between the CPE and access node– Backhauled to Ethernet interface on E-series router– E-series router co-located with OLT in fiber networks
Ethernet-Based Access NetworksEarly DSL deployments provided a higher-speed, best-effort delivery service primarily for data traffic. Most initialDSL networks were deployed in a pure ATM-based access network. Now more and more DSL service providersare looking to offer additional services requiring higher user bit rates, sophisticated quality of service (QoS), andscalable multicasting capabilities. These services include broadcast TV and video on demand (VoD), voice over IP(VolP), and gaming. In addition to PCs, subscribers now have IP phones and set-top boxes (STB) connected torouting gateways (RG) inside their homes. It is very difficult to deploy these types of services in a pure ATMenvironment.
Many of these services require significantly higher DSL synchronization rates than typical ADSL offers. Theeasiest way to increase synchronization rates is to shorten the distance between the access node in the provider'slocal POP—such as a DSLAM, an Ethernet switch, or an optical line terminal (OLT) in a fiber environment—andthe RG. To shorten the distance, more and more access nodes will be deployed closer and closer to the end user.Ethernet-based networks provide a simpler way to meet the needs of these higher-speed networks. Ethernet-based networks provide higher-speed connections, packet-based QoS, simpler provisioning, IP multicast support,and redundancy in an efficient manner.Several services, such as broadcast or IPTV, VoD, and gaming, use IP multicast as the delivery mechanism.Multicast is a bandwidth-conserving technology. Multicast is the delivery of information to a group of destinationssimultaneously using the most efficient strategy to deliver the messages over each link of the network only onceand only create copies when the links to the destinations split. IP's and Ethernet's inherent distribution andreplication capabilities allow for video network scaleability using multicast.
Continued on next page.
E-series B-RAS Configuration
Module 4: PPP over Ethernet 4-13
Ethernet-Based Access Networks (contd.)Gigabit Ethernet and Gigabit Passive Optical Network (GPON) are two transport technologies that are capable ofdelivering large amounts of bandwidth to a highly distributed access node network. More and more installationsuse Ethernet-based DSLAMs. There are two typical installation types. The first type implements a hybrid approachwhere the downstream connections still utilize standard ATM over ADSL running on the standard copper linkbecause those are the most widely deployed technologies today. The upstream connection is backhauled to the B-RAS using Gigabit or 10-Gigabit Ethernet. In this instance, the DSLAM provides an interworking function betweenthe ATM layer on the user side and the Ethernet layer on the network side. The second approach pushes sometype of Ethernet connection all the way to the CPE device. Ethernet in the first mile (EFM) could employ a copperconnection, such as Ethernet over VDSL, or a fiber connection such as EFM over single-mode fiber. With eitherapproach, the connections are backhauled to Gigabit or 10-Gigabit Ethernet interfaces on the E-series router.
Fiber to the home / curb (FTTH/FTTC) is also growing in popularity, making use of passive optical networks(PON). A PON consists of an OLT at the service provider's central office and a number of optical networkterminals (ONTs) near end users. A PON configuration reduces the amount of fiber and central office equipmentrequired compared with point-to-point architectures. In this environment, the E-series router has 10-Gigabit orGigabit Ethernet connection to the OLT. In this environment, typically, another aggregation device does not exist.The OLT has a point-to-multipoint, fiber to the premises network architecture in which unpowered optical splittersare used to enable a single optical fiber to serve multiple premises, typically 32.
E-series B-RAS Configuration
Module 4: PPP over Ethernet 4-14
Copyright© 2007, Juniper Networks, Inc.
VLANs
VLAN options :– Single-tagged VLANs– Double-tagged VLANs or stacked VLANs
S-VLANs– Service provider VLANs (S-VLAN) and customer VLANs (C-VLAN)– Similar to ATM VPI/VCI– Improve VLAN scaling– CPE or access node adds inner tag (C-Tag)– Access node or aggregation device adds outer tag (S-Tag)
DSLAM
CPE
VLAN Encap
ATM
VLAN 201
VLAN 200
VLAN 101
VLAN 100
CPE
S-VLAN Encap
VLAN 201
VLAN 200
VLAN 101
VLAN 100
VLAN Encap
S-VLAN 2
S-VLAN 1
VLAN OptionsIn these Ethernet-based networks, the E-series router is terminating thousands of users on some type of Ethernetinterface. Virtual local area networks (VLANs) are implemented to manage large numbers of users coming in overa single physical interface. A VLAN enables multiplexing multiple IP and PPPoE interfaces over a single physicalport using subinterfaces. VLANs are similar to ATM PVCs with a VLAN ID acting like the ATM PVC's VPI. TheIEEE 802.1Q-tagged frames provide a 12-bit VLAN identifier. Therefore, one physical interface can support up to4096 unique VLANs. Each VLAN has a single, unique VLAN ID or tag assigned to it. On the slide, the diagram onthe left uses this single tagged approach. Notice that VLAN IDs must be unique within the access network.
In some Ethernet B-RAS environments where multiple access nodes are aggregated onto a single GigabitEthernet or 10-Gigabit Ethernet connection, this VLAN limit is inadequate. A stacked VLAN (S-VLAN) or double-tagged VLAN provides a two-level VLAN tag structure, extending the VLAN ID space to more than 16 millionVLANs.S-VLANs
Stacked VLANs were developed by the IEEE as a way to segregate the customer VLAN ID space (C-VLAN) fromthe service provider VLAN space (S-VLAN) and improve scaling. It is unfortunate that the IEEE 802.1ad standarduses the term S-VLAN to mean service provider VLAN space because the E-series router uses the term S-VLANto mean any doubly tagged VLAN. Stacked VLANs require two different tags or IDs. The outer tag is called theservice provider tag (S-Tag) and the inner tag is called the customer tag (C-Tag). These two tags are similar to theATM VPI/VCI. Depending on the installation, the CPE device or access node adds the C-Tag and the access nodeor aggregation device adds the S-Tag. The E-series router performs decapsulation twice—once to get the S-Tagand once to get the C-Tag.
On the slide, the diagram on the right uses the double-tagged approach. In this environment, each access node isassigned a unique S-Tag, allowing the C-Tags to be reused.
E-series B-RAS Configuration
Module 4: PPP over Ethernet 4-15
Copyright© 2007, Juniper Networks, Inc.
VLAN Deployment Options
1:1 VLAN:– VLAN or S-VLAN per CPE– S-Tag or S-Tag/C-Tag must be unique across access network
N:1 VLAN– VLAN per type of traffic o per access node– S-Tag shared by many users– Video or multicast services
DSLAM
CPE
VLAN Encap
VLAN 201 & 300
VLAN 200 & 300
CPE
S-VLAN Encap
VLAN 101
VLAN 100
S-VLAN 1
VLAN 200 & 300
VLAN 201
VLAN 200 S-VLAN 2
VLAN 201 & 300VLAN Encap
1:1 VLANService providers might use different VLAN deployment options or models. Some providers make use of bothoptions in the same network. The first approach, 1:1 VLAN, a single VLAN or S-VLAN is assigned to a single CPEdevice. The S-Tag or S-Tag/ C-Tag must be unique across the access network. This approach closely mimics theATM VPI/VCI model. On the slide, the diagram on the left implements the 1:1 VLAN approach. Notice that eachCPE device is assigned a unique S-Tag/C-Tag within the access network.
N:1 VLANWith the N:1 VLAN approach, traffic is single-tagged with an S-Tag throughout the access network. There mightbe an S-Tag for a specific type of traffic or for each access node. With this approach, multiple users share thesame S-Tag. A video or multicast service might take advantage of this scheme. On the slide, the diagram on theright implements the N:1 VLAN approach as well as the 1:1 VLAN deployment model. Each CPE device is amember of the 300 VLAN. This VLAN is used for a video multicast service. In addition, each CPE device isassigned a unique VLAN ID for user data traffic.
E-series B-RAS Configuration
Module 4: PPP over Ethernet 4-16
Copyright© 2007, Juniper Networks, Inc.
VLAN Interface Columns
PPP
IP
PPPoE Sub
PPPoEMajor
VLAN 100VLAN Sub
PPP
IP
PPPoE Sub
PPPoEMajor
S-VLAN1 100
VLAN Sub
PPP
IP
PPPoE Sub
PPP
IP
PPPoE Sub
VLAN Major Int
GE10 GE
PPP
IP
PPPoE Sub
PPP
IP
PPPoE Sub
PPPoEMajor
VLAN 200VLAN Sub
IP
VLAN 300VLAN Sub
IP over VLAN
PPPoE over VLAN PPPoE over S-VLAN IP and PPPoE over VLAN
IP
VLAN Interface ColumnsThe E-series router supports several different VLAN configurations. First you must create the VLAN majorinterface. Next you create VLAN subinterfaces on top of the VLAN major interface. VLAN and S-VLANsubinterfaces can coexist over the same VLAN major interface.
IP over VLAN is the simplest configuration where one VLAN subinterface supports a single IP interface. ThisVLAN could be a N:1 VLAN supporting a multicast video service.In a PPPoE-over-VLAN configuration, each VLAN subinterface supports a single CPE device. This VLAN could bea 1:1 VLAN supporting a group of users at a single location. A PPPoE major interface is created for each CPE. Ontop of the PPPoE major interface, a PPPoE subinterface is created for each user. Each PPPoE subinterfacesupports a PPP interface and an IP interface. A PPPoE-over-S-VLAN configuration is very similar. In thisconfiguration, you specify the S-VLAN ID instead of a single VLAN ID.
It is also possible to configure a dual-stack VLAN interface supporting both IP over VLAN and PPPoE-over-VLANinterfaces. User data traffic might use the PPPoE encapsulation and voice or video traffic might use the IPoEencapsulation. In this environment, the router uses the Ethertype field to determine which interface column to use.
Remember that IP interfaces can be created statically or dynamically. In this example, we statically defined theVLAN or S-VLAN subinterfaces, the PPPoE major interfaces, the PPPoE subinterfaces, and the PPP interfaces.Each IP interface is dynamically created using information from RADIUS or a profile definition.
E-series B-RAS Configuration
Module 4: PPP over Ethernet 4-17
Copyright© 2007, Juniper Networks, Inc.
Overview of PPP over Ethernet
PPP-over-Ethernet in Ethernet Access Network
PPP-over-Ethernet Configuration and Troubleshooting
Agenda: PPP over Ethernet
PPP-over-Ethernet Configuration and TroubleshootingThe slide highlights the topic we discuss next.
E-series B-RAS Configuration
Module 4: PPP over Ethernet 4-18
Copyright© 2007, Juniper Networks, Inc.
Initial B-RAS Configuration
Initial configuration:– All authentication requests go to the same RADIUS server– No AAA domain map required– Virtual routers and loopback interfaces
already configurederx7(config)#radius authentication server 10.13.7.55erx7(config-radius)#key trainingerx7(config-radius)#exiterx7(config)#radius accounting server 10.13.7.55erx7(config-radius)#key trainingerx7(config-radius)#exit
Initial Configuration StepsThe slide shows the configuration steps to take when initially setting up the router in a B-RAS environment. In thisexample, all authentication requests go to the same RADIUS server. No MA domain map is required in thisenvironment. The virtual routers and their associated loopback interfaces are already configured. This RADIUSserver is using standard UDP ports (port 1812 for authentication and port 1813 for accounting), which are thedefaults on the E-series router.
E-series B-RAS Configuration
Module 4: PPP over Ethernet 4-19
Copyright© 2007, Juniper Networks, Inc.
IP Configuration
Dynamic IP interface configuration using RADIUS VSAs:– Virtual-Router-Name– Local-Interface-Name– Local-Address-Pool-Name
erx7(config)#profile generic-iperx7(config-profile)#ip sa-validateerx7(config-profile)#exit
Local address pool configuration:– Both address pools are localized to these virtual routers
erx7(config)#ip local pool isp1pool 172.16.3.2 172.16.3.254erx7(config)#ip route 172.16.3.0 255.255.255.0 null 0erx7(config)#vir VR2erx7:VR2(config)#ip local pool isp2pool 182.16.3.2 182.16.3.254erx7:VR2(config)#ip route 182.16.3.0 255.255.255.0 null0
Dynamic IP Interface ConfigurationIn this example, all IP configuration information required to build the user's IP interface, such as virtual router, localinterface reference, and local IP address pool name, is being returned by RADIUS. Therefore, the profile used tocreate the user's IP interface only contains the IP source address validation command.
Address Pool ConfigurationThe RADIUS server returns the name of an address pool configured on the router. Because both address poolranges are localized to the specific virtual router, a static route for each address range is configured pointing to thenull 0 interface. Remember that address pool names are case sensitive.
E-series B-RAS Configuration
Module 4: PPP over Ethernet 4-20
Copyright© 2007, Juniper Networks, Inc.
PPPoE-over-ATM Configuration Steps Configuration steps:
erx7(config)#int atm 6/2.12erx7(config-if)#atm pvc 12 0 112 aal5snaperx7(config-if)#encapsulation pppoeerx7(config-if)#interface atm 6/2.12.1erx7(config-if)#encapsulation ppperx7(config-if)#ppp authentication chaperx7(config-if)#profile ip generic-iperx7(config-if)#interface atm 6/2.12.2erx7(config-if)#encapsulation ppperx7(config-if)#ppp authentication chaperx7(config-if)#profile ip generic-ip
ATM PVCATM Subinterface
PPPoE Major
T3A / E3AOCxc/STM1
ATMMajor Interface
PPPoE over ATM
PPP
IP
PPPoE Sub
PPP
IP
PPPoE Sub
Configuration Steps for PPPoE over ATMTo configure PPPoE-over-Ethernet interfaces over ATM, first configure the clocking for the SONET controller.Next, create an ATM major interface, specifying the number of VCs per VP if necessary. For each group of users,create a PPPoE major interface. Next, create a PPPoE subinterface for each user, specifying PPP encapsulation.Configure any PPP parameters for the PPP interface, such as the PPP authentication method or keepalive timers.Finally, for a dynamically created IP interface, apply the appropriate profile. This configuration example uses theatm pvc command. It is also possible to use the pvc command.
E-series B-RAS Configuration
Module 4: PPP over Ethernet 4-21
Copyright© 2007, Juniper Networks, Inc.
PPPoE-over-ATM Dual-Stack Config Steps
OCx/STMx
ATM PVCATM Subint
IP and PPPoE over ATM
PPP
IP
PPPoE Sub
PPP
IP
PPPoE Sub
PPPoE MajorIP
BridgedEthernet
Configuration steps:– Single ATM subinterface with IP &– PPPoE terminated at the routererx7(config)#int atm 6/2.13erx7(config-if)#atm pvc 13 0 113 aal5snaperx7(config-if)#encapsulation bridge1483erx7(config-if)#ip unnumbered loopback1erx7(config-if)#pppoeerx7(config-if)#exiterx7(config)#interface atm 6/2.13.1erx7(config-if)#encapsulation ppperx7(config-if)#ppp authentication chaperx7(config-if)#profile ip generic-ip
Configuration Steps for Dual-Stack PPPoE over ATMYou can also configure a bifurcated interface that supports bridged Ethernet and PPPoE over the same ATM 1483subinterface. To allow this dual-stack configuration, you must specify the bridged Ethernet encapsulation beforeyou configure the PPPoE major interface. The remaining configuration steps are the same as other PPP-over-Ethernet interfaces. In this configuration, user data traffic might use the PPPoE configuration, and a set-top boxmight use the bridged Ethernet configuration.
E-series B-RAS Configuration
Module 4: PPP over Ethernet 4-22
Copyright© 2007, Juniper Networks, Inc.
Configuration steps:
erx7(config)#interface fastEthernet 3/1erx7(config-if)#encapsulation vlanerx7(config)#interface fast 3/1.100erx7(config-if)#vlan id 100erx7(config-if)#pppoeerx7(config-if)#pppoe subint fast 3/1.100.1erx7(config-if)#encapsulation ppperx7(config-if)#ppp auth chaperx7(config-if)#profile ip generic-iperx7(config-if)#pppoe subint fast 3/1.100.2erx7(config-if)#encapsulation ppperx7(config-if)#ppp auth chaperx7(config-if)#profile ip generic-ip
PPPoE over Ethernet with VLANs
PPPoEMajor
VLAN 100VLAN Sub
PPP
IP
PPPoE Sub
PPP
IP
PPPoE Sub
VLANMajor
Interface
GE10 GE
PPPoE over VLAN
Configuration Steps for PPPoE over Ethernet with VLANsTo configure PPPoE-over-Ethernet interfaces (Fast Ethernet, Gigabit Ethernet, and 10-Gigabit Ethernet) withVLANs, first configure the Ethernet interface, specifying VLAN encapsulation. For each VLAN or group of users,create a VLAN subinterface, assign a VLAN ID, and create a PPPoE major interface. Next, create a PPPoEsubinterface for each user, specifying PPP encapsulation. Configure any PPP parameters for the PPP interface,such as PPP authentication method or keepalive timers. Finally, apply a profile for a dynamically created IPinterfaces. In this configuration, there is a VLAN subinterface and PPPoE major interface per group of users. Inother words, one physical Ethernet interface supports multiple VLAN subinterfaces. Each VLAN subinterfacesupports a single PPPoE major interface.
E-series B-RAS Configuration
Module 4: PPP over Ethernet 4-23
Copyright© 2007, Juniper Networks, Inc.
Configuration steps:erx7(config)#interface fastEthernet 3/1erx7(config-if)#encapsulation vlanerx7(config-if)#interface fast 3/1.1100erx7(config-if)#svlan ethertype 8100erx7(config-if)#svlan id 1 100erx7(config-if)#pppoeerx7(config-if)#pppoe subint fast 3/1.1100.1erx7(config-if)#encapsulation ppperx7(config-if)#ppp auth chaperx7(config-if)#profile ip generic-iperx7(config-if)#pppoe subint fast 3/1.1100.2erx7(config-if)#encapsulation ppperx7(config-if)#ppp auth chaperx7(config-if)#profile ip generic-ip
PPPoE over Ethernet with S-VLANs
PPPoEMajor
SVLAN1 100
VLAN Sub
PPP
IP
PPPoE Sub
PPP
IP
PPPoE Sub
VLANMajor
Interface
GE10 GE
PPPoE over S-VLAN
Configuration Steps for PPPoE over Ethernet with S-VLANsTo configure PPPoE-over-Ethernet interfaces (Fast Ethernet, Gigabit Ethernet, and 10-Gigabit Ethernet) with S-VLANs, first configure the Ethernet interface, specifying VLAN encapsulation. For each S-VLAN or group of users,create a S-VLAN subinterface, assign a S-VLAN ID. By default, the E-series router uses the 9100 for the S-VLANEthertype. If the E-series router is connected to a device that uses the IEEE Standard 802.1ad, specify svlanethertype 88a8. If the E-series router is connected to a device that uses 802.1 Q-in-Q tagging, specify svlanethertype 8100. Next, create a PPPoE major interface and then create a PPPoE subinterface for each user,specifying PPP encapsulation. Configure any PPP parameters for the PPP interface, such as PPP authenticationmethod or keepalive timers. Finally, apply a profile for a dynamically created IP interfaces. In this configuration,there is a S-VLAN subinterface and PPPoE major interface per group of users. In other words, one physicalEthernet interface supports multiple S-VLAN subinterfaces. Each S-VLAN subinterface supports a single PPPoEmajor interface. Remember that VLAN and S-VLAN subinterfaces can coexist on the same physical interface.
E-series B-RAS Configuration
Module 4: PPP over Ethernet 4-24
Copyright© 2007, Juniper Networks, Inc.
IP and PPPoE over Ethernet with VLANs
GE10 GE
VLAN Major
IP and PPPoE over VLAN
PPP
IP
PPPoE Sub
PPP
IP
PPPoE Sub
PPPoE MajorIP
VLAN 200VLAN Sub
Configuration steps:erx7(config)#interface fastEthernet 3/1erx7(config-if)#encapsulation vlanerx7(config)#interface fast 3/1.200erx7(config-if)#vlan id 200erx7(config-if)#ip address 172.16.100.1/24erx7(config-if)#pppoeerx7(config-if)#pppoe sub fast 3/1.200.1erx7(config-if)#encapsulation ppperx7(config-if)#ppp auth chaperx7(config-if)#profile ip generic-iperx7(config-if)#pppoe sub fast 3/1.200.2erx7(config-if)#encapsulation ppperx7(config-if)#ppp auth chaperx7(config-if)#profile ip generic-ip
IP and PPPoE over Ethernet with VLANs Configuration StepsYou can also configure a bifurcated interface that supports IP over Ethernet and PPPoE over the same VLANsubinterface. First create the VLAN subinterface and configure the VLAN ID. Next, configure the static IPinterface. Create the PPPoE major interface and the remaining configuration steps are the same as other PPP-over-Ethernet interfaces. It is also possible to configure dual stack interfaces over S-VLANs.
E-series B-RAS Configuration
Module 4: PPP over Ethernet 4-25
Copyright© 2007, Juniper Networks, Inc.
How Can I Tell if It Works? (1 of 3)
RADIUS10.13.7.55
default
VR2
DSLModem
RADIUS=10.13.7.55UDP=1812
key=training
Is the user logged into the router?erx7#show subscribers username username@domain
Is the router communicating with the RADIUS server?erx7#show radius statisticserx7#test aaa ppp username@domain passworderx7#show aaa domain-map
Is the User Logged into the Router?You can use some of the same troubleshooting commands that you used in a PPP-over-ATM environment. First,to determine if the user logged in to the router, use the show subscribers username username@domaincommand. If you execute this command in the default virtual router, you will see all users logged into the router,regardless of their virtual router. If you execute this command in a nondefault virtual router, you only see the userslocated in that specific virtual router. If the user is not logged in, refer to the following paragraph when youtroubleshoot a PPP-over-Ethernet interface.
Is the Router Communicating with the RADIUS Server?Use the show radius statistics command. Can the router authenticate the user locally? Use the test aaa pppusername password command. If you use a domain map, verify that the proper domain is mapped to theappropriate virtual router using the show aaa domain-map command.
E-series B-RAS Configuration
Module 4: PPP over Ethernet 4-26
Copyright© 2007, Juniper Networks, Inc.
How Can I Tell if It Works? (2 of 3)
Is the physical link between the user and the router working?erx7#show controller sonet slot/porterx7#show interface gigabitEthernet slot/port brieferx7#show atm vc atm slot/port vcderx7#show interface gigabitEthernet slot/port.subinterface
Is the user successfully completing both stages of PPPoE?erx7#show pppoe interfaceerx7#show pppoe interface interfaceerx7#show pppoe subinterfaceerx7#show pppoe subinterface interface
RADIUS10.13.7.55
default
VR2
RADIUS=10.13.7.55UDP=1812
key=training [email protected]
DSLModem
E-series B-RAS Configuration
Module 4: PPP over Ethernet 4-27
Copyright© 2007, Juniper Networks, Inc.
How Can I Tell if It Works? (3 of 3)
What is the state of the user’s PPP session?erx7#show ppp interface state downerx7#show ppp interface atm slot/port.subint statistics
Can the user communicate using IP?erx7#ping a.b.c.derx7#show ip interface fastethernet slot/port.subinterfaceerx7#ping a.b.c.d source address w.x.y.zerx7#show ip route | include slot/port.subinterface
Remember to set a statistics baseline to aid in troubleshooting
RADIUS10.13.7.55
default
VR2
RADIUS=10.13.7.55UDP=1812
key=training
DSLModem
What Is the State of the User's PPP Session?Once you verify that the user successfully completes both stages of PPPoE, examine the state of the PPPsession. Determine if any PPP interfaces are in the down state using the show ppp interface state downcommand. Examine the user's PPP interface using the PPP commands listed on the slide.
Can the User Communicate Using IP?Determine if the router can communicate with the user across the local link using the ping command. Verify thatpackets are being transmitted and received on the user's IP interface using the show ip interface gig slot/port.sub. pppoeSub command. If you can communicate with the user across the local link, determine if the user cancommunicate beyond the local link. You can do this by using the ping a.b.c.d source address w. x. y. z. Thesource keyword allows you to specify an alternate IP address as the source of the packet. In this case, specify anIP address on the router in a different subnet. This command verifies proper routing. Next, verify that the user's IPinterface is listed as a host route in the routing table. Remember to use CLI output filtering, such as show ip route Iinclude 6/1.1, to limit the number of routes displayed.
Setting a Statistics Baseline to Aid in Troubleshooting
Remember to use the baseline command to help during the troubleshooting process. The baseline command setsa statistics baseline for the requested counters, such as RADIUS statistics, IP interface statistics, or ATM interfacestatistics, to name a few.
E-series B-RAS Configuration
Module 4: PPP over Ethernet 4-28
Copyright© 2007, Juniper Networks, Inc.
Command Summary: PPPoE over ATM
Verifies network reachabilityIP configuration and statistics
Routes for 172.10.3.*Determines network path
ping 172.16.3.2show ip interface atm 6/2.12.1show ip route | include 172.16.3.traceroute
IP
PPP interface statisticsshow ppp interface atm 6/2.12.1statistics
PPP
Controller statusshow controller sonet 6/2Physical
ATM major interface status andstatistics
show atm interface atm 6/2ATM Major
Subinterface configuration andstatistics
show atm subinterface atm 6/2/0/112show atm subinterface atm 6/2.12
ATM Sub-interface
Status of all PPPoEsubinterfaces PPPoE statistics
show pppoe subinterface atm 6/2.12
show pppoe interface atm 6/2.12
PPPoE
ResultCommandLayer
PPPoE over ATM Command SummaryThis slides lists the commands used to troubleshoot a PPPoE-over-ATM environment, layer by layer.
E-series B-RAS Configuration
Module 4: PPP over Ethernet 4-29
Copyright© 2007, Juniper Networks, Inc.
Command Summary: PPPoE with VLANs
Verifies network reachabilityIP configuration and statistics
Routes for 172.10.4.*Determines network path
ping 172.16.4.2show ip interface gig 3/0.101.1show ip route | include 172.16.4.traceroute
IP
PPP interface statisticsshow ppp interface gig 3/0.101.1statistics
PPP
Port-level statisticsshow interface gigabitEthernet 3/0Physical
VLAN status and statisticsshow interface gigabit 3/0.101VLAN
Status of all PPPoEsubinterfaces
PPPoE statistics
show pppoe subinterface gig 3/0.101
show pppoe interface gig 3/0.101
PPPoE
ResultCommandLayer
PPPoE over Ethernet with VLANs Command SummaryThis slides lists the commands used to troubleshoot a PPPoE over Ethernet with environment, layer by layer.
E-series B-RAS Configuration
Module 4: PPP over Ethernet 4-30
Copyright© 2007, Juniper Networks, Inc.
Useful Logging Categories
Useful logging categories for troubleshootingPPP-over-Ethernet interfaces:– pppPacket– pppoeControlPacket– aaaUserAccess– aaaServerGeneral– radiusClient– radiusSendAttributes– radiusAttributes
Useful Logging Categories for Troubleshooting PPP-over-Ethernet InterfacesThis slide lists several useful logging categories to aid in troubleshooting PPPoE interfaces on the router.
E-series B-RAS Configuration
Module 4: PPP over Ethernet 4-31
Copyright© 2007, Juniper Networks, Inc.
PPPoE Successful Log: PPPoE
DEBUG 10/05/2004 13:59:56 pppoeControlPacket(interface ATM6/2.221): PADI rx from0090.1a41.306a, length 12, empty service name
DEBUG 10/05/2004 13:59:56 pppoeControlPacket(interface ATM6/2.221): PADO tx to0090.1a41.306a, length 40, empty service name
DEBUG 10/05/2004 13:59:56 pppoeControlPacket(interface ATM6/2.221): PADR rx from0090.1a41.306a, length 32, empty service name
DEBUG 10/05/2004 13:59:56 pppoeControlPacket(interface ATM6/2.221): PADS tx to0090.1a41.306a, length 40, connection madeusing session id 1 on sub interface 1
Viewing a PPPoE Successful LogThis slide shows the PPPoE session establishment between a PPPoE client and the E-series router. The PPPoEclient sends out a PADI (an initiation) with a destination MAC address of all Fs, indicating a data-link broadcastand its MAC address as the source. In this example, the client is not requesting a specific service because theservice-name tag is empty. The PPPoE subinterface's adminStatus and
operStatus must be up before the E-series router will respond to the user's initiation request. The router respondswith a PADO (an offer), containing its source MAC address as well as the same service the PPPoE clientrequested. Again, notice that the service-name tag is empty. The PPPoE client then sends out a PADR (a request)for a unique session ID. The router responds with a PADS (session establishment), containing the unique sessionID.
E-series B-RAS Configuration
Module 4: PPP over Ethernet 4-32
Copyright© 2007, Juniper Networks, Inc.
PPPoE Successful Log: PPP LCP & CHAPDEBUG 10/05/2004 13:59:58 pppPacket (interface ATM6/2.221.1): time: 0.00,rx lcp confReq, id = 244, length = 19, mru = 1492, authentication = chapMD5, magicNumber = 0x1a9aa44dDEBUG 10/05/2004 13:59:58 pppPacket (interface ATM6/2.221.1): time: 0.01,rx lcp confReq, id = 20, length = 14, mru = 1492, magicNumber =0x6d56dbe7DEBUG 10/05/2004 13:59:58 pppPacket (interface ATM6/2.221.1): time: 0.02,tx lcp confAck, id = 20, length = 14, mru = 1492, magicNumber =0x6d56dbe7DEBUG 10/05/2004 14:00:00 pppPacket (interface ATM6/2.221.1): time: 3.06,tx lcp confReq, id = 245, length = 19, mru = 1492, authentication = chapMD5, magicNumber = 0x1a9aa44dDEBUG 10/05/2004 14:00:00 pppPacket (interface ATM6/2.221.1): time: 3.06,rx lcp confAck, id = 245, length = 19, mru = 1492, authentication = chapMD5, magicNumber = 0x1a9aa44dDEBUG 10/05/2004 14:00:00 pppPacket (interface ATM6/2.221.1): time: 3.06,tx chap challenge, id = 200, length = 32, challenge length = 23,challenge = 17 21 74 67 75 f4 db 07 83 9e af ec 4c 98 08 74 5f 79 39 a388 6b ab, name = 'erx8' 65 72 78 38DEBUG 10/05/2004 14:00:00 pppPacket (interface ATM6/2.221.1): time: 3.07,rx chap response, id = 200, length = 35, response length = 16, response =97 d4 dc 75 43 f9 c6 70 1a cc df 89 80 e8 2d 2e, name = '[email protected]'64 69 61 6e 65 40 69 73 70 31 2e 63 6f 6dDEBUG 10/05/2004 14:00:00 pppPacket (interface ATM6/2.221.1): time: 3.33,tx chap success, id = 200, length = 4
Viewing a PPP LCP and CHAP Successful LogThis slide shows the PPP LCP and CHAP negotiation process between the PPPoE client and the E-series router.Each peer sends an LCP configuration request with its options to the other peer. The minimum options are theMRU and the magic number. The router additionally sends out a third option—the authentication method, which, inthe example, is CHAP. For the negotiation process to proceed, each peer must acknowledge the configurationrequest sent from the other peer. Once the process is successful, the E-series router sends a CHAP challenge tothe client. The PPPoE client responds with a CHAP response containing the MD5-encrypted secret. The E-seriesrouter passes this for authentication to the RADIUS server. The router then forwards the results of theauthentication with the RADIUS server onto the PPPoE client. The example displays a CHAP success. At thispoint, the peers can proceed onto NCP negotiation.
E-series B-RAS Configuration
Module 4: PPP over Ethernet 4-33
Copyright© 2007, Juniper Networks, Inc.
PPPoE Successful Log: PPP IP NCPDEBUG 10/05/2004 14:00:00 pppPacket (interfaceATM6/2.221.1): time: 3.33,rx ipNcp confReq, id = 138, length= 10, ipAddress = 0.0.0.0
DEBUG 10/05/2004 14:00:00 pppPacket (interfaceATM6/2.221.1): time: 3.33,tx ipNcp confNak, id = 138, length= 10, ipAddress = 172.16.3.5
DEBUG 10/05/2004 14:00:00 pppPacket (interfaceATM6/2.221.1): time: 3.34, rx ipNcp confReq, id = 139,length = 10, ipAddress = 172.16.3.5
DEBUG 10/05/2004 14:00:00 pppPacket (interfaceATM6/2.221.1): time: 3.34, tx ipNcp confAck, id = 139,length = 10, ipAddress = 172.16.3.5
DEBUG 10/05/2004 14:00:00 pppPacket (interfaceATM6/2.221.1): time: 3.35, tx ipNcp confReq, id = 241,length = 10, ipAddress = 172.16.2.18
DEBUG 10/05/2004 14:00:00 pppPacket (interfaceATM6/2.221.1): time: 3.38, rx ipNcp confAck, id = 241,length = 10, ipAddress = 172.16.2.18
Viewing a Successful PPP IP NCP LogThis slide shows the PPP IP NCP negotiation process between the E-series router and the PPPoE client. Theoption used with IP NCP is the IP address of the ATM subinterface to the client. The E-series router uses theloopback address referenced for the IP unnumbered address as its IP address. Initially, the client sends an IPaddress of 0.0.0.0, indicating that it does not have an address. The router responds to this request with an IP NCPconfigNak message, along with an IP address assigned from either the RADIUS server, a local pool, or a DHCPproxy client service. Once each peer successfully acknowledges each configuration request, PPP is consideredcompletely initialized.
E-series B-RAS Configuration
Module 4: PPP over Ethernet 4-34
Copyright© 2007, Juniper Networks, Inc.
Review Questions
1. How is PPP over Ethernet different from PPP over ATM?2. What are the two different stages of PPP over Ethernet?3. What is the basic life of a packet for PPP over Ethernet?4. How do you configure the E-series router for PPP over
Ethernet?5. What steps would you take to troubleshoot a
PPP-over-Ethernet interface?
This Chapter Discussed:• The benefits of using PPP over Ethernet;
• The life of a packet for PPP over Ethernet;• Comparing and contrasting ATM access networks and Ethernet access networks;
• Configuring the E-series router for PPP over Ethernet; and
• Verifying PPP-over-Ethernet operation using show commands and logging.
E-series B-RAS Configuration
Module 4: PPP over Ethernet 4-35
Copyright© 2007, Juniper Networks, Inc.
Lab 4: Configuring PPPoE Interface
Lab Objectives:Configure and troubleshoot static PPP-over-Ethernet
interfaces on the E-series router.
Lab 4: Configuring PPP over EthernetThe slide shows the objective for this lab.