cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1425
Views
0
Helpful
7
Replies

ASR9k BNG

rafal.almusawi
Level 1
Level 1

Hello All,

we are trying to migrate our PPPoE users termination from ASR1k to ASR9k but we have many questions about that and we faced some problems

below is that I have.

2x A9K-RSP440-SE

2x A9K-24X10GE-SE

software version 5.3.4

BNG package  and license are installed 

Core Issue....

we set the router up and everything looks fine BUT when we put some load real users and having some traffic we notice that the line card CPU is very high relativity to the number of users ( total user was something around 2k ) and if we put something around 15k user with their traffic  the line card CPU reaches 100% and the router stop functioning, we face the same issue when we are terminating the users on the line card or on the RSP

BNG Questions....

1- what i understand is that the 9k is able to terminate 64k user per LC if we used LC based subscriber or 128k if we do RP based ( is that mean i can use dual RSP to have 256k user )

2- with LC based there is a restriction of using PQOS, is that lifted with the new version.

3- what is the best and recommended software for BNG deployment 

below is a part of the router configuration

pool vrf default ipv4 expired
address-range 10.5.0.0 10.5.0.254
!
pool vrf default ipv4 SB_pool-B
address-range 10.4.0.2 10.4.7.254
!
pool vrf default ipv4 SB_pool-G
address-range 10.4.16.2 10.4.23.254
!
pool vrf default ipv4 SB_pool-P
address-range 10.4.24.2 10.4.31.254
!
pool vrf default ipv4 SB_pool-S
address-range 10.4.8.2 10.4.15.254
!
pool vrf default ipv4 SB_pool-VIP
address-range 10.4.32.2 10.4.39.254
!
ipv4 source-route
dynamic-template
type ppp DTP
service-policy type pbr HTTP_REDIRECT
ppp authentication chap pap
ppp lcp delay 1 0
keepalive 10 1
ppp ipcp dns x.x.x.x
ppp ipv6cp passive
ppp ipv6cp prot-rej
service-policy input UPLOAD
accounting aaa list default type session periodic-interval 4
ipv4 unnumbered Loopback1
ipv4 access-group USERS ingress
!
!
ipv4 access-list 50

ipv4 access-list USERS
10 deny tcp 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255 eq www

!
ipv4 access-list EXPIRE
10 permit tcp 10.5.0.0 0.0.0.255 any eq www

!
ipv4 access-list ANY_ACL
10 permit ipv4 any any
!
ipv4 access-list PORTIAL
10 permit tcp any host 192.168.30.25 eq www
!
ipv4 access-list PRIVATE
10 permit ipv4 host 192.168.99.2 any
!
ipv4 access-list BLCK_EXP
5 permit ipv4 any host 192.168.30.25
!
ipv4 access-list SUBS_POOL
10 permit tcp any 10.4.0.0 0.0.255.255 eq www
!
ipv4 access-list CRITICAL_LIST
10 permit tcp any eq domain any

!
ipv4 access-list LOCAL_SERVICE
10 permit ipv4 x.x.x.0 0.0.0.255 any
!
class-map match-any ANY
match access-group ipv4 ANY_ACL
end-class-map
!
class-map match-any CRITICAL
match access-group ipv4 CRITICAL_LIST
end-class-map
!
class-map match-any LOCAL_SERVICE_CLASS
match access-group ipv4 LOCAL_SERVICE
end-class-map
!
class-map type traffic match-any SUBS_HTTP
match access-group ipv4 SUBS_POOL
end-class-map
!
class-map type traffic match-any EXPIRE_CLASS
match access-group ipv4 EXPIRE
end-class-map
!
class-map type traffic match-any PORTIAL_CLASS
match access-group ipv4 PORTIAL
end-class-map
!
policy-map Vip
class CRITICAL
priority level 1
!
class LOCAL_SERVICE_CLASS
police rate 40 mbps
conform-action transmit
exceed-action drop
!
!
class ANY
police rate 12 mbps
conform-action transmit
exceed-action drop
!
!
class class-default
!
end-policy-map
!
policy-map Gold
class CRITICAL
priority level 1
!
class LOCAL_SERVICE_CLASS
police rate 24 mbps
conform-action transmit
exceed-action drop
!
!
class ANY
police rate 6 mbps
conform-action transmit
exceed-action drop
!
!
class class-default
!
end-policy-map
!
policy-map Bronze
class CRITICAL
priority level 1
!
class LOCAL_SERVICE_CLASS
police rate 8 mbps
conform-action transmit
exceed-action drop
!
!
class ANY
police rate 2 mbps
conform-action transmit
exceed-action drop
!
!
class class-default
!
end-policy-map
!
policy-map Silver
class CRITICAL
priority level 1
!
class LOCAL_SERVICE_CLASS
police rate 16 mbps
conform-action transmit
exceed-action drop
!
!
class ANY
police rate 3 mbps
conform-action transmit
exceed-action drop
!
!
class class-default
!
end-policy-map
!
policy-map UPLOAD
class ANY
police rate 100 mbps
!
!
class class-default
!
end-policy-map
!
policy-map Platinum
class CRITICAL
priority level 1
!
class LOCAL_SERVICE_CLASS
police rate 32 mbps
conform-action transmit
exceed-action drop
!
!
class ANY
police rate 8 mbps
conform-action transmit
exceed-action drop
!
!
class class-default
!
end-policy-map
!
policy-map type pbr HTTP_REDIRECT
class type traffic SUBS_HTTP
transmit
!
class type traffic PORTIAL_CLASS
transmit
!
class type traffic EXPIRE_CLASS
http-redirect https://192.168.30.25/info
!
class type traffic class-default
!
end-policy-map
!
interface Loopback1
ipv4 address 10.0.0.1 255.0.0.0
interface TenGigE0/1/0/0.11
ipv4 address 192.168.11.2 255.255.255.252
encapsulation dot1q 11
ipv4 access-group BLCK_EXP egress
!
interface TenGigE0/1/0/0.12
description FTTx-HQ
service-policy type control subscriber PPP
pppoe enable bba-group BBA_1
encapsulation dot1q 12
!
interface TenGigE0/1/0/0.79
ipv4 address 192.168.30.27 255.255.255.248
encapsulation dot1q 79
!
interface TenGigE0/1/0/0.1199
ipv4 address 172.1.1.1 255.255.255.0
service-policy type control subscriber PPP
pppoe enable bba-group BBA_1
encapsulation dot1q 1199
!
interface TenGigE0/1/0/0.2050
service-policy type control subscriber PPP
pppoe enable bba-group BBA_1
encapsulation ambiguous dot1q 2050 second-dot1q 2-4094
!
interface TenGigE0/1/0/0.2051
service-policy type control subscriber PPP
pppoe enable bba-group BBA_1
encapsulation ambiguous dot1q 2051 second-dot1q 2-4094
!
interface TenGigE0/1/0/0.2060
service-policy type control subscriber PPP
pppoe enable bba-group BBA_1
encapsulation dot1q 2060
!
ssh server v2
ssh server vrf mgmt ipv4 access-list 50
ssh server vrf default ipv4 access-list 50
aaa accounting service default group radius
aaa accounting subscriber default group radius
aaa authorization subscriber default group radius
aaa authentication subscriber default group radius
subscriber
pta tcp mss-adjust 1420
!
pppoe bba-group BBA_1
service selection disable
sessions vlan limit 65535
sessions inner-vlan limit 65535
sessions outer-vlan limit 65535
sessions access-interface limit 65535
pado delay 0
!
class-map type control subscriber match-any PPP
match protocol ppp
end-class-map
!
!
policy-map type control subscriber PPP
event session-start match-first
class type control subscriber PPP do-until-failure
10 activate dynamic-template DTP
!
!
event session-activate match-first
class type control subscriber PPP do-until-failure
10 authenticate aaa list default
20 authorize aaa list default identifier username password use-from-line
!
!
end-policy-map
!
end

thanks in advance