ASR 9000 BNG MILTIPLE POLICY FUCNTION IS NOT WORKING PROPERLY

coolchanakamihiran1 · ‎02-18-2021

Hi Everyone,

We are tying to apply multiple polices for one subscriber using Both dynamic policy download and manual method. In both method I can see only last service activation requested policy and access-list have applied to the particular subscriber interfaces. Configuration are as follows,

1. MANNUAL POLCY

dynamic-template
type ppp PPPOE_START
ppp authentication pap chap
!
type ppp PPPOE_ACTIVATE_BB_GRP01
ppp authentication pap chap
keepalive 30 5
ppp timeout absolute 0 0
ppp ipcp dns 27.114.138.100 27.114.138.99
ppp ipcp peer-address pool PPPOE_IPV4_POOL_BB_GRP01
vrf SUBS_IN
accounting aaa list QNS_EXT_ACCT_LIST type session periodic-interval 3
ipv4 mtu 1492
ipv4 unnumbered Loopback10
ipv4 unreachables disable
!
type ppp PPPOE_ACTIVATE_BB_GRP02
ppp authentication pap chap
keepalive 30 5
ppp timeout absolute 0 0
ppp ipcp dns 27.114.138.100 27.114.138.99
ppp ipcp peer-address pool PPPOE_IPV4_POOL_BB_GRP02
vrf SUBS_IN
accounting aaa list default type session periodic-interval 5
ipv4 mtu 1492
ipv4 unnumbered Loopback10
ipv4 unreachables disable
!
type service 10M_10M
service-policy input 10M_10M_IN merge 20 acct-stats
service-policy output 10M_10M_OUT merge 20 acct-stats
ipv4 access-group INTERNET_ACL_IN ingress
ipv4 access-group INTERNET_ACL_OUT egress
!
type service STREAMING_SWACK_100M
service-policy input SWACK_100M_IN merge 10 acct-stats
service-policy output SWACK_100M_OUT merge 10 acct-stats
ipv4 access-group STREAMING_SERVER_IN ingress
ipv4 access-group STREAMING_SERVER_OUT egress
!

RADIUS REQUEST

Acct-Interim-Interval = 1800
Cisco-AVPair = "accounting-list=QNS_ACCT_LIST_SESSION"
Cisco-AVPair = "subscriber:sa=STREAMING_SWACK_100M"
Cisco-AVPair = "subscriber:sa=10M_10M"
Cisco-AVPair = "ip:addr-pool=PPPOE_IPV4_POOL_BB_GRP01"
Framed-Protocol = PPP
Service-Type = Framed-User

SUBSCRIER DETAILLS OUTPUT

RP/0/RSP0/CPU0:lab_tbl_acc_bng_01#ssa det int
RP/0/RSP0/CPU0:lab_tbl_acc_bng_01#show subsc session all det int
Sun Feb 14 14:38:41.973 MVT
Interface: Bundle-Ether2.296.pppoe105
Circuit ID: Unknown
Remote ID: Unknown
Type: PPPoE:PTA
IPv4 State: Up, Sun Feb 14 14:38:04 2021
IPv4 Address: 27.114.182.227, VRF: SUBS_IN
IPv4 Up helpers: 0x00000020 {PPP}
IPv4 Up requestors: 0x00000020 {PPP}
IPv6 State: Down, Sun Feb 14 14:38:00 2021
Mac Address: 0050.569c.d0a7
Account-Session Id: 00000090
Nas-Port: 33739401
User name: testatp1
Formatted User name: unknown
Client User name: unknown
Outer VLAN ID: 296
Inner VLAN ID: 11
Subscriber Label: 0x00000049
Created: Sun Feb 14 14:38:00 2021
State: Activated, Sun Feb 14 14:38:00 2021

Authentication: authenticated
Authorization: unauthorized
Ifhandle: 0x000028a0
Session History ID: 47
Access-interface: Bundle-Ether2.296
SRG Flags: 0x00c04000(M)
SRG Group ID: 1
Prepaid State: (Disabled)
Policy Executed:

event Session-Start match-first [at 1613295480]
class type control subscriber CM_PPP do-until-failure [Succeeded]
10 activate dynamic-template PPPOE_START [cerr: No error][aaa: Success]
event Session-Activate match-first [at 1613295481]
class type control subscriber CM_PPP do-until-failure [Succeeded]
10 activate dynamic-template PPPOE_ACTIVATE_BB_GRP01 [cerr: No error][aaa: Success]
20 authenticate aaa list QNS_ACCT_LIST_SESSION [cerr: No error][aaa: Success]
Session Accounting:
Acct-Session-Id: 00000090
Method-list: QNS_ACCT_LIST_SESSION
Accounting started: Sun Feb 14 14:38:04 2021
Interim accounting: On, interval 30 mins
Last successful update: Never
Last unsuccessful update: Never
Next update in: 00:29:23 (dhms)
Last update sent: Never
Updates sent: 0
Updates accepted: 0
Updates rejected: 0
Update send failures: 0
Last COA request received: unavailable
User Profile received from AAA:
Attribute List: 0x1500fd04
1: acct-interval len= 4 value= 1800(708)
2: accounting-list len= 21 value= QNS_ACCT_LIST_SESSION
3: addr-pool len= 24 value= PPPOE_IPV4_POOL_BB_GRP01
4: service-type len= 4 value= Framed
Services:
Name : PPPOE_START
Service-ID : 0x4000002
Type : Template
Status : Applied
[Event History]
Feb 14 14:37:30.624 Service status update [many]
-------------------------
Name : PPPOE_ACTIVATE_BB_GRP01
Service-ID : 0x4000003
Type : Template
Status : Applied
[Event History]
Feb 14 14:37:34.208 Service status update [many]
-------------------------
Name : STREAMING_SWACK_100M
Service-ID : 0x4000019
Type : Multi Template
Status : Applied
[Event History]
Feb 14 14:37:34.208 Service status update [many]
-------------------------
Name : 10M_10M
Service-ID : 0x400001a
Type : Multi Template
Status : Applied
[Event History]
Feb 14 14:37:34.208 Service status update [many]
-------------------------
[Last IPv6 down]
Disconnect Reason:
Disconnect Cause: AAA_DISC_CAUSE_DEFAULT (0)
Abort Cause: AAA_AV_ABORT_CAUSE_NO_REASON (0)
Terminate Cause: AAA_AV_TERMINATE_CAUSE_NONE (0)
Disconnect called by: [iEdge internal]
[Event History]
Feb 14 14:37:28.960 SUBDB session create
Feb 14 14:37:29.728 Session activate
Feb 14 14:37:29.728 Authentication req
Feb 14 14:37:29.728 Authentication res
Feb 14 14:37:29.728 SUBDB produce done Start [many]
Feb 14 14:37:33.184 SUBDB produce done [many]
Feb 14 14:37:33.184 Session Up
Feb 14 14:37:33.184 IPv4 Address-Add
Feb 14 14:37:33.184 IPv4 Up
Feb 14 14:37:33.184 Account Start req

RP/0/RSP0/CPU0:lab_tbl_acc_bng_01#
RP/0/RSP0/CPU0:lab_tbl_acc_bng_01#
RP/0/RSP0/CPU0:lab_tbl_acc_bng_01#
RP/0/RSP0/CPU0:lab_tbl_acc_bng_01#sh access-lists ipv4 interface Bundle-Ether2.296.pppoe105
Sun Feb 14 14:39:08.129 MVT
Input ACL (common): N/A (interface): INTERNET_ACL_IN
Output ACL: INTERNET_ACL_OUT
RP/0/RSP0/CPU0:lab_tbl_acc_bng_01#
RP/0/RSP0/CPU0:lab_tbl_acc_bng_01#
RP/0/RSP0/CPU0:lab_tbl_acc_bng_01#
RP/0/RSP0/CPU0:lab_tbl_acc_bng_01#
RP/0/RSP0/CPU0:lab_tbl_acc_bng_01#sh policy-map applied interface Bundle-Ether2.296.pppoe105
Sun Feb 14 14:39:35.353 MVT

Input policy-map applied to Bundle-Ether2.296.pppoe105:

policy-map type merge __merge_2ef13d0
class class-default
police rate 100 mbps
!
!

Output policy-map applied to Bundle-Ether2.296.pppoe105:

policy-map type merge __merge_b74c55fc
class class-default
police rate 100 mbps
!
!
RP/0/RSP0/CPU0:lab_tbl_acc_bng_01#ssa
RP/0/RSP0/CPU0:lab_tbl_acc_bng_01#show subsc session all
Sun Feb 14 14:39:40.406 MVT
Codes: IN - Initialize, CN - Connecting, CD - Connected, AC - Activated,
ID - Idle, DN - Disconnecting, ED - End

Type Interface State Subscriber IP Addr / Prefix
LNS Address (Vrf)
--------------------------------------------------------------------------------
PPPoE:PTA BE2.296.pppoe105 AC 27.114.182.227 (SUBS_IN)
RP/0/RSP0/CPU0:lab_tbl_acc_bng_01#

2. DYNAMIC POLCY POLICY

Radius Server

Acct-Interim-Interval = 1800
Cisco-AVPair = "accounting-list=QNS_ACCT_LIST_SESSION"
Cisco-AVPair = "subscriber:sa=STREAMING_SWACK_100M"
Cisco-AVPair = "Method-List=default"
Cisco-AVPair = "subscriber:sa=10M_10M"
Cisco-AVPair = "Method-List=default"
Cisco-AVPair = "ip:addr-pool=PPPOE_IPV4_POOL_BB_GRP01"
Framed-Protocol = PPP
Service-Type = Framed-User

!!!!!!!!!!!!!!!!!!!!!!!!!!!

Cisco-AVPair = "qos-policy-in=add-class(sub,(class-default),police(12000))"
Cisco-AVPair = "qos-policy-out=add-class(sub,(class-default),shape(12000))"
Cisco-AVPair = "ipv4:inacl=INTERNET_ACL_IN"
Cisco-AVPair = "ipv4:outacl=INTERNET_ACL_OUT"
Cisco-AVPair = "subscriber:accounting-list=QNS_ACCT_LIST"
Acct-Interim-Interval = 600

!!!!!!!!!!!!!!!!!!!!!!!!!!!

Cisco-AVPair = "qos-policy-in=add-class(sub,(class-default),police(12000))"
Cisco-AVPair = "qos-policy-out=add-class(sub,(class-default),shape(12000))"
Cisco-AVPair = "ipv4:inacl=INTERNET_ACL_IN"
Cisco-AVPair = "ipv4:outacl=INTERNET_ACL_OUT"
Cisco-AVPair = "subscriber:accounting-list=QNS_ACCT_LIST"
Acct-Interim-Interval = 600

SUBSCRIER DETAILLS OUTPUT

RP/0/RSP0/CPU0:lab_tbl_acc_bng_01#show subsc session all det int
Mon Feb 15 10:19:43.754 MVT
Interface: Bundle-Ether2.296.pppoe109
Circuit ID: Unknown
Remote ID: Unknown
Type: PPPoE:PTA
IPv4 State: Up, Mon Feb 15 10:17:58 2021
IPv4 Address: 27.114.182.228, VRF: SUBS_IN
IPv4 Up helpers: 0x00000020 {PPP}
IPv4 Up requestors: 0x00000020 {PPP}
IPv6 State: Down, Mon Feb 15 10:17:54 2021
Mac Address: 0050.569c.d0a7
Account-Session Id: 00000094
Nas-Port: 33739405
User name: testatp1
Formatted User name: unknown
Client User name: unknown
Outer VLAN ID: 296
Inner VLAN ID: 11
Subscriber Label: 0x0000004d
Created: Mon Feb 15 10:17:54 2021
State: Activated, Mon Feb 15 10:17:54 2021

Authentication: authenticated
Authorization: unauthorized
Ifhandle: 0x000029a0
Session History ID: 5
Access-interface: Bundle-Ether2.296
SRG Flags: 0x00c04000(M)
SRG Group ID: 1
Prepaid State: (Disabled)
Policy Executed:

event Session-Start match-first [at 1613366274]
class type control subscriber CM_PPP do-until-failure [Succeeded]
10 activate dynamic-template PPPOE_START [cerr: No error][aaa: Success]
event Session-Activate match-first [at 1613366274]
class type control subscriber CM_PPP do-until-failure [Succeeded]
10 activate dynamic-template PPPOE_ACTIVATE_BB_GRP01 [cerr: No error][aaa: Success]
20 authenticate aaa list QNS_ACCT_LIST_SESSION [cerr: No error][aaa: Success]
Session Accounting:
Acct-Session-Id: 00000094
Method-list: QNS_ACCT_LIST_SESSION
Accounting started: Mon Feb 15 10:17:58 2021
Interim accounting: On, interval 30 mins
Last successful update: Never
Last unsuccessful update: Never
Next update in: 00:28:15 (dhms)
Last update sent: Never
Updates sent: 0
Updates accepted: 0
Updates rejected: 0
Update send failures: 0
Last COA request received: unavailable
User Profile received from AAA:
Attribute List: 0x1500fd04
1: acct-interval len= 4 value= 1800(708)
2: accounting-list len= 21 value= QNS_ACCT_LIST_SESSION
3: addr-pool len= 24 value= PPPOE_IPV4_POOL_BB_GRP01
4: service-type len= 4 value= Framed
Services:
Name : PPPOE_START
Service-ID : 0x4000002
Type : Template
Status : Applied
[Event History]
Feb 15 10:17:23.456 Service status update [many]
-------------------------
Name : PPPOE_ACTIVATE_BB_GRP01
Service-ID : 0x4000003
Type : Template
Status : Applied
[Event History]
Feb 15 10:17:27.168 Service status update [many]
-------------------------
Name : 10M_10M
Service-ID : 0x400001c
Type : Profile
Status : Applied
[Event History]
Feb 15 10:17:27.168 Service status update [many]
-------------------------
Name : STREAMING_SWACK_100M
Service-ID : 0x400001d
Type : Profile
Status : Applied
[Event History]
Feb 15 10:17:27.168 Service status update [many]
-------------------------
[Last IPv6 down]
Disconnect Reason:
Disconnect Cause: AAA_DISC_CAUSE_DEFAULT (0)
Abort Cause: AAA_AV_ABORT_CAUSE_NO_REASON (0)
Terminate Cause: AAA_AV_TERMINATE_CAUSE_NONE (0)
Disconnect called by: [iEdge internal]
[Event History]
Feb 15 10:17:21.920 SUBDB session create
Feb 15 10:17:22.560 Session activate
Feb 15 10:17:22.560 Authentication req
Feb 15 10:17:22.560 Authentication res
Feb 15 10:17:22.560 SUBDB produce done Start [many]
Feb 15 10:17:26.016 SUBDB produce done [many]
Feb 15 10:17:26.016 Session Up
Feb 15 10:17:26.016 IPv4 Address-Add
Feb 15 10:17:26.016 IPv4 Up
Feb 15 10:17:26.016 Account Start req
-------------------------

!!!!!!!!!!!!!!!!!!!!!!!

RP/0/RSP0/CPU0:lab_tbl_acc_bng_01#sh policy-map applied interface BE2.296.pppoe109

Mon Feb 15 10:18:39.321 MVT

Input policy-map applied to Bundle-Ether2.296.pppoe109:

policy-map __sub_34ffffffa36a46

class class-default

police rate 100000 kbps

!

Output policy-map applied to Bundle-Ether2.296.pppoe109:

policy-map __sub_65affffffa545

class class-default

shape average 100000 kbps

!

RP/0/RSP0/CPU0:lab_tbl_acc_bng_01#sh access-lists ipv4 interface BE2.296.pppoe109

Mon Feb 15 10:19:20.577 MVT

Input ACL (common): N/A (interface): STREAMING_SERVER_IN

Output ACL: STREAMING_SERVER_OUT

Is there are any reason for only applying last ACCESS list and policy map to the subscriber ?