0% found this document useful (0 votes)

261 views245 pages

Subscriber MGMT Getting Started

Uploaded by

samuela

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

261 views245 pages

Subscriber MGMT Getting Started

Uploaded by

samuela

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 245

Junos® OS

Broadband Subscriber Management

Getting Started Guide

Published

2023-03-26
ii

Juniper Networks, Inc.

1133 Innovation Way
Sunnyvale, California 94089
USA
408-745-2000
www.juniper.net

Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc.
in the United States and other countries. All other trademarks, service marks, registered marks, or registered service
marks are the property of their respective owners.

Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right
to change, modify, transfer, or otherwise revise this publication without notice.

Junos® OS Broadband Subscriber Management Getting Started Guide

The information in this document is current as of the date on the title page.

YEAR 2000 NOTICE

Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related
limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.

END USER LICENSE AGREEMENT

The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use
with) Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License
Agreement ("EULA") posted at https://support.juniper.net/support/eula/. By downloading, installing or using such
software, you agree to the terms and conditions of that EULA.
iii

Table of Contents
About This Guide | vii

1 Subscriber Management Overview

Introduction to Subscriber Management | 2

Subscriber Management Overview | 2

AAA Service Framework and Subscriber Management Overview | 4

Class of Service and Subscriber Management Overview | 4

Configuring Subscriber Access | 4

Subscriber Activation and Service Management in an Access Network | 8

Junos OS Enhanced Subscriber Management | 9

Junos OS Enhanced Subscriber Management Overview | 10

Configuring Junos OS Enhanced Subscriber Management | 15

Verifying and Managing Junos OS Enhanced Subscriber Management | 22

Tracing Subscriber Management Database Events for Troubleshooting | 25

Configuring the Subscriber Management Database Trace Log Filename | 26

Configuring the Number and Size of Subscriber Management Database Log Files | 26

Configuring Access to the Subscriber Management Database Log File | 27

Configuring a Regular Expression for Subscriber Management Database Messages to Be

Logged | 28

Configuring the Subscriber Management Database Tracing Flags | 28

Tracing Subscriber Management Session Database Replication Events for

Troubleshooting | 28

Configuring the Subscriber Management Session Database Replication Trace Log Filename | 30

Configuring the Number and Size of Subscriber Management Session Database Replication Log
Files | 30

Configuring Access to the Subscriber Management Session Database Replication Log File | 31
iv

Configuring a Regular Expression for Subscriber Management Session Database Replication

Messages to Be Logged | 31

Configuring the Subscriber Management Session Database Replication Tracing Flags | 32

2 Resource Monitoring for Subscriber Management and Services

Resource Monitoring for Subscriber Management and Services | 34

Resource Monitoring for Subscriber Management and Services Overview | 34

Limiting Subscribers by Client Type and Hardware Element with Resource Monitor | 42

3 Dynamic Profiles for Subscriber Management

Dynamic Profiles for Subscriber Management | 46

Dynamic Profiles Overview | 46

Configuring a Basic Dynamic Profile | 51

Per-Subscriber Support of Maximum Transmission Unit for Dynamic Profiles | 53

Understanding Per-subscriber Support of Maximum Transmission Unit for Dynamic Profiles | 53

Configuring Per-subscriber Maximum Transmission Unit for Dynamic Profiles | 55

Dynamic Variables Overview | 57

Predefined Variables in Dynamic Profiles | 59

Junos OS Predefined Variables | 59

Junos OS Predefined Variables That Correspond to RADIUS Attributes and VSAs | 94

Predefined Variable Defaults for Dynamic Client Profiles | 107

Configuring Predefined Dynamic Variables in Dynamic Profiles | 108

Configuring Default Values for Predefined Variables in a Dynamic Profile | 109

User-Defined Variables in Dynamic Profiles | 112

User-Defined Variables | 112

Configuring User-Defined Dynamic Variables in Dynamic Profiles | 113

Using Variable Expressions in User-Defined Variables | 114

Configuring Variable Expressions in Dynamic Profiles | 119

Conditional Configuration for Dynamic Profile Overview | 121

Versioning for Dynamic Profiles | 125

Enabling Dynamic Profiles to Use Multiple Versions | 126

Modifying Dynamic Profiles with Versioning Disabled | 127

Distinguishing Profile Versions with a Configurable Alias | 129

4 Configuration Statements
chassis (Subscriber Limits) | 133

client-type (Subscriber Limits) | 134

default-value | 137

dynamic-profile-options | 138

dynamic-profiles | 140

event (Enhanced Subscriber Management) | 153

fpc (Subscriber Limits) | 155

mandatory | 157

mtu (Dynamic Profiles) | 159

overrides (Enhanced Subscriber Management) | 160

pic (Subscriber Limits) | 164

port (Subscriber Limits) | 166

predefined-variable-defaults (Dynamic Client Profiles) | 167

resource-monitor | 171

routing-service (Dynamic Profiles) | 174

routing-services (Enhanced Subscriber Management) | 177

services (System Services) | 179

subscriber-management (Subscriber Management) | 187

subscribers-limit (Resource Monitor) | 190

traceoptions (Subscriber Management) | 192

traceoptions (Subscriber Session Database Replication) | 194

variables (Dynamic Service Profiles) | 197

versioning | 199

version-alias (Dynamic Profiles) | 200

5 Operational Commands
show dynamic-profile session | 204

show system resource-monitor ifd-cos-queue-mapping fpc | 211

show system resource-monitor subscribers-limit | 213

show system subscriber-management resiliency | 220

show system subscriber-management route | 231

vii

About This Guide

Use this guide to get a high-level overview of subscriber management, including AAA support, class of
service (CoS) to manage appropriate service levels; resource monitoring to enhance system stability by
avoiding overuse of memory and CPU resources; and dynamic profiles to configure and provision
subscribers and services.
1 CHAPTER

Subscriber Management Overview

Introduction to Subscriber Management | 2

Junos OS Enhanced Subscriber Management | 9

Tracing Subscriber Management Database Events for Troubleshooting | 25

Tracing Subscriber Management Session Database Replication Events for

Troubleshooting | 28
2

Introduction to Subscriber Management

IN THIS SECTION

Subscriber Management Overview | 2

AAA Service Framework and Subscriber Management Overview | 4

Class of Service and Subscriber Management Overview | 4

Configuring Subscriber Access | 4

Subscriber Activation and Service Management in an Access Network | 8

Subscriber Management Overview

IN THIS SECTION

Subscriber Access Terms and Acronyms | 3

The Juniper Networks Junos OS subscriber management feature provides subscriber access,
authentication, and service creation, activation, and deactivation. You can also collect accounting
information and statistics for subscriber service sessions.

The subscriber access feature supports both CLI and AAA-based configuration (such as RADIUS) for
subscribers. Access and services start when the router receives a message from a client (such as a DHCP
discover message). For RADIUS clients, RADIUS Access-Accept messages and Change-of-Authorization-
Request (CoA-Request) messages can create, modify, and delete subscriber sessions as well as activate
and deactivate service sessions. You can use CLI commands to create a dynamic profile, which acts as a
template of user attributes.

A subscriber service is based on the combination of a defined dynamic profile and attributes configured
through authentication. Dynamic profiles can include dynamic firewall filters, class-of-service (CoS)
settings, and protocol (IGMP) settings that define access limits for subscribers and the scope of a service
granted to the subscriber after access is obtained.
3

The subscriber access feature provides the following convenience and flexibility to service providers and
subscribers:

• Service providers can separate services and access technology and eliminate unprofitable flat-rate
billing. They gain the ability to efficiently design, manage, and deliver services that subscribers want,
and then bill subscribers based on connect time, bandwidth, and the actual service used.

• Subscribers benefit by gaining access to multiple simultaneous services. Depending on the service
provider configuration, subscribers can dynamically connect to and disconnect from various services
when they want and for however long they want. Subscribers can be billed based on the service level
and usage, rather than being charged a set rate regardless of usage.

To understand more about Subscriber Management Licensing , see Subscriber Access Licensing
Overview and Configuring the Router to Strictly Enforce the Subscriber Scaling License. Please refer to
the Juniper Licensing Guide for general information about License Management. Please refer to the
product Data Sheets for details, or contact your Juniper Account Team or Juniper Partner.

Subscriber Access Terms and Acronyms

Table 1 on page 3 defines terms and acronyms that are used in this discussion of subscriber access.

Table 1: Subscriber Access Terms and Acronyms

Term Definition

AAA method for The AAA method that uses authentication (for example, including RADIUS VSAs in
subscriber authentication the Access-Accept packet) to verify a subscriber and activate a service when the
subscriber logs in.

Dynamic profile A template that defines a set of characteristics that are combined with
authorization attributes and are dynamically assigned to static interfaces to provide
dynamic subscriber access and services for broadband applications.

RADIUS CoA method The method that uses RADIUS CoA-Request messages and VSAs to activate a
service for a subscriber that is already logged in.

Subscriber access The technology used by a subscriber to access services (for example, DHCP).
technology
4

AAA Service Framework and Subscriber Management Overview

You use AAA Service Framework for authentication, authorization, accounting, address assignment, and
dynamic services request that the BNG uses for network access. The framework supports
authentication and authorization through external servers, such as RADIUS. The framework also
supports accounting and dynamic-request CoA and disconnect operations through external servers, and
address assignment through a combination of local address-assignment pools and RADIUS.

The BNG interacts with external servers to determine how individual subscribers access the broadband
network. The router also obtains information from external servers for the following:

• Methods used for authentication and accounting.

• How accounting statistics are collected and used.

• How dynamic requests are handled.

Class of Service and Subscriber Management Overview

Class of service (CoS) enables you to divide traffic into classes and offer various levels of throughput and
acceptable packet loss when congestion occurs. CoS also provides the option of using differentiated
services when best-effort traffic delivery is insufficient. You can also configure the services router to
provide hierarchical scheduling for subscribers by dynamically adding or deleting queues when
subscribers require services.

By using a dynamic profile, you can provide all subscribers in your network with default CoS parameters
when they log in. For example, you can configure an access dynamic profile to specify that all
subscribers receive a basic data service. If you use RADIUS variables in the dynamic profile, you can
enable the service to be activated for those subscribers at login. You can also use variables to configure
a service profile that enables subscribers to activate a service or upgrade to different services through
RADIUS change-of-authorization (CoA) messages following initial login.

Configuring Subscriber Access

This topic provides a broad overview of some of the common configuration tasks for subscriber access
and management. You can find detailed information in the following Junos OS User Guides:

• Broadband Subscriber Sessions User Guide

• Broadband Subscriber Access Protocols User Guide

• Broadband Subscriber Services User Guide

• Broadband Subscriber VLANs and Interfaces User Guide

• Broadband Subscriber Management Wholesale User Guide

To configure subscriber access:

1. Configure the client access protocol.

• Configure DHCP local server.

See Understanding Differences Between Legacy DHCP and Extended DHCP.

• Configure DHCP relay.

See Extended DHCP Relay Agent Overview.

• Configure PPP.

See Configuring Logical Interface Properties and Configuring PPPoE

2. Configure subscriber authentication, accounting, and addressing.

a. Configure RADIUS:

i. Specify the RADIUS servers.

See Specifying RADIUS Authentication and Accounting Servers for Subscriber Access.

ii. Specify any optional server attributes.

See Configuring Authentication and Accounting Parameters for Subscriber Access.

iii. (Optional) Configure the CoA feature for the RADIUS dynamic-request server to change or
deactivate the service after login.

See Configuring RADIUS-Initiated Dynamic Request Support.

iv. Configure subscriber accounting (RADIUS accounting).

See Configuring Per-Subscriber Session Accounting.

b. Configure addressing:

• See Address-Assignment Pool Configuration Overview.

3. Create and manage dynamic profiles for access and service.

a. Configure a basic dynamic profile.

See "Configuring a Basic Dynamic Profile" on page 51.

See Example: Minimum PPPoE Dynamic Profile

b. Configure a dynamic profile for access.

See Configuring Dynamic DHCP Client Access to a Multicast Network.

c. Configure a dynamic profile for services.

See Defining Various Levels of Services for DHCP Subscribers.

d. Configure a default subscriber service.

See Configuring a Default Subscriber Service.

e. Configure the static subscriber interfaces to be referenced in the dynamic profile.

f. Specify the interface-name and unit variables that the router uses to dynamically associate to a
subscriber’s incoming interface.

g. Add, modify, or delete dynamic profile values to manage subscriber access and services.

The router dynamically activates or modifies the subscriber service using the RADIUS configuration.

• When the subscriber logs in, the router dynamically activates the service.

See Dynamic Service Management with RADIUS.

• If RADIUS CoA has been configured, the router can dynamically modify the service for a subscriber.

See RADIUS-Initiated Change of Authorization (CoA) Overview.

Figure 1 on page 7 shows the configuration sequence you perform for DHCP-based subscriber
access. It also shows the dynamic configuration performed by the router.
7

Figure 1: Subscriber Access Configuration Workflow

Subscriber Activation and Service Management in an Access Network

IN THIS SECTION

Components of a Dynamic Profile | 8

Router Predefined Variables Used by Dynamic Profiles | 9

The subscriber access feature uses dynamic profiles to activate subscribers and manage services.

A dynamic profile is a set of characteristics, defined in a template, that the router uses to provide
dynamic subscriber access and services.

By using dynamic profiles you can:

• Define access for your network

• Define different service levels for subscribers

• Preprovision services that you can activate later

Using AAA-based login (RADIUS-based login or RADIUS CoA) you can:

• Provide subscribers with dynamic activation and deactivation based on service selection

• Provide greater flexibility and efficient management for a large number of subscribers and services

Components of a Dynamic Profile

You can use dynamic profiles to define various router components for subscriber access.

These components include the following:

• Dynamic firewall filters—Includes input and output filters to enforce rules that define whether to
permit or deny packets that are transmitting an interface on the router. To apply dynamic firewall
filters to the subscriber interface, you configure static input and output firewall filters and reference
those filters in dynamic profiles.

• Dynamic Class of Service (CoS)—Includes CoS values that define a service for a subscriber. For
example, you can configure the shaping rate for traffic in a video service by referencing CoS
statements in a dynamic profile.

• Dynamic signaling protocol—Includes dynamic IGMP configuration for host to router signaling for
IPv4 to support IP multicasting.
9

Router Predefined Variables Used by Dynamic Profiles

The router contains many predefined variables. These variables enable dynamic association of certain
interface-specific values to incoming subscriber requests. You must specify these predefined variables in
certain statements within a dynamic profile. When a client accesses the router, the dynamic profile
configuration replaces the predefined variable with the actual data from an incoming client data packet
and configuration (local and RADIUS).

RELATED DOCUMENTATION

Subscriber Access Network Overview

Subscriber Access Operation Flow Using DHCP Relay
AAA Service Framework Overview
RADIUS-Initiated Change of Authorization (CoA) Overview
RADIUS-Initiated Disconnect Overview
CoS for Subscriber Access Overview
Default Services for DHCP Subscribers
Service Activation and Deactivation Using the CLI Instead of RADIUS
Dynamic Profiles for Subscriber Management | 46
Dynamic Variables Overview | 57
DHCP Subscriber Interface Overview

Junos OS Enhanced Subscriber Management

IN THIS SECTION

Junos OS Enhanced Subscriber Management Overview | 10

Configuring Junos OS Enhanced Subscriber Management | 15

Verifying and Managing Junos OS Enhanced Subscriber Management | 22

Junos OS Enhanced Subscriber Management Overview

IN THIS SECTION

Routing Services and Enhanced Subscriber Management | 11

Enabling BGP over Dynamic PPPoE Subscriber Interfaces | 13

Address Resolution and Enhanced Subscriber Management | 14

Control Plane Resiliency | 15

Benefits of Enhanced Subscriber Management | 15

Junos OS enhanced subscriber management is a next-generation broadband edge software architecture

for wireline subscriber management. Enhanced subscriber management enables you to take advantage
of increased scaling and performance for configuring and managing dynamic interfaces and services for
subscriber management.

Enhanced subscriber management delivers optimized scaling and performance for the existing dynamic
subscriber management feature set. Enhanced subscriber management provides feature parity with the
legacy Junos OS subscriber management feature set, with certain exceptions. For a list of these feature
exceptions, see the latest Junos OS Release Notes for MX Series 5G Universal Routing Platforms for
your Junos OS software.

In order to use dynamic profiles to create and manage dynamic subscriber interfaces and services, you
must explicitly configure and enable enhanced subscriber management. When enhanced subscriber
management is enabled, it handles all subscriber-management control protocol traffic (DHCP, PPP,
PPPoE, L2TP, and dynamic VLAN creation) to direct the creation of subscriber sessions and their
associated dynamic interfaces.

If you are using only static network configurations and static services in a business edge environment,
you do not need to enable enhanced subscriber management to configure these static topologies. When
enhanced subscriber management is not enabled, the following client applications do not support the
use of dynamic profiles, the creation of dynamic interfaces, or dynamic authentication services:

• Dynamic VLANs

• PPPoE

• PPP

• L2TP

• DHCP
11

From an operational perspective, enhanced subscriber management introduces only minimal changes to
existing subscriber management configuration and verification procedures. For example, enhanced
subscriber management consolidates several subscriber management components previously distributed
across multiple processes into a single process. As a result, enhanced subscriber management can
display consolidated information for subscriber management in a single show command.

Routing Services and Enhanced Subscriber Management

When client connections require additional routing protocols on dynamic interfaces, with the exception
of IGMP and MLD, you must include routing services in the dynamic profile interface configuration. If
you do not do so, then the pseudo logical interface is not created and routing services cannot be
associated with the dynamic interface. The additional routing protocols cannot run on the dynamic
subscriber interface.

You do not have to include routing services in the dynamic profile interface configuration when clients
use only the standard access-internal routes, access routes, and framed routes. In other words, the
routing service configuration is not required for simple client reachability purposes.

Routing service configuration is not required for IGMP or MLD, because these protocols are natively
supported on enhanced subscriber management interfaces.

NOTE: Distributed IGMP is not supported on subscriber management interfaces where routing-
services are enabled.

When a dynamic profile containing the routing-services statement is instantiated, the router creates an
enhanced subscriber management logical interface, also referred to as a pseudo logical interface, in the
form demux0.nnnnnnnnnn (for example, demux0.3221225472). Any associated subscriber routes or
routes learned from a routing protocol running on the enhanced subscriber management interface use
this pseudo interface as the next-hop interface.

Starting in Junos OS Release 18.4R1, the routing-services statement is deprecated and is replaced by the
routing-service statement. Besides enabling or disabling routing services for all subscribers on the
dynamic interface, the routing-service statement enables you to use RADIUS to selectively enable or
disable routing services for a specific subscriber during authentication if RADIUS returns the Routing-
Services VSA (26-212) in the Access-Accept message.

This RADIUS capability requires you to specify the $junos-routing-services predefined variable in the
dynamic profile. A VSA value of one enables routing services for the subscriber; a value of zero disables
routing services for the subscriber. Any value other than zero or one is rejected. If you configure the
variable and RADIUS does not return the VSA, then routing services are disabled for the subscriber.

You can specify the variable in the dynamic profiles for PPPoE subscribers, the underlying VLAN, or
both. When you include the variable in the VLAN dynamic profile, then you must also configure the
12

VLAN to be authenticated; otherwise, routing services remain disabled for the underlying interface and
therefore also disabled for the PPPoE subscriber.

You can optionally create dedicated dynamic VLAN profiles to enable routing services for subscribers
that require routing services. You can then create dedicated profiles for subscribers that do not need
routing services by omitting the routing-service statement from the profile. In the following code sample,
vlan-profile1 enables routing services; vlan-profile2 does not.

dynamic-profiles vlan-profile1 {
interfaces $junos-interface-ifd-name {
unit $junos-interface-unit {
routing-service {
enable;
}
}
}
}
dynamic-profiles vlan-profile2 {
interfaces $junos-interface-ifd-name {
unit $junos-interface-unit {
}
}
}

The VLAN profile is chosen based on the VLAN range associated with the profile by the ranges statement
at the [edit interfaces] hierarchy level. In the following code sample, vlan-profile1 uses VLAN IDs in the
range 100 through 500; vlan-profile2 uses IDs in the range from 501 through 1000:

interfaces ge-0/0/1 {
auto-configure;
vlan-ranges {
dynamic-profile vlan-profile1 {
ranges 100-500;
}
dynamic-profile vlan-profile2 {
ranges 501-1000;
}
}
}
}
13

Enabling BGP over Dynamic PPPoE Subscriber Interfaces

Starting in Junos OS Release 18.4R1, BGP is supported over dynamic PPPoE interfaces for the IPv4
address family. You must enable routing services with the routing-service statement in both the PPPoE
subscriber dynamic profile and the dynamic profile for the underlying VLAN interface. If routing services
are not enabled for the dynamic underlying interface, then the PPPoE subscriber is rejected during the
first family profile activation. If the underlying VLAN is static rather than dynamic, then routing services
are not required (or possible) on the underlying VLAN.

In this configuration, the PPPoE subscriber clients correspond to BGP neighbors. This means that when
you configure the BGP neighbors with the [edit protocols bgp group name neighbor] stanza, you must use
the PPPoE client IP addresses as the BGP neighbor addresses. The BGP peer addresses cannot be
dynamically provisioned.

Support for BGP over dynamic PPPoE subscriber interfaces includes the following:

• Route advertisement over the BGP-established PPPoE neighbor.

• End-to-end bidirectional traffic from the core to the IP prefix advertised in the BGP route.

• Dedicated next hops are created by the routing daemon for subscriber routes, rather than reusing
shared next hops and pseudo logical interfaces.

The BGP over dynamic PPPoE interfaces feature does not support the following:

• Multihop BGP

• IBGP, because it might involve multihops

• BFD for the PPPoE subscribers

• Interface sets for the PPPoE subscribers

• Aggregated Ethernet targeting

• IPv6 address family

• More than one routing protocol besides BGP over the same subscriber

• MPLS termination on the PPPoE subscriber next hop

• Subscribers over pseudowire interfaces over redundant logical tunnel stacking

• Subscribers over pseudowire interfaces over demux0 stacking

The following interface stacking configurations are supported for routing-service-enabled PPPoE:

• PPPoE over dynamic VLANs

• PPPoE over static VLANs

• PPPoE over stacked VLANs (with inner and outer VLAN IDs)

The underlying VLAN for which routing services is enabled supports:

• Stacking of routing-service-enabled and routing-service-disabled PPPoE subscribers.

• Stacking of other access models such as DHCP.

• The parent physical interface can be a leg in an aggregated Ethernet bundle.

Address Resolution and Enhanced Subscriber Management

Starting in Junos OS Release 18.4R1, several enhancements are available for address resolution with
enhanced subscriber management. These enhancements affect only framed routes on dynamic VLANs.
Framed routes associated with DHCP subscribers function the same as before this feature support.

• Dynamic layer 2 MAC address resolution is supported for non-host routes. Users deploying statically
addressed IP clients or a mix of statically addressed IP clients and DHCP clients can use network
(/29) framed routes or host (/32) framed routes to establish reachability. The /29 routes are coupled
with the dynamic Layer 2 address associated with a host framed route. This supports business users
who use routers with multiple public addresses behind CPE routers. This feature is enabled by
default and requires no special configuration.

In earlier releases, dynamic address resolution is supported only for host framed routes; network
framed routes that resolve to an indirect next hop (such as a local gateway) are not supported.

• By default, an IPv4 framed host route is permanently associated with the source MAC address from
the trigger packet that created the dynamic VLAN. You can override this behavior by enabling
dynamic ARP to resolve the MAC address for the framed host routes with the ipoe-dynamic-arp-enable
statement. ARP protocol exchange resolves the Layer 2 address for the framed route.

• The router can compare the source MAC address received in a gratuitous ARP request or reply
packet with the value in the ARP cache. The router updates the cache with the received MAC
address if it determines this address is different from the cache entry. Include the receive-gratuitous-
arp statement to enable this feature.

This capability is useful when an IP address moves to a different device or NIC and consequently is
associated with a different MAC address than before the move. The new device broadcasts a
gratuitous ARP reply that the router compares to the MAC address in the cache.

When the statement is not included, the dynamic ARP times out. Before it is deleted from the cache,
the router sends an ARP request for the target IP address. The client responds with the new MAC
address, but a window may exist for the client where the MAC address does not match the NIC.
15

Control Plane Resiliency

Starting in Junos OS Release 19.1, several enhancements are available to improve control plane
resiliency and the reliability of session database replication and state synchronization between primary
and standby Routing Engines.

• The primary and standby Routing Engines exchange detailed information about session database
replication. This exchange enables the Routing Engines to better determine whether the replication is
correct.

• You can configure the router to detect shared memory corruption and to automatically recover by
rebooting the primary or standby Routing Engines, or both. In earlier releases, a manual reboot is
required to clear the corrupted shared memory; otherwise, it remains corrupted, causing processes
that share the memory to generate core errors.

• You can monitor Routing Engine resiliency with the show system subscriber-management resiliency
command. The summary version indicates whether the system is functioning normally or an unexpected
condition exists. The detail and extensive versions provide detailed statistics about the session
database in shared memory per Routing Engine.

Benefits of Enhanced Subscriber Management

• Optimizes scaling and performance for dynamic subscriber management features.

• Required for the creation and management of dynamic profiles, dynamic interfaces, and dynamic
subscribers.

Configuring Junos OS Enhanced Subscriber Management

Junos OS enhanced subscriber management is a next-generation broadband edge software architecture

for wireline subscriber management. With enhanced subscriber management, you can take advantage of
optimized scaling and performance for configuration and management of dynamic interfaces and
services for subscriber management. It must be enabled to use dynamic profiles for creating and
managing dynamic subscriber interfaces and services.

Enhanced subscriber management is supported on all MX Series 5G Universal Routing Platforms with
Modular Port Concentrators (MPCs) installed. It is not supported for MS-DPCs. If the router has both
MPC and MS-DPCs, a conflict between the MS-DPC and Enhanced Subscriber Management services
can occur during ISSU that can result in an unscheduled shutdown of the device. To prevent this, do not
run ISSU if the system has MS-DPCs installed, or only enable Enhanced Subscriber Management on
device where no MS-DPCs are present.
16

Before you begin:

• Download and install Junos OS Release 15.1R4 or later.

See Migration, Upgrade, and Downgrade Instructions in the Junos OS Release 15.1R4 Release Notes.
You must reboot the router after the upgrade is validated and installed.

CAUTION: Because unified in-service software upgrade (unified ISSU) is not supported
for subscriber management when you upgrade from a release that does not support
enhanced subscriber management (Junos OS Release 14.2 or earlier) to a release that
does support enhanced subscriber management (15.1R4 and later), all subscriber
sessions and subscriber state are lost after the upgrade.

NOTE: Starting in Junos OS Release 17.4R1, when enhanced IP network services and enhanced
subscriber management are enabled, the amount of DRAM on the Routing Engine determines
whether the subscriber management daemons on that Routing Engine all run in 32-bit mode or
all run in 64-bit mode.

• Less than 32 GB of RAM—32-bit mode

• 32 GB or more of RAM—64-bit mode

In releases earlier than Junos OS Release 17.4R1, only the subscriber management daemon, bbe-
smgd, operates in either 32-bit or 64-bit mode depending on the DRAM.

NOTE: All Routing Engines in the system must have the same amount of memory. This is
universally true for subscriber management in all releases.

To configure Junos OS enhanced subscriber management for the first time:

1. Configure enhanced IP network services on the router.

a. Specify that you want to configure chassis properties for the router.

[edit]
user@host# edit chassis
17

b. Configure enhanced IP network services.

[edit chassis]
user@host# set network-services enhanced-ip

2. Enable enhanced subscriber management.

a. Specify that you want to configure global services for the router.

[edit]
user@host# edit system services

b. Enable enhanced subscriber management.

[edit system services]

user@host# set subscriber-management enable

3. Increase the amount of system shared memory available for enhanced subscriber management by
limiting the maximum size of the configuration database.
JUNOS OS processes map shared memory into their process space. For example, on MX240
through MX10003 routers, processes can map up to 1GB of shared memory. Enhanced subscriber
management processes contend for shared memory with the JUNOS OS configuration database. By
default, the configuration database tries to reserve 80 percent of the shared memory map, leaving
insufficient space for subscriber management to function. The majority of configurations require
much less than 300MB of mapped space. An appropriate database size enables subscriber
management to operate and scale optimally. In some circumstances, you must configure a
maximum size to increase the amount of shared memory available to subscriber management. In
other circumstances, we recommend that you allow the router to determine the appropriate size
and that you do not configure a maximum.

NOTE: Starting in Junos OS Release 20.1R1, a single memory map is used for both the
Junos OS configuration database and the schema database, together. In lower releases, two
separate maps are used.
18

• For MX5, MX10, MX40, MX80, and MX104 routers, you must always configure the maximum
size to be no more than 100MB, regardless of the which Junos OS release is running and
regardless of Routing Engine RAM.

user@host# set system configuration-database max-db-size 100M

• For MX240, MX480, MX960, MX2008, MX2010, MX2020, and MX10003 routers, the decision
whether to explicitly configure a maximum size and what that size is, depends on the Junos OS
release and the amount of RAM in the Routing Engines. Table 2 on page 18 lists conditions and
the corresponding recommendations.

Table 2: Configuration Database Size for MX240, MX480, MX960, MX2008, MX2010,
MX2020, and MX10003 Routers

Junos OS Release Routing Engine RAM Recommendation

Release 17.4R1 and earlier Any Configure maximum size to no more than
releases 300MB.

Release 18.1R1

Release 17.4R2 and higher 17.4x Routing Engines have Allow the router to determine the
releases at least 32GB each appropriate size. Do not configure a
maximum size.
Release 18.1R2 and higher
releases

Release 17.4R2 and higher 17.4x Routing Engines have Configure maximum size to no more than
releases less than 32GB each 300MB.

Release 18.1R2 and higher

releases

4. (Optional) Enable dynamic ARP to resolve the MAC address for IPv4 framed host routes.
Otherwise, an IPv4 framed host route is permanently associated with the source MAC address from
the trigger packet that created the dynamic VLAN.

[edit system services subscriber-management overrides interfaces family inet

user@host# set ipoe-dynamic-arp-enable
19

5. (Optional) Enable router to compare the source MAC address received in a gratuitous ARP request
or reply packet with the value in the ARP cache and update the cache when this address is different
from the cache entry.

[edit system services subscriber-management overrides interfaces family inet

user@host# set receive-gratuitous-arp

6. (Optional) Configure the router to automatically reboot the primary or standby Routing Engine, or
both, when it detects that the shared memory has been corrupted, which is considered a
catastrophic failure.

[edit system services subscriber-management overrides

user@host# set event catastrophic-failure reboot master
user@host# set event catastrophic-failure reboot standby

7. (Optional) Enable traffic-accounting and rate-monitoring for the given interface:

[edit dynamic-profiles profile-name interfaces unit “$junos-interface-unit”]

user@host# set actual-transit-statistics

8. (Optional) Enable routing services for dynamic interfaces if you want to run routing protocols on
those interfaces. This is not required for IGMP or MLD over dynamic interfaces.

[edit dynamic-profiles profile-name interfaces interface-name unit “$junos-interface-unit”]

user@host# set routing-services

Starting in Junos OS Release 18.4R1, the routing-services statement is deprecated and is replaced by
the routing-service statement.

[edit dynamic-profiles profile-name interfaces interface-name unit “$junos-interface-unit”]

user@host# set routing-service

NOTE: When the underlying VLAN interface for PPPoE subscribers is created with a
dynamic profile, you must enable routing services in both the PPPoE dynamic profile and the
dynamic profile for the underlying VLAN. Otherwise the subscriber is not allowed to log in.

9. (Optional) Enable graceful Routing Engine switchover (GRES) and nonstop active routing (NSR).
20

NOTE: For MX Series routers using enhanced subscriber management, the new backup
Routing Engine (the former primary Routing Engine) will reboot when a graceful Routing
Engine switchover is performed. This cold restart resynchronizes the backup Routing Engine
state with that of the new primary Routing Engine, preventing discrepancies in state that
might have occurred during the switchover.

NOTE: When graceful Routing Engine switchover is enabled for subscriber management, all
Routing Engines in the router must have the same amount of DRAM for stable operation.

a. Enable GRES.

[edit chassis redundancy]

user@host# set graceful-switchover

NOTE: When GRES is enabled, you can either configure NSR or graceful restart. If you
configure both, then committing the configuration fails.

b. Enable NSR (recommended if you enable GRES).

[edit routing-options]
user@host# set nonstop-routing

NOTE: To enable graceful restart:

[edit routing-options]
user@host# set graceful-restart

c. Configure commit operations to automatically synchronize the configuration between the primary
Routing Engine and the standby Routing Engine.

[edit system]
user@host# set commit synchronize
21

10. Commit the configuration.

After you commit the configuration, the software prompts you to initiate a system reboot.
11. Reboot the router software to enable enhanced subscriber management.

a. Access operational mode.

[edit system]
user@host# exit

b. Reboot the software.

user@host> request system reboot

Example

The following example shows a typical configuration to enable enhanced subscriber management.

[edit]
chassis {
network-services {
enhanced-ip;
}
redundancy {
graceful-switchover;
}
}
routing-options {
nonstop-routing;
}
system {
commit synchronize;
configuration-database {
max-db-size 300M;
}
services {
subscriber-management {
enable;
}
}
}
22

NOTE: If you have configured graceful-restart, then the following statement will be displayed in
the example instead of nonstop-routing:

routing-options {
graceful-restart;
}

Verifying and Managing Junos OS Enhanced Subscriber Management

IN THIS SECTION

Purpose | 22

Action | 22

Purpose

View information about class of service (CoS), routing tables, active subscribers, and the subscriber
database for Junos OS enhanced subscriber management.

Action

• To display dynamic subscriber interface associations for CoS classifers, rewrite rules, and scheduler
maps:

user@host> show class-of-service interface interface-name

• To display CoS associations for a dynamic interface set:

user@host> show class-of-service interface-set interface-set-name

• To display the mapping of CoS schedulers to forwarding classes:

user@host> show class-of-service scheduler-map

• To display CoS traffic shaping and scheduling profiles:

user@host> show class-of-service traffic-control-profile

• To display the active entries in the routing table:

user@host> show route

• To display detailed information about active subscribers whose IP address matches the specified
address:

user@host> show subscribers address address detail

• To display information about how routes are mapped to specific enhanced subscriber management
interfaces:

user@host> show system subscriber-management route

• To display summary information for the subscriber management database:

user@host> show system subscriber-management summary

• To verify whether subscriber management daemons are running in 32-bit mode or 64-bit mode:

user@host> show system processes | grep libexec[36]

Starting in Junos OS Release 17.4 R1, when enhanced IP network services and enhanced subscriber
management are enabled and a Routing Engine in the system has at least 32 GB of RAM, subscriber
management daemons on that Routing Engine run in 64-bit mode. For consistent operation, all
Routing Engines in the system must have the same amount of memory.
24

• 64-bit mode:

user@host> show system processes | grep libexec[36]

PID TT STAT TIME COMMAND
21149 - S 0:01.37 /usr/libexec64/pfed -N
21195 - S 0:00.46 /usr/libexec64/smid -N
21214 - S 0:05.04 /usr/libexec64/bbe-smgd -b -N
21270 - S 0:04.26 /usr/libexec64/authd -N
21498 - S 0:02.37 /usr/libexec64/rpd -N
21504 - S 0:00.84 /usr/libexec64/cosd
21539 - S 0:00.37 /usr/libexec64/dfwd -N
21740 - S 0:00.95 /usr/libexec64/jpppd -N

• 32-bit mode:

user@host> show system processes | grep libexec[36]

PID TT STAT TIME COMMAND
21149 - S 0:01.37 /usr/libexec32/pfed -N
21195 - S 0:00.46 /usr/libexec32/smid -N
21214 - S 0:05.04 /usr/libexec32/bbe-smgd -b -N
21270 - S 0:04.26 /usr/libexec32/authd -N
21498 - S 0:02.37 /usr/libexec32/rpd -N
21504 - S 0:00.84 /usr/libexec32/cosd
21539 - S 0:00.37 /usr/libexec32/dfwd -N
21740 - S 0:00.95 /usr/libexec32/jpppd -N

Release History Table

Release Description

19.1R1 Starting in Junos OS Release 19.1, several enhancements are available to improve control plane
resiliency and the reliability of session database replication and state synchronization between primary
and standby Routing Engines.

18.4R1 Starting in Junos OS Release 18.4R1, the routing-services statement is deprecated and is replaced by
the routing-service statement.

18.4R1 Starting in Junos OS Release 18.4R1, BGP is supported over dynamic PPPoE interfaces for the IPv4
address family.
25

18.4R1 Starting in Junos OS Release 18.4R1, several enhancements are available for address resolution with
enhanced subscriber management. These enhancements affect only framed routes on dynamic VLANs.
Framed routes associated with DHCP subscribers function the same as before this feature support.

18.4R1 Starting in Junos OS Release 18.4R1, the routing-services statement is deprecated and is replaced by
the routing-service statement.

17.4R1 Starting in Junos OS Release 17.4R1, when enhanced IP network services and enhanced subscriber
management are enabled, the amount of DRAM on the Routing Engine determines whether the
subscriber management daemons on that Routing Engine all run in 32-bit mode or all run in 64-bit
mode.

17.4R1 Starting in Junos OS Release 17.4 R1, when enhanced IP network services and enhanced subscriber
management are enabled and a Routing Engine in the system has at least 32 GB of RAM, subscriber
management daemons on that Routing Engine run in 64-bit mode.

Tracing Subscriber Management Database Events

for Troubleshooting

IN THIS SECTION

Configuring the Subscriber Management Database Trace Log Filename | 26

Configuring the Number and Size of Subscriber Management Database Log Files | 26

Configuring Access to the Subscriber Management Database Log File | 27

Configuring a Regular Expression for Subscriber Management Database Messages to Be Logged | 28

Configuring the Subscriber Management Database Tracing Flags | 28

The Junos OS trace feature tracks subscriber management database operations and records events in a
log file. The error descriptions captured in the log file provide detailed information to help you solve
problems. The operations and events are those associated with the smid process, which manages the
subscriber management infrastructure.

By default, nothing is traced. When you enable the tracing operation, the default tracing behavior is as
follows:
26

1. Important events are logged in a file located in the /var/log directory. By default, the router uses the
filename smid. You can specify a different filename, but you cannot change the directory in which
trace files are located.

2. When the trace log file filename reaches 128 kilobytes (KB), it is compressed and renamed
filename.0.gz. Subsequent events are logged in a new file called filename, until it reaches capacity again.
At this point, filename.0.gz is renamed filename.1.gz and filename is compressed and renamed
filename.0.gz. This process repeats until the number of archived files reaches the maximum file
number. Then the oldest trace file—the one with the highest number—is overwritten.

You can optionally specify the number of trace files to be from 2 through 1000. You can also
configure the maximum file size to be from 10 KB through 1 gigabyte (GB). (For more information
about how log files are created, see the System Log Explorer.)

By default, only the user who configures the tracing operation can access log files. You can optionally
configure read-only access for all users.

The following topics describe how to configure all aspects of tracing subscriber management database
operations:

Configuring the Subscriber Management Database Trace Log Filename

By default, the name of the file that records trace output for the subscriber management database is
smid. You can specify a different name with the file option.

To configure the filename for subscriber management database tracing operations:

• Specify the name of the file used for the trace output.

[edit system services subscriber-management traceoptions]

user@host# set file smi_logfile_1

Configuring the Number and Size of Subscriber Management Database

Log Files

You can optionally specify the number of compressed, archived trace log files to be from 2 through
1000. You can also configure the maximum file size to be from 10 KB through 1 gigabyte (GB); the
default size is 128 kilobytes (KB).
27

The archived files are differentiated by a suffix in the format .number.gz. The newest archived file is .0.gz
and the oldest archived file is .(maximum number)-1.gz. When the current trace log file reaches the maximum
size, it is compressed and renamed, and any existing archived files are renamed. This process repeats
until the maximum number of archived files is reached, at which point the oldest file is overwritten.

For example, you can set the maximum file size to 2 MB, and the maximum number of files to 20. When
the file that receives the output of the tracing operation, filename, reaches 2 MB, filename is compressed
and renamed filename.0.gz, and a new file called filename is created. When the new filename reaches 2 MB,
filename.0.gz is renamed filename.1.gz and filename is compressed and renamed filename.0.gz. This process
repeats until there are 20 trace files. Then the oldest file, filename.19.gz, is simply overwritten when the
next oldest file, filename.18.gz is compressed and renamed to filename.19.gz.

To configure the number and size of trace files:

• Specify the name, number, and size of the file used for the trace output.

[edit system services subscriber-management traceoptions]

user@host# set file smi_1 _logfile_1 files 20 size 2097152

Configuring Access to the Subscriber Management Database Log File

By default, only the user who configures the tracing operation can access the log files. You can enable all
users to read the log file and you can explicitly set the default behavior of the log file.

To specify that all users can read the log file:

• Configure the log file to be world-readable.

[edit system services subscriber-management traceoptions]

user@host# set file smi_1 _logfile_1 world-readable

To explicitly set the default behavior, only the user who configured tracing can read the log file:

• Configure the log file to be no-world-readable.

[edit system services subscriber-management traceoptions]

user@host# set file smi_1 _logfile_1 no-world-readable
28

Configuring a Regular Expression for Subscriber Management Database

Messages to Be Logged

By default, the trace operation output includes all messages relevant to the logged events.

You can refine the output by including regular expressions to be matched.

To configure regular expressions to be matched:

• Configure the regular expression.

[edit system services subscriber-management traceoptions]

user@host# set file smi_1 _logfile_1 match regex

Configuring the Subscriber Management Database Tracing Flags

By default, only important events are logged. You can specify which events and operations are logged by
specifying one or more tracing flags.

To configure the flags for the events to be logged:

• Configure the flags.

[edit system services subscriber-management traceoptions]

user@host# set flag flag

Tracing Subscriber Management Session Database

Replication Events for Troubleshooting

IN THIS SECTION

Configuring the Subscriber Management Session Database Replication Trace Log Filename | 30
29

Configuring the Number and Size of Subscriber Management Session Database Replication Log Files | 30

Configuring Access to the Subscriber Management Session Database Replication Log File | 31

Configuring a Regular Expression for Subscriber Management Session Database Replication Messages to Be
Logged | 31

Configuring the Subscriber Management Session Database Replication Tracing Flags | 32

The Junos OS trace feature tracks subscriber management session database replication operations and
records events in a log file. The error descriptions captured in the log file provide detailed information to
help you solve problems. The operations and events are those associated with the bdbrepd process,
which syncs the subscriber management database between the primary and backup Routing Engines.

By default, nothing is traced. When you enable the tracing operation, the default tracing behavior is as
follows:

1. Important events are logged in a file located in the /var/log directory. By default, the router uses the
filename bdbrepd. You can specify a different filename, but you cannot change the directory in which
trace files are located.

You can optionally configure the maximum file size to be from 10 KB through 1 gigabyte (GB). You
can also specify the number of trace files to be from 2 through 1000. (For more information about
how log files are created, see the System Log Explorer.)

By default, only the user who configures the tracing operation can access log files. You can optionally
configure read-only access for all users.

The following topics describe how to configure all aspects of tracing subscriber management session
database operations:
30

Configuring the Subscriber Management Session Database Replication

Trace Log Filename

By default, the name of the file that records trace output for the subscriber management session
database is bdbrepd. You can specify a different name with the file option.

To configure the filename for subscriber management database tracing operations:

• Specify the name of the file used for the trace output.

[edit system services database-replication traceoptions]

user@host# set file bdbrep_logfile_1

Configuring the Number and Size of Subscriber Management Session

Database Replication Log Files

To configure the number and size of trace files:

• Specify the name, number, and size of the file used for the trace output.

[edit system services database-replication traceoptions]

user@host# set file bdbrep_1 _logfile_1 files 20 size 2097152
31

Configuring Access to the Subscriber Management Session Database

Replication Log File

By default, only the user who configures the tracing operation can access the log files. You can enable all
users to read the log file and you can explicitly set the default behavior of the log file.

To specify that all users can read the log file:

• Configure the log file to be world-readable.

[edit system services database-replication traceoptions]

user@host# set file bdbrep_1 _logfile_1 world-readable

To explicitly set the default behavior, only the user who configured tracing can read the log file:

• Configure the log file to be no-world-readable.

[edit system services database-replication traceoptions]

user@host# set file bdbrep_1 _logfile_1 no-world-readable

Configuring a Regular Expression for Subscriber Management Session

Database Replication Messages to Be Logged

By default, the trace operation output includes all messages relevant to the logged events.

You can refine the output by including regular expressions to be matched.

To configure regular expressions to be matched:

• Configure the regular expression.

[edit system services database-replication traceoptions]

user@host# set file bdbrep_1 _logfile_1 match regex
32

Configuring the Subscriber Management Session Database Replication

Tracing Flags

By default, only important events are logged. You can specify which events and operations are logged by
specifying one or more tracing flags.

To configure the flags for the events to be logged:

• Configure the flags.

[edit system services database-replication traceoptions]

user@host# set flag flag
2 CHAPTER

Resource Monitoring for Subscriber

Management and Services

Resource Monitoring for Subscriber Management and Services | 34

Resource Monitoring for Subscriber Management

and Services

IN THIS SECTION

Resource Monitoring for Subscriber Management and Services Overview | 34

Limiting Subscribers by Client Type and Hardware Element with Resource Monitor | 42

Resource Monitoring for Subscriber Management and Services Overview

IN THIS SECTION

Using Watermarks for Line-Card Resource Monitoring | 35

Throttling Subscriber Load Based on CoS Resource Capacity | 37

Examining the Utilization of Memory Resource Regions Using show Commands | 37

Load Throttling to Reduce Processing Delays | 38

Limiting Subscribers with Resource Monitor | 41

Junos OS supports a resource monitoring capability using both the CLI and SNMP MIB queries. You can
employ this utility to provision sufficient headroom (memory space limits for the application or virtual
router) to ensure system stability, especially the health and operating efficiency of I-chip-based line
cards and Trio-based FPCs on MX Series routers.

When memory utilization, either the ukernel memory or ASIC memory, reaches a certain threshold, the
system operations compromise on the health and traffic-handling stability of the line card. Such a trade-
off on system performance can be detrimental for supporting live traffic and protocols.

Besides the ability to configure a threshold to raise error logs when a specific threshold value of
resources is exceeded, you can also monitor the threshold values and resource utilization using SNMP
MIB queries.

The following sections describe the types of resource monitoring available with Junos OS:
35

Using Watermarks for Line-Card Resource Monitoring

You can configure watermark or checkpoint values for the line-card resources, such as ukern memory
(heap), next-hop (NH) memory, and firewall or filter memory, to be uniform for both Trio-based and I-
chip-based line cards. The NH memory watermark is applicable only for encapsulation memory (output
WAN static RAM memory). Encapsulation memory is specific to I-chips and not applicable for Trio-based
chips. When the configured watermark is exceeded, error logs are triggered. If the resource has been
used above a certain threshold, warning system log messages are generated to notify about the
threshold value having exceeded. Based on your network needs, you can then determine whether you
want to terminate any existing subscribers and services to prevent the system from being overloaded
and resulting in a breakdown.

This feature gathers input from each of the line cards and transfers this statistical detail to the Routing
Engine process using a well-known internal port. This information is scanned by the daemon on the
Routine Engine and using the shared memory space built into the session database, warning messages
are generated for exceeded threshold conditions.

The capability to configure resource monitoring is supported on the MX80, MX104 routers and on the
following line cards on MX240, MX480, MX960, MX2010, and MX2020 routers:

• MX-MPC1-3D

• MX-MPC1-3D-Q

• MX-MPC2-3D

• MX-MPC2-3D-Q

• MX-MPC2-3D-EQ

• MPC-3D-16XGE-SFPP

• MPC3E

• MPC3E-3D-NG

• MPC4E-3D-2CGE-8XGE

• MPC4E-3D-32XGE

• MPC5EQ-40G10G

• MPC5EQ-100G10G

• MPC5E-100G10G

• MPC5E-40G10G
36

• MPC10E-10C-MRATE

• MPC10E-15C-MRATE

• MX2K-MPC6E

• MX2K-MPC11E

• DPCE

• MS-DPC

• MX Series Flexible PIC Concentrators (MX-FPCs)

• NG-MPC3E

You can configure the following parameters at the [edit system services] hierarchy level to specify the
high threshold value that is common for all the memory spaces or regions and the watermark values for
the different memory blocks on DPCs and MPCs:

• High threshold value, exceeding which warnings or error logs are generated, for all the regions of
memory, such as heap or ukernel, next hop and encapsulation, and firewall filter memory, by using
the resource-monitor high-threshold value statement.

• Percentage of free memory space used for next hops to be monitored with a watermark value by
using the resource-monitor free-nh-memory-watermark percentage statement.

• Percentage of free memory space used for ukernel or heap memory to be monitored with a
watermark value by using the resource-monitor free-heap-memory-watermark percentage statement.

• Percentage of free memory space used for firewall and filter memory to be monitored with a
watermark value by using the resource-monitor free-fw-memory-watermark percentage statement. This
feature is enabled by default and you cannot disable it manually. The default value and the
configured value of the watermark value for the percentage of free next-hop memory also applies to
encapsulation memory.

The default watermark values for the percentage of free ukernel or heap memory, next-hop memory,
and firewall filter memory are as follows:

• free-heap-memory-watermark—20

• free-nh-memory-watermark—20

• free-fw-memory-watermark—20
37

Throttling Subscriber Load Based on CoS Resource Capacity

Starting in Junos OS Release 17.4R1, class of service (CoS) criteria are incorporated into the throttling
decision for subscriber access. Information about the availability of CoS resources, namely queue
capacity, is collected from the line cards. At subscriber login, assuming that the subscriber requires CoS
resources, the line cards report the CoS queue utilization as a percent of resources that are bound to a
scheduling hierarchy and are not free to be bound to a new scheduling hierarchy. The high-cos-queue-
threshold statement at the [edit system services] hierarchy level can be set in the range of from 0 percent
to 90 percent, separately for each FPC slot. When CoS queue utilization on a given FPC reaches that
FPC's configured threshold level, further subscriber logins on that FPC are not allowed. This resource
monitoring mechanism provides adjustable safety margins to proactively avoid completely exhausting
each FPC's available CoS queue resources. See high-cos-queue-threshold.

NOTE: This feature is only available when you enable subscriber management. For more
information on enabling subscriber management, see "Configuring Junos OS Enhanced
Subscriber Management" on page 15.

NOTE: Starting in Junos OS Release 19.4R1, you can specify a value of 0 to prevent any
subscriber from being throttled by queue-based throttling.

This CoS resource monitoring feature bases admission decisions only on queues. Other CoS resources
are not part of this criteria. This feature does not support throttling for subscribers arriving on pseudo-
wire, logical tunnel, or redundant logical tunnel devices. The feature is supported on the following
hardware:

• MX240, MX480, and MX960 routers

• MPC2E legacy, MPC2E-NG, MPC3E-NG, MPC5E, and MPC7E line cards

Examining the Utilization of Memory Resource Regions Using show Commands

You can use the show system resource-monitor fpc command to monitor the utilization of memory resources
on the Packet Forwarding Engines of an FPC. The filter memory denotes the filter counter memory used
for firewall filter counters. The asterisk (*) displayed next to each of the memory regions denotes the
ones for which the configured threshold is being currently exceeded. Resource monitoring commands
display the configured values of watermark for memories for different line-card applications to be
monitored. The displayed statistical metrics are based on the computation performed of the current
memory utilization of the individual line cards. The ukern memory is generic across the different types of
line cards and signifies the heap memory buffers. Because a line card or an FPC in a particular slot can
contain multiple Packet Forwarding Engine complexes, the memory utilized on the application-specific
38

integrated circuits (ASICs) are specific to a particular PFE complex. Owing to different architecture
models for different variants of line cards supported, the ASIC-specific memory (next-hop and firewall or
filter memory) utilization percentage can be interpreted differently.

Load Throttling to Reduce Processing Delays

Starting in Junos OS Release 17.3R1, the Routing Engine can use resource monitoring to assess and
reduce the processing load on a line card’s Packet Forwarding Engine. It is possible for the Routing
Engine to send work at a higher rate than the Packet Forwarding Engine can process. This is sometimes
called overdriving the line card or Packet Forwarding Engine. When the work load on the Packet
Forwarding Engine is too high, it can cause noticeable delays in packet processing.

Resource monitoring enables the Routing Engine assess the load by evaluating the round-trip delay for
packets that it sends to the Packet Forwarding Engine. A longer round-trip time indicates a higher load
and therefore a greater chance of processing delays on the Packet Forwarding Engine. When
appropriate, the Routing Engine reduces the percentage of subscriber sessions (client and service) that
are allowed to complete.

This capability is called load throttling or round-trip time load throttling. Throttling prevents the Routing
Engine from over-driving line cards to the point that processing delays become visible to operators and
back-office systems. It works like this:

1. To monitor delays, the Routing Engine sends an echo request message every second to the Packet
Forwarding Engine on the line card. The echo request includes both a timestamp for when it is sent
and a running sequence number. The message priority is best effort, to simulate the worst-case
processing delay on the line card.

2. The Packet Forwarding Engine processes the echo request and responds with an echo reply. The
message priority is high to minimize jitter when the Routing Engine processes the returned packet.

3. When the Routing Engine receives the echo reply, it calculates the round trip time as the time
difference between the echo request timestamp and the time it receives the echo reply for that
particular sequence number.

4. The Routing Engine compares the round-trip delay time to a default round-trip threshold value of 1
second. If the measured delay is longer than the threshold for three consecutive trips, the Routing
Engine denies logins for a percentage of new subscribers, reducing the number of new client and
service sessions that are established. This reduction is called throttling.

An internal algorithm derives the throttling percentage based on the threshold and the round-trip
time. This percentage varies based on the round-trip delay at that point in time.

The Routing Engine increases the throttle—denies more subscriber logins—for each successive set of
three delay measurements that all exceed the threshold.
39

5. When the measured delay is less than the threshold for three consecutive trips, the Routing Engine
removes the throttle. This allows subscribers to log in freely.

NOTE: RTT load throttling applies on a per-line-card basis for Ethernet interfaces (ge, xe) and
pseudowire interfaces (ps) as follows:

• For aggregated Ethernet interfaces, it applies to the set of line cards associated with the
aggregated Ethernet bundle.

• For pseudowire interfaces with redundant logical tunnel (RLT), it applies to the set of line
cards that are associated with the anchor point.

In both cases, the Routing Engine considers the delay value that determines throttling to be the
longest round-trip delay of all the line cards in the set.

Table 3 on page 39 shows how subscriber sessions are throttled on a line card over a period of 12
seconds when the round-trip delay is greater than the internal threshold. This example has the following
assumptions:

• The internal delay threshold is 1 second.

• Delay measurements occur every second.

• The session creation rate is reduced by 10 percent after 3 consecutive round-trip delay
measurements that are above the round-trip delay threshold. For as long as the threshold is
exceeded, the throttling is increased every 3 measurements.

• If the measured delay drops and remains below the threshold for 3 consecutive round-trip delay
measurements, the session rate returns to 100 percent.

NOTE: This example is simplified. Remember that the exact throttling percentage is determined
dynamically and can vary second to second.

Table 3: Example Load Throttling Due to Round-trip Delay Time

Time Round-trip Delay (ms) Threshold Exceeded Percentage of Sessions Allowed

1 850 No 100

2 900 No 100
40

Table 3: Example Load Throttling Due to Round-trip Delay Time (Continued)

Time Round-trip Delay (ms) Threshold Exceeded Percentage of Sessions Allowed

3 995 No 100

4 1021 Yes 100

Threshold exceeded count #1

5 1130 Yes 100

Threshold exceeded count #2

6 1158 Yes 90

Threshold exceeded count #3 Session rate reduced by 10 %

7 1127 Yes 90

Threshold exceeded count #1 Session rate reduced by 10 %

8 1135 Yes 90

Threshold exceeded count #2

9 1126 Yes 80

Threshold exceeded count #3 Session rate reduced by 10 %

10 1000 No 80

Threshold not exceeded count #1

11 991 No 80

Threshold not exceeded count #2

12 998 No 100

Threshold not exceeded count #3 Throttling removed

Resource load monitoring and round-trip time throttling is enabled by default. You can use either of the
following statements to disable this feature:

• no-load-throttle at the [edit system services resource-monitor] hierarchy level

• no-throttle at the [edit system services resource-monitor] hierarchy level

If you disable the feature and the Packet Forwarding Engine becomes too busy, new subscribers can log
in and go active, but no traffic flows for a period of time. This delay in traffic processing might become
noticeable.

You can use the following command to confirm whether the load throttling feature is enabled and see
various aspects of the feature in action. The bolded fields are particularly useful.

user@host> show system resource-monitor summary

Resource Usage Summary
Throttle : Enabled
Load Throttle : Enabled /*RTT load throttling is enabled*/
Heap Mem Threshold : 70 %
IFL Counter Threshold : 95 %
Round Trip Delay Threshold(ms) : 1000 /*RTT throttle value*/
Filter Counter Threshold : 100 %
Expansion Threshold : 95 %
CoS Queue Threshold : 100 %
MFS threshold : 70 % Used : 0

Slot # 0
Client allowed : Yes
Service allowed : Yes
Heap memory used : 339204848 In % : 18
Average Round-trip Delay(ms) : 103 (30 ) Round-trip Delay(ms) : 103 /*RTT delay
and average delay, the 30 in parentheses means that the average is for last 30 secs*/
MAX session rate allowed(%) : 100
Client denied : 1524 /*The number of new subscribers have been denied*/
Service Denied : 0
Performance Denial Client : 1524 <--
Performance Denial Service : 0
IFL Denied : 0

Limiting Subscribers with Resource Monitor

Starting in Junos OS Release 17.3R1, you can also use resource monitoring to directly limit the number
of subscribers supported per hardware element. You can specify the maximum number of subscribers
42

that can be logged in per chassis, line card (MPC), MIC, or port. You can set the limit to subscribers of
only one client type (DHCP, L2TP, or PPPoE) or to subscribers of any client type.

This feature ensures that the number of subscribers logged in per hardware element does not exceed
the number that your network can serve with stability at the desired service bandwidth. When the limit
is reached for a hardware element, new subscriber logins are denied on that element until the number of
subscribers drops below the configured limit. New subscribers over the limit can connect to another
hardware element in the same broadcast domain. When you configure the limit on one or more legs of
an aggregated Ethernet interface, login is denied if the subscriber count exceeds the value on any of the
legs.

Limiting subscribers this way distributes the load among hardware elements, but it does not provide any
sort of load balancing. This feature can also help you map capacity in your network and determine what
hardware resources you need to expand that capacity. For example, if you provide a service that needs a
particular amount of memory and know how many subscribers you can service with a given set of
hardware, you can determine how much memory you need. Or if you want to add a service with more
memory per subscriber, you can calculate the additional amount that you need, compare it to your
available memory, and determine whether you need to provision new ports, MICs, MPCs, or routers to
handle the new service.

Limiting Subscribers by Client Type and Hardware Element with Resource

Monitor

In addition to using resource monitoring to monitor and manage system memory usage, you can use it to
directly limit the number of subscribers supported per hardware element: chassis, line card (MPC), MIC,
and port. You can specify the maximum number of subscribers that can be logged in to each of those
elements. You apply the limit to subscribers of only one client type (DHCP, L2TP, or PPPoE) or to
subscribers of any of these client types. In the latter case, the limit applies to the sum of sessions for all
three client types.

Subscriber limiting can ensure that the number of subscribers logged in per hardware element does not
exceed the number that your network can serve with stability at the desired service bandwidth. When
the limit is reached for a hardware element, new subscriber logins are denied on that element until the
number of subscribers drops below the configured limit. New subscribers over the limit connect to
another hardware element in the same broadcast domain. When you configure the limit on one or more
legs of an aggregated Ethernet interface, login is denied if the subscriber count exceeds the value on any
of the legs.

can determine how much bandwidth you need. Or if you want to add a service with more bandwidth per
subscriber, you can calculate the additional bandwidth that you need, compare it to your available
bandwidth, and determine whether you need to provision new ports, MICs, MPCs, or routers to handle
the new service.

NOTE: The CLI uses the terms fpc and pic. For this feature, fpc corresponds to MPC and pic
corresponds to MIC.

To place a limit on the maximum number of subscribers allowed for a hardware element:

1. Configure the client type for the subscribers.

[edit system services resource-monitor subscribers-limit]

user@host# edit client-type type

2. (Optional) Configure a subscriber limit on the chassis.

[edit system services resource-monitor subscribers-limit client-type type]

user@host# set chassis limit limit

3. (Optional) Configure a subscriber limit on an MPC.

[edit system services resource-monitor subscribers-limit client-type type]

user@host# edit fpc slot-number
[edit system services resource-monitor subscribers-limit client-type type fpc slot-number]
user@host# set limit limit

4. (Optional) Configure a subscriber limit on a MIC.

[edit system services resource-monitor subscribers-limit client-type type fpc slot-number]

user@host# edit pic number
[edit system services resource-monitor subscribers-limit client-type type fpc slot-number pic
number]
user@host# set limit limit
44

5. (Optional) Configure a subscriber limit on a port.

[edit system services resource-monitor subscribers-limit client-type type fpc slot-number pic
number]
user@host# set port number limit limit

For example, the following configuration sets chassis and MPC limits for PPPoE subscribers:

[edit system services resource-monitor subscribers-limit]

user@host# edit client-type pppoe
[edit system services resource-monitor subscribers-limit client-type pppoe]
user@host# set chassis limit 112000
user@host# set fpc 0 limit 28000
user@host# set fpc 1 limit 28000
user@host# set fpc 2 limit 28000
user@host# set fpc 3 limit 28000

Release History Table

Release Description

17.4R1 Starting in Junos OS Release 17.4R1, class of service (CoS) criteria are incorporated into the throttling
decision for subscriber access.

17.3R1 Starting in Junos OS Release 17.3R1, you can also use resource monitoring to directly limit the number
of subscribers supported per hardware element.

RELATED DOCUMENTATION

Diagnosing and Debugging System Performance by Configuring Memory Resource Usage Monitoring
on MX Series Routers
Resource Monitoring Usage Computation Overview
3 CHAPTER

Dynamic Profiles for Subscriber

Management

Dynamic Profiles for Subscriber Management | 46

Per-Subscriber Support of Maximum Transmission Unit for Dynamic Profiles | 53

Dynamic Variables Overview | 57

Predefined Variables in Dynamic Profiles | 59

User-Defined Variables in Dynamic Profiles | 112

Versioning for Dynamic Profiles | 125

Dynamic Profiles for Subscriber Management

IN THIS SECTION

Dynamic Profiles Overview | 46

Configuring a Basic Dynamic Profile | 51

Dynamic Profiles Overview

IN THIS SECTION

Dynamic Client Profiles and Dynamic Service Profiles | 47

Dynamically Applying Services to Subscriber Sessions | 48

Dynamic Profile Overrides | 49

Dynamic Profile Version Creation | 49

Dynamic Profile Semantic Checking | 50

A dynamic profile is a set of characteristics that acts as a kind of template that enables you to create,
update, or remove a configuration that you can use to provide dynamic subscriber access and services
for broadband applications. Using these profiles enables you to consolidate all of the common attributes
of a client or a group of clients and apply the attributes or dynamically created objects simultaneously.
After profiles are created, they reside on the router in a profile library.

You can manage subscribers dynamically with two kinds of dynamic profiles: client profiles and service
profiles. Both profile types are configured at the [edit dynamic-profiles] hierarchy level and are
independent of each other. Whether you use dynamic service profiles in addition to your dynamic client
profiles depends on how you support differentiation among subscribers and how you package your
subscriber services.

NOTE: Dynamic profile terminology is potentially confusing.

• A dynamic client profile can also correctly be referred to as a dynamic subscriber profile.

• Although dynamic client profiles are sometimes referred to as client access profiles, that term
causes confusion with the access profiles configured at the [edit access profile profile-name]
hierarchy level. Access profiles are used to configure authentication, accounting, and
authorization parameters for subscriber access, some session attributes, and client-specific
properties for L2TP and PPP sessions. Access profiles are applied at various configuration
levels with the access-profile statement.

Dynamic Client Profiles and Dynamic Service Profiles

The major differences between dynamic client and dynamic service profiles are the following:

• A dynamic client profile is provisioned and applied to the client application configuration; for
example, DHCP, DHCPv6, L2TP LNS, PPPoE, static subscribers, and VLANs. The contents of the
profile are applied to the logical interface for the subscriber session. Most often, dynamic client
profiles enable the dynamic instantiation of logical interfaces to which the profile is applied, but
client profiles can also be applied to static subscriber logical interfaces.

A dynamic client profile can include any of the stanzas under [edit dynamic-profiles profile-name],
except for variables variable-name.

• Dynamic service profiles include only service-related configurations, which are a subset of the
configurations available in dynamic client profiles. They do not include other configuration attributes
for a subscriber session. You cannot use a service profile to create or modify a logical interface. A
dynamic service profile functions as a supplement to dynamic client profiles that is used after the
creation of logical interfaces.

A dynamic service profile can include the following stanzas under [edit dynamic-profiles profile-name]:
class-of-service, firewall, protocols, services, and variables.

Dynamic client profiles and dynamic service profiles also differ in the types of variables they can use:

• Dynamic client profiles can include predefined-variable-defaults, which define default values for
Juniper Networks predefined variables that are included in the profile. The default values in the
profile are used when RADIUS does not return a value for the variable. See "Dynamic Variables
Overview" on page 57 and "Configuring Default Values for Predefined Variables in a Dynamic
Profile" on page 109 for information about predefined variables.

• Dynamic service profiles can include user-defined variables that act like parameters in a function call.
The variable values can be provided by the RADIUS server to support more specialized customization
per subscriber. You can also set default values for these variables to be used when RADIUS does not
48

provide the value. See "User-Defined Variables in Dynamic Profiles" on page 112 for information
about user-defined variables.

• Dynamic client profiles do not include user-defined variables. Dynamic service profiles do not include
predefined-variable-defaults.

Table 4 on page 48 lists the types of variables supported by access profiles and service profiles.

Table 4: Types of Variables Supported in Dynamic Profiles

Type of Dynamic Profile Junos OS Predefined Junos OS Predefined User-Defined Variable

Variable (Local) Variable (RADIUS)

Access Profile Yes Yes Yes

Service Profile Yes No Yes

Table 5 on page 48 lists the default values, expressions, and unique identifiers supported by access
profiles and service profiles.

Table 5: Default Values and Expressions Supported in Dynamic Profiles

Type of Dynamic Profile Default Values Expressions Unique Identifiers

Access Profile Yes (RADIUS predefined No Yes (Schedulers and

variables only) Scheduler maps only)

Service Profile Yes (User-defined Yes (Service activation Yes (Firewall filters only)
variables only) only)

Dynamically Applying Services to Subscriber Sessions

You can configure services to be applied to subscriber sessions in several ways:

• Include service configurations for the subscriber session in a dynamic client profile. For example, you
can configure Layer 2 services such as Class of Service (CoS) and Layer 3 services such as dynamic
firewall filters. Layer 3 services are applied for the negotiated address family for DHCP, DHCPv6, and
PPPoE subscribers. See Changing CoS Services Overview.
49

NOTE: A dynamic client profile cannot reference a dynamic service profile. It can only directly
include service configurations.

• Apply a dynamic service profile using your RADIUS configuration. The Juniper Networks Activate-
Service VSA (26-65), returned in the RADIUS Access-Accept message when the subscriber
authenticates, can reference a dynamic service profile and optionally pass additional parameters for
the service. For DHCP and PPPoE sessions, this service profile is applied when the session’s address
family is activated. See Dynamic Service Management with RADIUS.

You can use another Juniper Networks VSA, Deactivate-Service (26-66), to deactivate services in the
Access Accept message.

• Apply a service profile with a Juniper Networks VSA in a RADIUS Change of Authorization (CoA)
message. You can use a CoA message to activate (VSA 26-65) or deactivate (VSA 26-66) services. For
example, a subscriber may opt in or out of a service after the session is established. See RADIUS-
Initiated Change of Authorization (CoA) Overview.

• Apply a dynamic service profile by including the service-profile statement to reference the profile in
the configurations for DHCP local server, DHCP relay agent, L2TP, or static subscribers. For example,
see Specifying the Static Subscriber Group Service Profile, Configuring an L2TP Tunnel Group for
LNS Sessions with Inline Services Interfaces, and Configuring an L2TP Access Profile on the LNS.

Dynamic Profile Overrides

Starting in Junos OS Release 14.1, you can specify a different dynamic profile in the RADIUS Client-
Profile-Name VSA [26-174] to have RADIUS override a configured client dynamic profile. RADIUS
returns this VSA to AAA with other client session attributes in the Access-Accept message. AAA
subsequently overrides the corresponding profile name attribute in the session database entry for the
client, and this new profile is instantiated instead of the originally configured profile.

Dynamic Profile Version Creation

You can create new versions of dynamic profiles that are currently in use by subscribers. Dynamic profile
version creation is enabled at the [edit system] hierarchy level. When enabled, you can create multiple
versions of any dynamic profiles on the router. Any subscriber that logs in following a dynamic profile
modification uses the latest version of the dynamic profile. Subscribers that are already active continue
to use the older version of the dynamic profile until they log out or their session terminates.

When creating versions of dynamic profiles, keep the following in mind:

• You must enable or disable dynamic profile version creation before creating or using any dynamic
profiles on the router. Enabling or disabling dynamic profile version creation after dynamic profiles
are configured is not supported.

NOTE: Before you can enable or disable dynamic profile version creation for a router on
which any dynamic profiles are configured, you must first remove all dynamic profiles from
the router configuration.

• Each version of a dynamic profile is stored in the profile database as a new profile.

• The name of the new profile version is derived by appending a string to the original base dynamic
profile name. This string contains two dollar sign ($) characters to identify the version field of the
profile name. These two characters are followed by numerical characters that represent the “version
number” of the dynamic profile (for example, 01).

• The version number of the dynamic profile is automatically generated by the system.

• The dynamic profile that you modify is always stored as the latest version. You cannot create a
modified dynamic profile and save it as an earlier version. For example, if you modify version three of
a dynamic profile while it is in use, the dynamic profile is saved as version four.

• You can only modify the latest version of a dynamic profile.

• The maximum value for the version number is 99999. However, for each profile, only 10 active
versions are supported at a time.

• If the dynamic profile version that you modify is not in use by any subscriber, the profile is
overwritten with committed changes without creating a new version.

• After reaching the 99999th modified version of a dynamic profile, any further modifications to the
dynamic profile result in overwriting that final version. If the final version is in use, any modification
attempts fail upon commit.

• You can delete a dynamic profile only when none of its versions are in use.

• The dynamic profile version feature supports graceful restart and unified ISSU.

Dynamic Profile Semantic Checking

Variables are applied to dynamic profiles dynamically and cannot be checked with existing CLI
commands. Semantic checking validates some variables in dynamic profiles to help identify potential
configuration errors.
51

Semantic checks are performed during commit and during profile instantiation. Commit time checks
ensure that variables appear in the correct location within the dynamic profile. Checks performed before
profile instantiation ensure that the values that replace the variables are correct. The checks performed
on the values include the following:

• Range validation

• Variable type validation

• Existence of variables where they are mandatory

• Variable matching to regular expressions

A commit time check failure results in an error message being displayed and logged in the /var/log/
messages file and the commit failing. An instantiation failure results in an error being logged in the /var/log/
messages file and the profile instantiation failing.

Configuring a Basic Dynamic Profile

This topic describes how to create a basic dynamic profile. A basic profile must contain a profile name
and have both an interface variable name (such as $junos-interface-ifd-name) included at the [edit dynamic-
profiles profile-name interfaces hierarchy level and logical interface variable name (such as $junos-
underlying-interface-unit or $junos-interface-unit) at the [edit dynamic-profiles profile-name interfaces variable-
interface-name unit] hierarchy level.

Before you configure dynamic profiles for initial client access:

1. Configure the necessary router interfaces that you want DHCP clients to use when accessing the
network.

See DHCP Subscriber Interface Overview for information about the types of interfaces you can use
with dynamic profiles and how to configure them.

2. Configure all RADIUS values that you want the profiles to use when validating DHCP clients for
access to the multicast network.

See RADIUS Servers and Parameters for Subscriber Access

To configure a basic dynamic profile:

1. Name the profile.

[edit]
user@host# edit dynamic-profiles basic-profile

2. Define the interface-name statement with the internal $junos-interface-ifd-name variable used by the
router to match the interface name of the receiving interface.

[edit dynamic-profiles basic-profile]

user@host# edit interfaces $junos-interface-ifd-name

3. Define the unit statement with the internal variable:

• When referencing an existing interface, specify the $junos-underlying-interface-unit variable used by

the router to match the unit value of the receiving interface.

• When creating dynamic interfaces, specify the $junos-interface-unit variable used by the router to
generate a unit value for the interface.

[edit dynamic-profiles basic-profile interfaces "$junos-interface-ifd-name"]

user@host# set unit $junos-underlying-interface-unit

[edit dynamic-profiles basic-profile interfaces "$junos-interface-ifd-name"]

user@host# set unit $junos-interface-unit

Release History Table

Release Description

14.1 Starting in Junos OS Release 14.1, you can specify a different dynamic profile in the RADIUS Client-
Profile-Name VSA [26-174] to have RADIUS override a configured client dynamic profile.

RELATED DOCUMENTATION

Dynamic Variables Overview | 57

Predefined Variables in Dynamic Profiles | 59
User-Defined Variables in Dynamic Profiles | 112
53

Versioning for Dynamic Profiles | 125

Unique Identifiers for Firewall Variables

Per-Subscriber Support of Maximum Transmission

Unit for Dynamic Profiles

IN THIS SECTION

Understanding Per-subscriber Support of Maximum Transmission Unit for Dynamic Profiles | 53

Configuring Per-subscriber Maximum Transmission Unit for Dynamic Profiles | 55

You can create per subscriber support of maximum transmission unit (MTU) for dynamic profiles. For
more information, see the following topics:

Understanding Per-subscriber Support of Maximum Transmission Unit for

Dynamic Profiles

IN THIS SECTION

MTU Per-Subscriber for Dynamic Profiles | 54

Benefits of Per Subscriber Support of MTU for Dynamic Profiles | 54

Limitations | 54

Maximum transmission unit (MTU) is used to determine the maximum size of each packet in any TCP or
IP transmission. MTU cannot be greater than the payload size that is the encapsulations at the assigned
layer and any lower layers are excluded. You can specify the MTU for statically configured logical
interfaces. Starting in Junos OS Release 18.2R1, you can configure an MTU value for a subscriber logical
interface in a dynamic profile. This feature is required in customer applications requiring per-subscriber
54

MTU for logical interfaces on the same underlying physical interface (from which the MTU is inherited
by default). The use case is primarily dynamic VLANs for DHCP or DHCPv6 or IPoE or IPv6oE. The
dynamic logical interface MTU must be no greater than the physical interface MTU minus the VLAN
header size. The per-subscriber MTU feature is provided by extending dynamic-profiles to allow MTU to
be configured, either with a static value or the predefined variable, $junos-interface-mtu, whose value is
provided by RADIUS.

MTU Per-Subscriber for Dynamic Profiles

A dynamic profile is a set of characteristics, defined in a type of template, that you can use to provide
dynamic subscriber access and services for broadband applications. These services are assigned
dynamically to interfaces. You can identify subscribers statically or dynamically. To identify subscribers
statically, you can reference a static VLAN interface in a dynamic profile. To identify subscribers
dynamically, you need to create variables for demux interfaces that are dynamically created when the
subscribers log in. Junos OS allows you to create MTU for each subscriber for dynamic profiles. The
value can be static or can be represented through a new variable, $junos-interface-mtu. By default, the
variable value is the MTU of the payload, that is, the MTU of the physical interface minus the VLAN
header size. A specific value can be returned through the RADIUS authentication in the Framed-MTU
attribute (12). The attribute includes a single value which is applied to both the inet and inet6 protocol
families if both are configured with $junos-interface-mtu variable. While applying the MTU on the
subscriber logical interface during dynamic profile instantiation, a check is made to ensure that the MTU
of the logical interface does not exceed what is supported on its physical interface along with the family
protocol overhead. The value of the static MTU should be within the acceptable MTU range. If RADIUS
does not return a Framed MTU value for $junos-interface-mtu variable, the default value for interface-
mtu is used. You configure this value at the [edit dynamic profiles dynamic-profiles predefined-variable-
defaults] hierarchy level. If neither is provided, then the profile request is NACKed.

Benefits of Per Subscriber Support of MTU for Dynamic Profiles

• Provides network scalability if each subscriber uses different dynamic profile or different subscriber
name.

• Allows each subscriber to send traffic with different traffic rate.

Limitations

The following are the limitations:

• MTU for a dynamic logical interface is applied using the same rules as static logical interfaces.

• Framed-MTU returned by RADIUS is applicable only to the authenticated session. In other words, an
authenticated dynamic VLAN (DVLAN) profile affects only the MTU for the vlan logical interface, and
an authenticated DHCP profile affects only the MTU for the DHCP subscriber logical interface.
55

• If the RADIUS does not return a value in the Framed-MTU attribute (12), the profile request is
NACKed.

• A commit check ensures that the mtu is specified for inet and inet6 address family, they must both be
configured as explicit values if not the same value, or both must be configured with the $junos-
interface-mtu predefined variable (in which case they are set to the same value). Otherwise, the
configuration is forbidden.

Configuring Per-subscriber Maximum Transmission Unit for Dynamic

Profiles

The maximum transmission unit (MTU) can be configured per subscriber for dynamic profiles. The value
of MTU can be static or represented through the $junos-interface-mtu predefined variable. By default,
the variable value is the MTU of the payload, which must be less than or equal to the MTU of the
physical interface minus the VLAN header size. A specific value can be returned through RADIUS
authentication through the Framed-MTU attribute (12). If the RADIUS server fails to return a value in
the Framed MTU attribute, then the default value configured with interface-mtu statement at the [edit
dynamic-profiles profile-name predefined-variable-defaults] hierarchy level is used. You can configure the
MTU value with the mtu statement at the [edit dynamic-profiles name interfaces name unit name family inet]
hierarchy level or at the [edit dynamic-profiles name interfaces name unit name family inet6] hierarchy level.

Before you begin, configure the device interfaces.

To configure per-subscriber MTU for dynamic profiles:

1. Configure per-subscriber MTU for dynamic profiles by hardcoding the mtu value for inet or inet 6
family.

[edit dynamic-profiles dynamic-profiles-name interfaces “$junos-interface-ifd-name” unit unit-

name family inet]
user@host# set mtu mtu-value

[edit dynamic-profiles dynamic-profiles-name interfaces “$junos-interface-ifd-name” unit unit-

name family inet6]
user@host# set mtu mtu-value
56

Configure pre-subscriber MTU for dynamic profiles by hardcoding an mtu value of 1450 for family
inet of dynamic profile vlan-profile.

[edit dynamic-profiles vlan-profile interfaces “$junos-interface-ifd-name” unit 100 family

inet]
user@host# set mtu 1450

2. Configure the value for default for junos-interface-mtu.

[edit dynamic-profiles dynamic-profiles-name predefined-variable-defaults]

user@hots# interface-mtu value

Configure interface mtu value of 1450 for predefined variable defaults of dynamic profile vlan-
profile.

[edit dynamic-profiles vlan-profile predefined-variable-defaults]

user@hots# interface-mtu 1450

Release History Table

Release Description

18.2R1 Starting in Junos OS Release 18.2R1, you can configure an MTU value for a subscriber logical interface
in a dynamic profile.

RELATED DOCUMENTATION

Dynamic Profiles for Subscriber Management | 46

Dynamic Variables Overview | 57
Predefined Variables in Dynamic Profiles | 59
57

Dynamic Variables Overview

IN THIS SECTION

How Dynamic Variables Work | 57

Default Values for Predefined Variables | 58

Unique Identifier (UID) for Parameterized Filters | 58

Variables constitute the dynamic component of a dynamic profile. You use variables in dynamic profiles
as placeholders for dynamically obtained or dynamically generated values that the dynamic profiles use
to configure subscriber interfaces and provision subscribers.

How Dynamic Variables Work

Dynamic variables are data placeholders that you define and place in dynamic profiles. When a
particular event occurs on an interface (for example, a DHCP client accesses the interface), the dynamic
profiles obtain data to fill these placeholders from one of three sources—the interface receiving an
incoming client data packet, an externally configured server (for example, RADIUS), or a value associated
with each user-configurable variable.

For your convenience, Junos OS provides predefined variables that you can use within a dynamic profile.
Most of these variables relate to interface-specific data obtained directly from the interface that
receives an incoming client data packets (for example, interface name, interface unit value, and so on).
When a client accesses the interface, the router software extracts the necessary interface data,
propagates this data to the dynamic profile, and then uses the dynamic profile to configure the interface
for the accessing client.

You can define user-defined variables for individual dynamic profiles at the [dynamic-profiles profile-name
variables] hierarchy level. At this hierarchy level, you create an association between a variable value (for
example, $junos-igmp-version) that appears in the body of the dynamic profile and data associated with
that call value that is managed in an externally configured server (for example, a RADIUS VSA managed
on a RADIUS server) or defined as a value in the variables stanza. When an event occurs on an interface
to trigger the instantiation of a dynamic profile for the interface, Junos OS obtains values for each
variable from an external server (for example, from RADIUS authentication and authorization VSAs)
during the subscriber authentication process. At run time, the variables are replaced by these actual
values and are used to configure the subscriber interface.
58

Default Values for Predefined Variables

You can optionally configure default values for many predefined variables. The Junos OS uses the
default value in the following cases:

• When the external RADIUS server is not available

• When the VSA returned by the RADIUS server does not contain a value for the predefined variable

Unique Identifier (UID) for Parameterized Filters

Parameterized filters use unique identifiers (UIDs) in dynamic profiles created for services. The
generated UIDs enable you to identify and configure separate parameter values for filters with the same
variable name. In addition, assigning a UID improves performance of the router.

For service profiles, you can request the generation of a UID for a user-defined variable by including the
uid statement at the [dynamic-profiles profile-name variables variable-name] hierarchy level. You then
reference the variable name in the filter.

To enable selection of a particular filter in a dynamic profile that contains multiple variables of the same
parameter and criteria type, you must indicate that the variable refers to a UID. To configure, include the
uid-reference statement at the [dynamic-profiles profile-name variables variable-name] hierarchy level. For
example, if the variable $in-filter receives the value of “filter1” from RADIUS, the filter definition named
$filter is used.

RELATED DOCUMENTATION

Predefined Variables in Dynamic Profiles | 59

User-Defined Variables in Dynamic Profiles | 112
Parameterized Filters Overview
RADIUS Attributes and Juniper Networks VSAs Supported by the AAA Service Framework
59

Predefined Variables in Dynamic Profiles

IN THIS SECTION

Junos OS Predefined Variables | 59

Junos OS Predefined Variables That Correspond to RADIUS Attributes and VSAs | 94

Predefined Variable Defaults for Dynamic Client Profiles | 107

Configuring Predefined Dynamic Variables in Dynamic Profiles | 108

Configuring Default Values for Predefined Variables in a Dynamic Profile | 109

Junos OS Predefined Variables

Junos OS contains many predefined variables. The dynamic profile obtains and replaces values for these
variables from an incoming client data packet and configuration (local and RADIUS). These variables are
predefined—you use them in the body of a dynamic profile without first having to define the variables at
the [dynamic-profiles profile-name variables] hierarchy level. Table 6 on page 59 provides a list of
predefined variables, their descriptions, and where in the Junos OS hierarchy you can configure them.

Table 6: Junos OS Predefined Variables and Definitions

Variable Definition

Access and Access-Internal Routes

$junos-framed-route-cost Cost metric of an IPv4 access route. You specify this

variable with the metric statement at the [edit
dynamic-profiles profile-name routing-options access
route address] hierarchy level.

$junos-framed-route-distance Distance of an IPv4 access route. You specify this

variable with the preference statement at the [edit
dynamic-profiles profile-name routing-options access
route address] hierarchy level.
60

Table 6: Junos OS Predefined Variables and Definitions (Continued)

Variable Definition

$junos-framed-route-ip-address-prefix Route prefix of an IPv4 access route. You specify this

variable at the [edit dynamic-profiles profile-name
routing-options access] hierarchy level for the route
statement.

$junos-framed-route-ipv6-address-prefix Route prefix of an IPv6 access route. You specify this

variable with the route statement at either of the
following hierarchy levels:

• [edit dynamic-profiles profile-name routing-

instances $junos-routing-instance routing-options
rib $junos-ipv6-rib access]

• [edit dynamic-profiles profile-name routing-

options rib $junos-ipv6-rib access]

$junos-framed-route-ipv6-cost Cost metric of an IPv6 access route. You specify this

variable with the metric statement at either of the
following hierarchy levels:

• [edit dynamic-profiles profile-name routing-

instances $junos-routing-instance routing-options
rib $junos-ipv6-rib access route $junos-framed-
route-ipv6-address-prefix]

• [edit dynamic-profiles profile-name routing-

options rib $junos-ipv6-rib access route $junos-
framed-route-ipv6-address-prefix]
61

Table 6: Junos OS Predefined Variables and Definitions (Continued)

Variable Definition

$junos-framed-route-ipv6-distance Distance of an IPv6 access route. You specify this

variable with the preference statement at either of the
following hierarchy levels:

• [edit dynamic-profiles profile-name routing-

instances $junos-routing-instance routing-options
rib $junos-ipv6-rib access route $junos-framed-
route-ipv6-address-prefix]

• [edit dynamic-profiles profile-name routing-

options rib $junos-ipv6-rib access route $junos-
framed-route-ipv6-address-prefix]

$junos-framed-route-ipv6-nexthop IPv6 next-hop address of an access route. You specify

this variable with the next-hop statement at either of
the following hierarchy levels:

• [edit dynamic-profiles profile-name routing-

instances $junos-routing-instance routing-options
rib $junos-ipv6-rib access route $junos-framed-
route-ipv6-address-prefix]

• [edit dynamic-profiles profile-name routing-

options rib $junos-ipv6-rib access route $junos-
framed-route-ipv6-address-prefix]

$junos-framed-route-ipv6-tag Tag value of an IPv6 access route. You specify this

variable with the tag statement at either of the
following hierarchy levels:

• [edit dynamic-profiles profile-name routing-

instances $junos-routing-instance routing-options
rib $junos-ipv6-rib access route $junos-framed-
route-ipv6-address-prefix]

• [edit dynamic-profiles profile-name routing-

options rib $junos-ipv6-rib access route $junos-
framed-route-ipv6-address-prefix]
62

Table 6: Junos OS Predefined Variables and Definitions (Continued)

Variable Definition

$junos-framed-route-nexthop IPv4 next-hop address of an access route. You specify

this variable at the [edit dynamic-profiles profile-name
routing-options access route address] hierarchy level
for the next-hop statement.

$junos-framed-route-tag Tag value of an IPv4 access route. You specify this

variable at the [edit dynamic-profiles profile-name
routing-options access route address] hierarchy level
for the tag statement.

$junos-framed-route-tag2 Tag2 value for static routes. You specify this variable at
the [edit dynamic-profiles profile-name routing-
options access route $junos-framed-route-ip-address-
prefix] hierarchy level for the tag2 statement.

$junos-interface-name Logical interface of an access-internal route. DHCP or

PPP supplies this information when the subscriber logs
in. You specify this variable at the [edit dynamic-
profiles profile-name routing-options access-internal
route address] hierarchy level for the qualified-next-
hop statement.

This variable is also used for creating dynamic IP

demux interfaces.

$junos-ipv6-rib Routing table for an IPv6 access route. You specify this
variable with the rib statement at the [edit dynamic-
profiles profile-name routing-instances $junos-
routing-instance routing-options] hierarchy level.

You can use this variable to specify a nondefault

routing instance for the route.
63

Table 6: Junos OS Predefined Variables and Definitions (Continued)

Variable Definition

$junos-subscriber-ip-address IP address of a subscriber identified in an access-

internal route. You specify this variable at the [edit
dynamic-profiles profile-name routing-options access-
internal] hierarchy level for the route statement.

This variable is also used for creating dynamic IP

demux interfaces.

$junos-subscriber-mac-address MAC address for a subscriber identified in an access-

internal route. You specify this variable at the [edit
dynamic-profiles profile-name routing-options access-
internal route address qualified-next hop underlying-
interface] hierarchy level for the mac-address
statement.

Dynamic Protocols

$junos-igmp-access-group-name Specifies the access list to use for the source (S) filter.

$junos-igmp-access-source-group-name Specifies the access list to use for the source-group

(S,G) filter.

$junos-igmp-enable Ensures that IGMP is not disabled on the interface by

an AAA-based authentication and management
method (for example, RADIUS). You specify this
variable at the [dynamic-profiles profile-name
protocols igmp] hierarchy level for the interface
statement.

$junos-igmp-immediate-leave Enables IGMP immediate leave on the interface. You

specify this variable at the [dynamic-profiles profile-
name protocols igmp] hierarchy level for the interface
statement.
64

Table 6: Junos OS Predefined Variables and Definitions (Continued)

Variable Definition

$junos-igmp-version IGMP version configured in a client access profile.

Junos OS obtains this information from the RADIUS
server when a subscriber accesses the router. The
version is applied to the accessing subscriber when the
profile is instantiated. You specify this variable at the
[dynamic-profiles profile-name protocols igmp]
hierarchy level for the interface statement.

$junos-interface-name Name of the dynamic interface to which the subscriber

access client connects. Its use is in dynamically
enabling IGMP on the subscriber interface. You specify
this variable at the [dynamic-profiles profile-name
protocols igmp] hierarchy level for the interface
statement.

The interface name is derived from concatenating the

$junos-interface-ifd-name and the $junos-underlying-
interface-unit variables obtained when a subscriber is
created dynamically at the [dynamic-profiles profile-
name interfaces] hierarchy level.

$junos-ipv6-ndra-prefix Prefix value for the router advertisement interface.

Junos OS obtains this information from the RADIUS
server when a subscriber accesses the router. The
prefix value is applied to the accessing subscriber when
the profile is instantiated. You specify this variable at
the [dynamic-profiles profile-name protocols router-
advertisement interface $junos-interface-name]
hierarchy level.

$junos-mld-access-group-name Specifies the access list to use for the group (G) filter.

$junos-mld-access-source-group-name Specifies the access list to use for the source-group

(S,G) filter.
65

Table 6: Junos OS Predefined Variables and Definitions (Continued)

Variable Definition

$junos-mld-enable Ensures that MLD is not disabled on the interface by

an AAA-based authentication and management
method (for example, RADIUS). You specify this
variable at the [dynamic-profiles profile-name
protocols mld] hierarchy level for the interface
statement.

$junos-mld-immediate-leave Enables MLD immediate leave on the interface. You

specify this variable at the [dynamic-profiles profile-
name protocols mld] hierarchy level for the interface
statement.

$junos-mld-version MLD version configured in a client access profile. Junos

OS obtains this information from the RADIUS server
when a subscriber accesses the router. The version is
applied to the accessing subscriber when the profile is
instantiated. You specify this variable at the [dynamic-
profiles profile-name protocols mld] hierarchy level
for the interface statement.

Dynamic CoS — Traffic-Control Profile Parameters

$junos-cos-adjust-minimum Minimum adjusted shaping rate configured in a traffic-

control profile in a dynamic profile. Junos OS obtains
this information from the RADIUS server when a
subscriber authenticates over the static or dynamic
subscriber interface to which the dynamic profile is
attached.

You reference this variable in the adjust-minimum

statement at the [edit dynamic-profiles profile-name
class-of-service traffic-control-profiles profile-
name] hierarchy level.
66

Table 6: Junos OS Predefined Variables and Definitions (Continued)

Variable Definition

$junos-cos-byte-adjust Byte adjustment value configured in a traffic-control

profile in a dynamic profile. Junos OS obtains this
information from the RADIUS server when a subscriber
authenticates over the static or dynamic subscriber
interface to which the dynamic profile is attached.

You reference this variable in the bytes option with the

overhead-accounting statement at the [edit dynamic-
profiles profile-name class-of-service traffic-
control-profiles profile-name] hierarchy level.

$junos-cos-byte-adjust-cell Overhead bytes when downstream ATM traffic is in

cell-mode.

NOTE: Do not configure the $junos-cos-byte-adjust-

cell variable when the $junos-cos-byte-adjust variable
is configured.

$junos-cos-byte-adjust-frame Overhead bytes when downstream ATM traffic is in

frame-mode.

NOTE: Do not configure the $junos-cos-byte-adjust-

frame variable when the $junos-cos-byte-adjust
variable is configured.

$junos-cos-delay-buffer-rate Delay-buffer rate configured in a traffic-control profile

in a dynamic profile. Junos OS obtains this information
from the RADIUS server when a subscriber
authenticates over the static or dynamic subscriber
interface to which the dynamic profile is attached.

You reference this variable in the delay-buffer-rate

statement at the [edit dynamic-profiles profile-name
class-of-service traffic-control-profiles profile-
name] hierarchy level.
67

Table 6: Junos OS Predefined Variables and Definitions (Continued)

Variable Definition

$junos-cos-excess-rate Excess rate configured in a traffic-control profile in a

dynamic profile. Junos OS obtains this information
from the RADIUS server when a subscriber
authenticates over the static or dynamic subscriber
interface to which the dynamic profile is attached.

You reference this variable in the excess-rate statement

at the [edit dynamic-profiles profile-name class-of-
service traffic-control-profiles profile-name]
hierarchy level.

$junos-cos-excess-rate-high Rate configured for excess high-priority traffic in a

traffic-control profile in a dynamic profile. Junos OS
obtains this information from the RADIUS server when
a subscriber authenticates over the static or dynamic
subscriber interface to which the dynamic profile is
attached.

You reference this variable in the excess-rate-high

statement at the [edit dynamic-profiles profile-name
class-of-service traffic-control-profiles profile-
name] hierarchy level.

$junos-cos-excess-rate-low Rate configured for excesslow-priority traffic in a

traffic-control profile in a dynamic profile for subscriber
access. Junos OS obtains this information from the
RADIUS server when a subscriber authenticates over
the static or dynamic subscriber interface to which the
dynamic profile is attached.

You reference this variable in the excess-rate-low

statement at the [edit dynamic-profiles profile-name
class-of-service traffic-control-profiles profile-
name] hierarchy level.
68

Table 6: Junos OS Predefined Variables and Definitions (Continued)

Variable Definition

$junos-cos-guaranteed-rate Guaranteed rate configured in a traffic-control profile

in a dynamic profile Junos OS obtains this information
from the RADIUS server when a subscriber
authenticates over the static or dynamic subscriber
interface to which the dynamic profile is attached.

You reference this variable in the guaranteed-rate

statement at the [edit dynamic-profiles profile-name
class-of-service traffic-control-profiles profile-
name] hierarchy level.

$junos-cos-guaranteed-rate-burst Burst size for the guaranteed rate that is configured in

a traffic-control profile in a dynamic profile. Junos OS
obtains this information from the RADIUS server when
a subscriber authenticates over the static or dynamic
subscriber interface to which the dynamic profile is
attached.

You reference this variable with the burst-size option

in the guaranteed-rate statement at the [edit dynamic-
profiles profile-name class-of-service traffic-
control-profiles profile-name] hierarchy level.

$junos-cos-scheduler-map Scheduler-map name configured in a traffic-control

You reference this variable in the scheduler-map

statement at the [edit dynamic-profiles profile-name
class-of-service traffic-control-profiles profile-
name] hierarchy level.

NOTE: The scheduler map can be defined dynamically

(at the [edit dynamic-profiles profile-name class-of-
service scheduler-maps] hierarchy level) or statically (at
the [edit class-of-service scheduler-maps] hierarchy
level).
69

Table 6: Junos OS Predefined Variables and Definitions (Continued)

Variable Definition

$junos-cos-shaping-mode Shaping mode configured in a traffic-control profile in a

dynamic profile. Junos OS obtains this information
from the RADIUS server when a subscriber
authenticates over the static or dynamic subscriber
interface to which the dynamic profile is attached.

You reference this variable in the overhead-accounting

statement at the [edit dynamic-profiles profile-name
class-of-service traffic-control-profiles profile-
name] hierarchy level.

$junos-cos-shaping-rate Shaping rate configured in a traffic-control profile in a

dynamic profile. Junos OS obtains this information
from the RADIUS server when a subscriber
authenticates over the static or dynamic subscriber
interface to which the dynamic profile is attached.

You reference this variable in the shaping-rate

statement at the [edit dynamic-profiles profile-name
class-of-service traffic-control-profiles profile-
name] hierarchy level.

$junos-cos-shaping-rate-burst Burst size for the shaping rate configured in a traffic-

You reference this variable with the burst-size option

in the shaping-rate statement at the [edit dynamic-
profiles profile-name class-of-service traffic-
control-profiles profile-name] hierarchy level.

$junos-cos-shaping-rate-excess-high Shaping rate configured for excess high-priority traffic

in a traffic-control profile for a dynamic interface set or
dynamic ACI interface set at a household level.
Specifying this variable in a traffic-control profile for a
dynamic subscriber interface is prohibited.
70

Table 6: Junos OS Predefined Variables and Definitions (Continued)

Variable Definition

$junos-cos-shaping-rate-excess-high-burst Shaping rate burst size configured for excess high-

priority traffic in a traffic-control profile for a dynamic
interface set or dynamic ACI interface set at a
household level. Specifying this variable in a traffic-
control profile for a dynamic subscriber interface is
prohibited.

$junos-cos-shaping-rate-excess-low Shaping rate configured for excess low-priority traffic

$junos-cos-shaping-rate-excess-low-burst Shaping rate burst size configured for excess low-

$junos-cos-shaping-rate-priority-high Shaping rate configured for high-priority traffic in a

traffic-control profile for a dynamic interface set or
dynamic ACI interface set at a household level.
Specifying this variable in a traffic-control profile for a
dynamic subscriber interface is prohibited.

$junos-cos-shaping-rate-priority-high-burst Shaping rate burst size configured for high-priority

traffic in a traffic-control profile for a dynamic interface
set or dynamic ACI interface set at a household level.
Specifying this variable in a traffic-control profile for a
dynamic subscriber interface is prohibited.

$junos-cos-shaping-rate-priority-low Shaping rate configured for low-priority traffic in a

Table 6: Junos OS Predefined Variables and Definitions (Continued)

Variable Definition

$junos-cos-shaping-rate-priority-low-burst Shaping rate burst size configured for low-priority

$junos-cos-shaping-rate-priority-medium Shaping rate configured for medium-priority traffic in a

$junos-cos-shaping-rate-priority-medium-burst Shaping rate burst size configured for medium-priority

$junos-cos-traffic-control-profile Traffic-control profile configured in a dynamic profile

for subscriber access. The Junos OS obtains the profile
information from the RADIUS server when a subscriber
authenticates over the static or dynamic subscriber
interface to which the dynamic profile is attached.

You reference this variable in the traffic-control-

profiles statement at the [edit dynamic-profiles
profile-name class-of-service] hierarchy level.

Dynamic CoS — Scheduler Parameters

Table 6: Junos OS Predefined Variables and Definitions (Continued)

Variable Definition

$junos-cos-scheduler Name of a scheduler configured in a dynamic profile.

Junos OS obtains this information from the RADIUS
server when a subscriber authenticates over the static
or dynamic subscriber interface to which the dynamic
profile is attached.

You reference this variable at the [edit dynamic-

profiles profile-name class-of-service schedulers]
hierarchy level.

$junos-cos-scheduler-bs Buffer size as a percentage of total buffer, specified for

a scheduler configured in a dynamic profile. Junos OS
obtains this information from the RADIUS server when
a subscriber authenticates over the static or dynamic
subscriber interface to which the dynamic profile is
attached.

You reference this variable in the buffer-size statement

with the percent option at the [edit dynamic-profiles
profile-name class-of-service schedulers scheduler-
name] hierarchy level.

$junos-cos-scheduler-pri Packet-scheduling priority value specified for a

scheduler configured in a dynamic profile. Junos OS
obtains this information from the RADIUS server when
a subscriber authenticates over the static or dynamic
subscriber interface to which the dynamic profile is
attached.

You reference this variable in the priority statement at

the [edit dynamic-profiles profile-name class-of-
service schedulers scheduler-name] hierarchy level.
73

Table 6: Junos OS Predefined Variables and Definitions (Continued)

Variable Definition

$junos-cos-scheduler-dropfile-any Name of the drop profile for random early detection

(RED) for loss-priority level any specified for a
scheduler configured in a dynamic profile. Junos OS
obtains this information from the RADIUS server when
a subscriber authenticates over the static or dynamic
subscriber interface to which the dynamic profile is
attached.

You reference this variable in the drop-profile

statement at the [edit dynamic-profiles profile-name
class-of-service schedulers scheduler-name drop-
profile-map loss-priority any protocol any] hierarchy
level.

NOTE: The drop profile must be configured statically

(at the [edit class-of-service drop-profiles] hierarchy
level).

$junos-cos-scheduler-dropfile-high Name of the drop profile for random early detection

(RED) for loss-priority level high specified for a
scheduler configured in a dynamic profile. Junos OS
obtains this information from the RADIUS server when
a subscriber authenticates over the static or dynamic
subscriber interface to which the dynamic profile is
attached.

You reference this variable in the drop-profile

statement at the [edit dynamic-profiles profile-name
class-of-service schedulers scheduler-name drop-
profile-map loss-priority high protocol any] hierarchy
level.

NOTE: The drop profile must be configured statically

(at the [edit class-of-service drop-profiles] hierarchy
level).
74

Table 6: Junos OS Predefined Variables and Definitions (Continued)

Variable Definition

$junos-cos-scheduler-dropfile-low Name of the drop profile for random early detection

(RED) for loss-priority level low specified for a
scheduler configured in a dynamic profile. Junos OS
obtains this information from the RADIUS server when
a subscriber authenticates over the static or dynamic
subscriber interface to which the dynamic profile is
attached.

You reference this variable in the drop-profile

statement at the [edit dynamic-profiles profile-name
class-of-service schedulers scheduler-name drop-
profile-map loss-priority low protocol any] hierarchy
level.

NOTE: The drop profile must be configured statically

(at the [edit class-of-service drop-profiles] hierarchy
level) for loss-priority low.

$junos-cos-scheduler-dropfile-medium-high Name of the drop profile for random early detection

(RED) for loss-priority level medium-high specified for a
scheduler configured in a dynamic profile. Junos OS
obtains this information from the RADIUS server when
a subscriber authenticates over the static or dynamic
subscriber interface to which the dynamic profile is
attached.

You reference this variable in the drop-profile

statement at the [edit dynamic-profiles profile-name
class-of-service schedulers scheduler-name drop-
profile-map loss-priority medium-high protocol any]
hierarchy level.

NOTE: The drop profile must be configured statically

(at the [edit class-of-service drop-profiles] hierarchy
level).
75

Table 6: Junos OS Predefined Variables and Definitions (Continued)

Variable Definition

$junos-cos-scheduler-dropfile-medium-low Name of the drop profile for random early detection

(RED) for loss-priority level medium-low specified for a
scheduler configured in a dynamic profile. Junos OS
obtains this information from the RADIUS server when
a subscriber authenticates over the static or dynamic
subscriber interface to which the dynamic profile is
attached.

You reference this variable in the drop-profile

statement at the [edit dynamic-profiles profile-name
class-of-service schedulers scheduler-name drop-
profile-map loss-priority medium-low protocol any]
hierarchy level.

NOTE: The drop profile must be configured statically

(at the [edit class-of-service drop-profiles] hierarchy
level).

$junos-cos-scheduler-excess-priority Priority value of the excess rate specified for a

You reference this variable in the excess-priority

statement at the [edit dynamic-profiles profile-name
class-of-service schedulers scheduler-name] hierarchy
level.

$junos-cos-scheduler-excess-rate Value of the excess rate specified for a scheduler

configured in a dynamic profile. Junos OS obtains this
information from the RADIUS server when a subscriber
authenticates over the static or dynamic subscriber
interface to which the dynamic profile is attached.

You reference this variable in the excess-rate statement

at the [edit dynamic-profiles profile-name class-of-
service schedulers scheduler-name] hierarchy level.
76

Table 6: Junos OS Predefined Variables and Definitions (Continued)

Variable Definition

$junos-cos-scheduler-shaping-rate Value of the shaping rate specified for a scheduler

You reference this variable in the shaping-rate

statement at the [edit dynamic-profiles profile-name
class-of-service schedulers scheduler-name] hierarchy
level.

$junos-cos-scheduler-tx Transmit rate specified for a scheduler configured in a

dynamic profile. Junos OS obtains this information
from the RADIUS server when a subscriber
authenticates over the static or dynamic subscriber
interface to which the dynamic profile is attached.

You reference this variable in the transmit-rate

statement at the [edit dynamic-profiles profile-name
class-of-service schedulers scheduler-name] hierarchy
level.

Dynamic CoS — Dynamic Interface Sets

Table 6: Junos OS Predefined Variables and Definitions (Continued)

Variable Definition

$junos-aggregation-interface-set-name Name of a hierarchical CoS L2 interface set that

represents a logical intermediate node (DPU-C or PON
tree) in the access network. This is also known as the
dynamic aggregation interface set. The variable take
one of the following values:

• When the hierarchical-access-network-detection

option is configured for the access lines and the
value of the Access-Aggregation-Circuit-ID-ASCII
attribute (TLV 0x03) received either in the ANCP
Port Up message or PPPoE PADR IA tags begins
with a # character, then the variable takes the value
of the remainder of the string after the # character.
The # character identifies the string as a backhaul
identifier.

• When the hierarchical-access-network-detection

option is not configured, or if the string does not
begin with the # character, then the variable takes
the value specified with the predefined-variable-
defaults statement.

You reference this variable in the interface-set

statement at the [edit dynamic-profiles profile-name
interfaces] hierarchy level.

$junos-interface-set-name Name of the interface set obtained from the RADIUS

server Access-Accept message when a subscriber
authenticates over the interface to which the dynamic
profile is attached.

You reference this variable in the interface-set

statement at the [edit dynamic-profiles profile-name
interfaces] hierarchy level.
78

Table 6: Junos OS Predefined Variables and Definitions (Continued)

Variable Definition

$junos-phy-ifd-interface-set-name Locally generated name of an interface set that is

associated with the underlying physical interface in a
dynamic profile. This predefined variable enables you
to group all the subscribers on a specific physical
interface so that you can apply services to the entire
group of subscribers.

This interface set is a default level 2 interface set for

four-level hierarchies and a default level 3 interface set
for five-level hierarchies.

You can use this predefined variable to conserve CoS

resources in a mixed business and residential topology
by collecting the residential subscribers into an
interface set associated with the physical interface.
This causes a level 2 node to be used for the interface
set rather than one for each residential interface.

Otherwise, because the business and residential

subscribers share the same interface and business
subscribers require three levels of CoS, then three
levels are configured for each residential subscriber.
That results in an unnecessary level 2 node being
consumed for each residential connection, wasting CoS
resources.

You reference this variable in the interface-set

statement at the [edit dynamic-profiles profile-name
interfaces] hierarchy level.

$junos-phy-ifd-underlying-intf-set-name Name of a default, topology-based interface set that is

based on the physical interface name with a suffix of “-
underlying” to conserve hierarchical CoS L2 nodes.

This interface is used as a default level 2 interface set.

You reference this variable in the interface-set

statement at the [edit dynamic-profiles profile-name
interfaces] hierarchy level.
79

Table 6: Junos OS Predefined Variables and Definitions (Continued)

Variable Definition

$junos-svlan-interface-set-name Locally generated name of an interface set for use by

dual-tagged VLAN (S-VLAN) interfaces. The name is
based on the outer tag of the dual-tagged VLAN. The
format of the generated variable is
physical_interface_name-outer_vlan_tag.

For example, an Ethernet interface of ge-1/1/0, with a

dual-tagged VLAN interface that has an outer tag of
111, results in a value of ge-1/1/0-111 for $junos-
svlan-interface-set-name.

You reference this variable in the interface-set

statement at the [edit dynamic-profiles profile-name
interfaces] hierarchy level.
80

Table 6: Junos OS Predefined Variables and Definitions (Continued)

Variable Definition

$junos-tagged-vlan-interface-set-name Locally generated name of an interface set that groups

logical interfaces stacked over logical stacked VLAN
demux interfaces. You can use this variable for either a
1:1 (dual-tagged; individual client) VLAN or N:1 (single
tagged; service) VLAN. The format of the generated
variable differs with VLAN type as follows:

• Dual-tagged (client) VLAN—The format is

physical_interface_name-outer_vlan_tag-
inner_vlan_tag.

For example, an Ethernet interface of ge-1/1/0,

with a dual-tagged VLAN interface that has an
outer tag of 111 and an inner tag of 200, results in
a value of ge-1/1/0-111–200 for $junos-tagged-
vlan-interface-set-name.

• Single tagged (service) VLAN—The format is

physical_interface_name-vlan_tag

For example, an Ethernet interface of ge-1/1/0,

with an N:1 VLAN that has a single tag of 200,
results in a value of ge-1/1/0-200 for $junos-
tagged-vlan-interface-set-name.

You reference this variable in the interface-set

statement at the [edit dynamic-profiles profile-name
interfaces] hierarchy level.

Dynamic Connectivity Fault Management Parameters

$junos-action-profile Name of the action profile configured in a dynamic

profile.

$junos-ccm-interval Continuity check interval time configured in a dynamic

profile.

$junos-loss-threshold The number of continuity check messages lost before

marking the remote MEP as down, configured in a
dynamic profile.
81

Table 6: Junos OS Predefined Variables and Definitions (Continued)

Variable Definition

$junos-ma-name-format Name of the maintenance association name format

configured in a dynamic profile.

$junos-md-name-format Name of the maintenance domain format configured in

a dynamic profile.

$junos-ma-name Name of the maintenance association configured in a

dynamic profile.

$junos-md-level Value of ’Level’, configured in a dynamic profile.

$junos-md-name Name of the maintenance domain configured in a

dynamic profile.

$junos-mep-id The ’MEP’ value configured in the dynamic profile.

$junos-remote-mep-id The ’Remote MEP’ value configured in the dynamic

profile.

Filters — RADIUS-obtained Policies

$junos-input-filter Name of an input filter to be attached; filter name is

derived from RADIUS VSA 26-10 (Ingress-Policy-
Name) or RADIUS attribute 11 (Filter-ID) to the
interface.

$junos-input-interface-filter Name of an input filter to be attached to a family any

interface; filter name is derived from RADIUS VSA
26-191 (Input-Interface-Filter) to the interface.

You can also specify the filter name with the $junos-
input-interface-filter statement at the [edit dynamic-
profiles profile-name interfaces interface-name unit
logical-interface-number filter input] hierarchy level.
82

Table 6: Junos OS Predefined Variables and Definitions (Continued)

Variable Definition

$junos-input-ipv6-filter Name of an IPv6 input filter to be attached; filter name

is derived from RADIUS VSA 26-106 (IPv6-Ingress-
Policy-Name) to the interface.

$junos-output-filter Name of an output filter to be attached; filter name is

derived from RADIUS VSA 26-11 (Egress-Policy-Name)
to the interface.

$junos-output-interface-filter Name of an output filter to be attached to a family any

interface; filter name is derived from RADIUS VSA
26-191 (Output-Interface-Filter) to the interface.

You can also specify the filter name with the $junos-
output-interface-filter statement at the [edit dynamic-
profiles profile-name interfaces interface-name unit
logical-interface-number filter output] hierarchy level.

$junos-output-ipv6-filter Name of an IPv6 output filter to be attached; filter

name is derived from RADIUS VSA 26-107 (IPv6-
Egress-Policy-Name) to the interface.

Services

$junos-input-ipv6-service-filter Starting in Junos OS Release 17.2R1, name of an IPv6

input service filter to be attached. The filter name is
derived from RADIUS-VSA 26-202 (IPv6 input service
filter) to the interface.

You specify this variable at the [edit dynamic-profile

profile-name interfaces interface-name unit logical-
unit-number family inet6 service input service-set
service-set-name service-filter] hierarchy level.
83

Table 6: Junos OS Predefined Variables and Definitions (Continued)

Variable Definition

$junos-input-ipv6-service-set Starting in Junos OS Release 17.2R1, name of an IPv6

service set to be attached. The service set name is
derived from RADIUS-VSA 26-200 (IPv6 input service
set) to the interface.

You specify this variable at the [edit dynamic-profile

profile-name interfaces interface-name unit logical-
unit-number family inet6 service input service-set]
hierarchy level.

$junos-input-service-filter Starting in Junos OS Release 17.2R1, name of an IPv4

input service filter to be attached. The filter name is
derived from RADIUS-VSA 26-198 (IPv4 input service
filter) to the interface.

You specify this variable at the [edit dynamic-profile

profile-name interfaces interface-name unit logical-
unit-number family inet service input service-set
service-set-name service-filter] hierarchy level.

$junos-input-service-set Starting in Junos OS Release 17.2R1, name of an IPv4

input service set to be attached. The service set name
is derived from RADIUS-VSA 26-196 (IPv4 input
service set) to the interface.

You specify this variable at the [edit dynamic-profile

profile-name interfaces interface-name unit logical-
unit-number family inet service input service-set]
hierarchy level.

$junos-output-ipv6-service-filter Starting in Junos OS Release 17.2R1, name of an IPv6

service filter to be attached. The filter name is derived
from RADIUS-VSA 26-203 (IPv6 output service filter)
to the interface.

You specify this variable at the [edit dynamic-profile

profile-name interfaces interface-name unit logical-
unit-number family inet6 service output service-set
service-set-name service-filter] hierarchy level.
84

Table 6: Junos OS Predefined Variables and Definitions (Continued)

Variable Definition

$junos-output-ipv6-service-set Starting in Junos OS Release 17.2R1, name of an IPv6

service set to be attached. The service set name is
derived from RADIUS-VSA 26-201 (IPv6 output
service set ) to the interface.

You specify this variable at the [edit dynamic-profile

profile-name interfaces interface-name unit logical-
unit-number family inet6 service output service-set]
hierarchy level.

$junos-output-service-filter Starting in Junos OS Release 17.2R1, name of an IPv4

service filter to be attached. The filter name is derived
from RADIUS-VSA 26-199 (IPv4 output service filter)
to the interface.

You specify this variable at the [edit dynamic-profile

profile-name interfaces interface-name unit logical-
unit-number family inet service output service-set
service-set-name service-filter] hierarchy level.

$junos-output-service-set Starting in Junos OS Release 17.2R1, name of an IPv4

output service set to be attached. The service set name
is derived from RADIUS-VSA 26-197 (IPv4 output
service set ) to the interface.

You specify this variable at the [edit dynamic-profile

profile-name interfaces interface-name unit logical-
unit-number family inet service output service-set]
hierarchy level.

$junos-pcef-profile Starting in Junos OS Release 17.2R1, name of a PCEF

profile to be attached. The profile name is derived from
RADIUS-VSA 26-204 (PCEF profile) to the interface.

You specify this variable at the [edit dynamic-profile

profile-name interfaces interface-name unit logical-
unit-number service] hierarchy level.
85

Table 6: Junos OS Predefined Variables and Definitions (Continued)

Variable Definition

$junos-pcef-rule Starting in Junos OS Release 17.2R1, name of a PCC

rule to activate. The rule name is derived from
RADIUS-VSA 26-205 (PCEF rule) to the interface.

You specify this variable at the [edit dynamic-profile

profile-name interfaces interface-name unit logical-
unit-number service pcef pcef-profile-name activate]
hierarchy level.

Subscriber Interfaces — Dynamic Demux Interfaces

$junos-interface-ifd-name Name of the device to which the subscriber access

client connects. All interfaces are created on this
device. Its primary use is in creating single or multiple
subscribers on a statically created interface. You
specify this variable at the [dynamic-profiles profile-
name interfaces] hierarchy level.

When creating a logical underlying interface for a

dynamic VLAN demux interface, you must also specify
this variable at the [dynamic-profiles profile-name
interfaces demux0 unit $junos-interface-unit demux-
options underlying-interface] hierarchy level.

$junos-interface-target-weight Weight for an interface to associate it with an interface

set and thus with the set’s aggregated Ethernet
member link for targeted distribution. When an
interface set does not have a weight, then the interface
weight value for the first authorized subscriber
interface is used for the set. The value is derived from
RADIUS VSA 26-214 Interface-Target-Weight. Also
associated with Diameter AVP 214.
86

Table 6: Junos OS Predefined Variables and Definitions (Continued)

Variable Definition

$junos-interface-unit Creates a unit number assigned to the logical interface.

The router supplies this information when the
subscriber accesses the network. You specify this
variable at the [dynamic-profiles profile-name
interfaces interface-name] hierarchy level for the unit
statement.

$junos-ipv6-address Selects the IPv6 address of the interface the subscriber

uses. You specify this variable at the [edit dynamic-
profiles profile-name interfaces interface-name unit
logical-unit-number family family], [edit dynamic-
profiles profile-name interfaces demux0 unit logical-
unit-number family family], [edit dynamic-profiles
profile-name interfaces pp0 unit “$junos-interface-
unit” family family], and [edit logical-systems
logical-system-name interfaces interface-name unit
logical-unit-number family family] hierarchy level for
the address statement.

$junos-loopback-interface Selects the loopback interface the subscriber uses. You

specify this variable at the [dynamic profiles profile-
name interfaces demux0 unit "$junos-interface-unit"
family inet] hierarchy level for the unnumbered-address
statement.
87

Table 6: Junos OS Predefined Variables and Definitions (Continued)

Variable Definition

$junos-preferred-source-address Selects the preferred IPv4 source address (family inet)

associated with the loopback address used for the
subscriber. You specify this variable at the [dynamic
profiles profile-name interfaces demux0 unit "$junos-
interface-unit" family inet unnumbered-address
“$junos-loopback-interface”] hierarchy level for the
preferred-source-address statement.

NOTE: Starting in Junos OS Release 16.1, when you

specify a static logical interface for the unnumbered
interface in a dynamic profile that includes the $junos-
routing-instance predefined variable, you must not
configure an IPv4 preferred source address. This
constraint applies whether you use the $junos-
preferred-source-address predefined variable or the
preferred-source-address statement. Configuring the
preferred source address in this circumstance causes a
commit failure.

$junos-preferred-source-ipv6-address Selects the preferred IPv6 source address (family inet6)

associated with the loopback address used for the
subscriber. You specify this variable at the [dynamic
profiles profile-name interfaces demux0 unit "$junos-
interface-unit" family inet6 unnumbered-address
“$junos-loopback-interface”] hierarchy level for the
preferred-source-address statement.

NOTE: Starting in Junos OS Release 16.1, when you

specify a static logical interface for the unnumbered
interface in a dynamic profile that includes the $junos-
routing-instance predefined variable, you must not
configure an IPv6 preferred source address. This
constraint applies whether you use the $junos-
preferred-source-ipv6-address predefined variable or
the preferred-source-address statement. Configuring
the preferred source address in this circumstance
causes a commit failure.
88

Table 6: Junos OS Predefined Variables and Definitions (Continued)

Variable Definition

$junos-subscriber-demux-ip-address IP address of the subscriber. Use this variable instead

of $junos-subscriber-ip-address when the IP demux
subscribers require a framed route returned from the
RADIUS server.

You specify this variable at the [dynamic-profiles

profile-name interfaces demux0 unit family inet demux-
source] hierarchy level.

$junos-subscriber-ip-address IP address of the subscriber. You specify this variable at

the [dynamic-profiles profile-name interfaces demux0
unit family inet demux-source] hierarchy level.

This variable is also used for creating access-internal

routes.

$junos-subscriber-ipv6-address IPv6 address for subscriber. You specify this variable at

the [dynamic-profiles profile-name interfaces
interface-name unit logical-unit-number family inet6
demux-source] hierarchy level.

$junos-subscriber-ipv6-multi-address Expands the demux-source into multiple addresses; for

example, the IPv6 prefix and /128 address for the
subscriber.

You specify this variable at the [dynamic-profiles

profile-name interfaces interface-name unit logical-
unit-number family inet6 demux-source] hierarchy level.
89

Table 6: Junos OS Predefined Variables and Definitions (Continued)

Variable Definition

$junos-underlying-interface Creates a logical underlying interface for a dynamic IP

demux interface. The client logs in on this interface.
You specify this variable at the [dynamic profiles
profile-name interfaces demux0 unit "$junos-interface-
unit" demux-options] hierarchy level for the underlying-
interface statement.

When configured, the underlying interface is used to

determine the $junos-underlying-interface, $junos-
underlying-interface-unit, and $junos-ifd-name
variables. For example, if the receiving logical interface
is ge-0/0/0.1, the $junos-underlying-interface variable
is set to ge-0/0/0 and the $junos-underlying-interface-
unit variable is set to 1.

This variable is also used for creating access-internal

routes.

Subscriber Interfaces — Static VLAN Interfaces

$junos-interface-ifd-name Name of the device to which the subscriber access

$junos-underlying-interface-unit Obtains the unit number for the underlying interface. It

specifies the use of the underlying interface for the
subscriber. You specify this variable at the [dynamic-
profiles profile-name interfaces $junos-interface-ifd-
name] hierarchy level for the unit statement.

Subscriber Interfaces — Dynamic PPPoE Interfaces

Table 6: Junos OS Predefined Variables and Definitions (Continued)

Variable Definition

$junos-interface-unit Specifies the logical unit number when the router

dynamically creates a PPPoE logical interface. The
$junos-interface-unit predefined variable is
dynamically replaced with the unit number supplied by
the network when the PPPoE subscriber logs in. You
specify this variable at the [edit dynamic-profiles
profile-name interfaces pp0] hierarchy level for the
unit statement.

$junos-underlying-interface Specifies the name of the underlying Ethernet interface

on which the router dynamically creates the PPPoE
logical interface. The $junos-underlying-interface
predefined variable is dynamically replaced with the
name of the underlying interface supplied by the
network when the PPPoE subscriber logs in. You
specify this variable at the [edit dynamic-profiles
profile-name interfaces pp0 unit “$junos-interface-
unit” pppoe-options] hierarchy level for the underlying-
interface statement.

Subscriber Interfaces — Dynamic Interface Sets

$junos-interface-set-name Name of an interface set configured in a dynamic

profile. To represent the name of a dynamically created
agent circuit identifier (ACI) interface set, use the
$junos-interface-set-name predefined variable in the
interface-set statement at the [edit dynamic-profiles
profile-name interfaces] hierarchy level.

$junos-interface-set-target-weight Weight for an interface set to associate it and its

member links with an aggregated Ethernet member
link for targeted distribution. The value is derived from
RADIUS VSA 26-213 Interface-Set-Target-Weight. Also
associated with Diameter AVP 213.
91

Table 6: Junos OS Predefined Variables and Definitions (Continued)

Variable Definition

$junos-phy-ifd-interface-set-name Name of an interface set associated with the

underlying physical interface in a dynamic profile.

In a heterogeneous topology where residential and

business subscribers share the same physical interface,
although only two levels of CoS are required for
residential access, business access requires three
levels. Because they share the same physical interface,
three levels are configured for both, causing an
unnecessary level 2 node to be consumed for each
residential connection.

Starting in Junos OS Release 16.1, you can reduce the

CoS resources wasted on residential access by
collecting the residential subscribers into an interface
set associated with the physical interface. In this way, a
level 2 node is used for the interface set rather than for
each residential interface. To do so, specify the $junos-
phy-ifd-interface-set-name predefined variable with the
interface-set statement at the [edit dynamic-profiles
profile-name interfaces] hierarchy level to create the
interface set based on the underlying physical
interface.
92

Table 6: Junos OS Predefined Variables and Definitions (Continued)

Variable Definition

$junos-pon-id-interface-set-name Locally generated interface set name used to associate

individual customer circuits in a passive optical
network (PON) to deliver CoS and other services to the
set of interfaces.

The name is extracted from the DHCPv4 (Option 82,

suboption 2) or DHCPv6 (Option 37) agent remote ID
string inserted by an optical line terminal (OLT) in a
PON. The OLT must format the agent remote ID string
with a pipe symbol (|) as the delimiter between
substrings. The substring extracted for the interface
set name consists of the characters following the last
delimiter in the agent remote ID string.

The extracted substring identifies individual customer

circuits. You determine the format and contents of the
substring, and configure your OLT to insert the
information. Typically, the substring might include the
name and port of the OLT accessed by the CPE optical
network terminal (ONT).

$junos-svlan-interface-set-name Locally generated interface set name for use by dual-

tagged VLAN interfaces based on the outer tag of the
dual-tagged VLAN. The format of the generated
variable is physical_interface_name - outer_VLAN_tag.

Wholesale Networking
93

Table 6: Junos OS Predefined Variables and Definitions (Continued)

Variable Definition

$junos-interface-name Name of the dynamic interface to which the subscriber

access client connects. Its use is in identifying the
subscriber interface. You specify this variable at the
[dynamic-profiles profile-name routing-instance
$junos-routing-instance] hierarchy level for the
interface statement.

The interface name is derived from concatenating the

$junos-interface-ifd-name and the $junos-underlying-
interface-unit variables obtained when a subscriber is
created dynamically at the [dynamic-profiles profile-
name routing-instance $junos-routing-instance
interface] hierarchy level.

$junos-routing-instance Name of the routing instance to which the subscriber

is assigned. This variable triggers a return value from
the RADIUS server for Virtual-Router (VSA 26-1).

You reference this variable in the statement at the

[dynamic-profiles profile-name] hierarchy level for the
routing-instance statement.

NOTE: Starting in Junos OS Release 16.1, when you

specify a static logical interface for the unnumbered
interface in a dynamic profile that includes the $junos-
routing-instance predefined variable, you must not
configure a preferred source address. This constraint
applies whether you use the $junos-preferred-source-
address predefined variable, the $junos-preferred-
source-ipv6-address predefined variable, or the
preferred-source-address statement. Configuring the
preferred source address in this circumstance causes a
commit failure.
94

Table 6: Junos OS Predefined Variables and Definitions (Continued)

Variable Definition

$junos-inner-vlan-map-id Starting in Junos OS Release 16.1R4, identifier for the

inner VLAN tag for Layer 2 wholesale, ANCP-triggered,
autosensed dynamic VLANs.The VLAN tag is allocated
from the inner VLAN ID swap ranges that are
provisioned on the core-facing physical interface. The
inner VLAN tag is swapped with (replaces) the outer
VLAN tag when the subscriber traffic is tunneled to the
NSP.

You specify this variable with the inner-vlan-id

statement at the [edit dynamic-profiles profile-name
interfaces $junos-interface-ifd–name unit $junos-
interface-unit input-vlan-map] hierarchy level.

$junos-vlan-map-id Identifier for a VLAN that is rewritten at the input or

output interface as specified by a VLAN map.

You specify this variable with the vlan-id statement at

the [edit dynamic-profiles profile-name interfaces
$junos-interface-ifd–name unit $junos-interface-unit
input-vlan-map] or [edit dynamic-profiles profile-name
interfaces $junos-interface-ifd–name unit $junos-
interface-unit input-vlan-map] hierarchy levels.

Junos OS Predefined Variables That Correspond to RADIUS Attributes

and VSAs

Table 7 on page 95 lists the RADIUS attributes and Juniper Networks VSAs and their corresponding
Junos OS predefined variables that are used in dynamic profiles. When the router instantiates a dynamic
profile following subscriber access, the Junos OS uses the predefined variable to specify the RADIUS
attribute or VSA for the information obtained from the RADIUS server.

Some predefined variables support the configuration of default values. The configured default value is
used in the event that RADIUS fails to return a value for the variable. You configure default values with
the predefined-variable-defaults predefined-variable default-value statement at the [edit dynamic-profiles]
95

hierarchy level. When you specify the predefined-variable, you use the name of the Junos OS predefined
variable, but you omit the leading $junos- prefix.

Table 7: RADIUS Attributes and Corresponding Junos OS Predefined Variables

Attribute Number Junos OS Predefined Variable Description Default Value

and Name Support for Junos
OS Predefined
Variable

RADIUS Standard Attributes

8 $junos-framed-route-ip-address Address for the No

client
Framed-IP-Address

11 $junos-input-filter Input filter to apply Yes

to client IPv4
Filter-ID NOTE: Variable is also used for VSA interface
26-10.

12 $junos-interface-mtu Maximum size of the Yes

packet; maximum
Framed-MTU transmission unit

22 $junos-framed-route-ip-address-prefix (Subattribute 1): No

Route prefix for
Framed-Route access route

$junos-framed-route-nexthop (Subattribute 2): No

Next hop address
for access route

$junos-framed-route-cost (Subattribute 3): No

Metric for access
route

$junos-framed-route-distance (Subattribute 5): No

Preference for
access route
96

Table 7: RADIUS Attributes and Corresponding Junos OS Predefined Variables (Continued)

Attribute Number Junos OS Predefined Variable Description Default Value

and Name Support for Junos
OS Predefined
Variable

$junos-framed-route-tag (Subattribute 6): Tag No

for access route

97 $junos-ipv6-ndra-prefix Prefix value in IPv6 No

Neighbor Discovery
Framed-IPv6-Prefix route
advertisements

99 $junos-framed-route-ipv6-address-prefix (Subattribute 1): No

Framed IPv6 route
Framed-IPv6-Route prefix configured for
the client

$junos-framed-route-ipv6-cost (Subattribute 3): No

Metric for access
route

$junos-framed-route-ipv6-distance (Subattribute 5): No

Preference for
access route

$junos-framed-route-ipv6-nexthop (Subattribute 2): No

IPv6 routing
information
configured for the
client

$junos-framed-route-ipv6-tag (Subattribute 6): Tag No

for access route

Juniper Networks VSA

Table 7: RADIUS Attributes and Corresponding Junos OS Predefined Variables (Continued)

Attribute Number Junos OS Predefined Variable Description Default Value

and Name Support for Junos
OS Predefined
Variable

26-1 $junos-routing-instance Routing instance to Yes

which subscriber is
Virtual-Router assigned

26-10 $junos-input-filter Input filter to apply Yes

to client IPv4
Ingress-Policy-Name NOTE: Variable is also used for RADIUS interface
attribute 11.

26-11 $junos-output-filter Output filter to Yes

apply to client IPv4
Egress-Policy-Name interface

26-23 $junos-igmp-enable Enable or disable Yes

IGMP on client
IGMP-Enable interface

26-71 $junos-igmp-access-group-name Access list to use for Yes

the group (G) filter
IGMP-Access-Name

26-72 $junos-igmp-access-source-group-name Access List to use Yes

for the source group
IGMP-Access-Src- (S,G) filter
Name

26-74 $junos-mld-access-group-name Access list to use for Yes

the group (G) filter
MLD-Access-Name

26-75 $junos-mld-access-source-group-name Access List to use Yes

for the source group
MLD-Access-Src- (S,G) filter
Name
98

Table 7: RADIUS Attributes and Corresponding Junos OS Predefined Variables (Continued)

Attribute Number Junos OS Predefined Variable Description Default Value

and Name Support for Junos
OS Predefined
Variable

26-77 $junos-mld-version MLD protocol Yes

version
MLD-Version

26-78 $junos-igmp-version IGMP protocol Yes

version
IGMP-Version

26-97 $junos-igmp-immediate-leave IGMP immediate Yes

leave
IGMP-Immediate-
Leave

26-100 $junos-mld-immediate-leave MLD immediate Yes

leave
MLD-Immediate-
Leave

26-106 $junos-input-ipv6-filter Input filter to apply Yes

to client IPv6
IPv6-Ingress-Policy- interface
Name

26-107 $junos-output-ipv6-filter Output filter to Yes

apply to client IPv6
IPv6-Egress-Policy- interface
Name

26-108 $junos-cos-scheduler-map (T01: Scheduler-map Yes

name) Name of
CoS-Parameter-Type scheduler map
configured in traffic-
control profile
99

Table 7: RADIUS Attributes and Corresponding Junos OS Predefined Variables (Continued)

Attribute Number Junos OS Predefined Variable Description Default Value

and Name Support for Junos
OS Predefined
Variable

$junos-cos-shaping-rate (T02: Shaping rate) Yes

Shaping rate
configured in traffic-
control profile

$junos-cos-guaranteed-rate (T03: Guaranteed Yes

rate) Guaranteed
rate configured in
traffic-control profile

$junos-cos-delay-buffer-rate (T04: Delay-buffer Yes

rate) Delay-buffer
rate configured in
traffic-control profile

$junos-cos-excess-rate (T05; Excess rate) Yes

Excess rate
configured in traffic-
control profile

$junos-cos-traffic-control-profile (T06: Traffic-control Yes

profile) Name of the
traffic-control profile
configured in a
dynamic profile

$junos-cos-shaping-mode (T07; Shaping mode) Yes

CoS shaping mode
configured in a
dynamic profile
100

Table 7: RADIUS Attributes and Corresponding Junos OS Predefined Variables (Continued)

Attribute Number Junos OS Predefined Variable Description Default Value

and Name Support for Junos
OS Predefined
Variable

$junos-cos-byte-adjust (T08; Byte adjust) Yes

Byte adjustments
configured for the
shaping mode in a
dynamic profile

$junos-cos-adjust-minimum (T09; Adjust Yes

minimum) Minimum
adjusted value
allowed for the
shaping rate in a
dynamic profile

$junos-cos-excess-rate-high (T10; Excess rate Yes

high) Excess rate
configured for high-
priority traffic in a
dynamic profile

$junos-cos-excess-rate-low (T11; Excess rate Yes

low) Excess rate
configured for low-
priority traffic in a
dynamic profile

$junos-cos-shaping-rate-burst (T12; Shaping rate Yes

burst) Burst size
configured for the
shaping rate in a
dynamic profile
101

Table 7: RADIUS Attributes and Corresponding Junos OS Predefined Variables (Continued)

Attribute Number Junos OS Predefined Variable Description Default Value

and Name Support for Junos
OS Predefined
Variable

$junos-cos-guaranteed-rate-burst (T13; Guaranteed Yes

rate burst) Burst size
configured for the
guaranteed rate in a
dynamic profile

26-130 $junos-interface-set-name Name of an Yes

interface set
Qos-Set-Name configured in a
dynamic profile

26-146 $junos-cos-scheduler (Null: Scheduler Yes

name) Name of
CoS-Scheduler-Pmt- scheduler
Type configured in a
dynamic profile

$junos-cos-scheduler-tx (T01: CoS scheduler Yes

transmit rate)
Available for
Transmit rate for
multiple parameters:
scheduler
configured in a
• Percent
dynamic profile
• Rate

$junos-cos-scheduler-bs (T02: CoS scheduler Yes

buffer size) Buffer
Available for
size for scheduler
multiple parameters:
configured in a
dynamic profile
• Percent

• Temporal
102

Table 7: RADIUS Attributes and Corresponding Junos OS Predefined Variables (Continued)

Attribute Number Junos OS Predefined Variable Description Default Value

and Name Support for Junos
OS Predefined
Variable

$junos-cos-scheduler-pri (T03: CoS scheduler Yes

priority) Packet-
scheduling priority
for scheduler
configured in a
dynamic profile

$junos-cos-scheduler-dropfile-low (T04: CoS scheduler Yes

drop-profile low)
Name of drop profile
for RED loss-priority
level low for
scheduler
configured in a
dynamic profile

$junos-cos-scheduler-dropfile-medium- (T05: CoS scheduler Yes

low drop-profile
medium-low) Name
of drop profile for
RED loss-priority
level medium-low for
scheduler
configured in a
dynamic profile

$junos-cos-scheduler-dropfile-medium- (T06: CoS scheduler Yes

high drop-profile
medium-high) Name
of drop profile for
RED loss-priority
level medium-high for
scheduler
configured in a
dynamic profile
103

Table 7: RADIUS Attributes and Corresponding Junos OS Predefined Variables (Continued)

Attribute Number Junos OS Predefined Variable Description Default Value

and Name Support for Junos
OS Predefined
Variable

$junos-cos-scheduler-dropfile-high (T07: CoS scheduler Yes

drop-profile high)
Name of drop profile
for RED loss-priority
level high for
scheduler
configured in a
dynamic profile

$junos-cos-scheduler-dropfile-any (T08: CoS scheduler Yes

drop-profile any)
Name of drop profile
for RED loss-priority
level any for
scheduler
configured in a
dynamic profile

$junos-cos-scheduler-excess-rate (T09: CoS scheduler Yes

excess rate) Excess
Available for
rate configured for a
multiple parameters:
scheduler in a
dynamic profile
• Percent

• Proportion

$junos-cos-scheduler-shaping-rate (T10: CoS scheduler Yes

shaping rate)
Available for
Shaping rate
multiple parameters:
configured for a
scheduler in a
• Percent
dynamic profile
• Rate
104

Table 7: RADIUS Attributes and Corresponding Junos OS Predefined Variables (Continued)

Attribute Number Junos OS Predefined Variable Description Default Value

and Name Support for Junos
OS Predefined
Variable

$junos-cos-scheduler-excess-priority (T11: CoS scheduler Yes

excess priority)
Excess priority
configured for a
scheduler in a
dynamic profile

26-191 $junos-input-interface-filter Name of an input No

filter to be attached
Input-Interface-Filter
to a family any
interface.

26-192 $junos-output-interface-filter Name of an output No

filter to be attached
Output-Interface-
to a family any
Filter
interface.

26-196 $junos-input-service-set Name of an IPv4 No

input service set to
IPv4-Input-Service- be attached.
Set

26-197 $junos-output-service-set Name of an IPv4 No

output service set to
IPv4-Output- be attached.
Service-Set

26-198 $junos-input-service-filter Name of an IPv4 No

input service filter to
IPv4-Input-Service- be attached.
Filter
105

Table 7: RADIUS Attributes and Corresponding Junos OS Predefined Variables (Continued)

Attribute Number Junos OS Predefined Variable Description Default Value

and Name Support for Junos
OS Predefined
Variable

26-199 $junos-output-service-filter Name of an IPv4 No

output service filter
IPv4-Output- to be attached.
Service-Filter

26-200 $junos-input-ipv6-service-set Name of an IPv6 No

input service set to
IPv6-Input-Service- be attached.
Set

26-201 $junos-output-ipv6-service-set Name of an IPv6 No

output service set to
IPv6-Output- be attached.
Service-Set

26-202 $junos-input-ipv6-service-filter Name of an IPv6 No

input service filter to
IPv6-Input-Service- be attached.
Filter

26-203 $junos-output-ipv6-service-filter Name of an IPv6 No

output service filter
IPv6-Output- to be attached.
Service-Filter

26-204 $junos-pcef-profile Name of a PCEF No

profile to be
Adv-Pcef-Profile- attached.
Name

26-205 $junos-pcef-rule Name of a PCC rule No

to activate.
Adv-Pcef-Rule-Name
106

Table 7: RADIUS Attributes and Corresponding Junos OS Predefined Variables (Continued)

Attribute Number Junos OS Predefined Variable Description Default Value

and Name Support for Junos
OS Predefined
Variable

26-211 $junos-inner-vlan-tag-protocol-id Name of VLAN map Yes

to activate

26-212 $junos-routing-services Enables or disables No

routing services
capability. If you
enable this variable
in your configuration
and RADIUS does
not return the VSA,
then routing
services are disabled
for the subscriber.

26-213 $junos-interface-set-target-weight Specify a weight for Yes

an interface set to
associate it and its
member links with
an aggregated
Ethernet member
link for targeted
distribution.
107

Table 7: RADIUS Attributes and Corresponding Junos OS Predefined Variables (Continued)

Attribute Number Junos OS Predefined Variable Description Default Value

and Name Support for Junos
OS Predefined
Variable

26-214 $junos-interface-target-weight Specify a weight for Yes

an interface to
associate it with an
interface set and
thus with the set’s
aggregated Ethernet
member link for
targeted
distribution. When
an interface set does
not have a weight,
then the interface
weight value for the
first authorized
subscriber interface
is used for the set.

Predefined Variable Defaults for Dynamic Client Profiles

You can optionally configure default values for many predefined variables. The Junos OS uses the
default value in the following cases:

• When the external RADIUS server is not available

• When the VSA returned by the RADIUS server does not contain a value for the predefined variable

The RADIUS value for a predefined variable takes precedence over the default value. For example, if you
have configured a default for a predefined variable, but RADIUS also returns a value, the system uses
the value from RADIUS instead.

The default value must be appropriate to the variable, such as an integer or an alphanumeric string.
Starting in Junos OS Release 19.3R1, you can also configure the default value of a predefined variable to
be another predefined variable by using a variable expression. In earlier releases, the default value must
be fixed; it cannot be a variable.
108

NOTE: Expressions are typically configured for user-defined variables and dynamic service
profiles. See "Using Variable Expressions in User-Defined Variables" on page 114 for more
information.

When you use a variable expression, you are setting up a condition that determines the default value of
the predefined variable. The value of the default is different when the condition is matched than when it
is not matched. In dynamic client profiles, you can configure any of the following operators for variable
expressions:

• equals—Assigns a predefined variable as the default value.

• ifNotZero(parameter-1, parameter-2)—Sets a condition to be matched. Assigns the value from

parameter-2 as the default value only when parameter-1 is nonzero, meaning that the parameter
resolved to some value.

• ifZero(parameter-1, parameter-2)—Sets a condition to be matched. Assigns the value from parameter-2

as the default value only when parameter-1 is zero, meaning that the parameter did not resolve to
any value. If parameter-1 did resolve to a value (therefore it is not zero), then the value from
parameter-1 is assigned as the default.

You can also nest expressions, which provides additional conditions for setting the variable value. For
example, a dynamic profile for a subscriber in a heterogeneous network might have the following
configuration for the predefined-variable-defaults statement:

predefined-variable-defaults {
aggregation-interface-set-name equals "$junos-phy-ifd-underlying-intf-set-name";
interface-set-name equals "ifZero($junos-default-interface-set-name, $junos-phy-ifd-
interface-set-name)";
default-interface-set-name equals "ifZero($junos-interface-set-name, ifNotZero($junos-
aggregation-interface-set-name, $junos-aggregation-interface-set-name##'-default'))";
}

See Dynamic Level 2 and Level 3 Interface Set Naming with Predefined Variables for a detailed
explanation of how to evaluate these expressions in the context of a heterogeneous network.

Configuring Predefined Dynamic Variables in Dynamic Profiles

This topic discusses how to configure predefined variables in a dynamic profile. The dynamic profile
obtains and replaces data for these variables from an incoming client data packet. You can specify these
109

variables in the body of a dynamic profile without having to first define the variables at the [edit dynamic-
profiles profile-name variables] hierarchy level.

Before you configure dynamic variables:

1. Create a basic dynamic profile.

See "Configuring a Basic Dynamic Profile" on page 51.

2. Ensure that the router hardware is configured in the network to accept subscriber access.

To configure predefined variables in a dynamic profile:

1. Access the desired dynamic profile.

[edit]
user@host# edit dynamic-profiles profile-name
[edit dynamic-profiles profile-name]

2. Configure the necessary variables (in this example, for a protocol interface).

[edit dynamic-profiles profile-name]

user@host# set protocols protocol-name interface predefined-variable-name

For example, the following simple configuration uses a predefined variable to dynamically create the
interface accessed by the IGMP client, enabling IGMP on the subscriber interface:

[edit]
user@host# set dynamic-profiles igmp1-prof protocols igmp interface $junos-interface-name

For a complete list of supported predefined variables, see "Junos OS Predefined Variables" on page
59.

Configuring Default Values for Predefined Variables in a Dynamic Profile

For any Junos OS predefined variable that can be sourced from RADIUS, you can specify a default value
in a dynamic client profile. These default values are used when RADIUS does not supply a value.

Defining default values for these predefined variables enables you to determine whether to source
values locally from the profile instead of only from RADIUS. This enables you to use RADIUS as a way to
selectively override predefined variable values, instead of being the sole source of those values.
110

For a list of predefined variables and options for which you can configure default values, see "Junos OS
Predefined Variables That Correspond to RADIUS Attributes and VSAs" on page 94.

To configure default values for Junos predefined variables:

1. Specify that you want to configure the dynamic client profile.

[edit]
user@host# edit dynamic-profile profile-name

2. Configure the default value for a predefined variable or for a specific option within a predefined
variable.

[edit dynamic-profiles profile-name]

user@host# set predefined-variable-defaults predefined-variable variable-option default-value

NOTE: When you specify the predefined-variable, you use the name of the Junos OS
predefined variable, but you omit the leading $junos- prefix.

For example, consider the behavior when you have the following configuration to specify a default value
for the $junos-routing-instance predefined variable:

[edit dynamic-profiles prof1]

user@host# set predefined-variable-defaults routing-instances RI-def

• When RADIUS does not return a routing instance, the subscribers come up in the RI-def routing
instance.

• When RADIUS returns routing-instance RI-res, the subscribers come up in the RI-res routing
instance.

When you do not configure a default value for the $junos-routing-instance predefined variable and
RADIUS does not return a value, the subscribers come up in the master routing instance, which is the
Junos OS default.

Release History Table

Release Description

19.3R1 Starting in Junos OS Release 19.3R1, you can also configure the default value of a predefined variable to
be another predefined variable by using a variable expression.
111

17.2R1 Starting in Junos OS Release 17.2R1, name of an IPv6 input service filter to be attached.

17.2R1 Starting in Junos OS Release 17.2R1, name of an IPv6 service set to be attached.

17.2R1 Starting in Junos OS Release 17.2R1, name of an IPv4 input service filter to be attached.

17.2R1 Starting in Junos OS Release 17.2R1, name of an IPv4 input service set to be attached.

17.2R1 Starting in Junos OS Release 17.2R1, name of an IPv6 service filter to be attached.

17.2R1 Starting in Junos OS Release 17.2R1, name of an IPv6 service set to be attached.

17.2R1 Starting in Junos OS Release 17.2R1, name of an IPv4 service filter to be attached.

17.2R1 Starting in Junos OS Release 17.2R1, name of an IPv4 output service set to be attached.

17.2R1 Starting in Junos OS Release 17.2R1, name of a PCEF profile to be attached.

17.2R1 Starting in Junos OS Release 17.2R1, name of a PCC rule to activate.

16.1R4 Starting in Junos OS Release 16.1R4, identifier for the inner VLAN tag for Layer 2 wholesale, ANCP-
triggered, autosensed dynamic VLANs.

16.1 Starting in Junos OS Release 16.1, when you specify a static logical interface for the unnumbered
interface in a dynamic profile that includes the $junos-routing-instance predefined variable, you must not
configure an IPv4 preferred source address.

16.1 Starting in Junos OS Release 16.1, you can reduce the CoS resources wasted on residential access by
collecting the residential subscribers into an interface set associated with the physical interface.

RELATED DOCUMENTATION

Dynamic Variables Overview | 57

User-Defined Variables in Dynamic Profiles | 112
Standard and Vendor-Specific RADIUS Attributes
Dynamic Level 2 and Level 3 Interface Set Naming with Predefined Variables
Dynamic Profiles for Subscriber Management | 46
Example: Firewall Dynamic Profile
Example: IGMP Dynamic Profile

User-Defined Variables in Dynamic Profiles

IN THIS SECTION

User-Defined Variables | 112

Configuring User-Defined Dynamic Variables in Dynamic Profiles | 113

Using Variable Expressions in User-Defined Variables | 114

Configuring Variable Expressions in Dynamic Profiles | 119

Conditional Configuration for Dynamic Profile Overview | 121

User-Defined Variables

In dynamic service profiles, the Junos OS enables you to configure custom variables at the [edit dynamic-
profiles profile-name variables] hierarchy level and use those variables in the [edit dynamic-profiles]
hierarchy. The dynamic profile obtains and replaces data for these variables from an external server (for
example, RADIUS) during the subscriber authentication process. At run time, the variables are replaced
by actual values and used to configure subscriber interfaces.

You can use any of the following statements to configure user-defined variables:

• default-value—Configure a default value for a user-defined variable in a dynamic profile. The values
that the system uses for these variables are applied when the subscriber authenticates. Specifying a
default value provides a standalone configuration for the associated statement or a backup for the
113

statement configuration if the external server is inaccessible or does not contain a value for the
variable.

• equals—Configure an expression for a user-defined variable that is evaluated at run time and returned
as the variable value.

• mandatory—Specify that an external server (for example, RADIUS) must return a value for the user-
defined variable. If the external server does not return a value for the variable, the dynamic profile
fails.

NOTE: The order in which you define how variables are obtained is important. To ensure that
you obtain any mandatory variables from an external server, and not derive values from
defaults or through variable expressions, you must define any mandatory variables first.

• uid—Configure a unique ID for parameterized filters and CoS in a dynamic profile created for services.

• uid-reference—Configure a variable that references a unique ID for parameterized filters or CoS in a

dynamic profile created for services.

Configuring User-Defined Dynamic Variables in Dynamic Profiles

This topic discusses how to configure a user-defined dynamic variable in a dynamic service profile. You
can define a variable at the [edit dynamic-profiles profile-name variables] hierarchy level that is used
elsewhere in the dynamic service profile. You can optionally specify a default value for any dynamic
variable that appears in the body of the dynamic profile. The default variable values are used in the
event the router is unable to access an external server (for example, RADIUS) or otherwise obtain a
value for use as the dynamic variable. Alternatively, you can specify that using a RADIUS-returned value
is mandatory; if that value is not received, then the profile fails.

Before you configure any dynamic variable default values:

1. Create a basic dynamic profile.

See "Configuring a Basic Dynamic Profile" on page 51.

2. Ensure that the router is configured to enable communication between the client and the RADIUS
server.

See Specifying the Authentication and Accounting Methods for Subscriber Access.

3. Configure all RADIUS values that you want the profiles to use when validating subscribers.

See RADIUS Servers and Parameters for Subscriber Access

114

To configure variables in a dynamic service profile:

1. Access the variables stanza in the desired dynamic service profile.

[edit]
user@host# edit dynamic-profiles Profile1 variables

2. Define the variable.

[edit dynamic-profiles Profile1 variables]

user@host# set video-filter equals “’Filter1’”

3. (Optional) Specify a default value for use by the variable in the event the router cannot contact the
external server or if the external server does not contain a value for the assigned attribute.

[edit dynamic-profiles Profile1 variables]

user@host# set video-filter default-value Filter_default

4. (Optional) Specify that the external server must return a value for a user-defined variable.

[edit dynamic-profiles Profile1 variables]

user@host# set video-filter mandatory

NOTE: When you include the mandatory statement, if the external server does not return a
value for the variable, the dynamic service profile fails.

Using Variable Expressions in User-Defined Variables

Junos OS enables you to create expressions—groups of arithmetic operators, string operators, and
operands—for use as variables within dynamic profiles. You configure variable expressions at the
[dynamic-profiles profile-name variables] hierarchy level. At run time, the variable expressions are
calculated and used as variable values to configure dynamic subscriber interfaces.

When configuring expressions in dynamic profiles, you must adhere to the following rules:

• You can configure expressions only within a variable stanza of a dynamic profile.
115

NOTE: Starting in Junos OS Release 19.3R1, you can configure expressions in the predefined-
variable-defaults statement in a dynamic profile. See "Predefined Variable Defaults for
Dynamic Client Profiles" on page 107.

• Dynamic profiles that contain expressions for user-defined variables must be used only for service
activation.

• You generally assign expressions only to user-defined variables. You cannot assign expressions to
internal variables or predefined variables.

NOTE: Starting in Junos OS Release 19.3R1, you can configure a limited number of
expressions to establish default values for predefined variables. See "Predefined Variable
Defaults for Dynamic Client Profiles" on page 107.

• Expression values are given precedence over default values.

• Entire expressions must be contained within quotation marks (“ ”).

• Strings within the expressions must be quoted within single quotation marks (’ ’) and the single
quotation marks can contain only strings.

• White space is treated as a delimiter for all operands and operators. Strings containing spaces that
you create within expressions are treated as single strings and include any leading or trailing white
space. For example:

dynamic-profiles {
service profile {
variables {
scheduler-name;
video-filter equals “ ‘ Filter 1 ’ ” # Everything within the single
quotation marks is considered a string, including the leading and trailing white space
}
}
}

• The expression must be either all arithmetic operators or all string operators; mixing arithmetic
operators and string operators is not allowed unless properly converted to the correct type.
116

• Expressions can refer to other system predefined variables or other user-defined variables. However,
no circular referencing between variables is allowed. For example, the following reference is
incorrect:

dynamic-profiles {
Service_Profile_1 {
variables {
scheduler-name;
transmit-rate2 equals “ ( $transmit-rate1 * 2)/3” # refers to transmit-rate1
transmit-rate1 equals “ ( $transmit-rate2 * 2)/3” # refers to transmit-rate2
}
}
}

• Any mandatory variable that does not contain a “default” value or an “equals” expression must
contain a value as a part of service activation. For example, a RADIUS service VSA like “service-
video( value1, value2)” that contains two or fewer mandatory variables in the dynamic service profile
definition “service-video” succeeds. The service activation fails if at least one mandatory variable
does not have any value associated with it, either through “default” or “equals” attribute evaluation.

Table 8 on page 116 lists supported operators and functions you can use to create expressions.

NOTE: Precedence 5 is the highest level.

Table 8: Operators and Functions

Operation Operator Associativity Precedence Action

Arithmetic + Left 1 Adds the elements to the right and

Addition left of the operator together.

Arithmetic - Left 1 Subtracts the element to the right

Subtraction of the operator from the element
to the left of the operator.

Arithmetic * Left 2 Multiplies the element to the left of

Multiplication the operator by the element to the
right of the operator.
117

Table 8: Operators and Functions (Continued)

Operation Operator Associativity Precedence Action

Arithmetic / Left 2 Divides the element to the left of

Division the operator by the element to the
right of the operator.

Arithmetic % Left 2 Divides the element to the left of

Modulo the operator by the element to the
right of the operator and returns
the integer remainder. If the
element to the left of the operator
is less than the element to the right
of the operator, the result is the
element to the left of the operator.

Concatenation ## Left 3 Creates a new string by joining the

string values to the left of the
operator and the values to the right
of the operator together.

Maximum max(param1,param2) Left 4 Takes the maximum of the two

values passed as parameters.

Minimum min(param1,param2) Left 4 Takes the minimum of the two

values passed as parameters.

Round round(param1) - 4 Rounds the value to the nearest

integer.

Truncate trunc(param1) - 4 Truncates a non-integer value to

the value left of the decimal point.

Convert to String toStr(param1) - 4 Converts the variable inside the

parentheses to a null terminated
string.
118

Table 8: Operators and Functions (Continued)

Operation Operator Associativity Precedence Action

Convert to toInt(param1) - 4 Converts the parameter to an

Integer integer. A single string or variable is
allowed as a parameter.

Random rand() - 4 Generates a random numerical

value.

If Not Zero ifNotZero(param1, Left 4 Returns the second parameter if

param2) the first parameter is not zero.
Returns NULL if first parameter is
zero.

Parentheses () - 5 Groups operands and operators to

achieve results different from
simple precedence; effectively has
the highest precedence.

Expressions are evaluated after variables are populated with values. The evaluation is conducted
immediately before profile instantiation and includes value checking. If the computed values are not
acceptable, or rules governing expression syntax are broken, the expression evaluation fails, profile
instantiation does not occur, and messages are logged to describe the errors.

Table 9 on page 118 lists the possible expression error scenarios and the action taken by the router
software.

Table 9: Expression Errors and Actions

Error Occurance Action Variable Value

Parsing error Commit check phase Commit fails not applicable

Circular variable dependency error Commit check phase Commit fails not applicable

Variables inside the expressions are not Commit check phase Commit fails not applicable
defined
119

Table 9: Expression Errors and Actions (Continued)

Error Occurance Action Variable Value

Divide by zero Profile Instantiation Profile instantiation fails Zero (0)

Adding string to a number Profile Instantiation Profile instantiation fails Zero (0)

Overflow error Profile Instantiation Profile instantiation fails Undefined

Underflow error Profile Instantiation Profile instantiation fails Undefined

You can also configure the user-defined variables with a default value. The default value provides a
standalone configuration for the associated statement or a backup for the statement configuration if the
RADIUS server is inaccessible or the VSA attribute does not contain a value.

Configuring Variable Expressions in Dynamic Profiles

You can create expressions—groups of arithmetic operators, string operators, and operands—for use as
variables within dynamic profiles. These expressions are used as variable values to configure dynamic
subscriber interfaces.

To configure dynamic profile variable expressions:

1. Access the dynamic profile for which you want to create variable expressions.

[edit]
user@host# edit dynamic-profiles profile-name

2. Access the variables hierarchy for the dynamic profile.

[edit dynamic-profiles profile-name]

user@host# edit variables
120

3. Define the variable using the expression operators and operands described in "Using Variable
Expressions in User-Defined Variables" on page 114.

[edit dynamic-profiles profile-name variables]

user@host# set expression

Table 10 on page 120 provides several examples of expressions that you can create using the supported
operators and functions.

Table 10: Expression Examples

Example Description

video-filter equals “’ Filter1’ ” Assigns the string “ Filter1” to the dynamic $video-filter variable.

video-filter2 equals “$video-filter ## Converts dynamic variable “$video-filter” to a string and

‘ Filter2’ ” concatenates the new string with the string “ Filter2”. The result is
the string “$video-filter Filter2” assigned to the $video-filter2
variable.

tempvar equals “120” Converts “120” to an integer and assigns the integer to the $tempvar
variable.

transmit-rate2 equals “ ( $transmit-rate1 Multiplies the “transmit-rate1” variable by 2 and divides that value
* 2)/3 + $tempvar)” by the sum of 3 and the value of “$tempvar”. The result is assigned to
the $transmit-rate2 variable.

host-ip equals “ ’203.0.113.2’ ” Assigns the string “203.0.113.2” to the $host-ip variable.

max-val “max($max1,$max2)” Assigns the greater of value “max1” or “max2” to the $max-val
variable.

min-val “$min($var1,30)” Assign the smaller of value “var1” and “30” to the $min-val variable.

rounded-var equals “round($var1 )” Rounds off the value of the variable “$var1” to the nearest integer
and assigns the value to the $rounded-var variable.
121

Table 10: Expression Examples (Continued)

Example Description

trunc-var equals “trunc(1234.5)” Truncates the value in parentheses to the left side of the decimal and
assigns the resulting value to the $trunc-var variable.

bwg-shaping-rate equals “$ancp- Evaluates the expression as per the precedence set in the
downstream - ($ancp-downstream % 2 * parentheses.
(1 - $sp-qos-cell-mode))”

temp-filter1 equals “ ’Filter1’ ## Converts the “$filter” variable to a string value and concatenates the
toStr($filter)” converted string to the string “Filter1”. The resulting combined string
is assigned to the $temp-filter1 variable.

Conditional Configuration for Dynamic Profile Overview

You can configure conditional configuration statements for dynamic profiles to dynamically obtain
subscriber information for a client or service.

Conditional configuration involves two main steps:

1. Defining the conditional variable

2. Referencing the conditional variable in a configuration statement

A conditional variable is defined as an expression ifNotZero (param1, param2). In this expression,

param1 is a user-defined variable whose value is derived from an external server such as RADIUS and
param2 can be a user-defined variable, a function, operation, number, or string. A conditional variable
can be user-defined or Unique ID (UID) reference variable. It cannot be a predefined or UID variable. In
Junos OS, conditional variables are supported only for the service dynamic profiles.

The configuration statements in which the conditional variables are referenced are called conditional
configuration statements. After the conditional variable are defined, they are referenced in dynamic-
profiles configuration statements and are processed when the service profile is instantiated. The
following service profile configuration statements support conditional variables:

• dynamic-profiles profile-name interfaces interface-name unit unit-no family type filter input filter-name

• dynamic-profiles profile-name interfaces interface-name unit unit-no family type filter output filter-name
122

• dynamic-profiles profile-name firewall family type filter filter-name term term-name

• dynamic-profiles profile-name firewall family type filter filter-name term term-name then policer policer-name

• dynamic-profiles profile-name firewall family type filter filter-name term term-name then hierarchical-policer
policer-name

• dynamic-profiles profile-name class-of-service scheduler-maps map-name forwarding-class class-name scheduler

scheduler-name

The system follows the following set of rules while evaluating the conditional variables and conditional
configuration statements during service profile instantiation:

• In the function ifNotZero(param1, param2), if the value of a param1 is not received from an external
server and if the default value is not configured, the value of the variable is treated as non-zero and
param2 is evaluated.

• If the value of param1 in the function ifNotZero(param1, param2) is 0, then NULL is returned as the
value of the expression and param2 is not evaluated. In this case, the value of the conditional variable
becomes NULL and the configuration statement in which the conditional variable is referenced is
ignored.

• If the value of param1 is non-zero, then param2 is evaluated and its value is returned as the value of
the expression.

The following filter-service and cos-service configuration examples show how the rules are applied:

Filter Service Configuration Example

filter-service {
variables {
input-filter-var mandatory;
output-filter-var mandatory;
bw-limit-var mandatory;
term1-var default-value term1;
input-filter-ref {
equals "ifNotZero($input-filter-var,$input-filter-var)";
uid-reference;
}
output-filter-ref {
equals "ifNotZero($output-filter-var,$output-filter-var)";
uid-reference;
}
policer1-ref {
equals "ifNotZero($bw-limit-var,'policer1')";
123

uid-reference;
}

term1 equals "ifNotZero($term1-var,$term1-var)";

input-filter uid;
output-filter uid;
policer1 uid;
}
interfaces {
pp0 {
unit "$junos-interface-unit" {
family inet {
filter {
input "$input-filter-ref" precedence 50;
output "$output-filter-ref" precedence 50;
}
}
}
}
}
firewall {
family inet {
filter "$input-filter" {
interface-specific;
term $term1 {
then {
policer "$policer1-ref";
service-accounting;
}
}
term rest {
then accept;
}
}
filter "$output-filter" {
interface-specific;
term rest {
then accept;
}
}
}
policer "$policer1" {
if-exceeding {
124

bandwidth-limit "$bw-limit-var";
burst-size-limit 15k;
}
then discard;
}
}
}

In the filter-service configuration example, input-filter-ref, output-filter-ref, policer1-ref, and term1 are
conditional variables while input "$input-filter-ref" precedence 50, output "$output-filter-ref" precedence 50,
term $term1, and policer "$policer1-ref" are conditional configuration statements. In this example, if the
value of input-filter-var is 0, the value of the conditional variable input-filter-ref becomes NULL. Thus
the entire configuration statement, input “$input-filter-ref” precedence 50, in which the conditional
variable is referenced, is ignored. If , however, the value of the variable is non-zero, the configuration
statement is processed during the service profile instantiation.

CoS Service Configuration Example

cos-service {
variables {
sch1_var mandatory;
sch2_var mandatory;
sch1_ref {
equals "ifNotZero($sch1_var,$sch1_var)";
uid-reference;
}
sch2_ref {
equals "ifNotZero($sch2_var,$sch2_var)";
uid-reference;
}
smap1 uid;
sch1 uid;
sch2 uid;
}
class-of-service {
scheduler-maps {
"$smap1" {
forwarding-class best-effort scheduler "$sch1_ref";
forwarding-class assured-forwarding scheduler "$sch2_ref";
}
}
schedulers {
125

"$sch1" {
transmit-rate percent 30;
buffer-size percent 30;
priority low;
}
"$sch2" {
transmit-rate percent 10;
buffer-size percent 10;
priority high;
}
}
}
}

In the cos-service configuration example, sch1_ref and sch2_ref are conditional variables while forwarding-
class best-effort scheduler "$sch1_ref" and forwarding-class assured-forwarding scheduler "$sch2_ref" are
conditional configuration statements. Similar to the evaluation in the filter-service configuration
example, if the value of any variable, referenced in a conditional variable is 0, the configuration
statement in which the conditional variable is referenced is ignored and not processed during CoS
service profile instantiation.

RELATED DOCUMENTATION

Dynamic Profiles for Subscriber Management | 46

Dynamic Variables Overview | 57
Predefined Variables in Dynamic Profiles | 59
Standard and Vendor-Specific RADIUS Attributes
RADIUS Servers and Parameters for Subscriber Access

Versioning for Dynamic Profiles

IN THIS SECTION

Enabling Dynamic Profiles to Use Multiple Versions | 126

Modifying Dynamic Profiles with Versioning Disabled | 127

126

Distinguishing Profile Versions with a Configurable Alias | 129

Enabling Dynamic Profiles to Use Multiple Versions

You can create new versions of dynamic profiles that are currently in use by subscribers. Any subscriber
that logs in following a dynamic profile modification uses the latest version of the dynamic profile.
Subscribers that are already active continue to use the older version of the dynamic profile until they log
out or their session terminates.

NOTE: You must enable or disable dynamic profile version creation before creating or using any
dynamic profiles on the router. Enabling or disabling dynamic profile version creation after
dynamic profiles are configured is not supported.

To configure versioning for dynamic profiles:

1. Access the router system hierarchy level.

[edit]
user@host# edit system

2. Access the global dynamic profile options.

[edit system]
user@host# edit dynamic-profile-options

3. Enable version creation for dynamic profiles on the router.

[edit system dynamic-profile-options]

user@host# set versioning
127

Modifying Dynamic Profiles with Versioning Disabled

You use dynamic profiles to configure large groups of subscribers. However, after you have configured
and applied dynamic profiles, be cautious when modifying any dynamic profiles that are in use by active
subscribers on the router if you have not enabled the router to use dynamic profile versioning. This
section provides guidelines and procedures for modifying existing profiles and applying them to
subscriber interfaces if dynamic profile versioning is not enabled on the router.

When modifying dynamic profiles, keep the following considerations in mind:

• Do not modify a dynamic profile when dynamic profile versioning is disabled and the dynamic profile
is in use by active subscribers.

• Modifying a dynamic profile when dynamic profile versioning is disabled and when the dynamic
profile is in use by active subscribers can lead to unpredictable behavior.

When a dynamic profile is modified and committed when dynamic profile versioning is not enabled, the
router:

1. Logs a warning that the profiles are being modified and committed.

2. Determines whether the profile is currently being use by any subscriber.

3. If the profile is in use by a subscriber, the commit fails and the router logs errors to report the
conflict.

We recommend that you only modify dynamic profiles when you have enabled dynamic profile
versioning on the router. However, to properly modify a dynamic profile when dynamic profile
versioning is disabled on the router:

1. Ensure that no subscribers are using the dynamic profile.

2. Create a new dynamic profile with a different name that contains the desired changes:
Original Profile

profile1 {
interfaces {
"$junos-interface-ifd-name" {
unit "$junos-underlying-interface-unit" {
family inet {
filter {
input "$junos-input-filter";
}
}
}
128

}
}
}

Original DHCP Configuration

forwarding-options {
dhcp-relay {
traceoptions {
flag all;
}
.......
dynamic-profile profile1;
........
}
}

New Profile

profile2 {
interfaces {
"$junos-interface-ifd-name" {
unit "$junos-underlying-interface-unit" {
family inet {
filter {
input "$junos-input-filter";
output "$junos-output-filter; /* added output filter variable */
}
}
}
}
}
}

Modified DHCP Configuration

forwarding-options {
dhcp-relay {
traceoptions {
flag all;
}
129

.......
dynamic-profile profile2; /* Name changed from profile1 */
........
}
}

3. Commit the configuration containing the modified profile.

The modified profile is used for any new subscribers that access the router.

Distinguishing Profile Versions with a Configurable Alias

You can configure a version alias to identify a specific configuration variant of a base dynamic client
profile. The version alias is a text description that lets you decide how to name different profile variants,
so they have an identifier independent of the dynamic version name that is automatically created by the
BNG.

The need for a version alias results from the practice of using a given base dynamic profile across
multiple BNGs in a network. Dynamic versioning enables you to modify a base dynamic profile to
provide specific capabilities to subscribers that subsequently log in with the base dynamic profile. The
different variations might be for subscribers on different BNGs or to new subscribers on a given BNG.

Dynamic versioning assigns a name to each new variation in the base profile. Consequently, the version
name may vary for subscribers on one BNG or across multiple BNGs. In either case, RADIUS cannot
determine which version of a profile is in use by any subscriber. This creates an operational challenge
because RADIUS is unable to return corresponding attributes and VSAs in a CoA message that are
compatible with that version of the profile.

When you configure a version alias for a dynamic client profile, the BNG sends the version alias to the
RADIUS server during authentication. It is conveyed in the Juniper Networks client-profile-name VSA
(26–4874–174). The version alias is an independent tag that enables you to track which profile
variations are in use. Because RADIUS can distinguish the different profile versions, you can normalize
the RADIUS back-end configuration for efficient use of CoA messages.

By default, the Client-Profile-Name VSA carries the name of the base dynamic profile. The version alias
string is concatenated to the end of the profile name in the VSA, like this:

client-profile-name:version-alias-string

• To configure a version alias for a dynamic client profile:

[edit dynamic-profiles profile-name]

user@host# set version-alias version-alias-string
130

• To display the alias for a dynamic client profile:

user@host> show subscribers detail

Type: PPPoE
User Name: DEFAULTUSER
IP Address: 192.0.2.21
IP Netmask: 255.255.255.255
IPv6 Address: 2001:db8::17
Logical System: default
Routing Instance: default
Interface: pp0.3221225720
Interface type: Dynamic
Underlying Interface: demux0.3221225719
Dynamic Profile Name: pppoe-client-profile
Dynamic Profile Version Alias: profile-version1a
MAC Address: 00:00:5E:00:53:38
State: Active
Radius Accounting ID: 288
Session ID: 288
PFE Flow ID: 344
VLAN Id: 1
Login Time: 2019-09-23 10:40:56 IST

RELATED DOCUMENTATION

Dynamic Profiles for Subscriber Management | 46

4 CHAPTER

Configuration Statements

chassis (Subscriber Limits) | 133

client-type (Subscriber Limits) | 134

default-value | 137

dynamic-profile-options | 138

dynamic-profiles | 140

event (Enhanced Subscriber Management) | 153

fpc (Subscriber Limits) | 155

mandatory | 157

mtu (Dynamic Profiles) | 159

overrides (Enhanced Subscriber Management) | 160

pic (Subscriber Limits) | 164

port (Subscriber Limits) | 166

predefined-variable-defaults (Dynamic Client Profiles) | 167

resource-monitor | 171

routing-service (Dynamic Profiles) | 174

routing-services (Enhanced Subscriber Management) | 177

services (System Services) | 179

subscriber-management (Subscriber Management) | 187

subscribers-limit (Resource Monitor) | 190

traceoptions (Subscriber Management) | 192

traceoptions (Subscriber Session Database Replication) | 194

variables (Dynamic Service Profiles) | 197

versioning | 199

version-alias (Dynamic Profiles) | 200

133

chassis (Subscriber Limits)

IN THIS SECTION

Syntax | 133

Hierarchy Level | 133

Description | 133

Options | 134

Required Privilege Level | 134

Release Information | 134

Syntax

chassis {
limit limit;
}

Hierarchy Level

[edit system services resource-monitor subscribers-limit client-type name]

Description

Configure the maximum number of subscribers of the specified client type allowed to be logged in on
the chassis. When that number is reached, subsequent logins on the chassis are denied until the current
number of subscribers drops below the maximum allowed. You can also specify the maximum number of
subscribers of a client type allowed per port, per MIC, and per MPC.
134

Options

limit Maximum number of subscribers.

• Range: 1 through 1,000,000

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 17.3R1.

RELATED DOCUMENTATION

Limiting Subscribers by Client Type and Hardware Element with Resource Monitor | 42
Resource Monitoring for Subscriber Management and Services | 34

client-type (Subscriber Limits)

IN THIS SECTION

Syntax | 135

Hierarchy Level | 135

Description | 135

Options | 136

Required Privilege Level | 136

135

Release Information | 136

Syntax

client-type (any | dhcp | l2tp | pppoe) {

chassis {
limit limit;
}
fpc slot-number {
limit limit;
pic number {
limit limit;
port number {
limit limit;
}
}
}
}

Hierarchy Level

[edit system services resource-monitor subscribers-limit]

Description

Configure the maximum number of subscribers of the client type that are allowed to be logged in. You
can configure limits for subscribers per chassis, per MPC, per MIC, and per port. When the configured
maximum number of subscribers is logged in for any level, subsequent logins at that level are denied
until the current number of subscribers drops below the maximum allowed.
136

Options

name Type of client for which subscriber limits are configured.

• Values:

• any—Apply the limit to the sum of all DHCP, L2TP, and PPPoE clients.

• dhcp—Apply the limit to DHCP clients.

• l2tp—Apply the limit to L2TP clients.

• pppoe—Apply the limit to PPPoE clients.

The remaining statements are explained separately. Search for a statement in CLI Explorer or click a
linked statement in the Syntax section for details.

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 17.3R1.

RELATED DOCUMENTATION

Limiting Subscribers by Client Type and Hardware Element with Resource Monitor | 42
Resource Monitoring for Subscriber Management and Services | 34
137

default-value

IN THIS SECTION

Syntax | 137

Hierarchy Level | 137

Description | 137

Options | 138

Required Privilege Level | 138

Release Information | 138

Syntax

default-value default-value;

Hierarchy Level

[edit dynamic-profiles profile-name variables variable-name]

Description

Configure a default value for a user-defined variable in a dynamic profile. The values that the system
uses for these variables are applied when the subscriber authenticates.
138

Options

default-value—Default value for the variable.

Required Privilege Level

interface—To view this statement in the configuration.

interface-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 9.3.

RELATED DOCUMENTATION

User-Defined Variables | 112

Using Variable Expressions in User-Defined Variables | 114
Configuring User-Defined Dynamic Variables in Dynamic Profiles | 113

dynamic-profile-options

IN THIS SECTION

Syntax | 139

Hierarchy Level | 139

Description | 139

Required Privilege Level | 139

Release Information | 139

139

Syntax

dynamic-profile-options {
versioning;
}

Hierarchy Level

[edit system]

Description

Configure global dynamic profile options.

The remaining statement is explained separately. Search for a statement in CLI Explorer or click a linked
statement in the Syntax section for details.

Required Privilege Level

routing—To view this statement in the configuration.

routing-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 11.4.

RELATED DOCUMENTATION

Versioning for Dynamic Profiles | 125

140

dynamic-profiles

IN THIS SECTION

Syntax | 140

Hierarchy Level | 152

Description | 152

Options | 152

Required Privilege Level | 153

Release Information | 153

Syntax

dynamic-profiles {
profile-name {
class-of-service {
dynamic-class-of-service-options {
vendor-specific-tags tag;
}
interfaces {
interface-name ;
}
unit logical-unit-number {
classifiers {
type (classifier-name | default);
}
output-traffic-control-profile (profile-name | $junos-cos-traffic-control-
profile);
report-ingress-shaping-rate bps;
rewrite-rules {
dscp (rewrite-name | default);
dscp-ipv6 (rewrite-name | default);
ieee-802.1 (rewrite-name | default) vlan-tag (outer | outer-and-inner);
inet-precedence (rewrite-name | default);
}
141

}
}
}
scheduler-maps {
map-name {
forwarding-class class-name scheduler scheduler-name;
}
}
schedulers {
(scheduler-name) {
buffer-size (seconds | percent percentage | remainder | temporal
microseconds);
drop-profile-map loss-priority (any | low | medium-low | medium-high | high)
protocol (any | non-tcp | tcp) drop-profile profile-name;
excess-priority (low | high | $junos-cos-scheduler-excess-priority);
excess-rate (percent percentage | percent $junos-cos-scheduler-excess-rate);
overhead-accounting (shaping-mode) <bytes (byte-value>;
priority priority-level;
shaping-rate (rate | predefined-variable);
transmit-rate (percent percentage | rate | remainder) <exact | rate-limit>;
}
}
traffic-control-profiles profile-name {
adjust-minimum rate;
delay-buffer-rate (percent percentage | rate);
excess-rate (percent percentage | proportion value | percent $junos-cos-excess-
rate);
excess-rate-high (percent percentage | proportion value);
excess-rate-low (percent percentage | proportion value);
guaranteed-rate (percent percentage | rate) <burst-size bytes>;
max-burst-size cells;
overhead-accounting (frame-mode | cell-mode) <bytes byte-value>;
peak-rate rate;
scheduler-map map-name;
shaping-rate (percent percentage | rate | predefined-variable) <burst-size
bytes>;
shaping-rate-excess-high (percent percentage | rate) <burst-size bytes>;
shaping-rate-excess-medium-high (percent percentage | rate) <burst-size bytes>;
shaping-rate-excess-medium-low (percent percentage | rate) <burst-size bytes>;
shaping-rate-excess-low (percent percentage | rate) <burst-size bytes>;
shaping-rate-priority-high (percent percentage | rate) <burst-size bytes>;
shaping-rate-priority-low (percent percentage | rate) <burst-size bytes>;
shaping-rate-priority-medium (percent percentage | rate) <burst-size bytes>;
142

shaping-rate-priority-medium-low (percent percentage | rate) <burst-size bytes>;

shaping-rate-priority-strict-high (percent percentage | rate) <burst-size bytes>;
sustained-rate rate;
}
}
firewall {
family family {
fast-update-filter filter-name {
interface-specific;
match-order [match-order];
term term-name {
from {
match-conditions;
}
then {
action;
action-modifiers;
}
only-at-create;
}
}
filter filter-name {
enhanced-mode-override;
instance-shared;
interface-shared;
interface-specific;
term term-name {
from {
match-conditions;
}
then {
action;
action-modifiers;
}
only-at-create;
filter filter-name {
interface-specific;
term term-name {
from {
match-conditions;
}
then {
action;
143

action-modifiers;
}
}
hierarchical-policer uid {
aggregate {
if-exceeding {
bandwidth-limit-limit bps;
burst-size-limit bytes;
}
then {
policer-action;
}
}
premium {
if-exceeding {
bandwidth-limit bps;
burst-size-limit bytes;
}
then {
policer-action;
}
}
}
policer uid {
filter-specific;
if-exceeding {
(bandwidth-limit bps | bandwidth-percent percentage);
burst-size-limit bytes;
}
logical-bandwidth-policer;
logical-interface-policer;
physical-interface-policer;
then {
policer-action;
}
}
three-color-policer uid {
action {
loss-priority high then discard;
}
logical-interface-policer;
single-rate {
(color-aware | color-blind);
144

committed-burst-size bytes;
committed-information-rate bps;
excess-burst-size bytes;
}
two-rate {
(color-aware | color-blind);
committed-burst-size bytes;
committed-information-rate bps;
peak-burst-size bytes;
peak-information-rate bps;
}
}
}
}
interfaces interface-name {
interface-set interface-set-name {
interface interface-name {
unit logical unit number {
advisory-options {
downstream-rate rate;
upstream-rate rate;
}
}
}
}
unit logical-unit-number {
actual-transit-statistics;
auto-configure {
agent-circuit-identifier {
dynamic-profile profile-name;
}
line-identity {
include {
accept-no-ids;
circuit-id;
remote-id;

}
dynamic-profile profile-name;
}
}
encapsulation (atm-ccc-cell-relay | atm-ccc-vc-mux | atm-cisco-nlpid | atm-tcc-
vc-mux | atm-mlppp-llc | atm-nlpid | atm-ppp-llc | atm-ppp-vc-mux | atm-snap | atm-tcc-snap |
145

atm-vc-mux | ether-over-atm-llc | ether-vpls-over-atm-llc | ether-vpls-over-fr | ether-vpls-over-

ppp | ethernet | frame-relay-ccc | frame-relay-ppp | frame-relay-tcc | frame-relay-ether-type |
frame-relay-ether-type-tcc | multilink-frame-relay-end-to-end | multilink-ppp | ppp-over-ether |
ppp-over-ether-over-atm-llc | vlan-bridge | vlan-ccc | vlan-vci-ccc | vlan-tcc | vlan-vpls);
family family {
address address;
filter {
adf {
counter;
input-precedence precedence;
not-mandatory;
output-precedence precedence;
rule rule-value;
}
input filter-name (
precedence precedence;
shared-name filter-shared-name;
}
output filter-name {
precedence precedence;
shared-name filter-shared-name;
}
}
rpf-check {
fail-filter filter-name;
mode loose;
}
service {
input {
service-set service-set-name {
service-filter filter-name;
}
post-service-filter filter-name;
}
input-vlan-map {
inner-tag-protocol-id tpid;
inner-vlan-id number;
(push | swap);
tag-protocol-id tpid;
vlan-id number;
}
output {
service-set service-set-name {
146

service-filter filter-name;
}
}
output-vlan-map {
inner-tag-protocol-id tpid;
inner-vlan-id number;
(pop | swap);
tag-protocol-id tpid;
vlan-id number;
}
pcef pcef-profile-name {
activate rule-name | activate-all;
}
}
unnumbered-address interface-name <preferred-source-address address>;
}
filter {
input filter-name (
shared-name filter-shared-name;
}
output filter-name {
shared-name filter-shared-name;
}
}
host-prefix-only;
ppp-options {
aaa-options aaa-options-name;
authentication [ authentication-protocols ];
chap {
challenge-length minimum minimum-length maximum maximum-length;
local-name name;
}
ignore-magic-number-mismatch;
initiate-ncp (dual-stack-passive | ipv6 | ip)
ipcp-suggest-dns-option;
mru size;
mtu (size | use-lower-layer);
on-demand-ip-address;
pap;
peer-ip-address-optional;
local-authentication {
password password;
username-include {
147

circuit-id;
delimiter character;
domain-name name;
mac-address;
remote-id;
}
}
}
reassemble-packets;
targeted-options {
backup backup;
group group;
primary primary;
weight ($junos-interface-target-weight | weight-value);
}
telemetry {
subscriber-statistics;
queue-statistics {
interface $junos-interface-name {
refresh rate;
queues queue set;
}
interface-set $junos-interface-set-name {
refresh rate;
queues queue set;
}
}
}
vlan-id number;
vlan-tags outer [tpid].vlan-id [inner [tpid].vlan-id];
}
}
interfaces {
demux0 {...}
}
interfaces {
pp0 {...}
}
policy-options {
prefix-list uid {
ip-addresses;
dynamic-db;
}
148

}
predefined-variable-defaults predefined-variable <variable-option> default-value;
profile-type remote-device-service;
protocols {
igmp {
interface interface-name {
accounting;
disable;
group-limit limit;
group-policy;
group-threshold value;
immediate-leave
log-interval seconds;
no-accounting;
oif-map;
passive;
promiscuous-mode;
ssm-map ssm-map-name;
ssm-map-policy ssm-map-policy-name
static {
group group {
source source;
}
}
version version;
}
}
mld {
interface interface-name {
(accounting | no-accounting);
disable;
group-limit limit;
group-policy;
group-threshold value;
immediate-leave;
log-interval seconds;
oif-map;
passive;
ssm-map ssm-map-name;
ssm-map-policy ssm-map-policy-name;
static {
group multicast-group-address {
exclude;
149

group-count number;
group-increment increment;
source ip-address {
source-count number;
source-increment increment;
}
}
}
version version;
}
}
router-advertisement {
interface interface-name {
current-hop-limit number;
default-lifetime seconds;
dns-server-address
(managed-configuration | no-managed-configuration);
max-advertisement-interval seconds;
min-advertisement-interval seconds;
(other-stateful-configuration | no-other-stateful-configuration);
prefixprefix {
(autonomous | no-autonomous);
(on-link | no-on-link);
preferred-lifetime seconds;
valid-lifetime seconds;
}
reachable-time milliseconds;
retransmit-timer milliseconds;
}
}
}
routing-instances routing-instance-name {
interface interface-name;
routing-options {
access {
route prefix {
next-hop next-hop;
metric route-cost;
preference route-distance;
tag route-tag;
tag2 route-tag2;
}
}
150

access-internal {
route subscriber-ip-address {
qualified-next-hop underlying-interface {
mac-address address;
}
}
}
multicast {
interface interface-name {
no-qos-adjust;
}
}
}
rib routing-table-name {
access {
route prefix {
next-hop next-hop;
metric route-cost;
preference route-distance;
tag route-tag;
tag2 route-tag2;
}
}
access-internal {
route subscriber-ip-address {
qualified-next-hop underlying-interface {
mac-address address;
}
}
}
}
}
routing-options {
access {
route prefix {
next-hop next-hop;
metric route-cost;
preference route-distance;
tag route-tag;
tag2 route-tag2;
}
}
access-internal {
151

route subscriber-ip-address {
qualified-next-hop underlying-interface {
mac-address address;
}
}
}
multicast {
interface interface-name {
no-qos-adjust;
}
}
}
services {
captive-portal-content-delivery {
auto-deactivate value;
rule name {
match-direction (input | input-output | output);
term name {
then {
accept;
redirect url;
rewrite destination-address address <destination-port port-number>;
syslog;
}
}
}
}
}
variables {
variable-name {
default-value default-value;
equals expression;
mandatory;
uid;
uid-reference;
}
}
version-alias profile-alias-string;
}
}
152

Hierarchy Level

[edit]

Description

Create dynamic profiles for use with DHCP or PPP client access.

Options

profile-name Name of the dynamic profile; string of up to 80 alphanumeric characters.

reassemble- (Optional) Enables IPv4 reassembly of fragmented GRE packets conveyed across a soft
packets GRE tunnel from a Wi-Fi access point to a Wi-Fi access gateway on a BNG. Reassembly
is supported for fragments that range in size from 256 bytes through 8192 bytes.

NOTE:

• The maximum reassembled packet size is 13,310 bytes; this requires an MTU
of 1500 bytes. The router drops reassembled packets that are larger than
13,310 bytes. The router also drops DHCP discover packets that are smaller
than the MTU.

• Ordering is not maintained between fragmented packets and non-

fragmented packets.

• The WAG does not support soft GRE packets with keys. Fragmented packets
GRE with key are not reassembled.

• Soft GRE packet reassembly is not supported for pseudowires over

redundant logical tunnels (RLT).

• The order of the last arriving fragment is not guaranteed when the
reassembled packets are forwarded.

The remaining statements are explained separately. Search for a statement in CLI Explorer or click a
linked statement in the Syntax section for details.
153

Required Privilege Level

routing—To view this statement in the configuration.

routing-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 9.2.

Support at the filter, policer, hierarchical-policer, three-color-policer, and policy options hierarchy levels
introduced in Junos OS Release 11.4.

RELATED DOCUMENTATION

Configuring a Basic Dynamic Profile | 51

Configuring Dynamic VLANs Based on Agent Circuit Identifier Information
Dynamic Profiles for Subscriber Management | 46

event (Enhanced Subscriber Management)

IN THIS SECTION

Syntax | 154

Hierarchy Level | 154

Description | 154

Options | 154

Required Privilege Level | 155

Release Information | 155

154

Syntax

event {
catastrophic-failure {
reboot (master | standby);
}
}

Hierarchy Level

[edit system services subscriber-management overrides]

Description

Configure the router to detect a type of event and automatically take action when the event is detected.

Options

catastrophic- Specify that the event is a corruption of the shared memory.

failure
reboot (master | Specify which Routing Engine is rebooted when the shared memory corruption is
standby) detected. You can configure both Routing Engines to be rebooted, but that requires
two separate set commands.

NOTE: If you do not configure this automatic reboot, then you must perform
a manual reboot to clear out the shared memory. Otherwise, the memory
remains corrupted and can cause applications that share the memory to
generate core errors repeatedly.
155

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 19.1R1.

RELATED DOCUMENTATION

Configuring Junos OS Enhanced Subscriber Management | 15

fpc (Subscriber Limits)

IN THIS SECTION

Syntax | 155

Hierarchy Level | 156

Description | 156

Options | 156

Required Privilege Level | 156

Release Information | 157

Syntax

fpc slot-number {
limit limit;
pic number {
156

limit limit;
port number {
limit limit;
}
}
}

Hierarchy Level

[edit system services resource-monitor subscribers-limit client-type name]

Description

Configure the maximum number of subscribers of a client type allowed to be logged in on the MPC in
the specified slot. When that number is reached, subsequent logins on the card are denied until the
current number of subscribers drops below the maximum allowed. You can also specify the maximum
number of subscribers of a client type allowed per port, per MIC, and per chassis.

Options

limit Maximum number of subscribers.

• Range: 1 through 256,000

slot-number Number of the MPC slot in the chassis.

The remaining statements are explained separately. Search for a statement in CLI Explorer or click a
linked statement in the Syntax section for details.

Required Privilege Level

system—To view this statement in the configuration.

157

system-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 17.3R1.

RELATED DOCUMENTATION

Limiting Subscribers by Client Type and Hardware Element with Resource Monitor | 42
Resource Monitoring for Subscriber Management and Services | 34

mandatory

IN THIS SECTION

Syntax | 157

Hierarchy Level | 158

Description | 158

Required Privilege Level | 158

Release Information | 158

Syntax

mandatory;
158

Hierarchy Level

[edit dynamic-profiles profile-name variables variable-name]

Description

Specify that the external server (for example, RADIUS) must return a value for a user-defined variable. If
the external server does notreturn a value for the variable, the dynamic profile fails.

NOTE: When a dynamic profile has mandatory and non-mandatory variables, configure
mandatory variables first in the profile.

Required Privilege Level

interface—To view this statement in the configuration.

interface-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 9.3.

RELATED DOCUMENTATION

User-Defined Variables | 112

Using Variable Expressions in User-Defined Variables | 114
Configuring User-Defined Dynamic Variables in Dynamic Profiles | 113
159

mtu (Dynamic Profiles)

IN THIS SECTION

Syntax | 159

Hierarchy Level | 159

Description | 159

Options | 160

Required Privilege Level | 160

Release Information | 160

Syntax

mtu mtu;

Hierarchy Level

[edit dynamic-profiles name interfaces name unit name family inet ],

[edit dynamic-profiles name logical-systems name interfaces name unit name family inet ],
[edit interfaces name unit name family inet ]

Description

Configure a per-subscriber maximum transmission unit (MTU) on a logical interface. A subscriber logical
interface can specify MTU through its dynamic profile for the same underlying physical interfaces. The
dynamic logical interface MTU must be no greater than the physical interface MTU minus the dynamic
VLAN header size). You can configure either a static value or the predefined variable, $junos-interface-
160

mtu. The value of the variable is returned by RADIUS during authentication in the Framed-MTU
attribute (12). By default, the variable value is the MTU of the payload.

If you specify the predefined variable but RADIUS does not return a value in the Framed-MTU attribute,

Options

mtu MTU for the subscriber logical interface. You can specify a static value or the predefined variable,
$junos-interface-mtu.

Required Privilege Level

interface

Release Information

Statement introduced in Junos OS Release 18.1R1 on MX Series routers.

RELATED DOCUMENTATION

Understanding Per-subscriber Support of Maximum Transmission Unit for Dynamic Profiles | 53

overrides (Enhanced Subscriber Management)

IN THIS SECTION

Syntax | 161

Hierarchy Level | 162

Description | 162
161

Options | 162

Required Privilege Level | 163

Release Information | 163

Syntax

overrides {
event {
catastrophic-failure {
reboot (master | standby);
}
}
interfaces {
family (inet | inet6) {
layer2-liveness-detection;
ipoe-dynamic-arp-enable;
receive-gratuitous-arp;
}
}
no-unsolicited-ra;
ra-initial-interval-max seconds;
ra-initial-interval-min seconds;
shmlog {
disable;
file filename <files maximum-no-files> <size maximum-file-size>;
filtering enable;
log-name {
all;
logname {
<brief | detail | extensive | none | terse>;
<file-logging |no-file-logging>;
}
}
log-type (debug | info | notice);
|
}
162

Hierarchy Level

[edit system services subscriber-management]

Description

Override the default configuration settings for the Junos OS enhanced subscriber management software
for subscriber management.

Options

ra-initial- Specify the high end of the range from which the router randomly selects an interval for
interval-max sending the first three unsolicited IPv6 router advertisement messages. You must also
seconds
configure the ra-initial-interval-min option.

• Range: 1 through 16

ra-initial- Specify the low end of the range from which the router randomly selects an interval for
interval-min sending the first three unsolicited IPv6 router advertisement messages. You must also
seconds
configure the ra-initial-interval-max option.

BEST PRACTICE: Always configure the value of ra-initial-interval-min to be

less than or equal to the value of ra-initial-interval-max. If you configure the
values to be the same, the initial router advertisement intervals are constant
and not randomized.

• Range: 1 through 16

ipoe-dynamic- Enable dynamic ARP to resolve the MAC address for IPv4 framed host (32-bit) routes.
arp-enable By default the framed route is permanently associated with the source MAC address
received in the packet that triggered creation of the dynamic VLAN.

receive- Enable the router to compare the source MAC address received in a gratuitous ARP
gratuitous-arp request or reply packet with the value in the ARP cache. The router updates the cache
163

with the received MAC address when it determines this address is different from the
cache entry.

This situation occurs when an IPv4 address is moved to a different device. The device
broadcasts a gratuitous ARP reply packet with its MAC address as the source MAC
address. When the receive-gratuitous-arp option is configured, the router compares the
MAC addresses and updates the cache to associate the IPv4 address with the new
MAC address.

If the receive-gratuitous-arp option is not configured, the router does not accept the
gratuitous ARP request or reply packet and cannot quickly learn about the new address.
Instead, the original dynamic ARP entry in the cache eventually times out. Before
deleting the entry, the router sends an ARP request for the target IP address. The client
responds with the new MAC address. This delay in learning about the new address
means there is a period during which the MAC address in the ARP cache does not
match the address in the new device’s NIC.

The remaining statements are explained separately. Search for a statement in CLI Explorer or click a
linked statement in the Syntax section for details.

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 15.1R3.

ra-initial-interval-max and ra-initial-interval-min options added in Junos OS Release 18.2R1 on MX Series

routers.

ipoe-dynamic-arp-enable and receive-gratuitous-arp options added in Junos OS Release 18.4R1 on MX Series

routers.

RELATED DOCUMENTATION

Configuring Junos OS Enhanced Subscriber Management | 15

164

Junos OS Enhanced Subscriber Management Overview | 10

DHCP Liveness Detection Using ARP and Neighbor Discovery Packets
Configuring an Interval Range for Unsolicited Router Advertisements to IPv6 Neighbors

pic (Subscriber Limits)

IN THIS SECTION

Syntax | 164

Hierarchy Level | 164

Description | 165

Options | 165

Required Privilege Level | 165

Release Information | 165

Syntax

pic number {
limit limit;
port number {
limit limit;
}
}

Hierarchy Level

[edit system services resource-monitor subscribers-limit client-type name fpc slot-number]

165

Description

Configure the maximum number of subscribers of a client type allowed to be logged in on the specified
MIC. When that number is reached, subsequent logins on the MIC are denied until the current number
of subscribers drops below the maximum allowed. You can also specify the maximum number of
subscribers of a client type allowed per port, per MPC, and per chassis.

Options

number MIC number.

• Range: 0 through 3

limit Maximum number of subscribers.

• Range: 1 through 256,000

The remaining statement is explained separately. Search for a statement in CLI Explorer or click a linked
statement in the Syntax section for details.

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 17.3R1.

RELATED DOCUMENTATION

Limiting Subscribers by Client Type and Hardware Element with Resource Monitor | 42
Resource Monitoring for Subscriber Management and Services | 34
166

port (Subscriber Limits)

IN THIS SECTION

Syntax | 166

Hierarchy Level | 166

Description | 166

Options | 167

Required Privilege Level | 167

Release Information | 167

Syntax

port number {
limit limit;
}

Hierarchy Level

[edit system services resource-monitor subscribers-limit client-type name fpc slot-number pic
number]

Description

Configure the maximum number of subscribers of a client type allowed to be logged in on the specified
port. When that number is reached, subsequent logins on the port are denied until the current number
of subscribers drops below the maximum allowed. You can also specify the maximum number of
subscribers of a client type allowed per MIC, per MPC, and per chassis.
167

Options

number Port number.

limit Maximum number of subscribers.

• Range: 1 through 256,000

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 17.3R1.

RELATED DOCUMENTATION

Limiting Subscribers by Client Type and Hardware Element with Resource Monitor | 42
Resource Monitoring for Subscriber Management and Services | 34

predefined-variable-defaults (Dynamic Client

Profiles)

IN THIS SECTION

Syntax | 168

Hierarchy Level | 168

168

Description | 168

Options | 169

Required Privilege Level | 170

Release Information | 171

Syntax

predefined-variable-defaults {
cos-excess-rate <percent percentage> <proportion number>;
cos-excess-rate-low <percent percentage> <proportion number>;
cos-excess-rate-high <percent percentage> <proportion number>;
cos-scheduler-bs <percent percentage> <temporal microseconds>;
cos-scheduler-shaping-rate <percent percentage> <rate bps>;
cos-scheduler-tx <percent percentage> <rate bps>;
predefined-variable default-value;
}

Hierarchy Level

[edit dynamic-profiles profile-name]

Description

Configure default values for the predefined variables that are configured in a dynamic client profile.
These default values are used when RADIUS does not supply a value. Omit the predefined variable
prefix, $junos-, when you configure a default. Most predefined variables support only a single default
value; these predefined variables are not listed separately here. The listed predefined variables support
default values for two attributes; for these you can specify the default value for either attribute or for
both attributes.
169

NOTE: Not all predefined variables support default values. For a list of predefined variables and
options for which you can configure default values, see "Junos OS Predefined Variables That
Correspond to RADIUS Attributes and VSAs" on page 94

NOTE: The proportion option provides greater granularity than the percent option, enabling you to
specify the equivalent of a tenth of a percent. Configuring proportion 121 applies a value
equivalent to 12.1 percent, which you cannot achieve with the percent option.

NOTE: Do not use this statement in a dynamic service profile.

Options

cos-excess-rate percent Specify the percentage of excess bandwidth to share from all traffic.
percentage
• Range: 1 through 100

cos-excess-rate proportion Specify the proportion of excess bandwidth to share from all traffic.
number
• Range: 0 through 1000

cos-excess-rate-low percent Specify the percentage of excess bandwidth to share from low-priority
percentage traffic.

• Range: 1 through 100

cos-excess-rate-low Specify the proportion of excess bandwidth to share from low-priority

proportion number traffic.

• Range: 0 through 1000

cos-excess-rate-high Specify the percentage of excess bandwidth to share from high-priority

percent percentage traffic.
170

• Range: 1 through 100

cos-excess-rate-high Specify the proportion of excess bandwidth to share from high-priority

proportion number traffic.

• Range: 0 through 1000

cos-scheduler-bs percent Specify the buffer size as a percentage of the total buffer.
percentage
• Range: 0 through 100

cos-scheduler-bs temporal Specify the temporal value that determines the buffer size. The temporal
microseconds value multiplied by the logical interface speed determines the size.

• Range: 0 through 4294967295

cos-scheduler-shaping-rate Specify the shaping rate as a percentage of the available interface

percent number bandwidth.

• Range: 1 through 100

cos-scheduler-shaping-rate Specify the shaping rate in bits per second.

rate bps
• Range: 3200 through 160,000,000,000

cos-scheduler-tx percent Specify the transmit rate as a percentage of the total available bandwidth.
number
• Range: 0 through 100

cos-scheduler-tx rate bps Specify the transmit rate in bits per second.

• Range: 3200 through 160,000,000,000

default-value—Default value that you want to assign to the predefined variable. Use this for predefined
variables that support only a single value.

predefined-variable—Name of the Junos OS predefined variable to which you want to assign a default
value. Do not include the $junos- prefix.

Required Privilege Level

interface—To view this statement in the configuration.

interface-control—To add this statement to the configuration.

171

Release Information

Statement introduced in Junos OS Release 10.2.

Support for the $junos-interface-mtu predefined variable (interface-mtu) introduced in Junos OS Release
18.1R1 on MX Series.

RELATED DOCUMENTATION

Configuring Default Values for Predefined Variables in a Dynamic Profile | 109

Per-Subscriber Support of Maximum Transmission Unit for Dynamic Profiles | 53

resource-monitor

IN THIS SECTION

Syntax | 171

Hierarchy Level | 172

Description | 173

Required Privilege Level | 173

Release Information | 173

Syntax

resource-monitor {
free-fw-memory-watermark number;
free-heap-memory-watermark number;
free-nh-memory-watermark number;
high-cos-queue-threshold number;
high-threshold number;
no-logging;
no-throttle;
172

resource-category jtree {
resource-type (contiguous-pages | free-dwords | free-pages) {
low-watermark number;
high-watermark number;
}
}
subscribers-limit {
client-type (any | dhcp | l2tp | pppoe) {
chassis {
limit limit;
}
fpc slot-number {
limit limit;
pic number {
limit limit;
port number {
limit limit;
}
}
}
}
}
traceoptions {
file filename <files number> <match regular-expression> <size maximum-file-size> <world-
readable | no-world-readable>;
flag flag;
no-remote-trace;
}
}

Hierarchy Level

[edit system services]

173

Description

Enable the resource monitoring capability to provision sufficient headroom (memory space limits that
are set for the application or virtual router) for monitoring the health and operating efficiency of DPCs
and MPCs. This feature also enables the memory resource monitoring mechanism to avoid the system
operations from compromising on the health and traffic-handling stability of the line cards by generating
error logs when a specified watermark value for memory regions and threshold value for the jtree
memory region are exceeded. A trade-off on the system performance can be detrimental for supporting
live traffic and protocols.

The variable number in the Syntax section represents a percentage.

You can configure the resource-monitoring capability on MX240, MX480, MX960, MX2010, and
MX2020 routers with I-chip-based DPCs and Trio-based FPCs.

The remaining statements are explained separately. Search for a statement in CLI Explorer or click a
linked statement in the Syntax section for details.

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 15.1.

high-cos-queue-threshold option introduced in Junos OS Release 17.4R1.

RELATED DOCUMENTATION

Diagnosing and Debugging System Performance by Configuring Memory Resource Usage Monitoring
on MX Series Routers
Resource Monitoring for Subscriber Management and Services | 34
Resource Monitoring Usage Computation Overview
Limiting Subscribers by Client Type and Hardware Element with Resource Monitor | 42
174

routing-service (Dynamic Profiles)

IN THIS SECTION

Syntax | 174

Hierarchy Level | 174

Description | 174

Options | 176

Required Privilege Level | 176

Release Information | 176

Syntax

routing-service (disable <:$junos-routing-services> | enable<:$junos-routing-services>);

Hierarchy Level

[edit dynamic-profiles profile-name interfaces interface-name unit logical-unit-name]

Description

Enable configuration of additional routing protocols required by client connections on dynamically

created enhanced subscriber management interfaces.
175

NOTE: When clients use only the standard access-internal routes, access routes, and framed
routes, you do not need to configure routing services. In other words, the routing service
configuration is not required for simple client reachability purposes.

NOTE: You do not need to configure routing services for Internet Group Management Protocol
(IGMP) and the Multicast Listener Discovery (MLD) protocol because these protocols are natively
supported on enhanced subscriber management interfaces.

NOTE: routing-service is supported for the Layer 2 Tunneling Protocol (L2TP) network server
subscribers and Point-to-Point Protocol over Ethernet (PPPoE) subscribers. Any other access
models, otherwise mentioned, for example aggregated inline service interface, Multilink Point-to-
Point Protocol (MLPPP) over L2TP network server (LNS) are not supported.

NOTE: BGP sessions with PPP subscribers function correctly when BGP multihop TTL is
enabled.

Enable configuration of all routing protocols except Internet Group Management Protocol (IGMP) and
the Multicast Listener Discovery (MLD) protocol on dynamically created enhanced subscriber
management interfaces. IGMP and MLD are natively supported on enhanced subscriber management
interfaces, and therefore do not require you to specify the routing-service statement in the dynamic
profile.

When a dynamic profile containing the routing-service statement is instantiated, the router creates an
enhanced subscriber management logical interface, also referred to as a pseudo logical interface, in the
form demux0.nnnnnnnnnn (for example, demux0.3221225472). Any associated subscriber routes or
routes learned from a routing protocol running on the enhanced subscriber management interface use
this pseudo interface as the next-hop interface.

NOTE: The routing-service statement replaces the deprecated "routing-services" on page 177
statement. If you upgrade to Junos OS Release 18.4R1 or higher with a configuration that has
active subscribers with "routing-services" on page 177 enabled, then routing services remain
enabled for those subscribers. For all new subscribers after the upgrade, you must use the
"routing-service" on page 174 statement.
176

You can specify the $junos-routing-services predefined variable to determine, per subscriber, whether
routing services can be enabled or disabled by the value of the Routing-Services VSA (26-212) returned
in the RADIUS Access-Accept message during subscriber authentication. A value of 0x0000 disables
installation of routing services. A value of 0x0001 enables the installation of routing services. Any other
value is rejected.

NOTE: The routing-service statement is not supported for DHCP dynamic profiles. Do not enable
it for DHCP dynamic profiles. However, if the routing-service statement is enabled for a dynamic
VLAN profile, that VLAN can stack DHCP subscribers.

Options

disable Disable routing services for all subscribers instantiated on the interface by the
profile.

disable:$junos- Prevent routing services from being enabled or disabled by the value of the Routing-
routing-services Services VSA (26-212) for the subscriber being authenticated.

enable Enable routing services for all subscribers instantiated on the interface by the profile.

enable:$junos- Allow routing services to be enabled or disabled by the value of the Routing-Services
routing-services VSA (26-212) for the subscriber being authenticated.

Required Privilege Level

interface

Release Information

Statement introduced in Junos OS Release 18.4R1.

177

RELATED DOCUMENTATION

Junos OS Enhanced Subscriber Management | 9

Juniper Networks VSAs Supported by the AAA Service Framework
AAA Access Messages and Supported RADIUS Attributes and Juniper Networks VSAs for Junos OS
Predefined Variables in Dynamic Profiles | 59

routing-services (Enhanced Subscriber Management)

IN THIS SECTION

Syntax | 177

Hierarchy Level | 177

Description | 178

Default | 179

Required Privilege Level | 179

Release Information | 179

Syntax

routing-services;

Hierarchy Level

[edit dynamic-profiles profile-name interfaces interface-name unit logical-unit-name]

178

Description

Enable configuration of additional routing protocols required by client connections on dynamically

created enhanced subscriber management interfaces.

NOTE: routing-services is supported only for the Layer 2 Tunneling Protocol (L2TP) network
server subscribers. Any other access models, otherwise mentioned, for example aggregated inline
service interface, Multilink Point-to-Point Protocol (MLPPP) over L2TP network server (LNS) are
not supported.

NOTE: Starting in Junos OS Release 18.4R1, the routing-services statement is deprecated. It is

replaced by the routing-service statement. If you upgrade to Junos OS Release 18.4R1 or higher
with a configuration that has active subscribers with "routing-services" on page 177 enabled,
then routing services remain enabled for those subscribers. For all new subscribers after the
upgrade, you must use the "routing-service" on page 174 statement.

NOTE: The routing-services statement is not supported for DHCP dynamic profiles. Do not enable
it for DHCP dynamic profiles. However, if the routing-services statement is enabled for a dynamic
VLAN profile, that VLAN can stack DHCP subscribers.
179

Default

Configuration of additional routing protocols associated with the client connection is disabled by default
on enhanced subscriber management dynamic interfaces when you do not include this statement in the
dynamic profile.

Required Privilege Level

interface—To view this statement in the configuration.

interface-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 15.1R3.

Statement deprecated in Junos OS Release 18.4R1.

RELATED DOCUMENTATION

Junos OS Enhanced Subscriber Management | 9

services (System Services)

IN THIS SECTION

Syntax | 180

Hierarchy Level | 186

Description | 186

Required Privilege Level | 187

Release Information | 187

180

Syntax

services {
dhcp { # DHCP is not supported on a DCF
dhcp_services;
}
dtcp-only
finger {
connection-limit limit;
rate-limit limit;
}
flow-tap-dtcp {
ssh {
connection-limit limit;
rate-limit limit;
}
}
ftp {
authentication-order [authentication-methods];
connection-limit limit;
rate-limit limit;
}
grpc {
request-response {
grpc {
ssl {
address ip-address;
local-certificate local-certificate;
port port;
}
max-connections max-connections;
}
}
notification {
port port;
max-connections max-connections;
allow-clients {
address ip-address;
}
}
traceoptions {
181

file <filename> <files number> <match regex> <size size> <world-readable | no-world-
readable>;
flag flag;
no-remote-trace;
}
}
netconf {
flatten-commit-results;
hello-message {
yang-module-capabilities {
advertise-native-yang-modules;
advertise-custom-yang-modules;
advertise-standard-yang-modules;
}
}
netconf-monitoring {
netconf-state-schemas {
retrieve-custom-yang-modules;
retrieve-standard-yang-modules;
}
}
notification;
rfc-compliant;
ssh {
client-alive-count-max number;
client-alive-interval seconds;
connection-limit limit;
port port;
rate-limit limit;
}
tls {
client-identity client-id {
fingerprint fingerprint;
map-type (san-dirname-cn | specified);
username username;
}
default-client-identity {
map-type (san-dirname-cn | specified);
username username;
}
local-certificate local-certificate;
traceoptions {
file <filename> <files files> <match match> <size size> <(world-readable | no-
182

world-readable)>;
flag name;
level (all | error | info | notice | verbose | warning);
no-remote-trace;
}
}
traceoptions {
file <filename> <files number> <match regular-expression> <size size> <world-
readable | no-world-readable>;
flag flag;
no-remote-trace;
on-demand;
}
yang-compliant;
yang-modules {
device-specific;
emit-extensions;
}
}
outbound-https {
client client-id {
address {
port port;
trusted-cert trusted-cert;
}
device-id device-id;
reconnect-strategy (in-order | sticky);
secret password;
waittime seconds;
}
}
service-deployment {
servers address {
port-number port-number;
}
source-address address;
}
ssh {
authentication-order [method 1 method2...];
authorized-keys-command authorized-keys-command;
authorized-keys-command-user authorized-keys-command-user;
ciphers [ cipher-1 cipher-2 cipher-3 ...];
client-alive-count-max number;
183

client-alive-interval seconds;
connection-limit limit;
fingerprint-hash (md5 | sha2-256);
hostkey-algorithm (algorithm | no-algorithm);
key-exchange [algorithm1 algorithm2...];
log-key-changes log-key-changes;
macs [algorithm1 algorithm2...];
max-pre-authentication-packets number;
max-sessions-per-connection number;
no-challenge-response;
no-password-authentication;
no-passwords;
no-public-keys;
allow-tcp-forwarding;
port port-number;
protocol-version [v2];
rate-limit number;
rekey {
data-limit bytes;
time-limit minutes;
}
root-login (allow | deny | deny-password);
sftp-server;
}
tcp-forwarding;
resource-monitor {
free-fw-memory-watermark number;
free-heap-memory-watermark number;
free-nh-memory-watermark number;
high-threshold number;
no-logging;
no-throttle;
resource-category jtree {
resource-category jtree (continguous-pages | free-dwords | free-pages) {
low-watermark number;
high-watermark number;
}
}
subscribers-limit {
(any | dhcp | l2tp | pppoe) {
{
limit limit;
}
184

{
limit limit;
}
fpc slot-number {
limit limit;
pic number {
limit limit;
port number {
limit limit;
}
}
}
}
}
traceoptions {
file filename <files number> <match regular-expression> <size maximum-file-size>
<world-readable | no-world-readable>;
flag flag;
no-remote-trace;
}
}
subscriber-management {
enable;
enforce-strict-scale-limit-license;
gres-route-flush-delay;
}
overrides {
event {
catastrophic-failure {
reboot (master | standby);
}
}
interfaces {
family (inet | inet6) {
layer2-liveness-detection;
}
}
no-unsolicited-ra;
ra-initial-interval-max seconds;
ra-initial-interval-min seconds;
shmlog {
disable;
file filename <files maximum-no-files> <size maximum-file-size>;
185

filtering enable;
log-name {
all;
logname {
<brief | detail | extensive | none | terse>;
<file-logging |no-file-logging>;
}
}
log-type (debug | info | notice);
|
}
redundancy {
interface name {
local-inet-address v4-address;
local-inet6-address v6-address;
shared-key string;
virtual-inet-address virtual-v4-address;
virtual-inet6-address virtual-v6-address;
}
no-advertise-routes-on-backup;
protocol {
pseudo-wire;
vrrp;
}
}
traceoptions {
file filename <files number> <match regular-expression > <size maximum-file-size>
<world-readable | no-world-readable>;
flag flag;
}
}
telnet {
authentication-order [authentication-methods];
connection-limit limit;
rate-limit limit;
}
web-management {
http {
interfaces [ names ];
port port;
}
https {
interfaces [ names ];
186

local-certificate name;
port port;
}
session {
idle-timeout [ minutes ];
session-limit [ limit ];
}
}
xnm-ssl {
connection-limit limit;
local-certificate name;
rate-limit limit;
ssl-renegotiation;
}
}

Hierarchy Level

[edit system]

Description

Configure the router or switch so that users on remote systems can access the local router or switch
through the DHCP server, DTCP over SSH, finger, outbound HTTPS, rlogin, SSH, telnet, Web
management, Junos XML protocol SSL, and network utilities, or enable Junos OS to work with the
Session and Resource Control (SRC) software. Also, enable configuration of third-party applications
developed using the Juniper Extension Toolkit (JET) to run on Junos OS.

Starting in Junos OS Release 22.2R1, we’ve disabled the SSH TCP forwarding feature by default to
enhance security. To enable the SSH TCP forwarding feature, you can configure the allow-tcp-forwarding
statement at the [edit system services ssh] hierarchy level. In addition, we’ve deprecated the tcp-forwarding
and no-tcp-forwarding statements at the [edit system services ssh] hierarchy level.

The remaining statements are explained separately. Search for a statement in CLI Explorer or click a
linked statement in the Syntax section for details.
187

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.

Release Information

Statement introduced before Junos OS Release 7.4.

extension-service option added in Junos OS Release 16.1 for MX80, MX104, MX240, MX480, MX960,
MX2010, MX2020, vMX Series.

grpc option added in Junos OS Release 16.2 for MX80, MX104, MX240, MX480, MX960, MX2010,
MX2020, vMX Series.

allow-tcp-forwarding option added in Junos OS Release 22.2R1.

RELATED DOCUMENTATION

Configuring the Junos OS to Work with SRC Software

How to Configure M:N Subscriber Redundancy with VRRP and DHCP Binding Synchronization

subscriber-management (Subscriber Management)

IN THIS SECTION

Syntax | 188

Hierarchy Level | 189

Description | 189

Required Privilege Level | 189

Release Information | 190

188

Syntax

subscriber-management {
enable;
enforce-strict-scale-limit-license;
gres-route-flush-delay;
}
overrides {
event {
catastrophic-failure {
reboot (master | standby);
}
}
interfaces {
family (inet | inet6) {
layer2-liveness-detection;
ipoe-dynamic-arp-enable;
receive-gratuitous-arp;
}
}
no-unsolicited-ra;
ra-initial-interval-max seconds;
ra-initial-interval-min seconds;
shmlog {
disable;
file filename <files maximum-no-files> <size maximum-file-size——–>;
filtering enable;
log-name {
all;
logname {
<brief | detail | extensive | none | terse>;
<file-logging |no-file-logging>;
}
}
log-type (debug | info | notice);
|
}
redundancy {
interface name {
local-inet-address v4-address;
local-inet6-address v6-address;
189

shared-key string;
virtual-inet-address virtual-v4-address;
virtual-inet6-address virtual-v6-address;
}
no-advertise-routes-on-backup;
protocol {
pseudo-wire;
vrrp;
}
}
traceoptions {
file filename <files number> <match regular-expression > <size maximum-file-size> <world-
readable | no-world-readable>;
flag flag;
}
}

Hierarchy Level

[edit system services]

Description

Configure global services for subscriber management, such as maintaining subscribers, tracing
operations, and enabling enhanced subscriber management.

The remaining statements are explained separately. Search for a statement in CLI Explorer or click a
linked statement in the Syntax section for details.

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.

190

Release Information

Statement introduced in Junos OS Release 11.1.

RELATED DOCUMENTATION

Configuring the Router to Maintain DHCP Subscribers During Interface Delete Events
Tracing Subscriber Management Database Events for Troubleshooting | 25
Junos OS Enhanced Subscriber Management | 9
Configuring Junos OS Enhanced Subscriber Management | 15
DHCP Liveness Detection Using ARP and Neighbor Discovery Packets
Minimize Traffic Loss Due to Stale Route Removal After a Graceful Routing Engine Switchover
How to Configure M:N Subscriber Redundancy with VRRP and DHCP Binding Synchronization

subscribers-limit (Resource Monitor)

IN THIS SECTION

Syntax | 190

Hierarchy Level | 191

Description | 191

Required Privilege Level | 191

Release Information | 192

Syntax

subscribers-limit {
client-type (any | dhcp | l2tp | pppoe) {
chassis {
limit limit;
191

}
fpc slot-number {
limit limit;
pic number {
limit limit;
port number {
limit limit;
}
}
}
}
}

Hierarchy Level

[edit system services resource-monitor]

Description

Configure the maximum number of subscribers of a specified client type allowed to be logged in on the
chassis, per MPC, per MIC, and per port. When that number is reached, subsequent logins are denied
until the current number of subscribers drops below the maximum allowed.

Limit the number of subscribers allowed to log in per chassis, MPC, MIC, or port.

The remaining statements are explained separately. Search for a statement in CLI Explorer or click a
linked statement in the Syntax section for details.

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.

192

Release Information

Statement introduced in Junos OS Release 17.3R1.

RELATED DOCUMENTATION

Limiting Subscribers by Client Type and Hardware Element with Resource Monitor | 42
Resource Monitoring for Subscriber Management and Services | 34

traceoptions (Subscriber Management)

IN THIS SECTION

Syntax | 192

Hierarchy Level | 193

Description | 193

Options | 193

Required Privilege Level | 194

Release Information | 194

Syntax

traceoptions {
file filename <files number> <match regular-expression > <size maximum-file-size> <world-
readable | no-world-readable>;
flag flag;
}
193

Hierarchy Level

[edit system services subscriber-management]

Description

Define tracing operations for subscriber management interface processes.

Options

file filename—Name of the file to receive the output of the tracing operation. Enclose the filename
within quotation marks. All files are placed in the directory /var/log.

files number—(Optional) Maximum number of trace files to create before overwriting the oldest one. If
you specify a maximum number of files, you also must specify a maximum file size with the size option.

• Range: 2 through 1000

• Default: 3 files

flag flag—Tracing operation to perform. To specify more than one tracing operation, include multiple flag
statements. You can include the following flags:

• all—Trace all operations.

• database—Trace database events.

• general—Trace general events.

• issu—Trace unified ISSU events.

• server—Trace server events.

• session-db—Trace session database interactions.

• ui—Trace user interface events.

match regular-expression—(Optional) Refine the output to include lines that contain the regular expression.

no-world-readable—(Optional) Disable unrestricted file access.

194

size maximum-file-size—(Optional) Maximum size of each trace file. By default, the number entered is
treated as bytes. Alternatively, you can include a suffix to the number to indicate kilobytes (KB),
megabytes (MB), or gigabytes (GB). If you specify a maximum file size, you also must specify a maximum
number of trace files with the files option.

• Syntax: sizek to specify KB, sizem to specify MB, or sizeg to specify GB

• Range: 10240 through 1073741824

• Default: 128 KB

world-readable—(Optional) Enable unrestricted file access.

Required Privilege Level

trace—To view this statement in the configuration.

trace-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 11.1.

RELATED DOCUMENTATION

Tracing Subscriber Management Database Events for Troubleshooting | 25

traceoptions (Subscriber Session Database

Replication)

IN THIS SECTION

Syntax | 195
195

Hierarchy Level | 195

Description | 195

Options | 195

Required Privilege Level | 197

Release Information | 197

Syntax

traceoptions {
file filename <files number> <match regular-expression > <size maximum-file-size> <world-
readable | no-world-readable>;
flag flag;
no-remote-trace;
}

Hierarchy Level

[edit system services database-replication]

Description

Define tracing operations for subscriber management session database replication processes.

Options

file filename—Name of the file to receive the output of the tracing operation. Enclose the name within
quotation marks. All files are placed in the directory /var/log.
196

• Range: 2 through 1000

• Default: 3 files

flag flag—Tracing operation to perform. To specify more than one tracing operation, include multiple flag
statements. You can include the following flags:

• all—Trace all operations.

• database—Trace database events.

• general—Trace general flow.

• mirror—Trace mirroring events.

• replication—Trace database replication events.

• server—Trace server events.

• session-db—Trace session database interactions.

• ui—Trace user interface events.

match regular-expression—(Optional) Refine the output to include lines that contain the regular expression.

no-remote-trace—Disable remote tracing.

no-world-readable—(Optional) Disable unrestricted file access.

• Syntax: sizek to specify KB, sizem to specify MB, or sizeg to specify GB

• Range: 10240 through 1073741824

• Default: 128 KB

world-readable—(Optional) Enable unrestricted file access.

197

Required Privilege Level

trace—To view this statement in the configuration.

trace-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 9.3.

RELATED DOCUMENTATION

Tracing Subscriber Management Session Database Replication Events for Troubleshooting | 28

variables (Dynamic Service Profiles)

IN THIS SECTION

Syntax | 197

Hierarchy Level | 198

Description | 198

Options | 198

Required Privilege Level | 198

Release Information | 199

Syntax

variables variable-name {
default-value default-value;
equals expression;
198

mandatory;
uid;
uid-reference;
}

Hierarchy Level

[edit dynamic-profiles profile-name]

Description

Configure user-defined variables in a dynamic service profile. The values that the system uses for these
variables are provided by the RADIUS server and applied when the subscriber authenticates. You can
configure default values that are used when RADIUS does not return a value. Alternatively, you can
specify that the profile fails if RADIUS does not return a value for a variable.

NOTE: Do not use this statement in a dynamic client profile.

Options

variable-name—Name of the variable.

The remaining statements are explained separately. Search for a statement in CLI Explorer or click a
linked statement in the Syntax section for details.

Required Privilege Level

interface—To view this statement in the configuration.

interface-control—To add this statement to the configuration.

199

Release Information

Statement introduced in Junos OS Release 9.3.

RELATED DOCUMENTATION

Dynamic Variables Overview | 57

User-Defined Variables in Dynamic Profiles | 112

versioning

IN THIS SECTION

Syntax | 199

Hierarchy Level | 199

Description | 200

Required Privilege Level | 200

Release Information | 200

Syntax

versioning;

Hierarchy Level

[edit system dynamic-profile-options]

200

Description

Enable version support for dynamic profiles on the system. This means that you can create new versions
of dynamic profiles that are currently in use by subscribers. Each new version of the profile is stored as a
new profile. The profile name is in the format base-profile-name$$number, where number varies sequentially
from 01 to 10. There can be up to 10 modified versions of a base profile.

Required Privilege Level

routing—To view this statement in the configuration.

routing-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 11.4.

RELATED DOCUMENTATION

Versioning for Dynamic Profiles | 125

version-alias (Dynamic Profiles)

IN THIS SECTION

Syntax | 201

Hierarchy Level | 201

Description | 201

Options | 202

Required Privilege Level | 202

Release Information | 202

201

Syntax

version-alias version-alias-string;

Hierarchy Level

[edit dynamic-profiles profile-name]

Description

Configure an alias to identify a specific configuration variant of a base dynamic client profile. The version
alias is a text description that lets you decide how to name different profile variants, so they have an
identifier independent of the dynamic version name that is automatically created by the BNG.

The need for a version alias results from the practice of using a given base dynamic profile across
multiple BNGs in a network. When you enable dynamic versioning, you can modify the base dynamic
profile to provide specific capabilities to subscribers on different BNGs or to new subscribers on a given
BNG. Dynamic versioning assigns a version name to each new variation in the base profile.

Consequently, the version name may vary for subscribers on one BNG or across multiple BNGs. In either
case, RADIUS cannot determine which version of a profile is in use by any subscriber. This creates an
operational challenge because RADIUS is unable to return corresponding attributes and VSAs in a CoA
message that are compatible with that version of the profile.

When you configure a version alias for a dynamic client profile, the BNG sends the version alias to the
RADIUS server during authentication. It is conveyed in the Juniper Networks client-profile-name VSA
(26–4874–174). The version alias is an independent tag that enables you to track which profile
variations are in use. Because RADIUS can tell apart the different profile versions, you can normalize the
RADIUS back-end configuration for efficient use of CoA messages.

By default, the Client-Profile-Name VSA carries the name of the base dynamic profile. The version alias
string is concatenated to the end of the profile name in the VSA, like this:

client-profile-name:version-alias-string
202

Options

version-alias- String that identifies a particular version of a dynamic profile. The maximum size of
string the string is 64 bytes.

Required Privilege Level

routing—To view this statement in the configuration.

routing-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 20.2R1.

RELATED DOCUMENTATION

Versioning for Dynamic Profiles | 125

5 CHAPTER

Operational Commands

show dynamic-profile session | 204

show system resource-monitor ifd-cos-queue-mapping fpc | 211

show system resource-monitor subscribers-limit | 213

show system subscriber-management resiliency | 220

show system subscriber-management route | 231

204

show dynamic-profile session

IN THIS SECTION

Syntax | 204

Description | 204

Options | 205

Required Privilege Level | 205

Output Fields | 205

Sample Output | 206

Release Information | 210

Syntax

show dynamic-profile session

<client-id client-id>
<profile-name profile-name>
<service-id service-id>

Description

Display dynamic profile (client or service) information for all subscribers or for subscribers specified by
client ID or service session ID. You can filter the output by also specifying a dynamic profile.

NOTE:

• The output does not display the variable stanzas defined in the dynamic profile configuration.

• The variables in the profile configuration are replaced with subscriber specific values.
205

• If the conditional variable in the dynamic profile is evaluated as NULL, the subscriber value for
the variable is displayed as NONE in the command output.

• The variable is also displayed as NONE when the variable (any variable and not necessarily
conditional) in the dynamic profile has no value associated with it.

• The format in which the configuration is displayed looks similar, but not exactly the same as
the format of the show configuration dynamic-profiles command.

Options

client-id client-id Display dynamic profile information for subscribers associated with the
specified client.

profile-name profile-name (Optional) Display dynamic profile information for the specified subscriber
or service profile.

service-id service-id Display dynamic profile information for subscribers associated with the
specified service session.

Required Privilege Level

view

Output Fields

This command displays the dynamic client or service profile configuration for each subscriber.
206

Sample Output

show dynamic-profile session client-id (Client ID)

user@host>show dynamic-profile session client-id 20

pppoe {
interfaces {
pp0 {
unit 1073741831 {
ppp-options {
chap;
pap;
}
pppoe-options {
underlying-interface ge-2/0/0.0;
server;
}
family {
inet {
unnumbered-address lo0.0;
}
}
}
}
}
class-of-service {
traffic-control-profiles {
tcp1 {
scheduler-map smap1_UID1024;
shaping-rate 100m;
}
}
interfaces {
pp0 {
unit 1073741831 {
output-traffic-control-profile tcp1;
}
}
}
scheduler-maps {
smap1_UID1024 {
207

forwarding-class best-effort scheduler sch1_UID1023;

}
}
schedulers {
sch1_UID1023 {
transmit-rate percent 40;
buffer-size percent 40;
priority low;
}
}
}
}
filter-service {
interfaces {
pp0 {
unit 1073741831 {
family {
inet {
filter {
input input-filter_UID1026 precedence 50;
output output-filter_UID1027 precedence 50;
}
}
}
}
}
}
firewall {
family {
inet {
filter input-filter_UID1026 {
interface-specific;
term t1 {
then {
policer policer1_UID1025;
service-accounting;
}
}
term rest {
then accept;
}
}
filter output-filter_UID1027 {
208

interface-specific;
term rest {
then accept;
}
}
}
}
policer policer1_UID1025 {
if-exceeding {
bandwidth-limit 1m;
burst-size-limit 15k;
}
then discard;
}
}
}
cos-service {
class-of-service {
scheduler-maps {
smap2_UID1029 {
forwarding-class assured-forwarding scheduler sch2_UID1028;
}
}
schedulers {
sch2_UID1028 {
transmit-rate percent 60;
buffer-size percent 60;
priority high;
}
}
}
}

show dynamic-profile session client-id profile-name (Client ID and Dynamic Profile)

user@host>show dynamic-profile session client-id 20 profile-name cos-service

cos-service {
class-of-service {
scheduler-maps {
smap2_UID1029 {
forwarding-class assured-forwarding scheduler sch2_UID1028;
209

}
}
schedulers {
sch2_UID1028 {
transmit-rate percent 60;
buffer-size percent 60;
priority high;
}
}
}
}

show dynamic-profile session service-id (Service Session)

user@host>show dynamic-profile session service-id 21

filter-service {
interfaces {
pp0 {
unit 1073741831 {
family {
inet {
filter {
input input-filter_UID1026 precedence 50;
output output-filter_UID1027 precedence 50;
}
}
}
}
}
}
firewall {
family {
inet {
filter input-filter_UID1026 {
interface-specific;
term t1 {
then {
policer policer1_UID1025;
service-accounting;
}
210

}
term rest {
then accept;
}
}
filter output-filter_UID1027 {
interface-specific;
term rest {
then accept;
}
}
}
}
policer policer1_UID1025 {
if-exceeding {
bandwidth-limit 1m;
burst-size-limit 15k;
}
then discard;
}
}
}

Release Information

Command introduced in Junos OS Release 13.3.

211

show system resource-monitor ifd-cos-queue-

mapping fpc

IN THIS SECTION

Syntax | 211

Description | 211

Options | 211

Required Privilege Level | 212

Output Fields | 212

Sample Output | 212

Release Information | 213

Syntax

show system resource-monitor ifd-cos-queue-mapping fpc slot-number

Description

Display the scheduler usage of each Packet Forwarding Engine and the mapping of scheduler blocks to
CoS-capable physical interface (IFDs).

Options

slot-number Display the Junos OS utilization information of memory resources for the specified slot
number in which the FPC is installed.
212

Required Privilege Level

view

Output Fields

Table 11 on page 212 lists the output fields for the show system resource-monitor ifd-cos-queue-mapping fpc
command. Output fields are listed in the approximate order in which they appear.

Table 11: show system resource-monitor ifd-cos-queue-mapping fpc Output Fields

Field Field Description

PFE # Number or identifier of the Packet Forwarding Engine in the specified line-card slot.

Scheduler Block # Scheduler block identifier. For each Packet Forwarding Engine there are multiple schedulers.

used Scheduler queues used.

% Percentage of queue resource used.

Devices List of physical interfaces that map the scheduler.

Sample Output

show system resource-monitor ifd-cos-queue-mapping fpc

user@host> show system resource-monitor ifd-cos-queue-mapping fpc 0

PFE # Scheduler Block # used % Devices
0 0 13142 10 ge-1/0/0, ge-1/0/1, ge-1/0/2,
ge-1/0/3, ..
ge-1/0/8, si-1/0/0, …
0 1 13142 10 ge-1/1/0, ge-1/1/1, ge-1/1/2,
213

ge-1/1/3, ..
ge-1/1/8
1 0 24058 18 ge-1/2/0, …
1 1 24058 18 ge-1/3/0, …

Release Information

Command introduced in Junos OS Release 17.4R1.

RELATED DOCUMENTATION

Resource Monitoring for Subscriber Management and Services Overview | 34

show system resource-monitor fpc
show system resource-monitor subscribers-limit | 213

show system resource-monitor subscribers-limit

IN THIS SECTION

Syntax | 214

Description | 214

Options | 214

Required Privilege Level | 214

Output Fields | 215

Sample Output | 215

Release Information | 220

214

Syntax

show system resource-monitor subscribers-limit

Description

Display information about subscriber limits for the specified hardware element, chassis, MPC, MIC, or
port by client type. Shows the configured limit, the number of subscribers of the type currently logged
in, and the number of subscribers that have been denied login because the limit has been reached. Use
the extensive option to display information for the specified element and all subordinate elements that
have a configured subscriber limit.

Options

extensive (Optional) Display information for the specified hardware element and all subordinate
elements that have a configured subscriber limit.

chassis (Optional) Subscriber limit statistics for the chassis.

fpc slot-number (Optional) Subscriber limit statistics for MPC in the specified slot.

pic number (Optional) Subscriber limit statistics for the specified MIC.

port number (Optional) Subscriber limit statistics for the specified port.

Required Privilege Level

Output Fields

Table 12 on page 215 lists the output fields for the show system resource-monitor subscribers-limit
command. Output fields are listed in the approximate order in which they appear.

Table 12: show system resource-monitor subscribers-limit Output Fields

Field Name Field Description Level of Output

fpc, pic, port Hardware element on which a maximum All levels

subscriber limit is configured. fpc corresponds
to MPC. pic corresponds to MIC.

Client-type Type of client for which a maximum All levels

subscriber limit is configured on the specified
hardware element: ANY, DHCP, L2TP, or PPPoE.

Configured Maximum number of subscribers that can be All levels

limit logged in for the client type.

Current Current number of subscribers that can log in All levels

count for the client type.

Denied count Number of subscribers for the client type that All levels
have been denied login because the maximum
subscriber limit has been reached.

Sample Output

show system resource-monitor subscribers-limit (Chassis)

user@host> show system resource-monitor subscribers-limit chassis

Client-type : pppoe
Configured limit : 0
Current count : 1
Denied count : 0
216

Client-type : any
Configured limit : 0
Current count : 1
Denied count : 0

show system resource-monitor subscribers-limit (Chassis Extensive)

user@host> show system resource-monitor subscribers-limit chassis extensive

Client-type : pppoe
Configured limit : 0
Current count : 1
Denied count : 0

Client-type : any
Configured limit : 0
Current count : 1
Denied count : 0

fpc : 1
Client-type : pppoe
Configured limit : 0
Current count : 1
Denied count : 0

Client-type : any
Configured limit : 0
Current count : 1
Denied count : 0

pic : 2
Client-type : pppoe
Configured limit : 0
Current count : 1
Denied count : 0

Client-type : any
Configured limit : 0
Current count : 1
Denied count : 0
217

port : 0
Client-type : pppoe
Configured limit : 0
Current count : 1
Denied count : 0

Client-type : any
Configured limit : 0
Current count : 1
Denied count : 0

show system resource-monitor subscribers-limit (MPC)

user@host> show system resource-monitor subscribers-limit fpc 1

Client-type : pppoe
Configured limit : 0
Current count : 1
Denied count : 0

Client-type : any
Configured limit : 0
Current count : 1
Denied count : 0

show system resource-monitor subscribers-limit (MPC Extensive)

user@host> show system resource-monitor subscribers-limit fpc 1 extensive

Client-type : pppoe
Configured limit : 0
Current count : 1
Denied count : 0

Client-type : any
Configured limit : 0
Current count : 1
Denied count : 0

pic : 2
Client-type : pppoe
Configured limit : 0
218

Current count : 1
Denied count : 0

Client-type : any
Configured limit : 0
Current count : 1
Denied count : 0

port : 0
Client-type : pppoe
Configured limit : 0
Current count : 1
Denied count : 0

Client-type : any
Configured limit : 0
Current count : 1
Denied count : 0

show system resource-monitor subscribers-limit (MIC)

user@host> show system resource-monitor subscribers-limit fpc 1 pic 2

Client-type : pppoe
Configured limit : 0
Current count : 1
Denied count : 0

Client-type : any
Configured limit : 0
Current count : 1
Denied count : 0

show system resource-monitor subscribers-limit (MIC Extensive)

user@host> show system resource-monitor subscribers-limit fpc 1 pic 2 extensive

Client-type : pppoe
Configured limit : 0
Current count : 1
Denied count : 0
219

Client-type : any
Configured limit : 0
Current count : 1
Denied count : 0

port : 0
Client-type : pppoe
Configured limit : 0
Current count : 1
Denied count : 0

Client-type : any
Configured limit : 0
Current count : 1
Denied count : 0

show system resource-monitor subscribers-limit (Port)

user@host> show system resource-monitor subscribers-limit fpc 1 pic 2 port 0

Client-type : pppoe
Configured limit : 0
Current count : 1
Denied count : 0

Client-type : any
Configured limit : 0
Current count : 1
Denied count : 0

show system resource-monitor subscribers-limit (Port Extensive)

user@host> show system resource-monitor subscribers-limit fpc 1 pic 2 port 0 extensive

Client-type : pppoe
Configured limit : 0
Current count : 1
Denied count : 0

Client-type : any
Configured limit : 0
220

Current count : 1
Denied count : 0

Release Information

Command introduced in Junos OS 17.3R1.

RELATED DOCUMENTATION

Limiting Subscribers by Client Type and Hardware Element with Resource Monitor | 42
show system resource-monitor fpc
show system resource-monitor ifd-cos-queue-mapping fpc | 211

show system subscriber-management resiliency

IN THIS SECTION

Syntax | 220

Description | 221

Options | 221

Required Privilege Level | 221

Output Fields | 221

Sample Output | 224

Release Information | 231

Syntax

show system subscriber-management resiliency

<detail>
221

Description

Display information that indicates the health and relationship of session database replication between
the primary and standby Routing Engines.

Options

detail (Optional) Displays brief information about the shared memory state for the primary and
standby Routing Engines.

extensive (Optional) Displays very detailed statistics for the SDB components in shared memory for
the primary and standby Routing Engines, enabling you to evaluate the state of replication
between the two.

summary (Optional) Displays only an indication of whether the system is okay (replication is normal) or
has some unexpected condition.

Required Privilege Level

system

Output Fields

Table 13 on page 222 lists the output fields for the show system subscriber-management resiliency command.
Output fields are listed in the approximate order in which they appear.
222

Table 13: show system subscriber-management resiliency Output

Field Name Field Description Level

Overall Status Indicates the condition of the system: summary

• Ok—The system is functioning normally.

• Not-Ok—An unexpected condition has been discovered. This status may

require investigation by the Juniper Networks Technical Assistance Center
(JTAC) to confirm whether anything is wrong and the root cause of the
status.

shared memory type One of the following types of shared memory objects: detail

• mmap—Memory-mapped file that stores the hash or entry data for an MMDB.

• mmap Database (MMDB)–Memory-mapped database that uses memory-mapped

files to store the MMDB hash and entry data. Each MMDB typically stores a
type of statistic, such as statistics related logical interfaces, logical interface
sets, or subscribers.

• Shared Memory Segment—An operating system object that is a chunk of

contiguous shared memory.

Total—Number of memory objects of all types.

count Number of shared memory instances of a type. detail

mapped bytes Number of bytes mapped into process space. detail

mmfs Memory-mapped file information. extensive

Name File path including the filename of the shared memory object. extensive

For MMFs, the filename is the name of its associated MMDB and a suffix to
indicate whether it stores hash or data.

For MMDBs, the filename indicates the type of statistics stored in the database.

Current Bytes Current total size of the shared memory object. extensive
223

Table 13: show system subscriber-management resiliency Output (Continued)

Field Name Field Description Level

Maximum Bytes Maximum size of the shared memory object. extensive

Mapped Bytes Number of bytes mapped into process space. extensive

Lock Count Number of times the shared memory object has been locked by a global, inter- extensive
process lock.

Contention Count Number of times that a process or thread object waited to lock a shared extensive
memory object because a different process or thread already has the lock. This
is a global, inter-process lock.

Lock Wait Secs How long a process or thread taking a global, inter-process lock waited because extensive
a different process or thread already had the lock.

mmap Count Number of times that parts of the overall memory mapped data have been extensive
mapped.

Shared Memory Information about the shared memory segments; each segment is a chunk of extensive
Segments contiguous shared memory.

Size in Bytes Number of bytes in the shared memory segment. extensive

MMDBs Information about the memory-mapped file databases that use memory- extensive
mapped files to store data (typically statistics associated with interfaces and
subscribers).

Hash Entries Number of different hash entries a key could be hashed to in this table. extensive

PLock Count Number of times the MMDB shared memory object has been locked by a extensive
process-level, intra-process lock.
224

Table 13: show system subscriber-management resiliency Output (Continued)

Field Name Field Description Level

PLock Contention Number of times that a process or thread object waited to lock a shared extensive
Count memory object because a different process or thread already has the lock. This
is a process-level, intra-process lock.

PLock Wait Secs How long a process or thread taking a process-level, intra-process lock waited extensive
because a different process or thread already had the lock.

Sample Output

show system subscriber-management resiliency (Summary)

user@host> show system subscriber-management resiliency summary

Overall Status: Ok

show system subscriber-management resiliency (Detail)

user@host> show system subscriber-management resiliency detail

Master:
shared memory type count mapped bytes
mmap 43 195027200
mmap Database (MMDB) 9 (in mmap)
Shared Memory Segment 6 39163504
Total 58 234190704

Standby:
shared memory type count mapped bytes
mmap 41 192930048
mmap Database (MMDB) 9 (in mmap)
Shared Memory Segment 6 39163504
Total 56 232093552
225

show system subscriber-management resiliency (Extensive)

user@host> show system subscriber-management resiliency extensive

Master:

mmfs:
Name Current Bytes Maximum Bytes
Mapped bytes Lock Count Lock Contention Count Lock Wait Secs mmap Count
/mfs/var/smm_accounting-stats-db_hash 15736832
15736832 15736832 17 0 0.000000 0
/mfs/var/smm_accounting-stats-db_data 1139015680
9112125440 2097152 17 0 0.000000 18
/mfs/var/mmcq/mmdb_rep_mmcq 1048576
104857600 1048576 25 1 0.011021 0
/mfs/var/smm_accounting-ifl-db_hash 28672
28672 28672 17 0 0.000000 0
/mfs/var/smm_accounting-ifl-db_data 33554432
536870912 4194304 17 0 0.000000 18
/mfs/var/smm_accounting-iflset-db_hash 28672
28672 28672 17 0 0.000000 0
/mfs/var/smm_accounting-iflset-db_data 33554432
536870912 4194304 17 0 0.000000 18
/mfs/var/sdb/shmem/sdb.head 7680256
7680256 7680256 384006 0 0.000000 0
/mfs/var/sdb/shmem/sdb.lts.data 1620049920
8589934592 20971520 41 0 0.000000 60
/mfs/var/sdb/shmem/sdb_sts_data 51216384
51216384 51216384 20012 0 0.000000 0
/mfs/var/sdb/shmem/sdb_intf.db 409600
409600 409600 0 0 0.000000 0
/mfs/var/sdb/shmem/subscriber_hash 2408448
2408448 2408448 21 0 0.000000 0
/mfs/var/sdb/shmem/subscriber_data 33554432
536870912 2097152 22 0 0.000000 22
/mfs/var/sdb/shmem/service_hash 2408448
2408448 2408448 21 0 0.000000 0
/mfs/var/sdb/shmem/service_data 33554432
536870912 2097152 22 0 0.000000 22
/mfs/var/sdb/shmem/interface_hash 28672
28672 28672 21 0 0.000000 0
/mfs/var/sdb/shmem/interface_data 33554432
536870912 4194304 109 0 0.000000 22
226

/mfs/var/sdb/shmem/interface_set_hash 28672
28672 28672 21 0 0.000000 0
/mfs/var/sdb/shmem/interface_set_data 33554432
536870912 4194304 22 0 0.000000 22
/mfs/var/sdb/shmem/mobile_subs_location_hash 1208320
1208320 1208320 21 0 0.000000 0
/mfs/var/sdb/shmem/mobile_subs_location_data 33554432
536870912 2097152 22 0 0.000000 22
/mfs/var/sdb/shmem/mobile_subscriber_hash 1208320
1208320 1208320 21 0 0.000000 0
/mfs/var/sdb/shmem/mobile_subscriber_data 33554432
536870912 2097152 21 0 0.000000 22
/mfs/var/mmq/mmq_queue 126976
126976 126976 5 0 0.000000 0
/mfs/var/mmq/mmq_heap 5120000
5120000 5120000 4 0 0.000000 0
/mfs/var/mmcq/sdb_bbe_mmcq 25165824
318767104 25165824 21 0 0.000000 0
/mfs/var/mmcq/authdRxQueue 1048576
20971520 1048576 6 0 0.000000 0
/mfs/var/mmcq/pppdRxQueue 1048576
20971520 1048576 4 0 0.000000 0
/mfs/var/mmcq/bbeStatsdGetCollector 1048576
20971520 1048576 16 0 0.000000 0
/mfs/var/mmdb/mmdb_ack_registry 8192
8192 8192 141 0 0.000000 0
/mfs/var/mmcq/mmdb_ackq_bbe-statsd 1048576
67108864 1048576 2 0 0.000000 0
/mfs/var/mmcq/jdchpdAccountingClientApp 1048576
20971520 1048576 2 0 0.000000 0
/mfs/var/ss/domain.0.data 16777216
2147483648 4194304 262 0 0.000000 18
/mfs/var/tmp/bbe_throttle_control 8192
8192 8192 7 0 0.000000 0
/mfs/var/mmcq/statsPluginGCClient 1048576
20971520 1048576 2 0 0.000000 0
/mfs/var/sdb/shmem/sdb_reg_info 8192
8192 8192 2 0 0.000000 0
/mfs/var/mmcq/sdb_reg_q_bbe-statsd 16777216
16777216 16777216 2 0 0.000000 0
/mfs/var/mmcq/jl2tpdCliRxQ 1048576
20971520 1048576 2 0 0.000000 0
/mfs/var/mmcq/jl2tpdSnmpRxQ 1048576
227

20971520 1048576 2 0 0.000000 0

/mfs/var/mmcq/authd 1048576
20971520 1048576 2 0 0.000000 0
/mfs/var/mmcq/jpppdAccountingClientApp 1048576
20971520 1048576 2 0 0.000000 0
/mfs/var/mmcq/mmdb_mmcq_0 1048576
104857600 1048576 42 0 0.000000 0
/mfs/var/ss/domain.0 409600
4294967295 409600 6400000 3037 0.002642 0

Shared Memory Segments:

Name Size in Bytes
/mfs/var/shmlog/shmlog 39071744
sdb_rsmon_shared_memory 22536
sdb_rsmon_ae_table 4096
sdb_rsmon_ps_table 60008
sdb_rsmon_rlt_table 1024
sdb_bbe_rep_mailbox 4096

MMDBs:
Name Hash Entries Lock Count
Lock Contention Count Lock Wait Secs PLock Count PLock Contention Count PLock Wait Secs
/mfs/var/smm_accounting-stats-db 655360
7208990 0 0.000000 1966111 0
0.000000
/mfs/var/smm_accounting-ifl-db 1000
11024 0 0.000000 3025 0
0.000000
/mfs/var/smm_accounting-iflset-db 1000
11024 0 0.000000 3025 0
0.000000
/mfs/var/sdb/shmem/subscriber 100000
1400010 2 0.043705 400012 0
0.000000
/mfs/var/sdb/shmem/service 100000
1400010 0 0.000000 400012 0
0.000000
/mfs/var/sdb/shmem/interface 1000
14430 0 0.000000 4427 0
0.000000
/mfs/var/sdb/shmem/interface_set 1000
14010 0 0.000000 4012 0
0.000000
228

/mfs/var/sdb/shmem/mobile_subs_location 50000
700018 0 0.000000 200020 0
0.000000
/mfs/var/sdb/shmem/mobile_subscriber 50000
700010 0 0.000000 200012 0
0.000000

Total Mapped Bytes 234190704

Standby:

mmfs:
Name Current Bytes Maxiumum Bytes
Mapped bytes Lock Count Lock Contention Count Lock Wait Secs mmap Count
/mfs/var/smm_accounting-stats-db_hash 15736832
15736832 15736832 13 0 0.000000 0
/mfs/var/smm_accounting-stats-db_data 1139015680
9112125440 2097152 13 0 0.000000 14
/mfs/var/mmcq/mmdb_rep_mmcq 1048576
104857600 1048576 15 0 0.000000 0
/mfs/var/smm_accounting-ifl-db_hash 28672
28672 28672 13 0 0.000000 0
/mfs/var/smm_accounting-ifl-db_data 33554432
536870912 4194304 13 0 0.000000 14
/mfs/var/smm_accounting-iflset-db_hash 28672
28672 28672 13 0 0.000000 0
/mfs/var/smm_accounting-iflset-db_data 33554432
536870912 4194304 13 0 0.000000 14
/mfs/var/sdb/shmem/sdb.head 7680256
7680256 7680256 384005 0 0.000000 0
/mfs/var/sdb/shmem/sdb.lts.data 1620049920
8589934592 20971520 11 0 0.000000 20
/mfs/var/sdb/shmem/sdb_sts_data 51216384
51216384 51216384 17510 0 0.000000 0
/mfs/var/sdb/shmem/sdb_intf.db 409600
409600 409600 0 0 0.000000 0
/mfs/var/sdb/shmem/subscriber_hash 2408448
2408448 2408448 5 0 0.000000 0
/mfs/var/sdb/shmem/subscriber_data 33554432
536870912 2097152 4 0 0.000000 6
/mfs/var/sdb/shmem/service_hash 2408448
2408448 2408448 5 0 0.000000 0
/mfs/var/sdb/shmem/service_data 33554432
229

536870912 2097152 4 0 0.000000 6

/mfs/var/sdb/shmem/interface_hash 28672
28672 28672 5 0 0.000000 0
/mfs/var/sdb/shmem/interface_data 33554432
536870912 4194304 4 0 0.000000 6
/mfs/var/sdb/shmem/interface_set_hash 28672
28672 28672 5 0 0.000000 0
/mfs/var/sdb/shmem/interface_set_data 33554432
536870912 4194304 4 0 0.000000 6
/mfs/var/sdb/shmem/mobile_subs_location_hash 1208320
1208320 1208320 5 0 0.000000 0
/mfs/var/sdb/shmem/mobile_subs_location_data 33554432
536870912 2097152 4 0 0.000000 6
/mfs/var/sdb/shmem/mobile_subscriber_hash 1208320
1208320 1208320 5 0 0.000000 0
/mfs/var/sdb/shmem/mobile_subscriber_data 33554432
536870912 2097152 4 0 0.000000 6
/mfs/var/mmq/mmq_queue 126976
126976 126976 4 0 0.000000 0
/mfs/var/mmq/mmq_heap 5120000
5120000 5120000 3 0 0.000000 0
/mfs/var/mmcq/sdb_bbe_mmcq 25165824
318767104 25165824 11 0 0.000000 0
/mfs/var/mmcq/authdRxQueue 1048576
20971520 1048576 6 0 0.000000 0
/mfs/var/mmcq/pppdRxQueue 1048576
20971520 1048576 2 0 0.000000 0
/mfs/var/mmcq/bbeStatsdGetCollector 1048576
20971520 1048576 14 0 0.000000 0
/mfs/var/mmdb/mmdb_ack_registry 8192
8192 8192 2 0 0.000000 0
/mfs/var/mmcq/mmdb_ackq_bbe-statsd 1048576
67108864 1048576 2 0 0.000000 0
/mfs/var/mmcq/jdchpdAccountingClientApp 1048576
20971520 1048576 2 0 0.000000 0
/mfs/var/ss/domain.0.data 16777216
2147483648 4194304 261 0 0.000000 16
/mfs/var/tmp/bbe_throttle_control 8192
8192 8192 6 0 0.000000 0
/mfs/var/mmcq/statsPluginGCClient 1048576
20971520 1048576 2 0 0.000000 0
/mfs/var/sdb/shmem/sdb_reg_info 8192
8192 8192 2 0 0.000000 0
230

/mfs/var/mmcq/sdb_reg_q_bbe-statsd 16777216
16777216 16777216 2 0 0.000000 0
/mfs/var/mmcq/jl2tpdCliRxQ 1048576
20971520 1048576 2 0 0.000000 0
/mfs/var/mmcq/jl2tpdSnmpRxQ 1048576
20971520 1048576 2 0 0.000000 0
/mfs/var/mmcq/authd 1048576
20971520 1048576 2 0 0.000000 0
/mfs/var/ss/domain.0 409600
4294967295 409600 8000000 4044 0.002962 0

Shared Memory Segments:

Name Size in Bytes
/mfs/var/shmlog/shmlog 39071744
sdb_rsmon_shared_memory 22536
sdb_rsmon_ae_table 4096
sdb_rsmon_ps_table 60008
sdb_rsmon_rlt_table 1024
sdb_bbe_rep_mailbox 4096

MMDBs:
Name Hash Entries Lock Count
Lock Contention Count Lock Wait Secs PLock Count PLock Contention Count PLock Wait Secs
/mfs/var/smm_accounting-stats-db 655360
5898264 0 0.000000 1966105 0
0.000000
/mfs/var/smm_accounting-ifl-db 1000
9020 0 0.000000 3021 0
0.000000
/mfs/var/smm_accounting-iflset-db 1000
9020 0 0.000000 3021 0
0.000000
/mfs/var/sdb/shmem/subscriber 100000
300002 0 0.000000 100003 0
0.000000
/mfs/var/sdb/shmem/service 100000
300002 0 0.000000 100003 0
0.000000
/mfs/var/sdb/shmem/interface 1000
3002 0 0.000000 1003 0
0.000000
/mfs/var/sdb/shmem/interface_set 1000
3002 0 0.000000 1003 0
231

0.000000
/mfs/var/sdb/shmem/mobile_subs_location 50000
150002 0 0.000000 50003 0
0.000000
/mfs/var/sdb/shmem/mobile_subscriber 50000
150002 0 0.000000 50003 0
0.000000

Total Mapped Bytes 232093552

Release Information

Command introduced in Junos OS Release 19.1R1.

RELATED DOCUMENTATION

Junos OS Enhanced Subscriber Management | 9

show system subscriber-management route

IN THIS SECTION

Syntax | 232

Description | 232

Options | 232

Required Privilege Level | 233

Output Fields | 233

Sample Output | 235

Release Information | 238

232

Syntax

show system subscriber-management route

Description

Display information about how routes are mapped to specific enhanced subscriber management
interfaces. You can customize the output by including one or more optional filters in the command. With
the exception of the summary option, all filter options can be combined in a single command.

Options

family family (Optional) Display route mapping information for the specified protocol family: inet
(IPv4) or inet6 (IPv6).

incomplete (Optional) Display route mapping information for incomplete routes that are
missing elements required to add the routes to the routing table.

level (brief | detail) (Optional) Display the specified level of output: brief or detail.

next-hop index (Optional) Display the next hop associated with the route entry with the specified
next-hop index, in the range 1 through 65535.

prefix address (Optional) Use the same prefix and prefix length as the subscriber host address.
Output includes attributes that originate in the Famed-Route record of an
upstream RADIUS server (Tag, Metric, Preference).
233

route-type type (Optional) Display route mapping information for the specified route type: access,
access-internal, kernel, or local.

routing-instance (Optional) Display route mapping information for the specified routing-instance
name
rrt-index index (Optional) Display mapping information for the specified routing table index, in the
range 0 through 65535. An rtt-index value of 0 (zero) denotes routes in the default
routing table managed by enhanced subscriber management.

summary (Optional) Display summary information about the routes managed by enhanced
subscriber management.

Required Privilege Level

view

Output Fields

Table 14 on page 233 lists the output fields for the show system subscriber-management route command.
Output fields are listed in the approximate order in which they appear.

Table 14: show system subscriber-management route Output Fields

Field Name Field Description Level of Output

address IPv4 or IPv6 address associated with the route entry. All levels

Route Type One of the following route types: All levels

• Access

• Access-internal

• Framed

• Kernel

• Local
234

Table 14: show system subscriber-management route Output Fields (Continued)

Field Name Field Description Level of Output

Interface Name of the enhanced subscriber management interface All levels

associated with the route entry.

Next-hop Next-hop associated with the route entry. All levels

Tag Reflects the Tag attribute used in the RADIUS Framed-Route All levels
type record.

Metric Reflects the Metric attribute used in the RADIUS Framed-Route All levels
type record.

Preference Reflects the Preference attribute used in the RADIUS Framed- All levels
Route type record.

Rtt-index Value of the routing table index. A value of 0 (zero) denotes a detail
route in the default routing table managed by enhanced
subscriber management.

Bbe index Value of the interface index for the control plane. detail

Flow id Value of the route object index. detail

Reference Count Used for internal accounting. detail

Dirty Flags Used for internal accounting. detail

Flags Used for internal accounting. detail

Family One of the following protocol families: detail

• AF_INET—IPv4

• AF_INET6—IPv6
235

Sample Output

show system subscriber-management route prefix <address>

rtt-index 0

user@host> show system subscriber-management route prefix 10.10.0.1/32

Route: 10.10.0.1/32
Routing-instance: default:default
Kernel rt-table id : 0
Family: AF_INET
Route Type: Framed
Protocol Type: Unspecified
Interface: pp0.3221225491
Interface index: 26
Internal Interface index: 26
Route index: 20
Next-Hop: 684
Tag: 9999
Metric: 56
Preference: 10
Reference-count: 1
L2 Address: 00:00:5e:00:53:0b
Flags: 0x0
Dirty Flags: 0x0

show system subscriber-management route family route-type rtt-index level brief

The following example displays abbreviated information about IPv6 access routes in the default routing
table (rtt-index 0) managed by enhanced subscriber management.

user@host> show system subscriber-management route family inet6 route-type access rtt-index 0
level brief
2001:db8::/64
Route Type: Access
Interface: pp0.3221225479, Next-hop:721
2001:db8:0:0:1::/64
Route Type: Access
Interface: pp0.3221225477, Next-hop:721
2001:db8:0:0:2::/64
236

Route Type: Access

Interface: pp0.3221225478, Next-hop:721
2001:db8:0:0:3::/64
Route Type: Access
Interface: pp0.3221225480, Next-hop:721
2001:db8:0:0:4::/64
Route Type: Access
Interface: pp0.3221225481, Next-hop:721
2001:db8:2002::/84
Route Type: Access
Interface: demux0.3221225492, Next-hop:721
2001:db8:0:0:5::/64
Route Type: Access
Interface: pp0.3221225487, Next-hop:721
2001:db8:0:0:6::/64
Route Type: Access

show system subscriber-management route family route-type rtt-index level detail

The following example displays detailed information about IPv6 access routes in the default routing
table (rtt-index 0) managed by enhanced subscriber management.

user@host> show system subscriber-management route family inet6 route-type access rtt-index 0
level detail
2001:db8::/64
Route Type: Access
Interface: pp0.3221225479
Next-hop: 721
Rtt-index: 0
Bbe index: 9
Flow id: 1
Reference Count: 1
Dirty Flags: 0
Flags: 0x10082
Family: AF_INET6
2001:db8:0:0:1::/64
Route Type: Access
Interface: pp0.3221225477
Next-hop: 721
Rtt-index: 0
Bbe index: 9
237

Flow id: 1
Reference Count: 1
Dirty Flags: 0
Flags: 0x10082
Family: AF_INET6
2001:db8:0:0:2::/64
Route Type: Access
Interface: pp0.3221225478
Next-hop: 721
Rtt-index: 0
Bbe index: 9
Flow id: 1
Reference Count: 1
Dirty Flags: 0
Flags: 0x10082
Family: AF_INET6
2001:db8:0:0:3::/64
Route Type: Access
Interface: pp0.3221225480
Next-hop: 721
Rtt-index: 0
Bbe index: 9
Flow id: 1
Reference Count: 1
Dirty Flags: 0
Flags: 0x10082
Family: AF_INET6

show system subscriber-management route family route-type rtt-index level brief

The following example displays abbreviated information about IPv6 access routes in the default routing
table (rtt-index 0) managed by enhanced subscriber management.

2001:db8:0:0:2::/64
Route Type: Access
Interface: pp0.3221225478, Next-hop:721
2001:db8:0:0:3::/64
Route Type: Access
Interface: pp0.3221225480, Next-hop:721
2001:db8:0:0:4::/64
Route Type: Access
Interface: pp0.3221225481, Next-hop:721
2001:db8:2002::/84
Route Type: Access
Interface: demux0.3221225492, Next-hop:721
2001:db8:0:0:5::/64
Route Type: Access
Interface: pp0.3221225487, Next-hop:721
2001:db8:0:0:6::/64
Route Type: Access

Release Information

Command introduced in Junos OS Release 15.1R3.

Support for passing Framed-Route attributes from a RADIUS server to the router was added in Junos
OS Release 17.2 on MX Series routers for enhanced subscriber management. This allows the tagged
subscriber host routes to be imported to the routing table and advertised by BGP.

RELATED DOCUMENTATION

Verifying and Managing Junos OS Enhanced Subscriber Management | 22

Subscriber MGMT Getting Startedddd
No ratings yet
Subscriber MGMT Getting Startedddd
138 pages
Subscriber MGMT Getting Started
No ratings yet
Subscriber MGMT Getting Started
114 pages
Config Guide Subscriber Access
No ratings yet
Config Guide Subscriber Access
2,338 pages
Fast Lane - JP-DJSM
No ratings yet
Fast Lane - JP-DJSM
3 pages
DO DynamicSubscriberMgmt
No ratings yet
DO DynamicSubscriberMgmt
110 pages
Subscriber MGMT Services
No ratings yet
Subscriber MGMT Services
785 pages
DO SBR CoA
No ratings yet
DO SBR CoA
80 pages
Triple Play For Subscriber Services Feature Guide - 13.3
No ratings yet
Triple Play For Subscriber Services Feature Guide - 13.3
374 pages
Layer 2 Wholesale For Subscriber Services Feature Guide - 13.3
No ratings yet
Layer 2 Wholesale For Subscriber Services Feature Guide - 13.3
228 pages
PPPoE Layer 3 Wholesale For Subscriber Services Feature Guide - 13.3
No ratings yet
PPPoE Layer 3 Wholesale For Subscriber Services Feature Guide - 13.3
196 pages
Junos Os SNMP Best Practices
No ratings yet
Junos Os SNMP Best Practices
26 pages
Subscriber MGMT Vlan Interface
No ratings yet
Subscriber MGMT Vlan Interface
1,136 pages
Guaranteed Minimum Bandwidth (GMB)
No ratings yet
Guaranteed Minimum Bandwidth (GMB)
2 pages
Junos OS Network Management Admin Guide
No ratings yet
Junos OS Network Management Admin Guide
922 pages
Cisco MDS 9000 Security Guide
No ratings yet
Cisco MDS 9000 Security Guide
314 pages
Kpi Juniper Appliances Network-Management PDF
No ratings yet
Kpi Juniper Appliances Network-Management PDF
1,002 pages
Juniper MX Sub MGMT
100% (1)
Juniper MX Sub MGMT
249 pages
Juniper Book-Swconfigip-Services
No ratings yet
Juniper Book-Swconfigip-Services
404 pages
RK TCB Messaging 2011 1 0
No ratings yet
RK TCB Messaging 2011 1 0
142 pages
Junos Space Security Director
No ratings yet
Junos Space Security Director
346 pages
Junos Getting Started
No ratings yet
Junos Getting Started
68 pages
Swcmdref Basics Services PDF
No ratings yet
Swcmdref Basics Services PDF
2,136 pages
Juniper SNMP
No ratings yet
Juniper SNMP
3 pages
DHCP Implementation Guide - 0.1
No ratings yet
DHCP Implementation Guide - 0.1
18 pages
ESM Basics
No ratings yet
ESM Basics
48 pages
Junos Release Notes 17.3
No ratings yet
Junos Release Notes 17.3
204 pages
Broadband Subscriber Services Feature Guide - 14.2
No ratings yet
Broadband Subscriber Services Feature Guide - 14.2
856 pages
NS TrafficMgmt Guide PDF
No ratings yet
NS TrafficMgmt Guide PDF
770 pages
RADIUS Configuration Guide
No ratings yet
RADIUS Configuration Guide
188 pages
Access Privilege PDF
No ratings yet
Access Privilege PDF
206 pages
Junos Service Interface Configuration Guide
No ratings yet
Junos Service Interface Configuration Guide
1,484 pages
IJOS-12.e SG
No ratings yet
IJOS-12.e SG
262 pages
User Access
No ratings yet
User Access
1,121 pages
Getting Started Guide For Junos OS
No ratings yet
Getting Started Guide For Junos OS
72 pages
Getting Started Guide For Junos OS
No ratings yet
Getting Started Guide For Junos OS
72 pages
Multimedia Messaging Service Center (MMSC) III
No ratings yet
Multimedia Messaging Service Center (MMSC) III
11 pages
Alcatel-Lucent 7750: Service Router - Release 13.0.R4
No ratings yet
Alcatel-Lucent 7750: Service Router - Release 13.0.R4
244 pages
NS TrafficMgmt Guide
100% (1)
NS TrafficMgmt Guide
798 pages
TIB Ems 8.6.0 Users Guide
No ratings yet
TIB Ems 8.6.0 Users Guide
402 pages
MongoDB MMS
No ratings yet
MongoDB MMS
135 pages
Day One - SRX
No ratings yet
Day One - SRX
110 pages
Day One: Deploying SRX Series Services Gateways
No ratings yet
Day One: Deploying SRX Series Services Gateways
110 pages
Junos Release Notes 15.1r5
No ratings yet
Junos Release Notes 15.1r5
357 pages
Junos Release Notes 18.4
No ratings yet
Junos Release Notes 18.4
216 pages
Resource Manager Guide
No ratings yet
Resource Manager Guide
118 pages
Junos Ipv6 Dualstack
No ratings yet
Junos Ipv6 Dualstack
1,239 pages
RADIUS Interface
No ratings yet
RADIUS Interface
96 pages
Juniper Docs
No ratings yet
Juniper Docs
274 pages
Security Application Identification
No ratings yet
Security Application Identification
498 pages
Junos OS: Administration Guide For Security Devices
No ratings yet
Junos OS: Administration Guide For Security Devices
788 pages
V1 - 7750 SR Os Radius Attributes Reference Guide 12.0R1
No ratings yet
V1 - 7750 SR Os Radius Attributes Reference Guide 12.0R1
212 pages
Python Training
No ratings yet
Python Training
15 pages
Linux Helpful Commands List
No ratings yet
Linux Helpful Commands List
4 pages
Ansible Script For Network Troubleshooting
No ratings yet
Ansible Script For Network Troubleshooting
5 pages
HTTPS::WWW - juniper.net:Content:Dam:Www:Assets:Datasheets:Us:En:Routers:Acx7000 Family of Cloud Metro Routers Datasheet
No ratings yet
HTTPS::WWW - juniper.net:Content:Dam:Www:Assets:Datasheets:Us:En:Routers:Acx7000 Family of Cloud Metro Routers Datasheet
8 pages
MX DPC:MPC Troubleshooting Subroutine (Called From Resolution Guide - Troubleshoot Fabric Plane)
No ratings yet
MX DPC:MPC Troubleshooting Subroutine (Called From Resolution Guide - Troubleshoot Fabric Plane)
4 pages
HTTPS::WWW - juniper.net:Content:Dam:Www:Assets:Datasheets:Us:En:Routers:Acx6000 Line of Universal Metro Routers Datasheet
No ratings yet
HTTPS::WWW - juniper.net:Content:Dam:Www:Assets:Datasheets:Us:En:Routers:Acx6000 Line of Universal Metro Routers Datasheet
5 pages
(Junos) Example - Upgrade Junos OS With No-Copy Option
No ratings yet
(Junos) Example - Upgrade Junos OS With No-Copy Option
3 pages
Voith Hydro India Overview
No ratings yet
Voith Hydro India Overview
302 pages
Lectures On PHC
100% (1)
Lectures On PHC
21 pages
Module 1 Important Questions With Answers
100% (1)
Module 1 Important Questions With Answers
8 pages
4
No ratings yet
4
2 pages
Als630 Literature Review
No ratings yet
Als630 Literature Review
43 pages
"Failed To Verify The SSL Certificate - After Upgrading To Vcenter Server 5
No ratings yet
"Failed To Verify The SSL Certificate - After Upgrading To Vcenter Server 5
7 pages
Sarkari School
No ratings yet
Sarkari School
3 pages
Sustainable Finance Strategy
No ratings yet
Sustainable Finance Strategy
42 pages
Welfare Measrtes Literatrure
No ratings yet
Welfare Measrtes Literatrure
4 pages
Steals & Deals Southeastern Editiion 5-28-20
No ratings yet
Steals & Deals Southeastern Editiion 5-28-20
12 pages
Oracle Server X7
No ratings yet
Oracle Server X7
7 pages
College ERP System Overview
No ratings yet
College ERP System Overview
24 pages
Volume II-A Buildings & Civil Works
No ratings yet
Volume II-A Buildings & Civil Works
294 pages
Hydr 725 & 730 Serie Alta
No ratings yet
Hydr 725 & 730 Serie Alta
2 pages
SSC Selection Post Higher Secondary Level PYQ 28th June 2023 Shift 2
No ratings yet
SSC Selection Post Higher Secondary Level PYQ 28th June 2023 Shift 2
29 pages
Nimbin Radio Sponsors & Programs
No ratings yet
Nimbin Radio Sponsors & Programs
1 page
Rich Dad Poor Dad Imp Notes
No ratings yet
Rich Dad Poor Dad Imp Notes
24 pages
The Analysis of Tupperware Marketing Strategy: Consumer Behavior Approach
No ratings yet
The Analysis of Tupperware Marketing Strategy: Consumer Behavior Approach
8 pages
The Animated Film Encyclopedia A Complete Guide To American Shorts Features and Sequences 1900 1999 2nd Edition Graham Webb
100% (14)
The Animated Film Encyclopedia A Complete Guide To American Shorts Features and Sequences 1900 1999 2nd Edition Graham Webb
59 pages
Leading With Purpose UA
No ratings yet
Leading With Purpose UA
4 pages
DIY Metal Monkey Bars Guide
No ratings yet
DIY Metal Monkey Bars Guide
8 pages
AB-GU-005 Listado Marcas Aceptadas V1
No ratings yet
AB-GU-005 Listado Marcas Aceptadas V1
15 pages
Radar Cross Section
No ratings yet
Radar Cross Section
8 pages
Introduction To WireShark
No ratings yet
Introduction To WireShark
15 pages
Part 3 Exercises
No ratings yet
Part 3 Exercises
5 pages
Isla-Visitbritain Sustainability Guide
No ratings yet
Isla-Visitbritain Sustainability Guide
11 pages
Azure Databricks Interview
100% (2)
Azure Databricks Interview
35 pages
Hiroshima Technolgy
No ratings yet
Hiroshima Technolgy
15 pages
Ecrothan 4075 en 04-11
No ratings yet
Ecrothan 4075 en 04-11
4 pages
Repairing Afridev & Rope Hand Pumps
No ratings yet
Repairing Afridev & Rope Hand Pumps
12 pages