Junos
Highlighted
Junos

L2TP Subscriber rate limiting

4 weeks ago

Hi all,

 

I can create rate limiting within a dynamic profile for a tunnel. But this takes affect on every subscriber within the tunnel.

 

Othe than configuring a separate rate for every single subscriber (impossible), is there a way, on the LNS to rate limit different subscribers dynamically please (i.e: 1 subscriber 10mb, one subscriber 20mb, 1 sibscriber 30mb etc etc)?

(I have this configured on the RADIUS and when viewing the interface for the subscriber it shows the correct rate but it, for some reason is not using the rate).

 

Thanks

8 REPLIES 8
Highlighted
Junos

Re: L2TP Subscriber rate limiting

4 weeks ago

Hi

 

 

 

Highlighted
Junos

Re: L2TP Subscriber rate limiting

4 weeks ago

Thanks for the information.

 

I have been through the Juniper documentation but with no actual RADIUS server that I can use it makes it quite difficult to test anything. So for me to come up with a config that I cannot test is not good.

 

I was hoping someone would say "configure this" or "configure that".

 

Cheers

Highlighted
Junos

Re: L2TP Subscriber rate limiting

4 weeks ago

Hi ,

 

You can add this COS part to the dynamic profile for subscriber, but data needs to be provided from radius.

 class-of-service {
        traffic-control-profiles {
            tc-profile {
                scheduler-map "$junos-cos-scheduler-map";
                shaping-rate "$junos-cos-shaping-rate";
                overhead-accounting "$junos-cos-shaping-mode" bytes "$junos-cos-byte-adjust";
                guaranteed-rate "$junos-cos-guaranteed-rate";
                delay-buffer-rate "$junos-cos-delay-buffer-rate";
            }  
        }
        interfaces {
            "$junos-interface-ifd-name" {
                unit "$junos-interface-unit" {
                    output-traffic-control-profile tc-profile;
                    classifiers {
                        dscp GEN-CLASSIFIER-IN;
                    }
                    rewrite-rules {
                        dscp GEN-RW-OUT-DSCP;
                    }
                }
            }
        }
    }

You can setup Free radius for testing this as well.

Here is a list of the supported Radius attributes and juniper networks VSAs

https://www.juniper.net/documentation/en_US/junos/topics/topic-map/radius-std-attributes-vsas-suppor...

 

If this solves your problem, please consider to mark this post as "Accepted Solution".

Best Regards,

Mohamed

Highlighted
Junos

Re: L2TP Subscriber rate limiting

a week ago

Hi Mohamed

 

I am just trying to rate limit this now. So, I have configured the following:

 

Dynamic profile with policers and you will also see the configuration attached.

 

So, here is the weird part...

 

Laptop1 --- CPE  ---- LAC ---- LNS ---- ISP ---- Internet ---- other laptop

 

If initiate a speedtest from laptop1 I get between 37 and 47mbps, and the Policer etc is set to 1mbps. However, if I initiate a connection from "other laptop" to the CPE it seems to work correctly. Something is not right here.

 

Have a look at the files attached and see what you think

Attachments

Highlighted
Junos

Re: L2TP Subscriber rate limiting

a week ago

Hi 

 

transmitted.

 

 

 

Please mark "Accept as solution" if this answers your query.

 

Best Regards,

Mohamed

Highlighted
Junos

Re: L2TP Subscriber rate limiting

a week ago

Output of that command for the subscriber:

 

daniel@LNS-TEST> show interfaces queue egress pp0.3221228620
Logical interface pp0.3221228620 (Index 536874196) (SNMP ifIndex 200003284)
Flags: Up Point-To-Point Encapsulation: PPPoE
PPPoE:
State: SessionUp, Session ID: 2,
Session AC name: lns.as41847.net, Remote MAC address: 20:b0:01:ce:52:b0,
Underlying interface: demux0.3221228616 (Index 536874192)
Ignore End-Of-List tag: Disable
Input packets : 755738
Output packets: 2926528
Keepalive settings: Interval 30 seconds, Up-count 3, Down-count 3
LCP state: Opened
NCP state: inet: Opened, inet6: Opened, iso: Not-configured, mpls: Not-configured
CHAP state: Success
PAP state: Closed

 

So, we can still stream Netflix etc even with a 1mb limit. Still the same when initiated from external, it seems to work.

 

Really weird issue. Any more help please?

Highlighted
Junos

Re: L2TP Subscriber rate limiting

a week ago

Hi adgwytc,

 

What is this router rule LNS-TEST ? Based on name it suggests that it`s LNS ? However in lns subscribers are terminated on si- interface not pp0 interface as pp0.xx should be on LAC side. Also, the dynamic profile looks to be a LAC profile as well. 

Could you please provide the dynamic profile config for both LAC and LNS ?

Also, please clarify how you would initiate the session from other labtop ? I believe it should from direction LAC--->LNS 

I think you need also to config rate limits on both RE

 

Please mark "Accept as solution" if this answers your query.

 

Best Regards,

Mohamed

 

Highlighted
Junos

Re: L2TP Subscriber rate limiting

[ Edited ]
a week ago

Hi Mohamed,

 

It's both.

 

The LAC is the downstream provider.

 

It's a terminator on the si interface for L2TP and a secondary dynamic profile for PPPoE subscribers.

 

Let me have a look for the rules on PPPoE interface (pp0)

 

Other laptop knows the IP address of the Laptop behind the CPE.

When you look at the subscribers tunnel interface pp0.xxxxxxxxxx (in the attached I placed here) it shows the settings are being picked up by the Juniper VSAs for egress and ingress and the config is exactly as Juniper states plus other sites that have implimented this.

 

To test from other laptop we simply used FTP - it's only a 1mb pipe for the test and easily fills it up.


So, that's the weird thing. Everything looks configured correctly and it works from external through the LNS through the downstream providers systems and through the CPE. It just doesn't work the other way.

Feedback