Monitoring BNG Configurations

These topics provide an overview of the Broadband Network Gateway (BNG) technology and describe how to monitor and view BNG configurations in Prime Network Vision:

Broadband Network Gateway (BNG) - An Overview

User Roles Required to Work With BNG

Working with BNG Configurations

Viewing Policy Container

Viewing QoS Profile

Broadband Network Gateway (BNG) - An Overview

Broadband Network Gateway (BNG) provides capabilities that help to improve the service provider's ability to manage the subscriber's services, and simplify overall network operations. BNG is a functionality that comprises subscriber management at a logical aggregation point in the network, which manages the subscriber's user experience through identification, address assignment, authentication, authorization, accounting, and various other features such as security, Quality of Service (QoS), and subscriber forwarding.

BNG represents the subscriber as a session, which is a logical point to enable services for a given subscriber. A subscriber is usually identified with the protocol that provides the IP address of the subscriber for address assignment. For example, a subscriber that uses the Point-to-Point Protocol (PPP) to connect to the network, receives its IP address through the PPP IP Control Protocol (IPCP) negotiation, and is represented as a PPP session. A subscriber that uses Ethernet to connect to the network receives its IP address through Dynamic Host Control Protocol (DHCP) and is represented as an IP session.

The purpose of deploying BNG at the provider edge is to better manage and enrich the subscriber experience.

BNG separates subscriber access functions from provider services and yields these benefits:

Comprehensive session management and billing functions are supported by means of communication with an authentication, authorization, and accounting (AAA) server that is separate from the BNG.

Subscribers can obtain services based on their subscriber ID or a combination of their subscriber ID and access line.

The network topology for BNG can be explained using the following models:

BNG Retail Model—The subscriber connects to the network over a digital subscriber line (DSL) circuit into a DSL access multiplexor (DSLAM), which aggregates a number of subscribers. The DSLAMs are connected to an aggregation network, which grooms the subscriber traffic and switches it to BNG. A sample of the retail model is shown in Figure 25-1.

Figure 25-1 BNG Retail Model

BNG Wholesale Model—The subscriber's traffic is handed off by the carrier (who still owns the infrastructure) toone of the several Internet Service Providers (ISP). There are different ways to make this handoff, Layer 2 Tunneling Protocol (L2TP) or Layer 3 virtual private networking (VPN) being two such methods.

The BNG Retail model is used for deployment in Prime Network.

Prime Network provides BNG support for Cisco Aggregation Service Router (ASR) 9000 series network elements.

The following topics describe more about the BNG configuration details:

User Roles Required to Work With BNG

Working with BNG Configurations

User Roles Required to Work With BNG

This topic identifies the roles that are required to work with BNG. Prime Network determines whether you are authorized to perform a task as follows:

For GUI-based tasks (tasks that do not affect elements), authorization is based on the default permission that is assigned to your user account.

For element-based tasks (tasks that do affect elements), authorization is based on the default permission that is assigned to your account. That is, whether the element is in one of your assigned scopes and whether you meet the minimum security level for that scope.

For more information on user authorization, see the topic on device scopes in the Cisco Prime Network 3.10 Administrator Guide.

Table 25-1 Default Permission/Security Level Required for BNG 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

View BBA profiles

X

X

X

X

X

View Subscriber Access Points

X

X

X

X

X

Diagnose Subscriber Access Points

X

X

View DHCP Service Profile

X

X

X

X

X

View IP Subscriber Template

X

X

X

X

X

View PPP Templates

X

X

X

X

X

View Service Templates

X

X

X

X

X

View policy details

X

X

X

X

X

View QoS profile

X

X

X

X

X

View AAA Group profile

X

X

X

X

X

View Dynamic Authorization profile

X

X

X

X

X

View Radius Global Configuration details

X

X

X

X

X


Working with BNG Configurations

This topic contains the following sections:

View Broadband Access (BBA) Groups

View Subscriber Access Points

Diagnose Subscriber Access Points

View Dynamic Host Configuration Protocol (DHCP) Service Profile

View Dynamic Config Templates

Viewing Policy Container

Viewing QoS Profile

Viewing AAA Configurations in Prime Network Vision, page 23-2

View Broadband Access (BBA) Groups

BBA groups refer to the configuration settings applicable to a subscriber session that are accessing the network through an access interface. The same group can be applied to multiple access interfaces. For example, the maximum session limit for an access interface.

To view the BBA group profile:

Step 1 Right-click on the device and choose the Inventory option.

Step 2 In the Inventory window, choose Logical Inventory BNG BBA Groups. A list of BBA groups is displayed in the content pane as shown in Figure 25-2.

Figure 25-2 BBA Groups Content Pane

Step 3 Right-click on a group from the list and choose Properties. The BBA Group Properties dialog box is displayed.

Table 25-2 describes the fields that are displayed in the BBA Group Properties dialog box.

Table 25-2 BBA Group Properties 

Field Name
Description

Name

The name of the BBA Group.

MTU (Bytes)

The default maximum payload, which can be any value between 500 and 2000.

Service Name

The name of the service configured under the specified BBA group.

Maximum Access Interface Limit

The maximum limit of PPP over Ethernet (PPPoE) sessions on the access interface.

Maximum Circuit ID Limit

The maximum limit of PPPoE sessions for the circuit ID.

Maximum Session Limit

The maximum session limit per card. A warning is displayed if the session exceeds the limit specified here.

Maximum MAC Address Access Limit

The maximum limit for MAC address access. A warning is displayed if the access exceeds the limit specified here.

Maximum Payload Limit

The maximum payload limit.

Service Selection

Indicates the status of advertising of unrequested services names. By default, this service is enabled.

Applied Interfaces

Interface Name

The name of the interface applied to the BBA Group.

Entity Association

The link to the applied interface. Click this hyperlink to view the relevant node under the Subscriber Access Point node.


View Subscriber Access Points

Subscriber access points refer to the access interfaces that are named based on the parent interface. For example, bundle-ether 2.100.pppoe312. The subscribers on bundles (or bundle-VLANs) interfaces allow redundancy and are managed on the route processor (RP). However, the subscribers over physical interfaces are created and managed on the line card (LC) and are not redundant.

To view the subscriber access points profile:

Step 1 Right-click on the device and choose the Inventory option.

Step 2 In the Inventory window, choose Logical Inventory BNG Subscriber Access Points. A list of access points is displayed in the content pane.

Step 3 Right-click on an access point from the list and choose Properties. The Subscriber Access Point Properties dialog box is displayed.

Table 25-3 describes the fields that are displayed in the Subscriber Access Point Properties dialog box.

Table 25-3 Subscriber Access Point Properties 

Field Name
Description

Access Point

The name of the access point.

Associated Entity

The link to the associated entity. Click this hyperlink to view the associated Data Link Aggregation record under the Ethernet Link Aggregation node.

Access Type

The access type for the subscriber access point, which can be any one of the following:

PPPOE_AND_IP

PPPOE

IP

Ingress Service Policy

The service policy for the access point, which when clicked will display the relevant policy under the Policy Container node.

Ingress QoS Policy

The Quality of Service policy for the inbound traffic, which when clicked will display the relevant policy under the Policy Container node.

Egress QoS Policy

The Quality of Service policy for the outbound traffic of the access point, which when clicked will display the relevant policy under the Policy Container node.

BBA Group

The BBA group to which the access point is associated. Click this hyperlink to view the relevant group under the BBA group node.

DHCP Profile

The DHCP profile to which the access point is associated. Click this hyperlink to view the relevant profile under the DHCP node.

IP Address

The destination address for User Datagram Protocol (UDP) broadcasts.

VRF

The Virtual Routing and Forwarding (VRF) in which the access points operates.


Diagnose Subscriber Access Points

The following commands can be launched from the inventory by right-clicking the BNG > Subscriber Access Points node and selecting the Commands > Diagnose option. Before executing any commands, you can preview them and view the results. If desired, you can also schedule the commands. To find out if a device supports these commands, see the Cisco Prime Network 3.10 Supported Cisco VNEs.

Table 25-4 Diagnose Subscriber Access Points 

Diagnose command
Input parameters

Show DHCP Binding

Binding Type

Show IP Subscriber Management Trace

Trace Event Type

Trace Count

Show PPoE Trace

Trace Filter Type

Trace Count

Show Subscriber Dynamic Template Trace All

Trace Filter Type

Trace Event Type

Trace Count

Show Subscriber Manager Disconnect History

Disconnect History Filter Type

Show Subscriber Manager Session History

Session Type

ID Value

Show Subscriber Manager Trace

Trace Filter Type

Trace Event Type

Trace Count

Show Subscriber Session Details by Filter

Session Filter Type

Filter Value

Filter State


View Dynamic Host Configuration Protocol (DHCP) Service Profile

DHCP is used to automate host configuration by assigning IP addresses, delegating prefixes (in IPv6), and providing extensive configuration information to network computers.

DHCP has the capability to allocate IP addresses only for a specified period of time, which is known as the lease period. If a client device wants to retain the IP addresses for a period longer than the lease period, then the client must renew the lease before it expires. A client can renew the lease depending on the configuration time sent from the server. A REQUEST message is unicast by the client using the server's IP address. On receiving the REQUEST message, the server responds with an acknowledgment, and the client's lease is extended by the lease time configured in the acknowledgment message.

To view the DHCP service profile:

Step 1 Right-click on the required device and choose the Inventory option.

Step 2 In the Inventory window, choose Logical Inventory > DHCP Service > DHCP Profiles - IPv4. A list of DHCP profiles are displayed in the content pane as shown in Figure 25-3.

Figure 25-3 DHCP Profiles

Step 3 Right-click on a service from the list and choose Properties. The DHCP Profile Properties dialog box is displayed.

Table 25-5 describes the fields that are displayed in the DHCP Profile Properties dialog box.

Table 25-5 DHCP Profile Properties 

Field Name
Description

Profile Name

The name of the DHCP profile.

Profile Type

The network protocol that the profile belongs to. The profile type can be IPV4 or IPV6.

Agent Mode

The DHCP agent mode, which can be Relay, Snoop or Proxy.

Lease Limit

The lease limit for the profile.

Lease Limit Type

The lease limit type.

Relay Information Check

Indicates whether the relay information check is enabled or disabled.

Relay Information Policy

The relay information policy.

DHCP Agent Information Options

Option

The relay agent information options key parameter.

Value

The value of the relay agent information options.

Applied Interfaces

Interface Name

The name of the interface applied to the DHCP Group.

Entity Association

The link to the applied interface. Click this hyperlink to view the relevant node under the Subscriber Access Point node.

DHCP Servers

Profile Class

The profile class.

Server Address

The IP address of the profile, which is used to relay packets.

VRF

The VRF of the DHCP profile. Click this hyperlink to view the relevant node under the VRFs node.

Gateway Address

The IP address of the gateway.

Match Option

The match option of the DHCP profile.

Match Option Value

The value of the match option.

Match Option Mask

The match option mask.


View Dynamic Config Templates

A dynamic template is used to group configuration items, which are later applied to a group of subscribers. This template is globally configured through the command line interface (CLI). However, the template does not get applied to a subscriber interface as soon as it is configured. It must be activated using a control policy. Similarly, you must deactivate the template using a control policy to remove its association with the subscriber interface.

Ideally, you can activate more than one dynamic template on the same subscriber interface, for the same event or different events. The same dynamic-template can be activated on multiple subscriber interfaces through the same control policy.

Prime Network supports the following types of dynamic templates:

IP subscriber templates

PPP templates

Service templates

To view the configuration templates:

Step 1 Right-click on the device and choose the Inventory option.

Step 2 In the Inventory window, choose Logical Inventory Dynamic Config Templates > IP Subscriber Templates or PPP template or Service template. A list of templates is displayed in the content pane.

Step 3 Select a template from the list, right-click and choose Properties to view its details.

Table 25-6 describes the fields that are displayed in the corresponding dialog box.

Table 25-6 Template Properties 

Field Name
Description

Name

The name of the subscriber template.

Template Type

The template type, which can be IP Subscriber, PPP or Service based on the selected template.

Ingress Policy

The name of the ingress service policy associated with the subscriber template. This field is applicable only for IP Subscriber and Service templates.

Associated Ingress Policy

The associated ingress policy. Click this hyperlink to view the relevant node under the Policy Container node. This field is applicable only for IP subscriber templates.

Egress Policy

The name of the egress service policy associated with the subscriber template. This field is applicable only for IP Subscriber and Service templates.

Associated Egress Policy

The associated egress policy. Click this hyperlink to view the relevant node under the Policy Container node. This field is applicable only for IP Subscriber and Service templates.

Ingress Access-List

The name of the ingress access-list associated with the subscriber template. This field is applicable only for IP subscriber templates.

Associated Ingress-ACL Entity

The associated ingress access list. Click this hyperlink to view the related list in the Access List node. This field is applicable only for IP subscriber templates.

Egress Access-List

The name of the egress access-list associated with the subscriber template. This field is applicable only for IP subscriber templates.

Associated Egress-ACL Entity

The associated egress access list. Click this hyperlink to view the related list in the Access List node. This field is applicable only for IP subscriber templates.

Mtu

The maximum transmission unit for IPv4.

Idle Timeout

The idle timeout for the subscriber template in seconds. This field is applicable only for IP Subscriber and Service templates.

Keep Alive Enabled

Indicates whether the Keep alive feature is enabled. This field is applicable only for PPP templates.

Keep Alive Interval

The keep alive interval time in terms of seconds. This field is applicable only for PPP templates.

Maximum Bad Authentication Request

The maximum number of authentication failures, which can be any value between 0 and 10. This field is applicable only for PPP templates.

Maximum Unacknowledged Request

The maximum number of unacknowledged configured requests, which can be any value between 4 and 20. This field is applicable only for PPP templates.

Maximum Negative Acknowledgement

The maximum number of consecutive configuration negative acknowledgements, which can be any value between 2 and 10. This field is applicable only for PPP templates.


Viewing the Settings for a PPP Template

In addition to the above details, you can also view the following settings for a PPP template:

IPCP Settings

LCP Settings

Authentication Settings

PPP Timeout Settings

To view the settings:

Step 1 Right-click on the device and choose the Inventory option.

Step 2 In the Inventory window, choose Logical Inventory Dynamic Config Templates >  PPP template. A list of templates is displayed in the content pane.

Step 3 Select a template from the list, right-click and choose Properties to view its details. You can click on the tab to view more details. The IPCP tab is displayed by default.

Table 25-7 describes the fields that are displayed in the corresponding dialog box.

Table 25-7 PPP Template Settings 

Field Name
Description

DNS Server

The IPCP negotiation primary and secondary DNS IP address.

WINS Server

The IPCP negotiation primary and secondary WINS IP address.

IPAddress PoolName

The IPCP negotiation name of the peer-address pool.

Associated IP Pool Entity

The associated IP pool entity for the template.

ReNegotiation Enabled

Indicates whether the attempts by the peer to renegotiate IPCP is enabled.

LCP Settings tab

Delay

The time period (in seconds or milliseconds) to delay before starting active LCP negotiations.

ReNegotiation Enabled

Indicates whether the attempts by the peer to renegotiate LCP is enabled.

Authentication Settings tab

Authentication Type

The PPP link authentication method, which can be any one of the following:

chap

ms-chap

pap

Chap Host Name

The Challenge Handshake Authentication Protocol (CHAP) host name.

MS Chap Host Name

The mobile station CHAP host name.

PPP Timeout Settings

Absolute Session Timeout

The absolute timeout for a PPP session.

Maximum Authentication Response WaitTime

The maximum time (in seconds) to wait for an authentication response during a PPP negotiation.

Maximum Authentication Retry

The maximum time (in seconds) to wait for a response during a PPP negotiation.


Viewing Policy Container

The Policy Container node in the logical inventory lists all the available service groups and service policies that are associated with service templates, BBA groups, and subscriber access points.

To view the service group and service policy profiles:

Step 1 Right-click on the required device and choose the Inventory option.

Step 2 In the Inventory window, choose Logical Inventory Policy Container. The Policies and Policy Group tabs are displayed in the content pane. In the Policies tab, a list of existing policies are displayed as shown in Figure 25-4.

Figure 25-4 Policy Container

Step 3 Click the Policy Group tab. A list of existing groups are displayed.

Step 4 Right-click on a group from the list and choose Properties. The Policy Group Properties dialog box is displayed.

Table 25-8 describes the fields that are displayed in the Policy Group Properties dialog box.

Table 25-8 Policy Group Properties 

Field Name
Description

Name

The name of the policy group.

Type

The type of policy group, which can be any one of the following:

Accounting

Control

PBR

Performance Traffic

QoS

Traffic

Redirect

Processing Strategy

The strategy in applying the policy group, which can be any one of the following:

Match First

Match All Unordered

Match All Ordered

Policies

Name

The name of the service policy map.

Type

The type of policy map, which can be any one of the following:

Accounting

Control

PBR

Performance Traffic

QoS

Traffic

Redirect

Processing Strategy

The strategy in applying the policies on the incoming traffic, which can be any one of the following:

Match First

Match All Unordered

Match All Ordered


Step 5 Right-click on a policy from the Policies list and choose Properties. The Service Policy Properties dialog box is displayed.

Table 25-9 describes the fields that are displayed in the Service Policy Properties dialog box.

Table 25-9 Service Policy Properties 

Field Name
Description

Name

The name of the service policy map.

Type

The type of policy map, which can be any one of the following:

Accounting

Control

PBR

Performance Traffic

QoS

Traffic

Redirect

Processing Strategy

The strategy in applying the policies on the incoming traffic, which can be any one of the following:

Match First

Match All Unordered

Match All Ordered

Policy Rules

Match Condition

The class map associated with the policy rule.

Type

The type of class map associated with the policy, which can be any one of the following:

Control Subscriber

QoS

Traffic

Action Execution Strategy

The policy execution strategy, which can be any of the following:

Execute All

Execute Until Success

Execute Until Failure

Action Lists

Sequence Number

The sequence number of the policy action.

Action Type

The type of policy action, which can be any one of the following:

Active

Deactivate

Apply

Authenticate

Authorize

Set Timer

Stop Timer

Drop

Accounting

Conform Action

Conform Color

Exceed Action

Exceed Color

Child Conform Action

Violation Action

Entity Type

The type of entity affected by the policy rule, which can be Dynamic template or Authorization list.

Entity Value

The value of the dynamic template or authorization list.

Entity Association

The associated entity. Click this hyperlink to view the relevant dynamic template or authorization list.


Viewing QoS Profile

QoS or Quality of services is the technique of prioritizing traffic flows and specifying preferences for forwarding packets with higher priority. The QoS node in the logical inventory lists all the services configured for the selected network element.

To view the QoS profile:

Step 1 Right-click on the device and choose the Inventory option.

Step 2 In the Inventory window, choose Logical Inventory > QoS Class of Services. A list of existing policies are displayed in the content pane.

Step 3 Right-click on a service in the list and choose Properties. The Class of Services Properties dialog box is displayed. You can click on the tabs to view more details.

Table 25-10 describes the fields that are displayed in the Class of Services Properties dialog box.

Table 25-10 Class of Services Properties 

Field Name
Description

Name

The name of the class of service.

Type

The type of the class of service. Values are:

Control Subscriber

QoS

Traffic

Matching Condition

The matching condition for the service, which can be Match All or Match Any.

Match Criteria Lists

Match Type

The match type, which can be any one of the following:

Access group

ATM

Auth status

COS

DEI

Destination-address

Discard-class

Domain

DSCP

Ethertype

FR-DE

Frame-relay

MPLS

Precedence

Protocol

Qos-group

Source-address

Timer

Username

VLAN

VPLS

Match Value

The value associated with the match type.

Associated Entity

The entity associated to the selected access group. Click this hyperlink to view the related record in the Access List content pane.