Monitoring BNG Configurations
These topics provide an overview of the Broadband Network Gateway (BNG) technology and describe how to monitor and view BNG configurations in Prime Network Vision:
•Broadband Network Gateway (BNG) - An Overview
•User Roles Required to Work With BNG
•Working with BNG Configurations
•Viewing Policy Container
•Viewing QoS Profile
Broadband Network Gateway (BNG) - An Overview
Broadband Network Gateway (BNG) provides capabilities that help to improve the service provider's ability to manage the subscriber's services, and simplify overall network operations. BNG is a functionality that comprises subscriber management at a logical aggregation point in the network, which manages the subscriber's user experience through identification, address assignment, authentication, authorization, accounting, and various other features such as security, Quality of Service (QoS), and subscriber forwarding.
BNG represents the subscriber as a session, which is a logical point to enable services for a given subscriber. A subscriber is usually identified with the protocol that provides the IP address of the subscriber for address assignment. For example, a subscriber that uses the Point-to-Point Protocol (PPP) to connect to the network, receives its IP address through the PPP IP Control Protocol (IPCP) negotiation, and is represented as a PPP session. A subscriber that uses Ethernet to connect to the network receives its IP address through Dynamic Host Control Protocol (DHCP) and is represented as an IP session.
The purpose of deploying BNG at the provider edge is to better manage and enrich the subscriber experience.
BNG separates subscriber access functions from provider services and yields these benefits:
•Comprehensive session management and billing functions are supported by means of communication with an authentication, authorization, and accounting (AAA) server that is separate from the BNG.
•Subscribers can obtain services based on their subscriber ID or a combination of their subscriber ID and access line.
The network topology for BNG can be explained using the following models:
•BNG Retail Model—The subscriber connects to the network over a digital subscriber line (DSL) circuit into a DSL access multiplexor (DSLAM), which aggregates a number of subscribers. The DSLAMs are connected to an aggregation network, which grooms the subscriber traffic and switches it to BNG. A sample of the retail model is shown in Figure 25-1.
Figure 25-1 BNG Retail Model
•BNG Wholesale Model—The subscriber's traffic is handed off by the carrier (who still owns the infrastructure) toone of the several Internet Service Providers (ISP). There are different ways to make this handoff, Layer 2 Tunneling Protocol (L2TP) or Layer 3 virtual private networking (VPN) being two such methods.
The BNG Retail model is used for deployment in Prime Network.
Prime Network provides BNG support for Cisco Aggregation Service Router (ASR) 9000 series network elements.
The following topics describe more about the BNG configuration details:
•User Roles Required to Work With BNG
•Working with BNG Configurations
User Roles Required to Work With BNG
This topic identifies the roles that are required to work with BNG. Prime Network determines whether you are authorized to perform a task as follows:
•For GUI-based tasks (tasks that do not affect elements), authorization is based on the default permission that is assigned to your user account.
•For element-based tasks (tasks that do affect elements), authorization is based on the default permission that is assigned to your account. That is, whether the element is in one of your assigned scopes and whether you meet the minimum security level for that scope.
For more information on user authorization, see the topic on device scopes in the Cisco Prime Network 3.10 Administrator Guide.
Table 25-1 Default Permission/Security Level Required for BNG
|
|
|
|
|
|
View BBA profiles |
X |
X |
X |
X |
X |
View Subscriber Access Points |
X |
X |
X |
X |
X |
Diagnose Subscriber Access Points |
— |
— |
— |
X |
X |
View DHCP Service Profile |
X |
X |
X |
X |
X |
View IP Subscriber Template |
X |
X |
X |
X |
X |
View PPP Templates |
X |
X |
X |
X |
X |
View Service Templates |
X |
X |
X |
X |
X |
View policy details |
X |
X |
X |
X |
X |
View QoS profile |
X |
X |
X |
X |
X |
View AAA Group profile |
X |
X |
X |
X |
X |
View Dynamic Authorization profile |
X |
X |
X |
X |
X |
View Radius Global Configuration details |
X |
X |
X |
X |
X |
Working with BNG Configurations
This topic contains the following sections:
•View Broadband Access (BBA) Groups
•View Subscriber Access Points
•Diagnose Subscriber Access Points
•View Dynamic Host Configuration Protocol (DHCP) Service Profile
•View Dynamic Config Templates
•Viewing Policy Container
•Viewing QoS Profile
•Viewing AAA Configurations in Prime Network Vision, page 23-2
View Broadband Access (BBA) Groups
BBA groups refer to the configuration settings applicable to a subscriber session that are accessing the network through an access interface. The same group can be applied to multiple access interfaces. For example, the maximum session limit for an access interface.
To view the BBA group profile:
Step 1 Right-click on the device and choose the Inventory option.
Step 2 In the Inventory window, choose Logical Inventory > BNG > BBA Groups. A list of BBA groups is displayed in the content pane as shown in Figure 25-2.
Figure 25-2 BBA Groups Content Pane
Step 3 Right-click on a group from the list and choose Properties. The BBA Group Properties dialog box is displayed.
Table 25-2 describes the fields that are displayed in the BBA Group Properties dialog box.
Table 25-2 BBA Group Properties
|
|
Name |
The name of the BBA Group. |
MTU (Bytes) |
The default maximum payload, which can be any value between 500 and 2000. |
Service Name |
The name of the service configured under the specified BBA group. |
Maximum Access Interface Limit |
The maximum limit of PPP over Ethernet (PPPoE) sessions on the access interface. |
Maximum Circuit ID Limit |
The maximum limit of PPPoE sessions for the circuit ID. |
Maximum Session Limit |
The maximum session limit per card. A warning is displayed if the session exceeds the limit specified here. |
Maximum MAC Address Access Limit |
The maximum limit for MAC address access. A warning is displayed if the access exceeds the limit specified here. |
Maximum Payload Limit |
The maximum payload limit. |
Service Selection |
Indicates the status of advertising of unrequested services names. By default, this service is enabled. |
|
Interface Name |
The name of the interface applied to the BBA Group. |
Entity Association |
The link to the applied interface. Click this hyperlink to view the relevant node under the Subscriber Access Point node. |
View Subscriber Access Points
Subscriber access points refer to the access interfaces that are named based on the parent interface. For example, bundle-ether 2.100.pppoe312. The subscribers on bundles (or bundle-VLANs) interfaces allow redundancy and are managed on the route processor (RP). However, the subscribers over physical interfaces are created and managed on the line card (LC) and are not redundant.
To view the subscriber access points profile:
Step 1 Right-click on the device and choose the Inventory option.
Step 2 In the Inventory window, choose Logical Inventory > BNG > Subscriber Access Points. A list of access points is displayed in the content pane.
Step 3 Right-click on an access point from the list and choose Properties. The Subscriber Access Point Properties dialog box is displayed.
Table 25-3 describes the fields that are displayed in the Subscriber Access Point Properties dialog box.
Table 25-3 Subscriber Access Point Properties
|
|
Access Point |
The name of the access point. |
Associated Entity |
The link to the associated entity. Click this hyperlink to view the associated Data Link Aggregation record under the Ethernet Link Aggregation node. |
Access Type |
The access type for the subscriber access point, which can be any one of the following: •PPPOE_AND_IP •PPPOE •IP |
Ingress Service Policy |
The service policy for the access point, which when clicked will display the relevant policy under the Policy Container node. |
Ingress QoS Policy |
The Quality of Service policy for the inbound traffic, which when clicked will display the relevant policy under the Policy Container node. |
Egress QoS Policy |
The Quality of Service policy for the outbound traffic of the access point, which when clicked will display the relevant policy under the Policy Container node. |
BBA Group |
The BBA group to which the access point is associated. Click this hyperlink to view the relevant group under the BBA group node. |
DHCP Profile |
The DHCP profile to which the access point is associated. Click this hyperlink to view the relevant profile under the DHCP node. |
IP Address |
The destination address for User Datagram Protocol (UDP) broadcasts. |
VRF |
The Virtual Routing and Forwarding (VRF) in which the access points operates. |
Diagnose Subscriber Access Points
The following commands can be launched from the inventory by right-clicking the BNG > Subscriber Access Points node and selecting the Commands > Diagnose option. Before executing any commands, you can preview them and view the results. If desired, you can also schedule the commands. To find out if a device supports these commands, see the Cisco Prime Network 3.10 Supported Cisco VNEs.
Table 25-4 Diagnose Subscriber Access Points
|
|
Show DHCP Binding |
Binding Type |
Show IP Subscriber Management Trace |
•Trace Event Type •Trace Count |
Show PPoE Trace |
•Trace Filter Type •Trace Count |
Show Subscriber Dynamic Template Trace All |
•Trace Filter Type •Trace Event Type •Trace Count |
Show Subscriber Manager Disconnect History |
Disconnect History Filter Type |
Show Subscriber Manager Session History |
•Session Type •ID Value |
Show Subscriber Manager Trace |
•Trace Filter Type •Trace Event Type •Trace Count |
Show Subscriber Session Details by Filter |
•Session Filter Type •Filter Value •Filter State |
View Dynamic Host Configuration Protocol (DHCP) Service Profile
DHCP is used to automate host configuration by assigning IP addresses, delegating prefixes (in IPv6), and providing extensive configuration information to network computers.
DHCP has the capability to allocate IP addresses only for a specified period of time, which is known as the lease period. If a client device wants to retain the IP addresses for a period longer than the lease period, then the client must renew the lease before it expires. A client can renew the lease depending on the configuration time sent from the server. A REQUEST message is unicast by the client using the server's IP address. On receiving the REQUEST message, the server responds with an acknowledgment, and the client's lease is extended by the lease time configured in the acknowledgment message.
To view the DHCP service profile:
Step 1 Right-click on the required device and choose the Inventory option.
Step 2 In the Inventory window, choose Logical Inventory > DHCP Service > DHCP Profiles - IPv4. A list of DHCP profiles are displayed in the content pane as shown in Figure 25-3.
Figure 25-3 DHCP Profiles
Step 3 Right-click on a service from the list and choose Properties. The DHCP Profile Properties dialog box is displayed.
Table 25-5 describes the fields that are displayed in the DHCP Profile Properties dialog box.
Table 25-5 DHCP Profile Properties
|
|
Profile Name |
The name of the DHCP profile. |
Profile Type |
The network protocol that the profile belongs to. The profile type can be IPV4 or IPV6. |
Agent Mode |
The DHCP agent mode, which can be Relay, Snoop or Proxy. |
Lease Limit |
The lease limit for the profile. |
Lease Limit Type |
The lease limit type. |
Relay Information Check |
Indicates whether the relay information check is enabled or disabled. |
Relay Information Policy |
The relay information policy. |
DHCP Agent Information Options
|
Option |
The relay agent information options key parameter. |
Value |
The value of the relay agent information options. |
|
Interface Name |
The name of the interface applied to the DHCP Group. |
Entity Association |
The link to the applied interface. Click this hyperlink to view the relevant node under the Subscriber Access Point node. |
|
Profile Class |
The profile class. |
Server Address |
The IP address of the profile, which is used to relay packets. |
VRF |
The VRF of the DHCP profile. Click this hyperlink to view the relevant node under the VRFs node. |
Gateway Address |
The IP address of the gateway. |
Match Option |
The match option of the DHCP profile. |
Match Option Value |
The value of the match option. |
Match Option Mask |
The match option mask. |
View Dynamic Config Templates
A dynamic template is used to group configuration items, which are later applied to a group of subscribers. This template is globally configured through the command line interface (CLI). However, the template does not get applied to a subscriber interface as soon as it is configured. It must be activated using a control policy. Similarly, you must deactivate the template using a control policy to remove its association with the subscriber interface.
Ideally, you can activate more than one dynamic template on the same subscriber interface, for the same event or different events. The same dynamic-template can be activated on multiple subscriber interfaces through the same control policy.
Prime Network supports the following types of dynamic templates:
•IP subscriber templates
•PPP templates
•Service templates
To view the configuration templates:
Step 1 Right-click on the device and choose the Inventory option.
Step 2 In the Inventory window, choose Logical Inventory > Dynamic Config Templates > IP Subscriber Templates or PPP template or Service template. A list of templates is displayed in the content pane.
Step 3 Select a template from the list, right-click and choose Properties to view its details.
Table 25-6 describes the fields that are displayed in the corresponding dialog box.
Table 25-6 Template Properties
|
|
Name |
The name of the subscriber template. |
Template Type |
The template type, which can be IP Subscriber, PPP or Service based on the selected template. |
Ingress Policy |
The name of the ingress service policy associated with the subscriber template. This field is applicable only for IP Subscriber and Service templates. |
Associated Ingress Policy |
The associated ingress policy. Click this hyperlink to view the relevant node under the Policy Container node. This field is applicable only for IP subscriber templates. |
Egress Policy |
The name of the egress service policy associated with the subscriber template. This field is applicable only for IP Subscriber and Service templates. |
Associated Egress Policy |
The associated egress policy. Click this hyperlink to view the relevant node under the Policy Container node. This field is applicable only for IP Subscriber and Service templates. |
Ingress Access-List |
The name of the ingress access-list associated with the subscriber template. This field is applicable only for IP subscriber templates. |
Associated Ingress-ACL Entity |
The associated ingress access list. Click this hyperlink to view the related list in the Access List node. This field is applicable only for IP subscriber templates. |
Egress Access-List |
The name of the egress access-list associated with the subscriber template. This field is applicable only for IP subscriber templates. |
Associated Egress-ACL Entity |
The associated egress access list. Click this hyperlink to view the related list in the Access List node. This field is applicable only for IP subscriber templates. |
Mtu |
The maximum transmission unit for IPv4. |
Idle Timeout |
The idle timeout for the subscriber template in seconds. This field is applicable only for IP Subscriber and Service templates. |
Keep Alive Enabled |
Indicates whether the Keep alive feature is enabled. This field is applicable only for PPP templates. |
Keep Alive Interval |
The keep alive interval time in terms of seconds. This field is applicable only for PPP templates. |
Maximum Bad Authentication Request |
The maximum number of authentication failures, which can be any value between 0 and 10. This field is applicable only for PPP templates. |
Maximum Unacknowledged Request |
The maximum number of unacknowledged configured requests, which can be any value between 4 and 20. This field is applicable only for PPP templates. |
Maximum Negative Acknowledgement |
The maximum number of consecutive configuration negative acknowledgements, which can be any value between 2 and 10. This field is applicable only for PPP templates. |
Viewing the Settings for a PPP Template
In addition to the above details, you can also view the following settings for a PPP template:
•IPCP Settings
•LCP Settings
•Authentication Settings
•PPP Timeout Settings
To view the settings:
Step 1 Right-click on the device and choose the Inventory option.
Step 2 In the Inventory window, choose Logical Inventory > Dynamic Config Templates > PPP template. A list of templates is displayed in the content pane.
Step 3 Select a template from the list, right-click and choose Properties to view its details. You can click on the tab to view more details. The IPCP tab is displayed by default.
Table 25-7 describes the fields that are displayed in the corresponding dialog box.
Table 25-7 PPP Template Settings
|
|
DNS Server |
The IPCP negotiation primary and secondary DNS IP address. |
WINS Server |
The IPCP negotiation primary and secondary WINS IP address. |
IPAddress PoolName |
The IPCP negotiation name of the peer-address pool. |
Associated IP Pool Entity |
The associated IP pool entity for the template. |
ReNegotiation Enabled |
Indicates whether the attempts by the peer to renegotiate IPCP is enabled. |
LCP Settings tab |
Delay |
The time period (in seconds or milliseconds) to delay before starting active LCP negotiations. |
ReNegotiation Enabled |
Indicates whether the attempts by the peer to renegotiate LCP is enabled. |
Authentication Settings tab |
Authentication Type |
The PPP link authentication method, which can be any one of the following: •chap •ms-chap •pap |
Chap Host Name |
The Challenge Handshake Authentication Protocol (CHAP) host name. |
MS Chap Host Name |
The mobile station CHAP host name. |
PPP Timeout Settings |
Absolute Session Timeout |
The absolute timeout for a PPP session. |
Maximum Authentication Response WaitTime |
The maximum time (in seconds) to wait for an authentication response during a PPP negotiation. |
Maximum Authentication Retry |
The maximum time (in seconds) to wait for a response during a PPP negotiation. |
Viewing Policy Container
The Policy Container node in the logical inventory lists all the available service groups and service policies that are associated with service templates, BBA groups, and subscriber access points.
To view the service group and service policy profiles:
Step 1 Right-click on the required device and choose the Inventory option.
Step 2 In the Inventory window, choose Logical Inventory > Policy Container. The Policies and Policy Group tabs are displayed in the content pane. In the Policies tab, a list of existing policies are displayed as shown in Figure 25-4.
Figure 25-4 Policy Container
Step 3 Click the Policy Group tab. A list of existing groups are displayed.
Step 4 Right-click on a group from the list and choose Properties. The Policy Group Properties dialog box is displayed.
Table 25-8 describes the fields that are displayed in the Policy Group Properties dialog box.
Table 25-8 Policy Group Properties
|
|
Name |
The name of the policy group. |
Type |
The type of policy group, which can be any one of the following: •Accounting •Control •PBR •Performance Traffic •QoS •Traffic •Redirect |
Processing Strategy |
The strategy in applying the policy group, which can be any one of the following: •Match First •Match All Unordered •Match All Ordered |
|
Name |
The name of the service policy map. |
Type |
The type of policy map, which can be any one of the following: •Accounting •Control •PBR •Performance Traffic •QoS •Traffic •Redirect |
Processing Strategy |
The strategy in applying the policies on the incoming traffic, which can be any one of the following: •Match First •Match All Unordered •Match All Ordered |
Step 5 Right-click on a policy from the Policies list and choose Properties. The Service Policy Properties dialog box is displayed.
Table 25-9 describes the fields that are displayed in the Service Policy Properties dialog box.
Table 25-9 Service Policy Properties
|
|
Name |
The name of the service policy map. |
Type |
The type of policy map, which can be any one of the following: •Accounting •Control •PBR •Performance Traffic •QoS •Traffic •Redirect |
Processing Strategy |
The strategy in applying the policies on the incoming traffic, which can be any one of the following: •Match First •Match All Unordered •Match All Ordered |
|
Match Condition |
The class map associated with the policy rule. |
Type |
The type of class map associated with the policy, which can be any one of the following: •Control Subscriber •QoS •Traffic |
Action Execution Strategy |
The policy execution strategy, which can be any of the following: •Execute All •Execute Until Success •Execute Until Failure |
Action Lists |
Sequence Number |
The sequence number of the policy action. |
Action Type |
The type of policy action, which can be any one of the following: •Active •Deactivate •Apply •Authenticate •Authorize •Set Timer •Stop Timer •Drop •Accounting •Conform Action •Conform Color •Exceed Action •Exceed Color •Child Conform Action •Violation Action |
Entity Type |
The type of entity affected by the policy rule, which can be Dynamic template or Authorization list. |
Entity Value |
The value of the dynamic template or authorization list. |
Entity Association |
The associated entity. Click this hyperlink to view the relevant dynamic template or authorization list. |
Viewing QoS Profile
QoS or Quality of services is the technique of prioritizing traffic flows and specifying preferences for forwarding packets with higher priority. The QoS node in the logical inventory lists all the services configured for the selected network element.
To view the QoS profile:
Step 1 Right-click on the device and choose the Inventory option.
Step 2 In the Inventory window, choose Logical Inventory > QoS > Class of Services. A list of existing policies are displayed in the content pane.
Step 3 Right-click on a service in the list and choose Properties. The Class of Services Properties dialog box is displayed. You can click on the tabs to view more details.
Table 25-10 describes the fields that are displayed in the Class of Services Properties dialog box.
Table 25-10 Class of Services Properties
|
|
Name |
The name of the class of service. |
Type |
The type of the class of service. Values are: •Control Subscriber •QoS •Traffic |
Matching Condition |
The matching condition for the service, which can be Match All or Match Any. |
Match Criteria Lists |
Match Type |
The match type, which can be any one of the following: •Access group •ATM •Auth status •COS •DEI •Destination-address •Discard-class •Domain •DSCP •Ethertype •FR-DE •Frame-relay •MPLS •Precedence •Protocol •Qos-group •Source-address •Timer •Username •VLAN •VPLS |
Match Value |
The value associated with the match type. |
Associated Entity |
The entity associated to the selected access group. Click this hyperlink to view the related record in the Access List content pane. |