[j-nsp] Junose (ERX) IP pool management
Alastair Johnson
aj at sneep.net
Fri Feb 15 07:12:21 EST 2008
Gabriel,
Gabriel Blanchard wrote:
> We are trying to configure multiple ERXs 310 to share a Pool of IPs to
> assign to DSL customers. These ERXs are acting as LNSes.
>
> The problem is that right now we are statically configuring each of
> the ERXs with different Pools of IPs. We would like all of them to be
> able to share the same Pool of IPs to ease of management.
>
> I believe the best way would be to configure sqlippool in our
> Freeradius daemons to manage the IPs.
>
> Someone else here thinks that it would be possible to configure the
> ERXes to relay the request to a dhcp server....I don't think it would
> work. Mostly because we need to manage different types of IP pools.
My recommendation here (having spent quite a bit of time building RADIUS
+ DHCP AAA infrastructure) is to use RADIUS. While the ERX (as pointed
out) can support DHCP for subscriber IP binding, I don't think it's
needed for your environment.
The reasons are quite straightforwards:
1. [It sounds like] you are using RADIUS already. Introducing another
control plane protocol is unnecessary, and runs the typical
infrastructure issues.
2. RADIUS is a perfectly valid way to deliver IP addressing to BRAS/LNS
infrastructure, with well understood and functional VSAs (either a pool
hint, or a Framed-IP-Address itself).
3. If you are making policy decisions in your RADIUS AAA infrastructure
today (sounds like it), and your IP address assignment for the
subscriber is dependent on some policy, you have a single policy point,
rather than 2.
4. You avoid maintaining a PPP <> DHCP state table in your LNS.
5. RADIUS will (through framed-ip-address/framed-route VSA) meet your
needs. You will probably need to construct some robust policy logic in
your RADIUS engine(s) though.
There are some advantages to having DHCP infrastructure and you may want
to review those if you ever look at migrating to an IPoE (TR-101)
network topology.
regards,
aj
More information about the juniper-nsp
mailing list