[j-nsp] MLPPP CHAP Issues

[Ben Dale]

Hi Guys,
  
I've got a requirement to run LFI (Link Fragmention & Interleaving) on an ADSL Interface on an SRX - this requires the use of MLPPP even though there is only a single interface.
 
The customer has a Cisco 877 doing exactly this and it works fine.
 
With my configuration as it stands, if I switch to just using atm-ppp-vc-mux and move the address-negotiation back to the at-1/0/0 interface, the SRX connects just fine, which validates that the CHAP authentication details are correct.
 
When I switch over to atm-mlppp-llc however, CHAP starts failing with Config-NACK messages, which include the MRRU option (currently 1504).
 
bdale# show interfaces lsq-0/0/0 
unit 0 {
    encapsulation multilink-ppp;
    fragment-threshold 640;
    minimum-links 1;
    family inet {
        negotiate-address;
    }
}

[edit]
bdale# show interfaces at-1/0/0     
description "ADSL Interface to ISP";
per-unit-scheduler;
encapsulation atm-pvc;
atm-options {
    vpi 8;
}
dsl-options {
    operating-mode itu-dmt;
}
unit 0 {
    encapsulation atm-mlppp-llc;
    bandwidth 512;
    vci 8.35;
    ppp-options {
        chap {
            default-chap-secret "$9$4coDk5T39tOFn"; ## SECRET-DATA
            local-name "test at isp";
        }
    }
    no-keepalives;
    family mlppp {
        bundle lsq-0/0/0.0;
    }                                   
}

Meanwhile, my traceoptions for PPP look like this over and over again (might be slightly out of order as I was testing with CHAP passive and active):
 
Feb 14 01:05:08 at-1/0/0.0: Received 38 byte PPP packet: 0xc0 0x21 0x01
Feb 14 01:05:08 at-1/0/0.0: In LCP, Config-Request, id 7, len 11
Feb 14 01:05:08   Magic Num: 2938319195
Feb 14 01:05:08 at-1/0/0.0: Out LCP, Config-Nak, id 7, len 4
Feb 14 01:05:08   MRRU: 1504
Feb 14 01:05:08 at-1/0/0.0: Sent 12 byte (4 data bytes) PPP packet: 0x21 0xc0 0x07 0x03

 
So a couple of questions:
 
My understanding of Config-NAK is that any options that are included in the NAK message are ones either missing or incompatible with the sending device (so in this case, the SRX is not receiving, or not receiving the correct MRRU value) - is this a fair summary?
 
Does anyone have a working MLPPP configuration on ADSL that includes PAP or CHAP authentication? None of the limited Juniper documentation includes any authentication - I just want to sanity check what I have deployed.
 
Does anybody have MLPPP working in the lab on the their BRAS (MX/ERX) and could sling me some traceoptions/debug output?  I'd be keen to see what CHAP Options are passed/required normally to bring up a link and it MRRU is required under normal operation (this might be an SRX oddity).
 
If I was to guess what is wrong here, it looks like the SRX offers an MRRU value to negotiate during CHAP, and when the upstream BRAS doesn't return a value, it NAKs the CHAP config.
 
Any pointers appreciated.

Cheers,

Ben