Limiting the number of hosts and sessions per SLA profile instance and per subscriber

Table: Host limits list the host limits and Table: Session limits lists the session limits that can be configured in the following profiles:

Example

For a bridged RGW, allow one dual stack IPoE session (IPv4 and IPv6 IA-PD) per SLA profile instance and up to two sessions per subscriber.

configure
    subscriber-mgmt
        sla-profile "sla-profile-1"
            description "host and sessions limits per SLA Profile Instance"
            host-limits
                ipv4-overall 1
                ipv4-arp 0
                ipv4-dhcp 1
                ipv6-pd-overall 1
                ipv6-wan-overall 0
            exit
            session-limits
                ipoe 1
                pppoe-overall 0
                l2tp-overall 0
            exit
        exit
        sub-profile "sub-profile-1"
            description "host and session limits per subscriber"
            session-limits
                overall 2

Table: Host limit counters applicable per subscriber host type specifies the host-limits counters that are applicable for each of the different subscriber host types in SR OS. Table: Session limit counters applicable per subscriber session type specifies the session-limits counters that are applicable for each of the different subscriber session types in SR OS.

Host and session limits are checked when the host or session is created in the system. When a limit is reached, the host or session setup fails, and an error event is logged. For example:

6338 2020/09/24 09:48:50.612 UTC WARNING: DHCP #2005 Base Lease State Population Error

"Lease state table population error on SAP 1/1/4:2111.1 in service 1000 - sub-profile 'sub-profile-1' : host-limit overall (1) exceeded for subscriber 'ipoe-001'"

When a host or session limit is reached for an ARP host, an IPoE host or an IPoE session, a host-limit-exceeded Subscriber Host Connectivity Verification (SHCV) can be triggered to clean up the state of disconnected devices.

Note: If the remove-oldest command is configured in the host-limits context and an IPv4 ARP host, IPv4 DHCP host, IPv4 host, or subscriber host limit is reached when a new DHCPv4 host or an ARP host connects, the oldest active host disconnects and the new host is granted access. The dynamic host with the least remaining lease time is considered the oldest host. The remove-oldest command is not applicable for PPPoE or IPv6 subscriber hosts.
Table: Host limits
Command name Description

overall

Limits the total number of subscriber hosts

ipv4-overall

Limits the total number of IPv4 hosts

ipv4-arp

Limits the number of IPv4 ARP hosts

ipv4-dhcp

Limits the number of IPv4 DHCP hosts

ipv4-ppp

Limits the number of IPv4 PPP hosts

ipv6-overall

Limits the total number of IPv6 hosts

ipv6-pd-overall

Limits the total number of IPv6 DHCP Prefix Delegation hosts (IA-PD)

ipv6-pd-ipoe-dhcp

Limits the number of IPv6 IPoE DHCP Prefix Delegation hosts (IA-PD)

ipv6-pd-ppp-dhcp

Limits the number of IPv6 PPPoE DHCP Prefix Delegation hosts (IA-PD)

ipv6-wan-overall

Limits the total number of IPv6 WAN hosts

ipv6-wan-ipoe-dhcp

Limits the number of IPv6 IPoE DHCP WAN hosts (IA-NA)

ipv6-wan-ipoe-slaac

Limits the number of IPv6 IPoE SLAAC WAN hosts

ipv6-wan-ppp-dhcp

Limits the number of IPv6 PPPoE DHCP WAN hosts (IA-NA).

ipv6-wan-ppp-slaac

Limits the number of IPv6 PPPoE SLAAC WAN hosts

lac-overall

Limits the total number of L2TP LAC hosts

Table: Host limit counters applicable per subscriber host type
Subscriber host type Counts toward following host limits

IPv4 - PPP Hosts - IPCP

ipv4-ppp, ipv4-overall, overall

IPv4 - PPP Hosts - PFCP

IPv4 - IPOE Hosts - DHCP

ipv4-dhcp, ipv4-overall, overall

IPv4 - IPOE Hosts - ARP

ipv4-arp, ipv4-overall, overall

IPv4 - IPOE Hosts - Static

ipv4-overall, overall

IPv4 - IPOE Hosts - PFCP

IPv4 - IPOE Mngd Hosts - Data-trig

ipv4-overall, overall

IPv4 - IPOE Mngd Hosts - AAA

ipv4-overall, overall

IPv4 - IPOE Mngd Hosts - GTP

ipv4-overall, overall

IPv4 - IPOE Mngd Hosts - Bonding

ipv4-overall, overall

IPv4 - IPOE Hosts BSM - DHCP

IPv4 - IPOE Hosts BSM - Static

IPv4 - IPOE BSM - DHCP

IPv4 - IPOE BSM - Static

IPv6 - PPP Hosts - SLAAC

ipv6-wan-ppp-slaac, ipv6-wan-overall, ipv6-overall, overall

IPv6 - IPOE Hosts - DHCP6 (NA)

ipv6-wan-ppp-dhcp, ipv6-wan-overall, ipv6-overall, overall

IPv6 - PPP Hosts - DHCP6 (PD)

ipv6-pd-ppp-dhcp, ipv6-pd-overall, ipv6-overall, overall

IPv6 - PPP Mngd Routes - DHCP6 (PD)

IPv6 - PPP Hosts - PFCP (SLAAC)

IPv6 - PPP Hosts - PFCP (NA)

IPv6 - PPP Hosts - PFCP (PD)

IPv6 - IPOE Hosts - SLAAC

ipv6-wan-ipoe-slaac, ipv6-wan-overall, ipv6-overall, overall

IPv6 - IPOE Hosts - DHCP6 (NA)

ipv6-wan-ipoe-dhcp, ipv6-wan-overall, ipv6-overall, overall

IPv6 - IPOE Hosts - DHCP6 (PD)

ipv6-pd-ipoe-dhcp, ipv6-pd-overall, ipv6-overall, overall

IPv6 - IPOE Mngd Routes - DHCP6 (PD)

IPv6 - IPOE Hosts - Static (WAN)

ipv6-wan-overall, ipv6-overall, overall

IPv6 - IPOE Hosts - Static (Pfx)

ipv6-pd-overall, ipv6-overall, overall

IPv6 - IPOE Hosts - PFCP (SLAAC)

IPv6 - IPOE Hosts - PFCP (NA)

IPv6 - IPOE Hosts - PFCP (PD)

IPv6 - IPOE Mngd Hosts - Data-trig (WAN)

ipv6-wan-overall, ipv6-overall, overall

IPv6 - IPOE Mngd Hosts - Data-trig (Pfx)

ipv6-pd-overall, ipv6-overall, overall

IPv6 - IPOE Mngd Routes - Data-trig (Pfx)

IPv6 - IPOE Mngd Hosts - AAA

ipv6-wan-overall, ipv6-overall, overall

IPv6 - IPOE Mngd Hosts - GTP (SLAAC)

ipv6-pd-overall, ipv6-overall, overall

IPv6 - IPOE Mngd Hosts - Bonding

ipv6-pd-overall, ipv6-overall, overall

IPv6 - IPOE BSM - DHCP6 (NA)

IPv6 - IPOE BSM - DHCP6 (PD)

L2TP LAC Hosts

lac-overall, ipv4-overall, ipv6-overall, overall

Table: Session limits
Command name Description

overall

Limits the total number of subscriber sessions

ipoe

Limits the number of IPoE sessions

pppoe-overall

Limits the total number of PPPoE sessions

pppoe-local

Limits the number of PPPoE local terminated sessions (PTA)

pppoe-lac

Limits the number of PPPoE L2TP LAC sessions

l2tp-overall

Limits the total number of L2TP sessions

l2tp-lns

Limits the number of L2TP LNS sessions

l2tp-lts

Limits the number of L2TP LTS sessions

Table: Session limit counters applicable per subscriber session type
Subscriber session type Counts toward following session limits

Local PPP Sessions - PPPoE

pppoe-local, pppoe-overall, overall

Local PPP Sessions - L2TP (LNS)

l2tp-lns, l2tp-overall, overall

LAC PPP Sessions - PPPoE

pppoe-lac, pppoe-overall, overall

LAC PPP Sessions - L2TP (LTS)

l2tp-lts, l2tp-overall, overall

IPOE Sessions

ipoe, overall

PFCP Sessions - PPP

PFCP Sessions - IPOE

PFCP Sessions - default tunnels

The host and session limits per SLA profile instance and per subscriber can be overridden at subscriber host or session creation by the following.

The combination of overrides and configured limits is only checked when the host or session is created.

Overrides are stored in the subscriber host and session ESM info and can be displayed using the following show commands:

For example:

# show service id 1000 ipoe session subscriber "ipoe-001" detail
===============================================================================
IPoE sessions for service 1000
===============================================================================
SAP                     : [1/1/4:2111.1]
Mac Address             : 0a:11:00:00:00:01
Circuit-Id              : pe1|1000|group-int-2-1|1/1/4:2111.1
Remote-Id               : 0a:11:00:00:00:01
Session Key             : sap-mac
--- snip ---
Subscriber Session Limit Overrides
 ipoe                   : 3
 pppoe-overall          : 0
 l2tp-overall           : 0
SLA Profile Instance Session Limit Overrides
 ipoe                   : 1
 pppoe-overall          : 0
 l2tp-overall           : 0
-------------------------------------------------------------------------------
Number of sessions : 1
===============================================================================

It is the operator's responsibility to keep consistency in the overrides that are stored per subscriber host and session by the following:

For existing hosts or sessions, this consistency can be achieved by a mid-session change, for example, by RADIUS CoA or Diameter Gx RAR or CCA-U.

Note: If different subscriber hosts or sessions that belong to the same SLA profile instance or subscriber have different override limits, an inconsistent behavior can occur when sessions are recovered from persistency or in case of Multi-Chassis Synchronization (MCS). This may occur because the order in which hosts recover from persistency and the order in which the hosts or sessions are synchronized through MCS, may be different from the order in which sessions were created in the system.