Limiting the number of hosts and sessions per SLA profile instance and per subscriber

Table: Host limits list the host limits and Table: Session limits lists the session limits that can be configured in the following profiles:

sla-profile

The limits are enforced per SLA profile instance.
sub-profile

The limits are enforced per subscriber.

Example

For a bridged RGW, allow one dual stack IPoE session (IPv4 and IPv6 IA-PD) per SLA profile instance and up to two sessions per subscriber.

configure
    subscriber-mgmt
        sla-profile "sla-profile-1"
            description "host and sessions limits per SLA Profile Instance"
            host-limits
                ipv4-overall 1
                ipv4-arp 0
                ipv4-dhcp 1
                ipv6-pd-overall 1
                ipv6-wan-overall 0
            exit
            session-limits
                ipoe 1
                pppoe-overall 0
                l2tp-overall 0
            exit
        exit
        sub-profile "sub-profile-1"
            description "host and session limits per subscriber"
            session-limits
                overall 2

Table: Host limit counters applicable per subscriber host type specifies the host-limits counters that are applicable for each of the different subscriber host types in SR OS. Table: Session limit counters applicable per subscriber session type specifies the session-limits counters that are applicable for each of the different subscriber session types in SR OS.

Host and session limits are checked when the host or session is created in the system. When a limit is reached, the host or session setup fails, and an error event is logged. For example:

6338 2020/09/24 09:48:50.612 UTC WARNING: DHCP #2005 Base Lease State Population Error

"Lease state table population error on SAP 1/1/4:2111.1 in service 1000 - sub-profile 'sub-profile-1' : host-limit overall (1) exceeded for subscriber 'ipoe-001'"

When a host or session limit is reached for an ARP host, an IPoE host or an IPoE session, a host-limit-exceeded Subscriber Host Connectivity Verification (SHCV) can be triggered to clean up the state of disconnected devices.

Note: If the remove-oldest command is configured in the host-limits context and an IPv4 ARP host, IPv4 DHCP host, IPv4 host, or subscriber host limit is reached when a new DHCPv4 host or an ARP host connects, the oldest active host disconnects and the new host is granted access. The dynamic host with the least remaining lease time is considered the oldest host. The remove-oldest command is not applicable for PPPoE or IPv6 subscriber hosts.

Table: Host limits
Command name	Description
overall	Limits the total number of subscriber hosts
ipv4-overall	Limits the total number of IPv4 hosts
ipv4-arp	Limits the number of IPv4 ARP hosts
ipv4-dhcp	Limits the number of IPv4 DHCP hosts
ipv4-ppp	Limits the number of IPv4 PPP hosts
ipv6-overall	Limits the total number of IPv6 hosts
ipv6-pd-overall	Limits the total number of IPv6 DHCP Prefix Delegation hosts (IA-PD)
ipv6-pd-ipoe-dhcp	Limits the number of IPv6 IPoE DHCP Prefix Delegation hosts (IA-PD)
ipv6-pd-ppp-dhcp	Limits the number of IPv6 PPPoE DHCP Prefix Delegation hosts (IA-PD)
ipv6-wan-overall	Limits the total number of IPv6 WAN hosts
ipv6-wan-ipoe-dhcp	Limits the number of IPv6 IPoE DHCP WAN hosts (IA-NA)
ipv6-wan-ipoe-slaac	Limits the number of IPv6 IPoE SLAAC WAN hosts
ipv6-wan-ppp-dhcp	Limits the number of IPv6 PPPoE DHCP WAN hosts (IA-NA).
ipv6-wan-ppp-slaac	Limits the number of IPv6 PPPoE SLAAC WAN hosts
lac-overall	Limits the total number of L2TP LAC hosts

Table: Host limit counters applicable per subscriber host type
Subscriber host type	Counts toward following host limits
IPv4 - PPP Hosts - IPCP	ipv4-ppp, ipv4-overall, overall
IPv4 - PPP Hosts - PFCP	—
IPv4 - IPOE Hosts - DHCP	ipv4-dhcp, ipv4-overall, overall
IPv4 - IPOE Hosts - ARP	ipv4-arp, ipv4-overall, overall
IPv4 - IPOE Hosts - Static	ipv4-overall, overall
IPv4 - IPOE Hosts - PFCP	—
IPv4 - IPOE Mngd Hosts - Data-trig	ipv4-overall, overall
IPv4 - IPOE Mngd Hosts - AAA	ipv4-overall, overall
IPv4 - IPOE Mngd Hosts - GTP	ipv4-overall, overall
IPv4 - IPOE Mngd Hosts - Bonding	ipv4-overall, overall
IPv4 - IPOE Hosts BSM - DHCP	—
IPv4 - IPOE Hosts BSM - Static	—
IPv4 - IPOE BSM - DHCP	—
IPv4 - IPOE BSM - Static	—
IPv6 - PPP Hosts - SLAAC	ipv6-wan-ppp-slaac, ipv6-wan-overall, ipv6-overall, overall
IPv6 - IPOE Hosts - DHCP6 (NA)	ipv6-wan-ppp-dhcp, ipv6-wan-overall, ipv6-overall, overall
IPv6 - PPP Hosts - DHCP6 (PD)	ipv6-pd-ppp-dhcp, ipv6-pd-overall, ipv6-overall, overall
IPv6 - PPP Mngd Routes - DHCP6 (PD)	—
IPv6 - PPP Hosts - PFCP (SLAAC)	—
IPv6 - PPP Hosts - PFCP (NA)	—
IPv6 - PPP Hosts - PFCP (PD)	—
IPv6 - IPOE Hosts - SLAAC	ipv6-wan-ipoe-slaac, ipv6-wan-overall, ipv6-overall, overall
IPv6 - IPOE Hosts - DHCP6 (NA)	ipv6-wan-ipoe-dhcp, ipv6-wan-overall, ipv6-overall, overall
IPv6 - IPOE Hosts - DHCP6 (PD)	ipv6-pd-ipoe-dhcp, ipv6-pd-overall, ipv6-overall, overall
IPv6 - IPOE Mngd Routes - DHCP6 (PD)	—
IPv6 - IPOE Hosts - Static (WAN)	ipv6-wan-overall, ipv6-overall, overall
IPv6 - IPOE Hosts - Static (Pfx)	ipv6-pd-overall, ipv6-overall, overall
IPv6 - IPOE Hosts - PFCP (SLAAC)	—
IPv6 - IPOE Hosts - PFCP (NA)	—
IPv6 - IPOE Hosts - PFCP (PD)	—
IPv6 - IPOE Mngd Hosts - Data-trig (WAN)	ipv6-wan-overall, ipv6-overall, overall
IPv6 - IPOE Mngd Hosts - Data-trig (Pfx)	ipv6-pd-overall, ipv6-overall, overall
IPv6 - IPOE Mngd Routes - Data-trig (Pfx)	—
IPv6 - IPOE Mngd Hosts - AAA	ipv6-wan-overall, ipv6-overall, overall
IPv6 - IPOE Mngd Hosts - GTP (SLAAC)	ipv6-pd-overall, ipv6-overall, overall
IPv6 - IPOE Mngd Hosts - Bonding	ipv6-pd-overall, ipv6-overall, overall
IPv6 - IPOE BSM - DHCP6 (NA)	—
IPv6 - IPOE BSM - DHCP6 (PD)	—
L2TP LAC Hosts	lac-overall, ipv4-overall, ipv6-overall, overall

Table: Session limits
Command name	Description
overall	Limits the total number of subscriber sessions
ipoe	Limits the number of IPoE sessions
pppoe-overall	Limits the total number of PPPoE sessions
pppoe-local	Limits the number of PPPoE local terminated sessions (PTA)
pppoe-lac	Limits the number of PPPoE L2TP LAC sessions
l2tp-overall	Limits the total number of L2TP sessions
l2tp-lns	Limits the number of L2TP LNS sessions
l2tp-lts	Limits the number of L2TP LTS sessions

Table: Session limit counters applicable per subscriber session type
Subscriber session type	Counts toward following session limits
Local PPP Sessions - PPPoE	pppoe-local, pppoe-overall, overall
Local PPP Sessions - L2TP (LNS)	l2tp-lns, l2tp-overall, overall
LAC PPP Sessions - PPPoE	pppoe-lac, pppoe-overall, overall
LAC PPP Sessions - L2TP (LTS)	l2tp-lts, l2tp-overall, overall
IPOE Sessions	ipoe, overall
PFCP Sessions - PPP	—
PFCP Sessions - IPOE	—
PFCP Sessions - default tunnels	—

The host and session limits per SLA profile instance and per subscriber can be overridden at subscriber host or session creation by the following.

Include the 245.26.6527.5 Alc-Spi-Host-And-Session-Limits and 245.26.6527.6 Alc-Sub-Host-And-Session-Limits VSAs in the RADIUS Access-Accept message during authentication.

See the 7450 ESS, 7750 SR, and VSR RADIUS Attributes Reference Guide for a detailed description of the VSAs.
Include the NOKIA-1047 Alc-Spi-Host-And-Session-Limits and NOKIA-1048 Alc-Sub-Host-And-Session-Limits Vendor Specific Diameter AVPs in a CCA-I or CCA-U message during authentication.

See the 7750 SR Gx AVPs Reference Guide for a detailed description of the AVPs.

The combination of overrides and configured limits is only checked when the host or session is created.

Overrides are stored in the subscriber host and session ESM info and can be displayed using the following show commands:

show service id service-id dhcp lease-state detail
show service id service-id dhcp6 lease-state detail
show service id service-id slaac host detail
show service id service-id arp-host detail
show service id service-id ppp session detail
show service id service-id pppoe session detail
show service id service-id ipoe session detail
show service id service-id managed-hosts type {aaa | bonding | data-triggered | gtp | wpp}

For example:

# show service id 1000 ipoe session subscriber "ipoe-001" detail
===============================================================================
IPoE sessions for service 1000
===============================================================================
SAP                     : [1/1/4:2111.1]
Mac Address             : 0a:11:00:00:00:01
Circuit-Id              : pe1|1000|group-int-2-1|1/1/4:2111.1
Remote-Id               : 0a:11:00:00:00:01
Session Key             : sap-mac
--- snip ---
Subscriber Session Limit Overrides
 ipoe                   : 3
 pppoe-overall          : 0
 l2tp-overall           : 0
SLA Profile Instance Session Limit Overrides
 ipoe                   : 1
 pppoe-overall          : 0
 l2tp-overall           : 0
-------------------------------------------------------------------------------
Number of sessions : 1
===============================================================================

It is the operator's responsibility to keep consistency in the overrides that are stored per subscriber host and session by the following:

ensure that all hosts and sessions that belong to the same SLA profile instance receive the same dynamic SLA profile instance limit overrides
ensure that all hosts and sessions that belong to the same subscriber receive the same dynamic subscriber limit overrides

For existing hosts or sessions, this consistency can be achieved by a mid-session change, for example, by RADIUS CoA or Diameter Gx RAR or CCA-U.

Note: If different subscriber hosts or sessions that belong to the same SLA profile instance or subscriber have different override limits, an inconsistent behavior can occur when sessions are recovered from persistency or in case of Multi-Chassis Synchronization (MCS). This may occur because the order in which hosts recover from persistency and the order in which the hosts or sessions are synchronized through MCS, may be different from the order in which sessions were created in the system.