# Next Generation BNG CUPS Solution with ACX and MX Routers ## Overview Juniper BNG CUPS architecture is opposed to the classical BNG implementation with Control and User planes are tightly coupled togather usually inside the same Broadband Network Gateway (BNG) node. BNG CUPS separates the broadband network gateway stack running in the native Junos OS into a cloud-native application, where the BNG control plane functionality runs on the cloud application and the BNG user plane functionality runs in Junos OS. The cloud environment enables a single control plane to connect with multiple user planes. In Juniper BNG CUPS, the BNG functions are split into the control plane (Juniper BNG CUPS Controller) functions and the user plane (Juniper BNG User Plane) functions. The management, state, and control packet interfaces operate between the Juniper BNG CUPS Controller (BNG CUPS Controller) and the Juniper BNG User Plane (BNG User Plane). The BNG CUPS Controller serves as the location for completing subscriber termination, such as control protocol endpoint, authentication, and address assignment. Also, it sets up the proper forwarding states for all its connected BNG User Planes. **Objectives** - Is to understand the disaggregated architecture of the BNG control plane, which is compliant with Broadband Forum TR459 Issue 2 and 3. To configure and monitor network components using cli provided by Control User Planes nodes. **Key Topics** - Understanding Juniper's BNG CUPS architecture and its compliance with industry standards. Exploring how the disaggregated BNG control plane functions are split between a cloud-native application (BNG CUPS Controller) and Junos OS running in MX routers. Delving into the functionalities of the BNG CUPS Controller, including subscriber termination tasks such as authentication and address assignment. Monitoring user planes on both ACX7332 and MX304 devices for network performance insights. **Methodology** - In this lab You will dive into a hands-on exploration of our fully-pre-staged setup featuring the Broadband Network Gateway (BNG) with Metro Fabric integrated with BNG CUPs. You will gain practical experience by navigating configurations and monitoring key elements such as the CUPS controller (CP), User Planes (UP) - on MX304 and ACX7000 series routers. **Skills and Tools** - Participants should have proficiency with the Junos CLI and a foundational understanding of networking concepts. Familiarity with Broadband Network architecture will be beneficial. The tools involved in this lab include Juniper BNG CUPS Controller, Juniper MX 304 routers, and ACX 7332 platforms. **Benefits** - By completing this lab, participants will gain: - Practical experience with Juniper's cutting-edge network solutions, specifically focusing on the BNG CUPS solution. - Enhanced skills in configuring and managing real-time monitoring using streaming telemetry within Juniper platforms. - A deeper understanding of how disaggregation enhances network flexibility and scalability. The lab is designed for network engineers who are proficient with Junos CLI and have a general knowledge of networking, particularly focusing on Broadband Network architecture. ## Starting Lab ### Lab Blueprint Topology ![A diagram of a network AI-generated content may be incorrect.](images/media/image1.png) This lab consists of three devices (CP (Jumphost controller), UP1 (User Plane 1), UP2 (User Plane 2) ). - BNG Jumphost controller (CP) and UP1 (MX304) -- Junos build version 24.4R1. - UP2 (ACX7332) -- EVO build version 24.4R1. QFX is used as bridging between Jumphost controller (CP), User Planes (UP's) for data network. Configuration and operational command outputs have been collected. **The lab is preconfigured with the following items:** - Juniper BNG CUPS Control Plane (CP) - (The Controller Software running on Kubernetes) - The BNG CUPS Controller application (microservices) successfully deployed and running within the Kubernetes cluster. - The MX and ACX routers is running a Junos/EVO OS version compatible with the BNG CUPS Controller. - Ensure both User planes (UP's) are reachable from Jumphost controller (CP). - A pre-configured RADIUS server with test subscriber credentials and basic service profiles. This server is reachable by the BNG CUPS Control Plane. - A client (e.g , a traffic generator) configured to initiate subscriber sessions (e.g., PPPoE dial, DHCP request) to the User Plane\'s access interfaces. **In this lab users will perform the following actions:** - Configure Node association DBNG-CP to DBNG-UP(s) - Subscriber DHCP & PPPoE dynamic-profile configuration on ACX7332 - Subscriber DHCP & PPPoE dynamic-profile configuration on MX304 - DHCP dhcp-local-server configuration on Control Plane (CP) - Access and Uplink interface configuration on ACX7332 - Access and Uplink interface configuration on MX304 - Validate show commands for subscribers binding and session details on ### Access Details User credentials details to access the test bed will be provided to users upon arrival at the Hands-On Lab (HOL) area. | Device Role | Host_IP_Address | Model | Remarks | |-------------|--------------------------|---------|----------------------------------------| | UP1 | 10.83.153.63 | ACX7332 | Example: `ssh ts_2025_10@10.83.153.63` | | UP2 | 10.83.154.25 | MX304 | Example: `ssh ts_2025_10@10.83.154.25` | | CP | rtme-bng-cups-c02-jumphost | | Example: `ssh ts_2025_10@rtme-bng-cups-c02-jumphost` | **Jumphost Controller (CP): Accessing the Controller Junos CLI:** Once login to Jumphost Controller (CP) is successful, you are in the Linux shell. From the Linux shell, you can access the BNG CUPS Controller CLI by using the command `sudo dbng cli`. _Note: You will need to enter the password to access the BNG CUPS Controller CLI._ UP2 terminal: ```shell Tue Jul 08 03:47:44 [seruvala@ttsv-shell015:~]ssh ts_2025_10@10.83.154.25 ***************************************** * * * ATTENTION! TECHSUMMIT HOL 2025 IS OVER. * IF YOU STILL INTERESTED IN COMPLETING THE CUPS HOL, * PLEASE SEND YOUR REQUEST TO vmukhin@juniper.net * * ****************************************** (ts_2025_10@10.83.154.25) Password: Last login: Tue Jul 8 01:52:10 2025 from 10.108.196.40 --- JUNOS 24.4R1.12 Kernel 64-bit JNPR-15.0-20241104.1ed86e6_buil ts_2025_10@rtme-mx304-04>``` ``` ```shell [seruvala@ttsv-shell015:~]ssh ts_2025_10@rtme-bng-cups-c02-jumphost ts_2025_10@rtme-bng-cups-c02-jumphost's password: <---- ENTER password here Welcome to Ubuntu 22.04.5 LTS (GNU/Linux 5.15.0-133-generic x86_64) ... truncated output ... root@rtme-bng-cups-c02-jumphost:~# root@rtme-bng-cups-c02-jumphost:~#sudo dbng cli [sudo] password for ts_2025_10: <--- ENTER password here root@cpi-01> root@cpi-01> show version Hostname: cpi-01 Model: cBNG Family: junos ``` ### Architecture Introduction Juniper BNG CUPS is one of the industry's first architectures to bring the disaggregation vision defined in BBF TR-459 to real-world networks. It is available and compliant with Broadband Forum TR459 Issue 2 and 3. **It features two basic components**: - **Juniper BNG CUPS Controller:** This virtualized, cloud-native controller provides the full range of BNG control plane functions (subscriber session management, authentication and authorization, policy enforcement, and more), plus a session database (SDB) for network-wide subscriber state information, in a single, centralized solution. Juniper BNG CUPS controllers are highly available, microservices-based, Kubernetes-orchestrated cloud instances. They can be instantiated, scaled, and moved quickly and automatically, using the same mechanisms employed in the world's largest hyperscale clouds. - **Juniper BNG User Planes:** Juniper offers BNG user plane functions on MX and ACX platform series, in multiple physical and virtual form factors, including smaller, streamlined platforms designed for distributed scale-out architectures. Operators can distribute these BNG user plane functions closer to subscribers while controlling them all centrally, with a single interface to back-office systems. BNG CUPS user planes can support DHCP IPoE dual stack (IPv4/IPv6), PPPoE PTA dual stack, and LAC sessions. ![](images/media/image2.png) **Juniper BNG CUPS Controller** ![](images/media/image3.png) Juniper BNG CUPS controller is a cloud application, running in a Kubernetes cluster that disaggregates and consolidates the control plane from multiple BNG user planes. It implements the BBF TR459 specifications including the interfaces defined and standardized there. It includes two major microservices: Control Plane Instance (CPi) microservice that implements the control plane for a group of up to 32 BNG Ups and 512,000 dual stack sessions (with the JUNOS 24.4R1 release), and the State Cache microservice that implements the database service for storing and synchronizing session state maintained by the CPi. The CUPS Controller communication with the BNG User Planes is based on two interfaces as defined by BBF TR459. Session Control Interface (SCi), based on PFCP (Packet Forwarding Control Interface), is DTLS protected and implements the User Plane node management and the BNG session management and control. In addition, it enables statistics reporting. - Control Packet Redirect Interface (CPRi), based on GPRS Tunneling Protocol (GTP), is DTLS protected as well, tunnels the subscriber management control traffic (DHCP, PPPoE, L2TP) and provides neighbor discovery. ### STEP-1: Configure BNG CUPS Controller (CP -- Control Plane) The BNG CUPS Controller configuration consists of the following configuration groups: - **bbe-bng-director**: Contains controller-wide configuration items such as BNG User Plane definitions, control plane instance definitions, BNG User Plane assignments, subscriber and load balancing group definitions. - **bbe-common-0**: Contains the bulk of the subscriber management configurations including the; Dynamic profiles , Class of service classifiers, Schedulers and Scheduler maps,Firewall filters and policers and Authentication, authorization, and accounting (AAA) services at the access and access profile level. **Configuration 1: bbe-bng-director Group on CP** Issue command as shown in the snippet below to view the bng-controller configuration: ``` root@cpi-01# show groups bbe-bng-director bng-controller bng-controller-name bng-controller-blr; user-planes { up-blr { transport { inet 10.66.1.8; } user-plane-profile up-blr-prof; } up-blr1 { transport { inet 10.66.1.80; } user-plane-profile up-blr-prof1; } } control-plane-instances { cpi-01 { control-plane-config-group bbe-common-0; user-plane [ up-blr up-blr1 ]; } } ``` **Configuration 2: Subscriber-management user-plane on UP1 (User Plane 1):** ``` root@UP1# show system services subscriber-management enable { force; } mode { user-plane { user-plane-name up-blr; transport { inet 10.66.1.8; } control-plane { control-plane-name cpi-01; bng-controller-name bng-controller-blr; } } } ``` **Configuration 3: Subscriber-management user-plane on UP2 (User Plane 2):** ``` root@UP2# show system services subscriber-management enable { force; } mode { user-plane { user-plane-name up-blr1; transport { inet 10.66.1.80; } control-plane { control-plane-name cpi-01; bng-controller-name bng-controller-blr; } } } ``` **CLI Output 1: CP/UP's Association in CP(Control Plane):** Verify that your BNG CUPS deployment is correctly set up and that all User Planes are properly communicating with the Control Plane. Issue an operational mode show command: ``` root@cpi-01# run show system subscriber-management control-plane associations ``` Expected output: ``` UP Name ID Address State Assoc Time Assoc-updates up-blr1 1025 10.66.1.80 connected Wed Jun 4 18:22:30 2025 0 up-blr 1024 10.66.1.8 connected Wed Jun 4 10:18:22 2025 0 ``` Verify the overall health and operational status of your BNG User Planes (UPs) as perceived and managed by the Control Plane. Issue an operational mode show command: ``` root@cpi-01# run show health user-plane Name Address CPi State Health Up-time Active/Backup-sess up-blr1 10.66.1.80 cpi-01 connected healthy 1d 00:02:53 2000/0 up-blr 10.66.1.8 cpi-01 connected healthy 1d 08:07:01 2000/0 ``` **CLI Output 2: CP/UP1 Association in UP1(User Plane1):** Access the UP1 (User Plane 1 — ACX-router) and verify the association with the Control Plane (CP) by issuing the following command: ``` root@UP1# run show system subscriber-management user-plane associations CP Name Address State Assoc Time Assoc-updates cpi-01 10.66.1.5 Connected Wed Jun 4 03:18:21 2025 0 ``` **CLI Output 3: CP/UP2 Association in UP2(User Plane2):** Access the UP2 (User Plane 2 — MX-router) and verify the association with the Control Plane (CP) by issuing the following command: ``` root@UP2# run show system subscriber-management user-plane associations CP Name Address State Assoc Time Assoc-updates cpi-01 10.66.1.5 Connected Wed Jun 4 11:22:30 2025 0 ``` ### STEP-2: bbe-common-0 Group on CP (Control Plane) **user-plane-profiles configuration on CP** Observe the user-plane-profiles configuration in the bbe-common-0 group on the Control Plane (CP). This configuration defines the user plane profiles for the BNG User Planes. ```junos root@cpi-01# show groups bbe-common-0 user-plane-profiles up-blr-prof { interfaces et-0/0/0 { auto-configure { stacked-vlan-ranges { dynamic-profile dynsvlan-profile { accept [ inet inet6 pppoe ]; ranges { any, any; } } } remove-when-no-subscribers; } } } up-blr-prof1 { interfaces xe-0/0/1:1 { auto-configure { stacked-vlan-ranges { dynamic-profile dynsvlan-profile { accept [ inet inet6 pppoe ]; ranges { any, any; } } } remove-when-no-subscribers; } } } ``` ### STEP-3: DHCP dynamic-profile configuration on CP (Control Plane) Observe the DHCP dynamic-profile configuration in the bbe-common-0 group on the Control Plane (CP). This configuration defines the DHCP dynamic profile for subscriber sessions. ```junos root@cpi-01# show groups bbe-common-0 dynamic-profiles dynsvlan-profile routing-instances { "$junos-routing-instance" { interface "$junos-interface-name"; } } interfaces { demux0 { unit "$junos-interface-unit" { actual-transit-statistics; vlan-tags outer "$junos-stacked-vlan-id" inner "$junos-vlan-id"; demux-options { underlying-interface "$junos-interface-ifd-name"; } family inet { unnumbered-address "$junos-loopback-interface"; } family inet6 { unnumbered-address "$junos-loopback-interface"; } family pppoe { duplicate-protection; dynamic-profile pppoe-client-profile; } } } } ``` ### STEP-4: PPPoE dynamic-profile configuration on CP (control plane) Observe the PPPoE dynamic-profile configuration in the bbe-common-0 group on the Control Plane (CP). ``` root@cpi-01# show groups bbe-common-0 dynamic-profiles pppoe-client-profile { routing-instances { "$junos-routing-instance" { interface "$junos-interface-name"; } } interfaces { pp0 { unit "$junos-interface-unit" { actual-transit-statistics; no-traps; ppp-options { chap; pap; } pppoe-options { underlying-interface "$junos-underlying-interface"; server; } no-keepalives; family inet { unnumbered-address "$junos-loopback-interface"; } family inet6 { unnumbered-address "$junos-loopback-interface"; } } } } protocols { router-advertisement { interface "$junos-interface-name" { prefix "$junos-ipv6-ndra-prefix"; } } } } ``` ### STEP-5: dhcp-local-server configuration on Control Plane (CP) Observe the dhcp-local-server configuration in the bbe-common-0 group on the Control Plane (CP). ``` root@cpi-01# show groups bbe-common-0 system services dhcp-local-server dhcpv6 { group dhcp-v6-client { authentication { password joshua; username-include { user-prefix dhcpv6; } } interface demux0.0; interface bb0.0; interface up:up-blr:pp0.0; } } group dhcp-v4-client { authentication { password joshua; username-include { user-prefix dhcpv4; } } interface demux0.0; interface bb0.0; } ``` ### STEP-5: Access-Profile(Radius) configuration on CP Observe the Access-Profile configuration in the bbe-common-0 group on the Control Plane (CP). This configuration defines the authentication order and RADIUS server for subscriber access. ```junos root@cpi-01# show groups bbe-common-0 access profile Access-Profile-1 authentication-order radius; radius { authentication-server 10.66.1.3; accounting-server 10.66.1.3; } accounting { order radius; statistics volume-time; } ``` ### STEP-6: Access and Uplink interface configuration on UP1 (User Plane 1) Check configuration of the access and uplink interfaces on UP1 (User Plane 1). The access interface is configured for flexible VLAN tagging, while the uplink interface is configured with VLAN tagging and specific IP addresses. ``` root@UP1# show interfaces et-0/0/0 description access0; flexible-vlan-tagging; speed 10g; auto-configure { stacked-vlan-ranges { dynamic-profile dynsvlan-profile { accept [ inet inet6 pppoe ]; ranges { any, any; } } } remove-when-no-subscribers; } ``` ``` root@UP1# show interfaces et-0/0/2 description uplink0; vlan-tagging; speed 10g; unit 1 { demux-source inet; vlan-id 1; family inet { address 200.0.0.1/24; } family inet6 { address 2000:1:1::1/64; } } ``` ### STEP-7 : Access and Uplink interface configuration on UP2 (User Plane 2) Verify the configuration of the access and uplink interfaces on UP2 (User Plane 2). The access interface is configured for flexible VLAN tagging, while the uplink interface is configured with VLAN tagging and specific IP addresses. ``` root@UP2# show interfaces xe-0/0/1:1 description access0; flexible-vlan-tagging; auto-configure { stacked-vlan-ranges { dynamic-profile dynsvlan-profile { accept [ inet inet6 pppoe ]; ranges { any, any; } } } remove-when-no-subscribers; } ``` ``` root@UP2# show interfaces xe-0/0/1:2 description uplink0; vlan-tagging; unit 1 { demux-source inet; vlan-id 1; family inet { address 200.0.0.1/24; } family inet6 { address 2000:1:1::1/64; } } ``` ### STEP-8 : Subscribers validation on Control Plane (CP), UP1 and UP2 **CLI-Output 4: DHCP and PPPoE** Subscribers validation on Control Plane (CP) You can observe the status of the connected subscribers on the Control Plane (CP). Access the control plane (CP) and issue the operational mode show command to validate the subscribers: ``` root@cpi-01# run show subscribers summary Subscribers by State Active: 8000 Total: 8000 Subscribers by Client Type DHCP: 4000 VLAN: 2000 PPPoE: 2000 Total: 8000 ``` ``` \[edit\] root@cpi-01# run show subscribers summary user-plane up-blr Subscribers by State Active: 4000 Total: 4000 Subscribers by Client Type DHCP: 2000 VLAN: 1000 PPPoE: 1000 Total: 4000 Subscribers by Resiliency State Active: 3000 Backup: 0 Total: 3000 ``` ``` \[edit\] root@cpi-01# run show subscribers summary user-plane up-blr1 Subscribers by State Active: 4000 Total: 4000 Subscribers by Client Type DHCP: 2000 VLAN: 1000 PPPoE: 1000 Total: 4000 Subscribers by Resiliency State Active: 3000 Backup: 0 Total: 3000 ``` **CLI-Output 5: DHCP and PPPoE** Subscribers validation on User Plane (UP1)** Use the operational mode show command to validate the subscribers on User Plane 1 (UP1): ``` root@UP1# run show user-plane subscribers summary Subscribers by State Active: 4000 Total: 4000 Subscribers by Client Type DHCP: 2000 VLAN: 1000 PPPoE: 1000 Total: 4000 ``` **CLI-Output 6: DHCP and PPPoE Subscribers validation on User Plane (UP2)** Use the operational mode show command to validate the subscribers on User Plane 2 (UP2): ``` root@UP2# run show user-plane subscribers summary Subscribers by State Active: 4000 Total: 4000 Subscribers by Client Type DHCP: 2000 VLAN: 1000 PPPoE: 1000 Total: 4000 ``` ## Glossary • AAA: Authentication, Authorization, and Accounting • BBF (TR): BroadBand Forum (Technical Report) • BNG: Broadband Network Gateway • CUPS: Control and User Plane Separation • DHCP: Dynamic Host Configuration Protocol • PFCP: Packet Forwarding Control protocol • PPPoE PTA: Point-to-Point Protocol over Ethernet • PFCP: Packet Forwarding Control protocol • CPi: CUPS Controller Control Plane instance, microservice • PFE: Packet Forwarding Engine **You have successfully completed this Hands-On Lab!** ## Lab Survey Please take 2 minutes and complet the [BNG CUPS Solution with ACX and MX Routers Hands-On Lab Survey](https://www.surveymonkey.com/r/ZPZ6Z3Z) ![BNG-CUPS-hol-Survey-qr-code](./images/BNG-CUPS-hol-Survey-qr-code.png)