User Route Generation and Advertisement
Why Do UNRs Exist
When users with IP addresses assigned go online through a device, such as a switch, no dynamic routing protocol can be used to forward the network-to-user traffic because the BAS interface has no IP address. In this situation, the BRAS needs to generate user network routes (UNRs) and import them to a dynamic routing protocol so that other devices can learn them.
For example, 100 users access the network from a BAS interface through PPPoE dial-up, and the BRAS assigns an IP address to each user through the RADIUS server. These IP addresses may be on the same subnet or different subnets. Because the BAS interface does not have an IP address, how does the BRAS and other network devices forward downstream traffic to each user? The answer is to generate two types of UNRs on the BRAS.
- User subnet routes with the subnet to which the users belong as the destination subnet and the BAS interface as the next hop. This type of route is advertised to other network devices connected to the BRAS, and the user traffic is directed to the BRAS.
- Specific host routes with a user's IP address as the destination address and the BAS interface as the next hop. When the traffic of all the users who go online through the local device reaches the BRAS, the BRAS searches for specific host routes and forwards the traffic to the users.
The BRAS can be configured to advertise address pool subnet routes or specific host routes of the users who go online. Typically, the BRAS is configured to advertise address pool subnet routes to reduce the number of routes and suppress route flapping when users go online and offline frequently.
UNR Classification and Generation
User routes can be classified into the following types based on their generation modes:
- User subnet routes generated when address pool configuration is performed on the BRAS
- Specific host routes generated when users go online
- User subnet routes generated when the Framed-route attribute is delivered by the RADIUS server
- User subnet routes and specific host routes generated through the Framed-IP-Address and Framed-IP-Netmask attributes are delivered by the RADIUS server
The process of UNR generation triggered by address pool configurations on a BRAS is as follows:
- After an address pool is created and a gateway address is configured in the address pool, the main control board generates a user subnet route and a gateway route with a 32-bit mask.
- After users go online with obtained IP addresses, the BRAS generates a 32-bit host route for each user. If there is traffic destined for the host, the BRAS diverts the traffic to the BRAS based on the subnet route generated in Step 1, searches the routing table for a 32-bit host route, and forwards packets to the user.
The process of UNR leaking is as follows:
If the VPN to which the user belongs and the network-side downstream traffic accessed by the user belong to different VPNs, you can configure a UNR leaking policy to import the address pool subnet routes in the VPN to which the user belongs to another VPN. The prefix information of the leaked routes remains unchanged, and the next hops of the routes point to the VPN to which the user belongs. In this way, if traffic destined for the user host exists in another VPN, the traffic can be imported to the VPN to which the user belongs through the leaked subnet route. Then, the system searches the routing table of the VPN to which the user belongs for the 32-bit host route and forwards packet to the user.
The process of generating the UNRs delivered by the RADIUS server is as follows:
In a PPPoE private line user scenario, the private line user is attached to multiple Layer 3 users, which are connected to the BRAS through Layer 3 network devices such as routers. In normal cases, each private line user has a fixed IP address which is assigned by the BRAS from its local address pool or by the RADIUS server.
When the private line user and its attached users are on the same subnet and the IP address of private line user is assigned by the RADIUS server, the RADIUS server delivers the Framed-IP-Address and Framed-IP-Netmask attributes to the BRAS, triggering the BRAS to generate UNRs and specific host routes of the corresponding subnet.
When the private line user and the attached users belong to different subnets, the RADIUS server delivers the Framed-route attribute to the BRAS, triggering the BRAS to generate UNRs.
If an address outside the address pool on the BRAS is delivered or the BRAS is enabled to advertise host routes in the address pool, RADIUS-delivered UNRs must be advertised.
How Are UNRs Advertised
If a user needs to communicate with other network users or network addresses, the BRAS needs to advertise the user's subnet routes to a dynamic routing protocol, such as OSPF, IS-IS, or BGP, for other devices to learn.
The following table describes the advertisement modes of UNRs in the IPv4 local address pool, remote address pool, and IPv6 prefix pool on the BRAS.
IPv4 Address Pool Type |
Address Pool Route Advertisement Mode |
|---|---|
Local address pool for IPv4 user access (PPPoE and IPoE) |
Recommended mode: Run the import-route unr command in the dynamic routing protocol to advertise UNRs. In this mode, only subnet routes, instead of specific host routes, are advertised. Optional mode: Configure a static blackhole route and use a dynamic routing protocol to advertise it. |
Remote address pool (DHCP relay address pool) for IPv4 users |
Recommended mode: Run the import-route unr command in the dynamic routing protocol to advertise UNRs. In this mode, only subnet routes, instead of specific host routes, are advertised. Optional mode: Configure a static blackhole route and use a dynamic routing protocol to advertise it. |
IPv4 NAT public address pool |
|
Using the import-route unr command is recommended because it is easy to configure and does not require manual configuration of static blackhole routes. In actual applications, routing policies are often used to control the imported UNRs to prevent the advertisement of incorrect routes.