Chapter 14 Configuring L2Tp Dial-Out; Dial-Out Process; Dial-Out Operational States; Chassis - Juniper JUNOSE SOFTWARE 11.0.X - BROADBAND ACCESS CONFIGURATION GUIDE 4-1-2010 Configuration Manual

the router to start a dial-out operation. The route includes a dial-out target (the virtual
router context and the IP address of the remote site). When the router receives a
packet destined for the target, it triggers a dial-out session to the target. The route is
associated with a profile that holds parameters for the interface stack that the router
builds as a result of the dial-out.

Dial-Out Process

The following is the dial-out process used in the Figure 10 on page 406 network:
1.
2.
3.
4.
5.
6.
7.
IP traffic can now flow freely between the home and remote sites.

Dial-Out Operational States

The dial-out state machine is a control process within the router that manages the
dial-out function for each IP flow. The dial-out state machine has four levels of control:
the router chassis, virtual router, targets, and sessions. This section describes the
operational states of each of these levels.

Chassis

Table 74 on page 408 describes the operational states of the chassis.
The router receives a trigger packet.
The router builds a RADIUS Access-Request message and sends it to the RADIUS
server that is associated with the virtual router on which the dial-out route is
defined typically, the RADIUS home server.
The RADIUS server's response to the Access-Request is similar to the response
used for LAC incoming calls. Notable differences are that the IP addresses of the
peer are interpreted as LAC addresses instead of LNS addresses. In addition,
narrowband details, such as calling numbers, are returned.
The LNS makes the outgoing call using a load-balancing or round-robin
mechanism identical to the one that the E Series LAC uses for incoming calls.
The LAC may also employ the LAC RADIUS in tunnel authentication.
Once the LNS successfully completes a control connection and session with the
LAC, the LAC performs the actual narrowband dial-out operation to the remote
site using the information passed by the LNS during session setup.
A PPP session is started on the remote customer premises equipment (CPE), and
mutual PPP authentication is performed at the remote CPE and the LNS as follows:
a. The LNS uses the LNS RADIUS server to validate the remote CPE's PPP
session, while the CPE can use its own RADIUS server to validate the LNS's
PPP session.
b. The LNS uses the username and password that is returned in the first
Access-Accept message.
Once authentication is successful, an IP interface is built on top of the PPP
interface at the LNS. Internet Protocol Control Protocol (IPCP) is negotiated, and
the framed route that RADIUS returns as a result of the PPP authentication
supersedes the dial-out route.
Chapter 14: Configuring L2TP Dial-Out
L2TP Dial-Out Overview
407