Differences

This shows you the differences between two versions of the page.

--- en:dpi:bras_bng:modes_and_architecture:start [2023/10/13 12:57] – elena.krasnobryzh
+++ en:dpi:bras_bng:modes_and_architecture:start [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1
@@ Line 1: / Line 1: @@
-======BRAS mode description and architecture======
-{{indexmenu_n>1}}
-=====L3-Connected BRAS=====
-<note important>Please fill out the questionnaire in a form convenient for you before the implementation:\\
-  - {{en:dpi:bras_bng:opt_bras_l2:description:questionnaire_form.docx |BRAS questionnare and Radius requests examples}}
-  - [[https://docs.google.com/forms/d/e/1FAIpQLSf3pIJ2ItHGmBHQA4Hljs2CwBwav95lJ3CKeiNZOtKnTsmmOA/viewform?usp=sf_link|Google form]]
-</note>
-<note tip>See also: \\
-  - [[https://youtu.be/h-eOOO9jehM|BNG Solution Overview]]
-  - [[https://youtu.be/kHX11rQJTHU|L3 IPoE Mode]]
-</note>
-L3-Connected BRAS communicates with the subscribers indirectly through the intermediate routers, so it does not operate using the the original MAC addresses while the subscribers are already assigned IP addresses.
-The assignment of IP addresses according to the scheme is done either statically in the network settings or dynamically in the access switches using the DHCP Relay or in the VPN routers.
-The popularity of this scheme among broadband access providers is caused by the ease of reserving network nodes and deploying of a distributed network.
-DPI BRAS advantages over the traditional means:
-  - independent traffic control and its prioritization by applications and autonomous systems within the bandwidth of each uplink,  	limitation of torrent connections if there is a higly limited bandwidth.
-  - traffic prioritization by applications and autonomous systems within the subscriber's tariff plan (it is especially important for the corporate users, as they have a lot of real users in the same tariff plan that can cause the users to interfere with each other)
-  - support for subscribers with an arbitrary pool of IP addresses including the dynamically assigned ones.
-  - subscriber redirection to the Captive Portal in case of non-payment  according to the white list of external resources ( such as the banking payment portals, etc.) which are not affected by changes of resource's IP addresses ( based on the host name or the url, including the URLs with wildcards)
-  - the feature to collect a full netflow from the entire bandwidth, or to restrict netflow according to the billed subscribers
-  - support of the requirements of regulatory and law enforcement authorities
-    - automatic loading and filtering according to the registers of agencies like the Federal Supervision Agency for Information Technologies, Communications and Mass Media (in Russia)
-    - support of interaction with systems like ECHELON, Carnivore and other technical means of operative-search activities system
-The following BRAS functionality is described elsewhere:
-  - subscriber services management
-  - QOS management
-  - subscribers tariff plan management
-  - bandwidth management
-  - subscriber redirection to the Captive Portal in case of non-payment
-  - motifying subscribers
-  - traffic filtering by corresponding black and white lists
-  - interaction with Lawful Interception
-This section describes the interaction with the Radius server:
-session authentification, policies assignment (tariff plan and services) to the subscribers and dynamic policy management using the CoA (Change of Authorization) and SD techniques.
-=====L2-Connected BRAS=====
-<note important>Please fill out the questionnaire in the most convenient form before the implementation:\\
-  - {{ en:dpi:bras_bng:opt_bras_l2:description:questionnaire_form.docx |BRAS questionnaire and Radius requests examples}}
-  - [[https://docs.google.com/forms/d/e/1FAIpQLSf3pIJ2ItHGmBHQA4Hljs2CwBwav95lJ3CKeiNZOtKnTsmmOA/viewform?usp=sf_link|Google form]]
-</note>
-<note tip>See also: [[https://youtu.be/h-eOOO9jehM|BNG Solution Overview]]
-</note>
-There is a direct L2 connection between L2-Connected BRAS and subscriber, therefore BRAS operates with original MAC-addresses, vlan or Q-in-Q tag, DHCP requests, which are the Radius requests based on. IP addresses are allocated in the Radius-Accept attribute.
-{{ playground:opt_bras_l2:start:bras_l2_common.png?direct&600 |}}
-BRAS L2 Options:
-  * DHCP - The subscriber receives an IP address via Stingray Service Gateway (SSG) DHCP Proxy and proceeds to AAA in the Billing system. SSG terminates the subscriber and transfers him to the border.
-  * Static IP - Subscriber has a static IP address, proceeds to AAA in the Billing system with ARP authorization, is terminated by SSG and gets to the border.
-  * PPPoE - Subscriber creates a PPP tunnel with SSG, proceeds to AAA in the Billing using login/password, is terminated by SSG and gets to the border
-==== Solution Components ====
-L2-connected BRAS consists of two components:
-  * FastPCRF as an authorization via Radius component.
-  * FastDPI as a component that processes the subscribers' traffic.
-<note>For the L2-Connected option, the source subscriber MAC addresses are in the BRAS visibility range. BRAS acts as an L3 device and terminates Subscribers' IP traffic. IP addresses allocation to Subscribers is handled using DHCP or when the Subscriber sets static IP parameters.</note>
-<note warning>BRAS functions can only be used when using FastDPI in inline bridge mode. When implementing L2-Connected BRAS on a test stand with a small number of test subscribers, keep in mind that BRAS may not work correctly with a subscriber base consisting of 1-2 subscribers due to its architectural features and optimization for a large amount of traffic. This reflects in the delay in responses to DHCP/PPPoE packets. For full operation of L2-Connected BRAS it is recommended to load SSG with any traffic so that work flows are not idle.</note>
-==== L2 Connected BRAS Specifications ====
-L2-connected BRAS for VLAN/QinQ networks provides the following functions:
-  * Termination of Subscribers to WAN traffic, termination of response traffic from WAN to Subscribers
-  * DHCP: monitoring of DHCP requests from subscribers and their maintenance
-  * IP source guard - check that the LAN packet belongs to the same VLAN from which the DHCP registration was
-  * Local traffic interconnection between Subscribers and from Subscribers to local resources.
-==== Solution Benefits ====
-<note>L2-connected BRAS with DPI technology for distributed net has many advantages compared to traditional solutions:
-  * Traffic control and prioritization by applications and autonomous systems in the accessible band of each uplink
-  * Limiting the bandwidth occupied by torrent when approaching the channel upper boundary
-  * Traffic prioritization by applications and AS within the Subscriber’s data plan (this option is relevant for corporate clients: a number of corporate users work within single data plan. Bandwidth for them needs to be allocated so as not to interfere with each other)
-  * Support for subscribers with any number of IP addresses, including dynamically allocated
-  * Redirection of Subscribers with zero balance to Captive Portal with an Allow list of resources. For example, bank resources for payment based on domain name or URL, including options with wildcard asterisks
-  * Ability to gather full NetFlow Statistics for bandwidth or for billed subscribers only
-  * Support for regulatory and law enforcement requirements, automatic loading and filtering by RKN and Ministry of Justice registers
-   * Interaction with SORM (work as a puller SORM-3)
-</note>

Profile

Settings

Differences