BRAS/BNG mode description and architecture [Документация VAS Experts]
Документация VAS Experts Документация VAS Experts-mobile
in

Settings

  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks
  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks

    • Differences

    This shows you the differences between two versions of the page.

    Link to this comparison view

    Next revision    		Previous revision
    en:dpi:bras_bng:modes_and_architecture [2024/09/26 15:29] – created - external edit 127.0.0.1en:dpi:bras_bng:modes_and_architecture [2025/04/01 08:04] (current) – [BRAS components] elena.krasnobryzh
    Line 12: Line 12:
         * Application of platform services (CG-NAT, Whitelist and Captive Portal, Web-filtering, Mini-Firewall, DDoS protection)     * Application of platform services (CG-NAT, Whitelist and Captive Portal, Web-filtering, Mini-Firewall, DDoS protection)
         * Exporting traffic information in IPFIX and Netflow v5 format (Full NetFlow, Clickstream, NAT log)     * Exporting traffic information in IPFIX and Netflow v5 format (Full NetFlow, Clickstream, NAT log)
    -  - **fastPCRF** - responsible for interaction of the platform with the telecom operator's OSS/BSS via RADIUS protocol. (AAA - Authentication, Authorization, Accounting). fastDPI and fastPCRF components communicate with each other by internal communication protocol via TCP/IP stack. PCRF can be placed either on a separate physical or virtual server or run on the same server together with fasDPI. In case of using several SSG, 2xPCRF (Active-Standby) and NxSSG scheme is used.+  - **fastPCRF** - responsible for interaction of the platform with the telecom operator's OSS/BSS via RADIUS protocol. (AAA - Authentication, Authorization, Accounting). fastDPI and fastPCRF components communicate with each other by internal communication protocol via TCP/IP stack. PCRF can be placed either on a separate physical or virtual server or run on the same server together with fastDPI. In case of using several SSG, 2xPCRF (Active-Standby) and NxSSG scheme is used.
       - **Router** - used to announce routes using BGP and OSPF protocols with VRF support.   - **Router** - used to announce routes using BGP and OSPF protocols with VRF support.
       - **DHCP** - KEA local DHCP server is used. SSG can operate in one of the modes:   - **DHCP** - KEA local DHCP server is used. SSG can operate in one of the modes:
    Line 21: Line 21:
     =====L3-Connected BRAS===== =====L3-Connected BRAS=====
     {{youtube>kHX11rQJTHU?}} {{youtube>kHX11rQJTHU?}}
    -L3-Connected BRAS/BNG communicates with subscribers through intermediate routers, so it does not see the original MAC addresses, and subscribers are already assigned IP addresses. IP address assignment in this scheme is done either statically in the network settings of the end equipment or on the access switches via DHCP Relay. +L3-Connected BRAS/BNG communicates with subscribers through intermediate routers, so it does not see the original MAC addresses, and subscribers are already assigned IP addresses. IP address assignment in this scheme is done either statically in the network settings of the end equipment or on the access switches via DHCP Relay.\\ 
     +Authorization is performed by the first IP packet from the subscriber.\\ 
     +SSG BRAS L3 is not a hop, thus traffic routing is performed on the routers between which BRAS is installed.\\
     The popularity of this scheme among broadband providers is explained by the ease of redundancy of network nodes and construction of a distributed network. The popularity of this scheme among broadband providers is explained by the ease of redundancy of network nodes and construction of a distributed network.
      
    Line 30: Line 31:
     {{youtube>N_1KtwC1h_w?}} {{youtube>N_1KtwC1h_w?}}
     L2-Connected BRAS/BNG and the subscriber are in the same L2 domain. The SSG sees the original MAC addresses, VLAN or Q-in-Q, ARP and DHCP requests, based on which RADIUS requests are generated.\\ L2-Connected BRAS/BNG and the subscriber are in the same L2 domain. The SSG sees the original MAC addresses, VLAN or Q-in-Q, ARP and DHCP requests, based on which RADIUS requests are generated.\\
    -BRAS/BNG L2 options: +BRAS L2 options: 
    -  * DHCP The subscriber receives an IP address via SSG DHCP Proxy and proceeds to AAA in the Billing system. SSG terminates the subscriber and transfers him to the border+  * DHCP — The subscriber obtains an IP address via SSG DHCP Proxy or DHCP relay and passes AAA in Billing. 
    -  * Static IP - Subscriber has a static IP address, proceeds to AAA in the Billing system with ARP authorization, is terminated by SSG and gets to the border+  * Static IP — The subscriber has a fixed IP address and passes AAA in Billing on the first IP packet
    -  * PPPoE Subscriber creates a PPP tunnel with SSG, proceeds to AAA in the Billing using login/password, is terminated by SSG and gets to the border+  * PPPoE — Subscriber raises PPP tunnel and by login/password passes AAA in Billing
     +  * PPPoL2TP — Subscriber raises L2TP and PPP tunnels and by login/password passes AAA in Billing.
      
     ==== L2-Connected BRAS/BNG specific functions ==== ==== L2-Connected BRAS/BNG specific functions ====
    Line 46: Line 48:
     ===== Advantages of SSG compared to other BRAS solutions ===== ===== Advantages of SSG compared to other BRAS solutions =====
     BRAS/BNG with DPI technology when operating in a distributed network has many advantages and capabilities over traditional solutions: BRAS/BNG with DPI technology when operating in a distributed network has many advantages and capabilities over traditional solutions:
    -  * Traffic control and prioritization by applications and autonomous systems in the accessible band of each uplink +  * Traffic control and prioritization by applications and autonomous systems in the accessible band of each uplink. 
    -  * Limiting the bandwidth occupied by torrent when approaching the channel upper boundary +  * Limiting the bandwidth occupied by torrent when approaching the channel upper boundary. 
    -  * Traffic prioritization by applications and AS within the Subscriber’s data plan (this option is relevant for corporate clients: a number of corporate users work within single data plan. Bandwidth for them needs to be allocated so as not to interfere with each other) +  * Traffic prioritization by applications and AS within the Subscriber’s data plan (this option is relevant for corporate clients: a number of corporate users work within single data plan. Bandwidth for them needs to be allocated so as not to interfere with each other). 
    -  * Support for subscribers with any number of IP addresses, including dynamically allocated +  * Support for Subscribers with any number of IP addresses, including those issued dynamically. 
    -  * Redirection of Subscribers with zero balance to Captive Portal with an Allow list of resources. For example, bank resources for payment based on domain name or URL, including options with wildcard asterisks +  * Redirection of Subscribers with zero balance to Captive Portal with an Allow list of resources. For example, bank resources for payment based on domain name or URL, including options with wildcard asterisks. 
    -  * Ability to gather full NetFlow Statistics for bandwidth or for billed subscribers only +  * Ability to capture full NetFlow from the entire band or billing NetFlow for billed subscribers only. 
    -  * Support for regulatory and law enforcement requirements, automatic loading and filtering by RKN and Ministry of Justice registers +  * Support for regulatory and law enforcement requirements, automatic loading and filtering by RKN and Ministry of Justice registers. 
    -  * Interaction with SORM (work as a puller SORM-3)+  * Interaction with SORM (work as a puller SORM-3).