L3-Connected BRAS communicates with the subscribers indirectly through the intermediate routers, so it does not operate using the the original MAC addresses while the subscribers are already assigned IP addresses. The assignment of IP addresses according to the scheme is done either statically in the network settings or dynamically in the access switches using the DHCP Relay or in the VPN routers.

The popularity of this scheme among broadband access providers is caused by the ease of reserving network nodes and deploying of a distributed network.

DPI BRAS advantages over the traditional means:

1. independent traffic control and its prioritization by applications and autonomous systems within the bandwidth of each uplink, limitation of torrent connections if there is a higly limited bandwidth.
2. traffic prioritization by applications and autonomous systems within the subscriber's tariff plan (it is especially important for the corporate users, as they have a lot of real users in the same tariff plan that can cause the users to interfere with each other)
3. support for subscribers with an arbitrary pool of IP addresses including the dynamically assigned ones.
4. subscriber redirection to the Captive Portal in case of non-payment according to the white list of external resources ( such as the banking payment portals, etc.) which are not affected by changes of resource's IP addresses ( based on the host name or the url, including the URLs with wildcards)
5. the feature to collect a full netflow from the entire bandwidth, or to restrict netflow according to the billed subscribers
6. support of the requirements of regulatory and law enforcement authorities
   1. automatic loading and filtering according to the registers of agencies like the Federal Supervision Agency for Information Technologies, Communications and Mass Media (in Russia)
   2. support of interaction with systems like ECHELON, Carnivore and other technical means of operative-search activities system

The following BRAS functionality is described elsewhere:

1. subscriber services management
2. QOS management
3. subscribers tariff plan management
4. bandwidth management
5. subscriber redirection to the Captive Portal in case of non-payment
6. motifying subscribers
7. traffic filtering by corresponding black and white lists
8. interaction with Lawful Interception

This section describes the interaction with the Radius server: session authentification, policies assignment (tariff plan and services) to the subscribers and dynamic policy management using the CoA (Change of Authorization) and SD techniques.

There is a direct L2 connection between L2-Connected BRAS and subscriber, therefore BRAS operates with original MAC-addresses, vlan or Q-in-Q tag, DHCP requests, which are the Radius requests based on. IP addresses are allocated in the Radius-Accept attribute.

BRAS L2 Options:

• DHCP - The subscriber receives an IP address via Stingray Service Gateway (SSG) DHCP Proxy and proceeds to AAA in the Billing system. SSG terminates the subscriber and transfers him to the border.
• Static IP - Subscriber has a static IP address, proceeds to AAA in the Billing system with ARP authorization, is terminated by SSG and gets to the border.
• PPPoE - Subscriber creates a PPP tunnel with SSG, proceeds to AAA in the Billing using login/password, is terminated by SSG and gets to the border

L2-connected BRAS consists of two components:

• FastPCRF as an authorization via Radius component.
• FastDPI as a component that processes the subscribers' traffic.

L2-connected BRAS for VLAN/QinQ networks provides the following functions:

• Termination of Subscribers to WAN traffic, termination of response traffic from WAN to Subscribers
• DHCP: monitoring of DHCP requests from subscribers and their maintenance
• IP source guard - check that the LAN packet belongs to the same VLAN from which the DHCP registration was
• Local traffic interconnection between Subscribers and from Subscribers to local resources.