BRAS (Broadband Remote Access Server) is one of the key components of VAS Experts DPI. It ensures flexible control over user sessions, management of data plans by customer, and introduction of advanced options.
BRAS for VAS Experts DPI
Operating modes: BRAS L2, BRAS L3
IPv4/IPv6 Dual Stack
RADIUS CoA, IPoE, PPTP, PPPoE
Whitelisting based on domain names, regardless of IP address changes
Minimum risk of packet loss for high-priority applications, Quality of Service (QoS) as per data plan
Multi-user mode (one login associated with multiple IP addresses)
Enhanced marketing activities with statistics collection and QoE evaluations
BRAS ensures layer 3 connectivity by routing IP packets to the DPI system. In this scheme, IP addresses are assigned manually in the network parameters window or dynamically via an external DHCP server, DPI DHCP Relay, or RADIUS Proxy. BRAS L3 aggregates user traffic via intermediate routers, concealing the original MAC addresses.
This scheme is popular with broadband operators thanks to the ease of building redundant and distributed infrastructure.
Advantages of VAS Experts DPI BRAS over traditional server gateways:
- Independent traffic control and prioritization by applications and AS in each uplink, torrenting throttling in case of bandwidth congestion.
- Traffic prioritization by applications and AS as per data plan, which is especially practical for corporate customers purchasing a single data plan for multiple simultaneous users.
- Unlimited IP addresses, both static and dynamic.
- Redirecting to the Captive Portal when the balance is low. The Captive Portal works with whitelisted URLs of bank payment portals and other similar resources, where users can add funds. The portal works even if the resource IP address is changed.
- Comprehensive NetFlow analytical data per bandwidth or per subscriber.
BRAS ensures layer 2 connectivity by routing VLAN/QinQ/PPPoE traffic to the DPI system. MAC, VLAN, QinQ, or login PPPoE/option 82 can be used to authorize a user and assign an IP address. From the subscriber’s point of view, the DPI system acts as a virtual gateway answering ARP requests.
In VLANs and QinQ, BRAS L2 performs the following functions:
- DHCP – tracks requests generated by DHCP Clients for immediate RADIUS-based authorization if the acknowledgement message from the DHCP server is received.
- Proxy ARP – monitors ARP requests inside a subnet and blocks any other ARP requests.
- IP Source Guard — checks LAN packets against VLAN entries stored in the DHCP database, If the packet header does not match the entry, the packet is discarded.
- LAN traffic termination.
- LAN to WAN, and WAN to LAN connectivity.
BRAS performs these functions by establishing when a user session starts and ends, using IP addresses, MAC addresses, and VLAN/QinQ tags. Using this data, BRAS filters out malicious requests, significantly improving LAN security in general.
- BRAS L2 can be used with QinQ technology, enabling precise user identification irrespective of the hardware used.
- BRAS L2 can also be used as a security tool in common VLANs (single VLAN tag per frame), with VLAN ID associated not with a single user, but with a group of users, e.g., several apartments in a building or a whole apartment block.