Stingray BNG/BRAS
Designed for internet service providers to manage data plans and control how users access the web
About
BNG (Broadband network gateway) or BRAS is one of the key components of Stingray Service Gateway. It ensures flexible control over user sessions, management of data plans by customer, and introduction of advanced options.
BRAS/BNG for Stingray SG
Operating modes: BRAS/BNG L2, BRAS/BNG L3
IPv4/IPv6 Dual Stack
RADIUS CoA, IPoE, PPTP, PPPoE
Whitelisting based on domain names, regardless of IP address changes
Minimum risk of packet loss for high-priority applications, Quality of Service (QoS) as per data plan
Multi-user mode (one login associated with multiple IP addresses)
Enhanced marketing activities with statistics collection and QoE evaluations
BRAS/BNG Modes
Advantages of Stingray SG BRAS/BNG over traditional server gateways:
- Independent traffic control and prioritization by applications and AS in each uplink, torrenting throttling in case of bandwidth congestion.
- Traffic prioritization by applications and AS as per data plan, which is especially practical for corporate customers purchasing a single data plan for multiple simultaneous users.
- Unlimited IP addresses, both static and dynamic.
- Redirecting to the Captive Portal when the balance is low. The Captive Portal works with whitelisted URLs of bank payment portals and other similar resources, where users can add funds. The portal works even if the resource IP address is changed.
- Comprehensive NetFlow analytical data per bandwidth or per subscriber.
BRAS/BNG ensures layer 3 connectivity by routing IP packets to the DPI system. In this scheme, IP addresses are assigned manually in the network parameters window or dynamically via an external DHCP server, DPI DHCP Relay, or RADIUS Proxy. BRAS/BNG L3 aggregates user traffic via intermediate routers, concealing the original MAC addresses.
This scheme is popular with broadband operators thanks to the ease of building redundant and distributed infrastructure.
In VLANs and QinQ, BRAS/BNG L2 performs the following functions:
- DHCP – tracks requests generated by DHCP Clients for immediate RADIUS-based authorization if the acknowledgement message from the DHCP server is received.
- Proxy ARP – monitors ARP requests inside a subnet and blocks any other ARP requests.
- IP Source Guard — checks LAN packets against VLAN entries stored in the DHCP database, If the packet header does not match the entry, the packet is discarded.
- LAN traffic termination.
- LAN to WAN, and WAN to LAN connectivity.
BRAS/BNG performs these functions by establishing when a user session starts and ends, using IP addresses, MAC addresses, and VLAN/QinQ tags. Using this data, BRAS/BNG filters out malicious requests, significantly improving LAN security in general.
Use Cases
- BRAS/BNG L2 can be used with QinQ technology, enabling precise user identification irrespective of the hardware used.
- BRAS/BNG L2 can also be used as a security tool in common VLANs (single VLAN tag per frame), with VLAN ID associated not with a single user, but with a group of users, e.g., several apartments in a building or a whole apartment block.
BRAS/BNG ensures layer 2 connectivity by routing VLAN/QinQ/PPPoE traffic to the DPI system. MAC, VLAN, QinQ, or login PPPoE/option 82 can be used to authorize a user and assign an IP address. From the subscriber’s point of view, the DPI system acts as a virtual gateway answering ARP requests.
Available Options
Quality of Service (QoS)
The Quality of Service (QoS) module enables bandwidth management based on application layer protocols, data flows and bandwidth usage. It saves up to 25% of the bandwidth capacity by prioritizing traffic, which improves the operator’s quality of service in general.
Quality of Experience (QoE)
Quality of Experience (QoE) is a DPI module that gathers statistics and evaluates QoE. The data that it collects are compared with the preset metrics to evaluate the quality of telecom services and Internet connection for a single user. Based on this information, the module initiates steps required to improve the quality of service.
Carrier-grade NAT (CGNAT)
The CG-NAT option enables network address and port translation and provision of a single public IPv4 address to several users. CG-NAT is introduced to deal with IPv4 address exhaustion and simplify transition to IPv6.
The “classic” NAT with port translation on Linux or FreeBSD is a port-restricted NAT that allows inbound connections only on a specific port. As a result, for example, two gaming consoles behind such a NAT gateway won’t be able to communicate with each other, because the port number will be changed. Similarly, it prevents the connection of torrent trackers and other peer-to-peer protocols. CG-NAT addresses these issues by allowing inbound connections on any port.
Example of Stingray SG being used as a NAT gateway with redundancy:
Firewall and Anti-DDoS
Stingray SG comes with a firewall that protects users from being hacked on open ports and blocks any illegal subscriber activity. The firewall protects your network from DoS and malware attacks, improves the quality of service, ensures reliable and secure operations. You can use the firewall together with the QoE module to reveal the perpetrator and the victim and quickly notify users about any suspicious activity.
Marketing and Redirecting
With Marketing and Redirecting, operators receive a tool to notify subscribers about new offers or future network maintenance. When an operator activates the service, instead of being redirected to the home page, the subscriber is redirected to the operator’s information page, which contains all the necessary data.
The software solution doesn’t depend on a particular server hardware supplier and can be flexibly adapted to business requirements.
Telecom market
Who use BRAS/BNG
The Yota de Nicaragua is one of the leading operators in the emerging mobile market in Latin America. Yota de Nicaragua provides a wide range of communication services, including 4G.
Problem
- Current Cisco SCE2020 equipment couldn’t go beyond 2 Gbit/s
- there was no opportunity to activate new tariffs
- the operator needed to simplify network maintenance
- the operator needed to simplify network maintenance, improve the quality of the Internet connection and the download speed
- Yota also needed to migrate from WiMAX to LTE
Solution
Restructuring the current WiMAX networks; integrating Stingray SG. Creating personalized billing plans for customers, improved quality of “heavy” content playback: games, online videos, communication applications (Skype, Zoom), and, as a result, greater brand loyalty.
Interdnestrcom (IDC) provides wired Internet access, mobile communication, including 3G and 4G, and television services in the Pridnestrovian Moldavian Republic (Moldova).
Problem
IDC looking for solution, capable of:
- Filtering websites according to the Ministry of Communications lists
- Billing subscribers having per-megabyte plans (3G-subscribers)
- DSCP prioritization of different protocols
- Quality of Experience (QoE)
- Analizing resources of those competitors, which subscribers visit (for marketing needs)
Solution
In addition to Traffic Monitoring System, IDC considered Allot and Proteus DPI platforms. Allot was decided against due to its high costs, and the need for a license for additional functions and a separate hardware solution for which spare parts were necessary. Proteus was decided against because its services cost more than the services of DPI system, and it also needed a partial hardware implementation.
StarNet is one of the largest telecom operators in Moldova, working on the market since 2003. Its subscriber base is over 130,000 active users. StarNet is the first company in Moldova to provide fiber-optic Internet connection.
Problem
StarNet subscribers can access the web via GPON, FTTB, and Wi-Fi. Before modernization, the network traffic was managed with several Ericsson SE1200 BRAS.
The devices could not keep up with the traffic load and malfunctioned.
The need to gradually transition to IPv6 made it impossible to continue using SE1200 because it supports IPv6 for PPPoE sessions only, and using PPPoE for over 130,000 subscribers was out of the question.
The need for a new system was also triggered by extended downtime. It was evident that a modern traffic management solution with BRAS L3, CG-NAT and IPv6 Dual Stack support was required.
Solution
The existing Ericsson SmartEdge 1200 devices were replaced with a Stingray SG 40 cluster installed on Huawei hardware.
The network was modernized, with added IPv6 and IPoE support, CG-NAT, RADIUS AAA; low performance and fault-tolerance were addressed.
Software editions
| Software editions | BASE | BNG | COMPLETE |
|---|---|---|---|
| Bypass |
|
|
|
| Filtering by the blocklisted Internet sites |
|
|
|
| Statistics gathering and analysis on protocols and directions |
|
|
|
| Traffic prioritization depending on a protocol and direction |
|
|
|
| Common channel policing |
|
|
|
| Subscriber notification and marketing campaigns |
|
|
|
| Subcribers channel policing for IPv4 and IPV6 |
|
|
|
| Allowlist and Captive Portal |
|
|
|
| BNG L3 (IPoE), Dual Stack IPv4/IPv6, Radius with CoA |
|
|
|
| BNG L2 (PPPoE, DHCP), Dual Stack IPv4/IPv6 |
|
|
|
| Carrier Grade-NAT |
|
|
|
| Ads blocking and replacing |
|
|
|
| Lawful Interception |
|
|
|
| Mini-Firewall for blocking on certain ports |
|
|
|
| Protection against DOS and DDOS attacks |
|
|
|
| One-year Support and Subscription Services |
|
|
|
| Adding banners to HTTP resources | Subscription | ||
| Categorization of web resources | Subscription | ||
Get in Touch
Have a question or interested in learning more how IT can help your business? Please connect with us.