Stingray BNG/BRAS

Designed for internet service providers to manage data plans and control how users access the web


BNG (Broadband network gateway) or BRAS is one of the key components of Stingray Service Gateway. It ensures flexible control over user sessions, management of data plans by customer, and introduction of advanced options.

BRAS/BNG for Stingray SG

Operating modes: BRAS/BNG L2, BRAS/BNG L3

IPv4/IPv6 Dual Stack


Whitelisting based on domain names, regardless of IP address changes

Minimum risk of packet loss for high-priority applications, Quality of Service (QoS) as per data plan

Multi-user mode (one login associated with multiple IP addresses)

Enhanced marketing activities with statistics collection and QoE evaluations


Advantages of Stingray SG BRAS/BNG over traditional server gateways:

  • Independent traffic control and prioritization by applications and AS in each uplink, torrenting throttling in case of bandwidth congestion.
  • Traffic prioritization by applications and AS as per data plan, which is especially practical for corporate customers purchasing a single data plan for multiple simultaneous users.
  • Unlimited IP addresses, both static and dynamic.
  • Redirecting to the Captive Portal when the balance is low. The Captive Portal works with whitelisted URLs of bank payment portals and other similar resources, where users can add funds. The portal works even if the resource IP address is changed.
  • Comprehensive NetFlow analytical data per bandwidth or per subscriber.

BRAS/BNG ensures layer 3 connectivity by routing IP packets to the DPI system. In this scheme, IP addresses are assigned manually in the network parameters window or dynamically via an external DHCP server, DPI DHCP Relay, or RADIUS Proxy. BRAS/BNG L3 aggregates user traffic via intermediate routers, concealing the original MAC addresses.

This scheme is popular with broadband operators thanks to the ease of building redundant and distributed infrastructure.

I want to request a consultation

In VLANs and QinQ, BRAS/BNG L2 performs the following functions:

  • DHCP – tracks requests generated by DHCP Clients for immediate RADIUS-based authorization if the acknowledgement message from the DHCP server is received.
  • Proxy ARP – monitors ARP requests inside a subnet and blocks any other ARP requests.
  • IP Source Guard — checks LAN packets against VLAN entries stored in the DHCP database, If the packet header does not match the entry, the packet is discarded.
  • LAN traffic termination.
  • LAN to WAN, and WAN to LAN connectivity.

BRAS/BNG performs these functions by establishing when a user session starts and ends, using IP addresses, MAC addresses, and VLAN/QinQ tags. Using this data, BRAS/BNG filters out malicious requests, significantly improving LAN security in general.

Use Cases

  • BRAS/BNG L2 can be used with QinQ technology, enabling precise user identification irrespective of the hardware used.
  • BRAS/BNG L2 can also be used as a security tool in common VLANs (single VLAN tag per frame), with VLAN ID associated not with a single user, but with a group of users, e.g., several apartments in a building or a whole apartment block.

BRAS/BNG ensures layer 2 connectivity by routing VLAN/QinQ/PPPoE traffic to the DPI system. MAC, VLAN, QinQ, or login PPPoE/option 82 can be used to authorize a user and assign an IP address. From the subscriber’s point of view, the DPI system acts as a virtual gateway answering ARP requests.

I want to request a consultation

Available Options

Quality of Service (QoS)

The Quality of Service (QoS) module enables bandwidth management based on application layer protocols, data flows and bandwidth usage. It saves up to 25% of the bandwidth capacity by prioritizing traffic, which improves the operator’s quality of service in general.

Read More

Quality of Experience (QoE)

Quality of Experience (QoE) is a DPI module that gathers statistics and evaluates QoE. The data that it collects are compared with the preset metrics to evaluate the quality of telecom services and Internet connection for a single user. Based on this information, the module initiates steps required to improve the quality of service.

Read More

Carrier-grade NAT (CGNAT)

The CG-NAT option enables network address and port translation and provision of a single public IPv4 address to several users. CG-NAT is introduced to deal with IPv4 address exhaustion and simplify transition to IPv6.

The “classic” NAT with port translation on Linux or FreeBSD is a port-restricted NAT that allows inbound connections only on a specific port. As a result, for example, two gaming consoles behind such a NAT gateway won’t be able to communicate with each other, because the port number will be changed. Similarly, it prevents the connection of torrent trackers and other peer-to-peer protocols. CG-NAT addresses these issues by allowing inbound connections on any port.

Example of Stingray SG being used as a NAT gateway with redundancy:

Read More

Firewall and Anti-DDoS

Stingray SG comes with a firewall that protects users from being hacked on open ports and blocks any illegal subscriber activity. The firewall protects your network from DoS and malware attacks, improves the quality of service, ensures reliable and secure operations. You can use the firewall together with the QoE module to reveal the perpetrator and the victim and quickly notify users about any suspicious activity.

Read More

Marketing and Redirecting

With Marketing and Redirecting, operators receive a tool to notify subscribers about new offers or future network maintenance. When an operator activates the service, instead of being redirected to the home page, the subscriber is redirected to the operator’s information page, which contains all the necessary data.

Read More

The software solution doesn’t depend on a particular server hardware supplier and can be flexibly adapted to business requirements.

years on the
Telecom market
identifiable protocols
200 Gbps
per one CPU

Who use BRAS/BNG

Customer Success Stories

Software editions

Software editions BASE BNG COMPLETE
Filtering by the blocklisted Internet sites
Statistics gathering and analysis on protocols and directions
Traffic prioritization depending on a protocol and direction
Common channel policing
Subscriber notification and marketing campaigns
Subcribers channel policing for IPv4 and IPV6
Allowlist and Captive Portal
BNG L3 (IPoE), Dual Stack IPv4/IPv6, Radius with CoA
BNG L2 (PPPoE, DHCP), Dual Stack IPv4/IPv6
Carrier Grade-NAT
Ads blocking and replacing
Lawful Interception
Mini-Firewall for blocking on certain ports
Protection against DOS and DDOS attacks
One-year Support and Subscription Services
Adding banners to HTTP resources Subscription
Categorization of web resources Subscription

Get in Touch

Have a question or interested in learning more how IT can help your business? Please connect with us.