BRAS/BNG
Designed for telecom operators to manage data plans and control how users access the web
About
BRAS (Broadband Remote Access Server) is one of the key components of Stingray Service Gateway. It ensures flexible control over user sessions, management of data plans by customer, and introduction of advanced options.
BRAS/BNG for Stingray SG
Operating modes: BRAS/BNG L2, BRAS/BNG L3
IPv4/IPv6 Dual Stack
RADIUS CoA, IPoE, PPTP, PPPoE
Whitelisting based on domain names, regardless of IP address changes
Minimum risk of packet loss for high-priority applications, Quality of Service (QoS) as per data plan
Multi-user mode (one login associated with multiple IP addresses)
Enhanced marketing activities with statistics collection and QoE evaluations
BRAS/BNG Modes
BRAS/BNG ensures layer 3 connectivity by routing IP packets to the DPI system. In this scheme, IP addresses are assigned manually in the network parameters window or dynamically via an external DHCP server, DPI DHCP Relay, or RADIUS Proxy. BRAS/BNG L3 aggregates user traffic via intermediate routers, concealing the original MAC addresses.
This scheme is popular with broadband operators thanks to the ease of building redundant and distributed infrastructure.
Advantages of Stingray SG BRAS/BNG over traditional server gateways:
- Independent traffic control and prioritization by applications and AS in each uplink, torrenting throttling in case of bandwidth congestion.
- Traffic prioritization by applications and AS as per data plan, which is especially practical for corporate customers purchasing a single data plan for multiple simultaneous users.
- Unlimited IP addresses, both static and dynamic.
- Redirecting to the Captive Portal when the balance is low. The Captive Portal works with whitelisted URLs of bank payment portals and other similar resources, where users can add funds. The portal works even if the resource IP address is changed.
- Comprehensive NetFlow analytical data per bandwidth or per subscriber.
BRAS/BNG ensures layer 2 connectivity by routing VLAN/QinQ/PPPoE traffic to the DPI system. MAC, VLAN, QinQ, or login PPPoE/option 82 can be used to authorize a user and assign an IP address. From the subscriber’s point of view, the DPI system acts as a virtual gateway answering ARP requests.
In VLANs and QinQ, BRAS/BNG L2 performs the following functions:
- DHCP – tracks requests generated by DHCP Clients for immediate RADIUS-based authorization if the acknowledgement message from the DHCP server is received.
- Proxy ARP – monitors ARP requests inside a subnet and blocks any other ARP requests.
- IP Source Guard — checks LAN packets against VLAN entries stored in the DHCP database, If the packet header does not match the entry, the packet is discarded.
- LAN traffic termination.
- LAN to WAN, and WAN to LAN connectivity.
BRAS/BNG performs these functions by establishing when a user session starts and ends, using IP addresses, MAC addresses, and VLAN/QinQ tags. Using this data, BRAS/BNG filters out malicious requests, significantly improving LAN security in general.
Use Cases
- BRAS/BNG L2 can be used with QinQ technology, enabling precise user identification irrespective of the hardware used.
- BRAS/BNG L2 can also be used as a security tool in common VLANs (single VLAN tag per frame), with VLAN ID associated not with a single user, but with a group of users, e.g., several apartments in a building or a whole apartment block.
Available Options
Quality of Service (QoS)
The Quality of Service (QoS) module enables bandwidth management based on application layer protocols, data flows and bandwidth usage. It saves up to 25% of the bandwidth capacity by prioritizing traffic, which improves the operator’s quality of service in general.
Quality of Experience (QoE)
Quality of Experience (QoE) is a DPI module that gathers statistics and evaluates QoE. The data that it collects are compared with the preset metrics to evaluate the quality of telecom services and Internet connection for a single user. Based on this information, the module initiates steps required to improve the quality of service.
CG-NAT
The CG-NAT option enables network address and port translation and provision of a single public IPv4 address to several users. CG-NAT is introduced to deal with IPv4 address exhaustion and simplify transition to IPv6.
The “classic” NAT with port translation on Linux or FreeBSD is a port-restricted NAT that allows inbound connections only on a specific port. As a result, for example, two gaming consoles behind such a NAT gateway won’t be able to communicate with each other, because the port number will be changed. Similarly, it prevents the connection of torrent trackers and other peer-to-peer protocols. CG-NAT addresses these issues by allowing inbound connections on any port.
Example of Stingray SG being used as a NAT gateway with redundancy:
Firewall and Anti-DDoS
Stingray SG comes with a firewall that protects users from being hacked on open ports and blocks any illegal subscriber activity. The firewall protects your network from DoS and malware attacks, improves the quality of service, ensures reliable and secure operations. You can use the firewall together with the QoE module to reveal the perpetrator and the victim and quickly notify users about any suspicious activity.
Marketing and Redirecting
With Marketing and Redirecting, operators receive a tool to notify subscribers about new offers or future network maintenance. When an operator activates the service, instead of being redirected to the home page, the subscriber is redirected to the operator’s information page, which contains all the necessary data.
The software solution doesn’t depend on a particular server hardware supplier and can be flexibly adapted to business requirements.
Telecom market
Who use BRAS/BNG
Configurator
Get in Touch
Have a question or interested in learning more how IT
can help your business? Please connect with us.