Designed for telecom operators to manage data plans and control how users access the web


BRAS (Broadband Remote Access Server) is one of the key components of Stingray Service Gateway. It ensures flexible control over user sessions, management of data plans by customer, and introduction of advanced options.

BRAS/BNG for Stingray SG

Operating modes: BRAS/BNG L2, BRAS/BNG L3

IPv4/IPv6 Dual Stack


Whitelisting based on domain names, regardless of IP address changes

Minimum risk of packet loss for high-priority applications, Quality of Service (QoS) as per data plan

Multi-user mode (one login associated with multiple IP addresses)

Enhanced marketing activities with statistics collection and QoE evaluations


BRAS/BNG ensures layer 3 connectivity by routing IP packets to the DPI system. In this scheme, IP addresses are assigned manually in the network parameters window or dynamically via an external DHCP server, DPI DHCP Relay, or RADIUS Proxy. BRAS/BNG L3 aggregates user traffic via intermediate routers, concealing the original MAC addresses.

This scheme is popular with broadband operators thanks to the ease of building redundant and distributed infrastructure.

I want to request a consultation

Advantages of Stingray SG BRAS/BNG over traditional server gateways:

  • Independent traffic control and prioritization by applications and AS in each uplink, torrenting throttling in case of bandwidth congestion.
  • Traffic prioritization by applications and AS as per data plan, which is especially practical for corporate customers purchasing a single data plan for multiple simultaneous users.
  • Unlimited IP addresses, both static and dynamic.
  • Redirecting to the Captive Portal when the balance is low. The Captive Portal works with whitelisted URLs of bank payment portals and other similar resources, where users can add funds. The portal works even if the resource IP address is changed.
  • Comprehensive NetFlow analytical data per bandwidth or per subscriber.

BRAS/BNG ensures layer 2 connectivity by routing VLAN/QinQ/PPPoE traffic to the DPI system. MAC, VLAN, QinQ, or login PPPoE/option 82 can be used to authorize a user and assign an IP address. From the subscriber’s point of view, the DPI system acts as a virtual gateway answering ARP requests.

I want to request a consultation

In VLANs and QinQ, BRAS/BNG L2 performs the following functions:

  • DHCP – tracks requests generated by DHCP Clients for immediate RADIUS-based authorization if the acknowledgement message from the DHCP server is received.
  • Proxy ARP – monitors ARP requests inside a subnet and blocks any other ARP requests.
  • IP Source Guard — checks LAN packets against VLAN entries stored in the DHCP database, If the packet header does not match the entry, the packet is discarded.
  • LAN traffic termination.
  • LAN to WAN, and WAN to LAN connectivity.

BRAS/BNG performs these functions by establishing when a user session starts and ends, using IP addresses, MAC addresses, and VLAN/QinQ tags. Using this data, BRAS/BNG filters out malicious requests, significantly improving LAN security in general.

Use Cases

  • BRAS/BNG L2 can be used with QinQ technology, enabling precise user identification irrespective of the hardware used.
  • BRAS/BNG L2 can also be used as a security tool in common VLANs (single VLAN tag per frame), with VLAN ID associated not with a single user, but with a group of users, e.g., several apartments in a building or a whole apartment block.

Available Options

Quality of Service (QoS)

The Quality of Service (QoS) module enables bandwidth management based on application layer protocols, data flows and bandwidth usage. It saves up to 25% of the bandwidth capacity by prioritizing traffic, which improves the operator’s quality of service in general.

Read More

Quality of Experience (QoE)

Quality of Experience (QoE) is a DPI module that gathers statistics and evaluates QoE. The data that it collects are compared with the preset metrics to evaluate the quality of telecom services and Internet connection for a single user. Based on this information, the module initiates steps required to improve the quality of service.

Read More


The CG-NAT option enables network address and port translation and provision of a single public IPv4 address to several users. CG-NAT is introduced to deal with IPv4 address exhaustion and simplify transition to IPv6.

The “classic” NAT with port translation on Linux or FreeBSD is a port-restricted NAT that allows inbound connections only on a specific port. As a result, for example, two gaming consoles behind such a NAT gateway won’t be able to communicate with each other, because the port number will be changed. Similarly, it prevents the connection of torrent trackers and other peer-to-peer protocols. CG-NAT addresses these issues by allowing inbound connections on any port.

Example of Stingray SG being used as a NAT gateway with redundancy:

Read More

Firewall and Anti-DDoS

Stingray SG comes with a firewall that protects users from being hacked on open ports and blocks any illegal subscriber activity. The firewall protects your network from DoS and malware attacks, improves the quality of service, ensures reliable and secure operations. You can use the firewall together with the QoE module to reveal the perpetrator and the victim and quickly notify users about any suspicious activity.

Read More

Marketing and Redirecting

With Marketing and Redirecting, operators receive a tool to notify subscribers about new offers or future network maintenance. When an operator activates the service, instead of being redirected to the home page, the subscriber is redirected to the operator’s information page, which contains all the necessary data.

Read More

The software solution doesn’t depend on a particular server hardware supplier and can be flexibly adapted to business requirements.

years on the
Telecom market
identifiable protocols
200 Gbps
per one CPU

Who use BRAS/BNG

Customer Success Stories


Available Editions
Stingray SG options
Filtering by the blacklisted internet sites
L1 Bypass mode support
NetFlow statistics collection on protocols and flows
Protocol-based traffic prioritization (QoS)
External access channel usage optimization (QoS)
Marketing company and user notifications
White list, Captive Portal
IPv4 and IPv6 address allocation
BRAS L3 (IPoE), IPv4/IPv6 Dual Stack, Radius CoA
BRAS L2 (PPPoE, DHCP), Dual Stack IPv4/IPv6
CG-NAT — network address translation and NetFlow export
Mini-firewall for blocking traffic over specific ports
Ad blocking and replacement
Banner integration
Resource category selector for black and white lists
QoE Lite
QoE Standart (web resources by categories, custom reports, notification triggers, DDoS and botnet detection)
Trade-In (SCE8000 and SE100-600-1200)

Get in Touch

Have a question or interested in learning more how IT
can help your business? Please connect with us.

By clicking on the button, you agree to the terms «Privacy Policy»