Key features

  • • PPPoE technology
  • • Technology Q-in-Q / VLAN
  • • DHCP Relay Agent
  • • DHCP Radius Proxy
  • • IP Source Guard (anti-spoofing)
  • • ARP Proxy
  • • Locking local traffic
  • • Traffic termination from LAN to WAN
  • • Availability of virtual gateways
  • • Full Radius Support with CoA Function
  • • Option 82 support
  • • Full IPv6 support

Spectre DPI BRAS

The BRAS service gateway is a feature of the Spectre DPI network traffic monitoring and analysis system used to terminate subscriber traffic. This solution allows the broadband access operator to control the subscriber access to the Internet and apply tariff plans and additional tariff options.

Spectre DPI interacts through the PCRF policy control server with the Radius server to obtain the information about subscriber, tariff plan and additional services defined on the billing server.

The BRAS works in L2 BRAS and L3 BRAS modes, supports IPv6/IPv4 Dual Stack, IPoE authorization, PPTP and PPPoE, Radius CoA feature along with the user redirection to Captive Portal (account locking).

Composition of the solution, BRAS scheme

Spectre DPI BRAS mode advantages

  • Providing QoS according to the given tariff plan
  • IPv6/IPv4 Dual Stack
  • Multi-users support, i.e. when one login is associated with multiple IPs
  • A feature to whitelist domains that are independent of IP changing
  • Marketing features (receiving and processing of Quality of Experience(QoE) data, clickstream)

Usage example

For corporate clients. which have many different subnets. Including the networks that are NATed.
At the same time, it is necessary to provide a single rate. White lists support with zero balance, regardless of the change of the IP address by the resource (based on the host name or url, including options with an asterisk) (classic Ericsson BRAS, Cisco ASR, Juniper determine IP resources). Increasing the speed of local resources or peer-to-peer networks regardless of the speed of the tariff plan.

htb_inbound_class6=rate 100mbit static
htb_class6=rate 100mbit static

L2 BRAS mode

In the L2 BRAS mode, subscriber traffic reaches the Spectre DPI in a unique VLAN /Q-in-Q /PPPoE tunnel.To authorize a subscriber and to assign him an IP address, the MAC/VLAN/Qin-Q /login PPPoE /option 82 is used. The Spectre DPI operates as a virtual gateway for the subscriber and responds to its ARP requests. Advantages of the L2 BRAS mode: Full-Proxy-ARP, subscriber-to-subscriber connections management, the ability to access to network services in the kernel (dns/www/billing/tv/etc).

  • BRAS L2 DHCP relay agent

Subscriber authorization is performed by the Radius server based on the MAC address; DHCP server is used to assign IP addresses.

  • BRAS L2 DHCP Radius proxy

Subscriber authorization is performed by the Radius server based on the MAC address; Radius server is used instead of DHCP servers and the fastDPI in combination with the fastPCRF operate as a DHCP server.


PPPoE subscribers authorization using the PAP, CHAP or MS-CHAPv2 protocols or by MAC address.

Additional options

The Spectre DPI with the BRAS feature enabled is able to:

  • Authorize static IP addresses using ARP request
  • Send VLAN/Q-in-Q tag within the Radius request
  • Bind the IP address to access switch port
  • Terminate traffic only for explicitly specified AS
  • Check that VLAN tag matches the subscriber IP addresses
  • Provide the intranet traffic exchange between subscribers and other additional options.

L3 BRAS mode

Packets with already assigned IP address reach the Spectre DPI, DHCP configuration can be assigned in the following ways: by an external DHCP server, by the Spectre DPI DHCP Relay or by the Spectre DPI Radius Proxy.

  • BRAS L3 IPoE management by SSH

Preloading of the correspondence; if the dynamic IP assignment is used, the Radius monitor installation or final migration to the Radius is needed.

  • BRAS L3 IPoE management by Radius

Subscriber authorization by means of Radius for each unique IP address or login.

High Performance

Performance of the Spectre DPI system could be as high as 100 Gbit/s on a single server, whereas using 2 or 4 CPU sockets can result in very high speed traffic processing, up to 400 Gbit/s.

Request free demo