Application of control switches in residential broadband access

The key issue in broadband access operations is how to increase the access rate. Based on the needs of network applications and the technical status quo, ruisida has designed a stream-by-stream access control switch ISCOM3500 for bandwidth access optimization. With its powerful stream management capabilities, you can easily and efficiently implement user authentication, bandwidth management, and service policy management for broadband operation access. Combined with the billing system, IACOM3500 can provide good support for multiple billing modes.

Construction objectives of the Broadband Access Support Platform

The provision of broadband access services is inseparable from the construction of the broadband access support platform. A good broadband access support platform has the following features: Support for user authentication; diverse tariff standards and modes; access control is irrelevant to the user's network terminal; users can select the tariff standards and modes at will, it can also be changed at any time, with access control free of Configuration modification; Value-added services providing shortcuts; centralized access control, reducing the "threshold" for residential selection.

To establish a good operation support platform, you need to comprehensively consider user authentication technology, access control technology, access control point location in the network, and the relationship between access control points and billing Authentication Platform.

Centralized Access Control Points

The biggest benefit of centralized access control points is to reduce device and management costs and enhance network flexibility. If authentication and access control are completed in the residential area, the device costs will be greatly increased, resulting in some small-scale residential areas have to be abandoned. ISCOM3500 can be used to provide centralized management for small and medium-sized communities. It aggregates multiple communities into one authentication control center to implement access control for broadband access. In this form, the certification billing and value-added services can be provided with a "centralized" approach. Multiple communities share a set of systems, greatly reducing investment and management costs. See figure 1.

Figure 1

ISCOM3500 adopts the stream-by-flow control technology to control the network bandwidth and network flow of each end user. The ISCOM3500 also uses a high-performance stream processor and forwarding engine to ensure that data streams and data streams are concurrently forwarded at different speeds in the case of a large number of users, to meet the diversified tariff standards and models and the need for concurrent use by a large number of users after the convergence of users.

On the access control switch and the network device side of each residential area, the access control switch uses 802.1x or WEB authentication to receive logon information of network users, and then encapsulates the information into RADIUS packets and forwards them to the authentication billing center, the authentication billing center returns the authentication result and access control information related to the user's selected billing mode. ISCOM3500 uses dynamic access control technology to control user-based bandwidth and network flow.

User-based Dynamic Access Control Technology

ISCOM3500 organically combines authentication and access control technologies to dynamically combine the features of user network terminals with access control, thus implementing user-based access control. In the process of user authentication, the user name used by the user is actually the unique identifier of the user on the network, ISCOM3500 can dynamically select the corresponding access control policy based on the billing standard selected by the user name, and set the network characteristics of the network terminal used, such as the MAC address and IP address) and access control policies, to form a series of access control commands for a single network terminal, and then send these access control commands to the stream processor and forwarding engine, finally, the hardware completes the user's network traffic and Flow Control at high speed.

Through dynamic access control technology, the network features of network terminals used by users are no longer the key to access control, and the user name used by users becomes the key to access control, this effectively solves the following problems.

◆ Network terminal replacement: when using the same user name to log on to different network terminals, the services that can be enjoyed are the same.

◆ User replacement: when using different user names to log on to the same network terminal, the services you can enjoy are different, depending on the relationship between the user name and the billing standard.

These two problems are actually the root cause of the problems in the broadband operation network, such as single business, single tariff standards, and single user access capability. These two problems have been solved, all these operational problems can be solved. Careful people may ask, in the actual application environment, the number of user names and the number of network terminals usually correspond one by one, sometimes more than the number of network terminals, does using a user name as the access control identifier further increase the workload? In fact, ISCOM3500 can solve this problem through the organic cooperation with the billing system and the organic combination of access control policies and tariff standards.

Access control policy file based on the billing mode and standard

ISCOM3500 provides access control policy configuration means to separate access control configurations from specific controlled objects to form some pre-configured access control policies. During user authentication, the network terminal features, flow control, bandwidth control, time control, and other features of a user will be dynamically associated to control the network behavior of each user, in this way, different access control measures can be implemented based on the billing mode and billing standard adopted by these users.

Value-added services and tariff standards in broadband operation networks have a limited number of features. That is to say, the value-added services and tariff standards that can be selected by users are generally pre-designed. In line with the principle of vigorously developing network users and increasing broadband access rates, broadband service providers usually need to develop a series of service packages for users to choose from. Therefore, access Control Policies corresponding to each service package also have a limited number of features.

ISCOM3500 dynamically combines users with access control policies to achieve user access control. Therefore, the access control policy can be separated from a specific network terminal, form an abstract Access Control policy that does not target a terminal, and form an Access Control policy file that corresponds to the service package one-to-one Access Control Profilr ). Up to 200 access control policy files can be configured on ISCOM3500, and each access control policy file can contain multiple access control policies. During user authentication, the billing center sends the authentication result and notifies the user of the selected service package ID to the access control switch, after finding the corresponding access control policy file, the access control switch dynamically combines each access control policy with the user's terminal features, A specific access control command related to the terminal is formed, and then sent to the stream processor and the forwarding engine at a high speed by the hardware to control the user's network traffic and flow.

On the Billing Platform, you can also manage users in a one-to-one manner using service plans and user groups. Users can pre-open users for each service package by means of batch pre-opening accounts and card-making and issuance. When you select a service package, you can issue a corresponding user card for it. When you change the service package, you can change the access control of the user card instantly; more importantly, multiple service plans can be complementary. A natural person user can select multiple service plans at the same time. Using one-person multi-card consumption can reduce the renewal fee for broadband access, while building a healthy consumption concept and fully exploring the consumption potential of users.

1. How to use an exchange router to improve the bandwidth difference service