Broadband Access Servers are still commonly used. So I have studied the extended functions of broadband access servers. I will share them with you here, hoping they will be useful to you. The above section briefly introduces the system structure and access functions of the broadband access server.
In fact, the broadband access server function is far from the same. In terms of specific network implementation, the bandwidth access server has changed the limits of a single, single, and single-function narrowband dial-up server, keeping up with the actual needs and development trends of broadband access, quickly expand functions. On the other hand, the Broadband Access Server is positioned at the edge of the backbone network, mainly to achieve business convergence and traffic convergence for various connected users, and should focus on its access processing capabilities, it is obviously unrealistic to expect the Broadband Access Server to undertake various network functions. Therefore, to meet the current needs and application trends of broadband access, you can expand the function of broadband access servers to achieve more efficient broadband access. The following describes the major extension functions of the broadband access server.
1. Business Selection
As the name suggests, this function is used to achieve the following functions: users can independently select various services provided by backend network operators through a connection to the Broadband Access Server. On the one hand, the specific implementation of various services has different technical focuses and different network performance requirements. In this way, an appropriate business model is allocated on the Convergence end of network services-the broadband access server, so that the system and its network resources can be bundled in a reasonable and orderly manner based on the characteristics of various services, implement various services with limited resources. On the other hand, from the perspective of the future development of network applications, the separation of the Network Content Service Provider ICP and the network access provider ISP is an inevitable trend. On the access aggregation side, the ISP must forward the selected business flow to the corresponding ICP. At the same time, the ISP network must strictly ensure the isolation of various businesses, that is, the isolation of ICP. Therefore, broadband access server is an inevitable application requirement for access users to achieve business selection. In specific implementation, each vendor has its own device, but basically adopts the following two modes: the terminal directly selects the Service mode and selects the Gateway Service Selection Gateway through the Background Service) mode.
Services are directly selected by the terminal. Now some broadband access methods have introduced the concept of service selection, requiring users to select the corresponding services before dialing, such as the widely used PPPOE dial-up access. For access methods that do not provide this function, such as PPPOA, You can activate the corresponding service model of the access server through the username structured domain name mode @ mode. In short, this service selection method is first selected by the user through the dialing software, and then the user is authorized to confirm the service by using the remote RADIUS server, finally, activate the corresponding internal business model of the Access Server to point to the business. However, with this service selection method, end users cannot intuitively and comprehensively learn the various service types provided by the Broadband Access Server, increasing the actual operation of end users and having certain limitations. On the other hand, to switch between services, you must re-perform virtual dialing, which is not convenient.
The backend service selects the gateway mode. After a user dynamically obtains an IP address through PPP or DHCP, the user is forced to access the service directly connected to the Broadband Access Server and select the gateway. In general, a user terminal can obtain information about services that can be selected through the Web interactive interface. after entering the corresponding user data, the user who applies for access to the service is authorized and authenticated through the remote RADIUS, then, implement necessary IP coverage for users based on different services, and finally achieve service selection by activating the corresponding internal business model of the Access Server. In terms of functions, we can think of the backend service as the gateway SSG) as a Server with the Web Server function and powerful service management and user management. It defines the business scope and operation permissions of various users through the background database.
In fact, the implementation kernels of these two selection modes are basically the same. The core of the Business selection is the implementation of the Broadband Access Server, and the difference is only in the form of user interfaces. However, considering the actual needs of operations, using the SSG service to select the gateway mode not only greatly improves the transparency of user access operations, but also reduces the configuration process of user terminals, it can also serve as a business portal to provide space for the next service expansion. For operators, this is indeed an ideal business operation mode and has become the future direction of business development.
2. QoS support
QoS has always been one of the focuses of packet switching networks, especially in IP networks. Today's broadband networks, especially in backbone networks, primarily adopt point-to-point transmission networking, in exchange for QoS largely through high bandwidth. However, for a broadband access server, it undertakes the convergence of various services, and the uplink bandwidth is limited after all. It is obviously unrealistic to achieve QoS through high bandwidth. In this way, the implementation of QoS on the Access side is particularly important. As described above, the Broadband Access Server supports both ATM and FR Access. Obviously, the user's QoS problem can be well solved through the QoS implementation mechanism of ATM or FR itself. But do not forget that in addition to ATM and FR access, there are also various types of pure IP access in the broadband access server. For this type of access traffic, the service type of the IP header can be used to mark the ToS) field. The IP package is marked with the corresponding ToS on the business initiator side, and corresponding traffic ing or business ing is performed within the access server to distinguish various traffic levels and achieve network QoS.
3. VPN Virtual Private Network) Implementation
Data is transmitted securely and efficiently on the public network platform, enabling excellent network scalability and scalability. The core of VPN technology is data packet encryption and network transmission. Now, IETF has developed some VPN Technical standards, such as L2 L2TP tunneling and L3 IPSec Encryption. The promulgation of these two technical standards laid a solid foundation for VPN applications. From the perspective of actual VPN applications, Most VPN services are implemented on the edge of the network, which is transparent to backbone network devices. As the role of network access and business convergence, the Broadband Access Server is often the initial initiator of a VPN application, which is crucial to the implementation of the VPN application. At present, in the VPN implementation of the second layer of the network, the Broadband Access Server provides L2TP tunnel encryption technology. Generally, it can be used as LACL2TP Access Concentrator or LNSL2TP network server) and flexible networking applications. The implementation of VPN on the third layer of the network is not popular because IPSec is a new protocol standard. Currently, only some broadband access servers have begun to support this function.
4. Port wholesale
Due to the need for business expansion, port leasing will also be the trend of broadband access applications in the future. Especially for enterprise group users, they can quickly build their own networks through port leasing and bandwidth leasing on the Access side, saving a lot of investment in network construction. For such applications, you can use VLAN division or Virtual Router creation in the broadband access server. In essence, these technologies divide sub-resources of the system. In each sub-system, the corresponding functions of the second and third layers of the network are independently completed to complete the port wholesale business. In fact, from the perspective of VPN, we can also think that port wholesale is another way to achieve VPN applications, and the application is flexible and convenient.
5. Support for Multicast
From the perspective of the entire network, the broadband access server must support multicast to distribute the end Of the multicast video stream at the network layer. The network host installs the corresponding multicast application to support the multicast protocol. By actively submitting a multicast application, select the desired multicast service, connect it to a local vro or multicast server that supports IGMP. From the perspective of technical implementation and the current support for multicast by actual devices, the Broadband Access Server forwards multicast traffic between network terminals and multicast servers or routers that support IGMP. Generally, it supports the Protocol standards of the First and Second editions of IGMP, but it only plays the role of IGMP Proxy) or IGMP spoofing Snooping to a large extent, the network end multicast package is transparently transmitted and distributed, and the end user does not feel different from the actual application. To further improve the flexibility of multicast applications for broadband access servers, some equipment vendors have begun to support multicast routing protocols such as PIM and DVMRP in their actual products.
6. manage IP traffic forwarding to implement firewall functions
The IP traffic forwarding management of the Broadband Access Server is to provide corresponding access capabilities to users based on the actual permissions of different users, to a certain extent to complete the IP firewall function, to achieve internal network security. To a large extent, IP traffic forwarding management is bound with the VPN and Service Selection of the Broadband Access Server, and works with the upper-layer backbone edge router, flexibly and effectively implement IP separation for various business types. In terms of technology implementation, this function can Filter IP filters through its own IP packets), and flexibly allocate IP address segments and network-side NAT Network Address Translation for different services. At the same time, from the perspective of network security, broadband access servers should also provide protection against IP attacks and IP spoofing.
For IP address filtering technology, the system specifies the corresponding IP address filtering policy based on the selected service type while completing user access, and filters data packets of Layer 3 and Layer 4 to users with different permissions. This not only achieves the business needs, but also can effectively restrict the user's access permissions, to achieve the bundling with the corresponding business. The implementation of this function is independently implemented by the Broadband Access Server and does not require the cooperation of upper-layer routers. For the allocation of IP addresses connected to users, the Broadband Access Server works with the backend RADIUS server to enable the broadband access server and the backend RADIUS server, the DHCP server attached to the access server can even allocate fixed and dynamic addresses for users. In this way, IP traffic forwarding control is implemented. On the one hand, you can set different routing forwarding policies for different IP address segments on the Broadband Access Server; on the other hand, the upper-layer router can filter or route different IP sources and destination addresses through IP packet resolution to limit the access capabilities of different users.
The introduction of NAT technology can, on the one hand, make full use of private IP addresses to relieve the pressure on public IP Address resources. On the other hand, NAT achieves internal network security through one-way forwarding of IP traffic. The broadband access server provides the conversion from non-IP services to IP services. In terms of IP network security, the implementation of the IP firewall function is concentrated on the edge of the network. Therefore, it provides necessary functions to prevent IP attacks and IP spoofing, which is very important for the security of the entire IP network. It can be said that the improvement of the IP firewall function is the actual requirements of network applications for broadband access servers. At the same time, because SSG has powerful user management functions and a good interactive interface, integrating the IP firewall function with SSG has a good prospect for practical application.
Supplement of networking applications for Broadband Access Servers
As mentioned earlier, the Broadband Access Server is mainly used to meet the current requirements of various DSL access applications, especially ADSL access. Currently, ADSL access is based on the ATM network platform, and is an ATM. However, the current network architecture is mostly pure IP and large. At the same time, the debate on ATM technology remains the focus of discussion in the industry. The further expansion of the ATM network is difficult, and it is of practical significance to achieve the requirement of ADSL direct IP Access. On the other hand, with the increasing integration of access devices on the Access side, a connected network unit, such as DSLAM, can often be connected to hundreds of users. For such a network distribution and so many single-point connected users, it is also an ideal choice to switch the Broadband Access Server from centralized access to decentralized access. It can even be directly integrated with edge access devices on the Access side to integrate IP addresses directly connected to the network. This networking scheme is not only conducive to simplifying the Broadband Access Server's own equipment, but also easy to implement user QoS, and directly aggregates the accessed user data IP into the edge router, it is easy to integrate with existing IP networks and saves network transmission devices and channels on the network access side and edge side. It should be said that such Broadband Access Servers are cheap and easy to design. They are often used directly as part of the access device. However, the function is relatively simple, and the network scalability and scalability are poor. Using this networking solution is feasible for accessing a single network with a single business, but it cannot be used for complex business networks. From the current actual business orientation, high-speed Internet access has become the mainstream business of broadband access networks, with a single business type and few additional services. In this situation, decentralized access has some advantages.
From the perspective of the whole network, the broadband access server is not only a single aggregation point for the whole network access service, but also a unified forwarding point for the user's business traffic. In this special network point, if it can be used together with other dedicated network devices for networking applications, it can greatly improve the overall network performance and the actual access speed of users, and get twice the result with half the effort. As you can imagine, for Internet services, the Broadband Access Server is directly attached to a dedicated Cache and a layer-4 switch. In this way, information frequently accessed by users can be obtained directly from the dedicated Cache through layer-4 switch filtering, thus bypassing a large number of user data streams, it reduces many repetitive and unnecessary network traffic, greatly reduces the backbone network load, improves the network utilization, and has high application value.
At the same time, from the perspective of the development trend of IP addresses, the introduction of Multi-Protocol Label Switching MPLS can smoothly achieve network upgrades, making it easy to implement IP service quality assurance and VPN applications. These applications have incomparable advantages over other technologies. MPLS has become the industry's consensus on the development direction of the next generation of IP, and the support for broadband access servers is an inevitable choice. In short, broadband access servers are currently in the early stage of large-scale application. With the development of the broadband network, it has a very broad development prospect.