In the last article we have told about the device of the Internet provider’s network, defined what levels it can be divided into and what equipment is used on them. Today, let’s focus on the server level and describe the main services used by a typical district or city B2C ISP.
Standard ISP services
In order to provide access to the Internet to thousands of subscribers, it is not enough just to stretch the local network to each of them. It is necessary to set up authorization, billing, filtering and many other important services that are responsible for the quality and completeness of services provided. The standard set of services used by an Internet provider looks like this:
- DHCP server;
- DNS server;
- one or (more often) more access servers (if required);
- AAA server (radius or diameter);
- billing server;
- Database server;
- flow-statistics and billing server;
- network monitoring server;
- traffic filtering devices;
- entertainment services for users (optional);
- Content servers (such as Google Cache).
DHCP and DNS servers
The main task of the DHCP server is to provide IP addresses to clients. It is up to each operator to statically assign the client’s mac address to the IP address, either by the switch port (in the case of dhcp option 82) or by a pool of addresses allocated to the subnet. Sometimes there are implementations with AAA servers.
The most popular implementation is ISC DHCP Server, as it is free and has a fairly transparent syntax of configuration. In some networks it is implemented on routers, but more often as a dynamic address output.
The task of the DNS-server is to respond to DNS-requests of subscribers and convert them into IP-addresses.
It is a router or server that provides clients with access to the Internet. As a rule, this is quite a productive equipment, as it has a strong impact on the quality of services provided and requires a system administrator to be qualified to configure and maintain this server.
General recommendations on what exactly to implement the access server, no, but to reduce the cost of building a network using it is the server equipment, and not routers, because in the case of upgrade server replacement will be more profitable than replacing the router.
However, the software for servers does not always work stably and in the case of UNIX-like systems sometimes leads to panic in the kernel (kernel panic).
Access technologies are different and the provider chooses what to use. Recently, IPoE technology is at the peak of popularity. PPPoE, IPSec, L2TP protocols are also widely used, but PPTP is losing popularity more and more.
This is due to modern security requirements. Most protocols use NAT (Network Address Translation), as it allows you to save real (white) IP-addresses, in particular IPv4.
Authentication, authorization and account server. From the name – the server that performs user identification, grants privileges to users or takes them away, maintains access records.
Most often it is implemented by means of FreeRADIUS. Advantages – free of charge, easy to set up and has a fairly wide functionality.
It can be called the heart of the network, as the server manages the accounts of the operator’s clients, namely – adding and removing users, write-off of subscription fees, change of tariff information and much more.
Very much depends on the database server. There is a lot of software on the market to perform the role of ACP (automated system of calculations).
Flow-statistics storage server
Designed for direct recording of information about the “travel” of clients on the Internet. As a rule, it is realized on the enough productive server equipment with the maximum possible disk space.
Traffic filtering devices
Complex of hardware and software for execution of the Federal Law No. 139. Some providers use a bundle of their own DNS-server and proxy-server for the implementation of this law. The quality of filtering, though close to ideal, but does not allow to filter access on URL through the TLS-protocol.
Traffic analysis systems or DPI (Deep Packet Inspection) devices can do this successfully. A private example is the SCAT DPI equipment from VAS Experts.
BRAS Service Gateway is a server function that allows the broadband access operator to control the access of subscribers to the Internet and apply the policies of tariff plans and additional tariff options.
Such manufacturers as Cisco, Juniper, Huawei, Ericsson implemented it in their devices, but only large telecom operators can afford the products of these companies.
Small ISPs use a BRAS software solution (BRAS on Mikrotik OS, BRASFil by SoftM, SCAT DPI by VAS Experts) as a BRAS software solution, as it is much cheaper and can be installed on a standard compatible x86 server.
Hardware-software platform for implementation of the system of operative-search actions for law-enforcement agencies. To date, SORMs of the second and third generation are relevant.
As a rule, a telecom operator only pays for the cost of equipment and its installation in the server rack, but has no access to the equipment interface. The main task of this equipment is to implement some federal laws on communication control.
It is necessary to notice that SORM is an integral part of a network, without it to give the project of a network in corresponding supervising bodies it is impossible. Also it is necessary to consider that flow-statistics, as well as the data on payments, is the billing information which the communication operator is obliged to store 3 years.
In practice, the number of services in the networks of Internet providers may be greater, it depends on both the organization of the network and the variety of services provided (IP-TV, file resources, telephony and others).
However, there is a possibility of optimizing the network, combining some functions on one device. For example, filtering, BRAS, CG-NAT, QoS, statistics can be combined in a traffic analysis platform such as VAS Experts’ SCAT DPI.
In the next articles we will tell you more about the services of Internet providers and the possibilities of their effective use, as well as about the ways of convergence of some of them with the help of the SCAT DPI platform.
More detailed information about the advantages of the modern system of deep traffic analysis of SCAT DPI, its effective use on the networks of communication operators, as well as about migration from other platforms you can find out from the specialists of VAS Experts company, the developer and supplier of SCAT DPI traffic analysis system.