2000259-en

8/3/2019 2000259-en

1/13

WHITE PAPER

Copyright 2009, Juniper Networks, Inc.

Do You NeeD a BroaDBaND remoteaccess server?

Functionality and Trade-Os o Using Smart DSLAMs and MSANs

8/3/2019 2000259-en

2/13

ii Copyright 2009, Juniper Networks, Inc.

WHIte PaPer - D Y Nd Bdbnd r a s?

Table of FiguresFig 1: cnlizd nd diibd inllign bdbnd dl 1

Fig 2: cnlizd Bsr pping lipl hd 3

Fig 3: sipl bdbnd nnin ing PPPX (f Inn ) nd IPe (f IPtv) 4

Fig 4: msaN p-i qing bd n 8021p bi kd by Bsr 5

Fig 5: P-bib Qs 5

Fig 6: H ihil p-bib Qs 6

Fig 7: mcac Bsr, bd n bib link ilizin 7

Fig 8: ayi iy in bdbnd nwk 8

Fig 9: oiw f Jnip Nwk pping wilin bdbnd nwk 9

Table of Contentsexi sy 1

Indin 2

cnlizd cnl 3

PPPX tinin 4

DHcP spp 4Qliy f si 5

Dyni Bndwidh mngn 6

siy 8

Jnip spp 9

cnlin 10

ab Jnip Nwk 11

8/3/2019 2000259-en

3/13

Copyright 2009, Juniper Networks, Inc. 1


Executive SummaryThere are many misconceptions about the role o the DSL Forums Broadband Network Gateway (BNG), better

known as a Broadband Remote Access Server (BRAS) or Broadband Services Router (BSR). The BSR has evolved

signiicantly rom its original role o terminating PPPoX sessions. Proponents talk about enhanced subscriber

management capabilities, while detractors claim that all needed unctions can be done by a smart Digital Subscriber

Line Access Multiplexer (DSLAM) or MSAN (Multiservice Access Node). These alternatives are shown in Figure 1.

Fig 1: cnlizd nd diibd inllign bdbnd dl

There are several unctions that must be perormed to successully support broadband traic. This paper describes

the key unctions that may need to be implemented by the smart edge device, either the MSAN or the BSR.

It is not intended as a decision guide on whether to use PPPoX or IP over Ethernet (IPoE), nor to provide a tutorial on

what enhancements are required to allow DHCP to be used on a broadband network.

In addition, the intent is not to advocate that a BSR be used in the network, but rather to provide an understanding

o the unctions that it typically provides. This allows you to determine whether these unctions are required in your

network, and whether these unctions are best provided by a centralized BSR or by distributed MSANs. Juniper

Networks supports both network implementations.

What Is an MSAN?

MSAN is a generic term or a device that aggregates xDSL, passive optical network (PON), Ethernet, plain old

telephone service (POTS) and T1 traic rom subscribers. Some operators terminate these unctions in single service

MSANs, including DSLAMs, OLTs and data link controls (DLCs), while others are terminating multiple services using

a single MSAN chassis.

MSAN Switch

Apps

DiributedSmart MSAN

CentralizedBroadband Services

Router (BSR)

Switch

8/3/2019 2000259-en

4/13

2 Copyright 2009, Juniper Networks, Inc.


IntroductionThe BSR has evolved over time to provide a myriad o capabilities targeted at improving the service providers ability

to control what each subscriber is doing based upon the service they have signed up or, as well as simpliying

overall network operations. Table 1 summarizes the key unctions o the BSR.

FEATURE FEATURE DESCRIPTION BENEFIT

cnlizd cnl Single point o operational control Avoids needing to touch each MSAN to make anetwork change

Access agnostic architecture Uses a common operational model to support allaccess devices, allowing you to select the lowestcost MSAN which meets your needs

MSAN independence Allows operator to select lowest-cost MSANwhich aggregates subscriber trafc

PPPX tinin Establish connection-orientedsessions with keep-alives

Simplifes subscriber management

DHcP spp DHCP Relay converts broadcast tounicast

Reduces network trafc

DHCP Proxy tracks DHCP lease lieand renews leases

Improves security by hiding address o realDHCP server; simplifes network operations by

ensuring that subscriber keeps same IP address

RADIUS Proxy communicates withRADIUS server

Allows single subscriber database or PPPoXand DHCP subscribers; allows use o RADIUSaccounting

DHCP Local Server Eliminates need or separate DHCP servers

Qliy f si (Qs) Per-service marking and queuing Provides basic application-level QoS withoutconsidering what dierent subscribers are doing

Per-subscriber Queues and schedules trafc separately or eachsubscriber

Hierarchical queuing Looks at various potential network bottlenecksto queue and schedule trafc independently oreach subscriber

Multicast call admission control Ensures video quality by allowing new multicast(IPTV) sessions only i bandwidth is available

Dynamic bandwidth management Ensures subscriber satisaction by veriyingnetwork resource availability and dynamicallymarking packets

siy IP Address Tracking Limits number o addresses which can beassigned to a subscriber, and drops trafc romother IP addresses

Firewall Protects network rom attack by checking trafcrom subscribers

8/3/2019 2000259-en

5/13



Centralized ControlPerhaps the most important motivator or deploying a BSR has nothing to do with technology, but rather with

minimizing the total cost. Using a BSR provides three key beneits:

Single point for change control: I a network change needs to occur, it is simpler to make the change at a single

BSR than at dozens, hundreds or even thousands o devices. This is a critical reason why virtually every large

broadband operator has BSRs in the network. For example, it is simpler to update a single, centrally located

security appliance than it is to push security updates to each MSAN. In addition, having a centrally locatedbackup security appliance allows this upgrade to occur without taking subscribers out o service.

Common access-agnostic operational model: Each MSAN has its own coniguration tools, language and

capabilities, driving up costs as technicians need to learn dierent products. This also limits the ability to

move to newer products rom dierent vendors, including migrating to a higher speed solution such as PON.

Implementing dierent eatures on dierent MSANs is also operationally expensive, as technicians must igure

out how customers are connected beore resolving problems.

Fig 2: cnlizd Bsr pping lipl hd

MSAN independence: Finally, adding intelligence into the MSAN drives up the cost o every MSAN in the network.Paying a little bit more or each MSAN oten ends up costing more in the long run than deploying a BSR.

Allowing the MSAN to do what it does bestaggregating subscriber traicoten leads to the lowest overall

cost solution. This total cost o ownership (TCO) business case is most compelling or larger operators

supporting thousands o MSANs. Smaller operators may be willing to ocus on minimizing the cost beneits o

deploying BSRs and deploy smarter, more expensive MSANs instead.

Switch

Dial Up

BSR

IP BACKBONE

Switch

DSL

Switch

Cable

Switch

LMDS802.11

Switch

Satellite(DVB)

Switch

EthernetVLAN

Switch

Leased LineIP or L2

8/3/2019 2000259-en

6/13



PPPoX TerminationOriginally used or dial-in networks, Point-to-Point Protocol (PPP) was adopted by the DSL Forum because o its

additional important unctionality. As DHCP has been enhanced to provide many o these unctions, it is becoming

more common to build networks without PPP. One driving orce behind this transition is the adoption o IPTV service

across broadband networks, which does not work well with PPP. Since the BSR was initially designed to terminate

PPP, the argument goes, it is no longer necessary to have one in the network1.

Many new deploymentsnotably smaller operatorselect to implement a pure DHCP solution, so PPP terminationis rarely the motivator to deploy a new BSR. However, PPP is still widely deployed, with many established broadband

providers continuing to use PPP or new subscribers because o its beneits. Regardless o whether PPPoX is used

or Internet traic, IPTV traic is transmitted across a separate (non-PPPoX) connection as illustrated in Figure 3.

Fig 3: sipl bdbnd nnin ing PPPX (f Inn ) nd IPe (f IPtv)

DHCP SupportWhen using DHCP2, the network ideally provides several addressing capabilities:

DHCP Relay: This capability minimizes network overhead and improves security by converting DHCP

broadcasts to unicast.

DHCP Proxy: This urther improves security by hiding the address o the real DHCP server; and reducesnetwork complexity by ensuring that each subscriber uses a single IP address.

RADIUS Proxy: This allows the DHCP Relay Agent to receive inormation about the subscribers permissions

rom a RADIUS server, and to track subscriber usage via RADIUS accounting.

DHCP Local Server: The DHCP Relay Agent can also serve as the DHCP server, assigning IP addresses to

subscribers upon request. This eliminates the need to have a separate server arm supporting this unction.

All o these unctions are supported by BSRs. It is becoming increasingly common or MSANs to implement DHCP

Relay, although DHCP Proxy and RADIUS Proxy are less requently implemented. Only BSRs implement the Local

Server unction.

VLAN for Internet Access

PPP session carried within VLAN

Internet Traffic

IPTV contentVLAN for IPTV

BSRMSANDSL

8/3/2019 2000259-en

7/13



Quality of ServiceAnother important requirement o the broadband network is its ability to eectively manage traic in the access

network. One approach, per-service QoS, prioritizes traic based strictly on the priority bit settings within the packet.

In the extreme case, a ew subscribers running all high-priority applications could prevent low-priority traic rom

reaching other subscribers. More realistically, the high-priority subscribers will receive more than their air share o

the bandwidth, at the expense o other subscribers. The second approach, per-subscriber QoS, manages traic based

on both priority bit settings and destination. This ensures that each subscriber gets a air share o the bandwidth.

With this in mind, there are several capabilities that can be provided by the broadband network:

Per-service marking and queuing: Subscriber-bound traic must be marked to conorm to service provider

standards. For example, VoIP traic may be marked dierently than Web traic. Individual packets may be

prioritized based on Layer 3 IP DiServ markings or based on Layer 2 Ethernet 802.1p markings. Application

servers and gateways typically mark IP DiServ bits, and IP routers can use these bits to prioritize traic.

However, Layer 2 equipment such as lower-cost MSANs can only look at the Ethernet markings. Thereore, the

choices are to purchase MSANs that have the processing and memory to examine DiServ bits, or else have

something in the network (typically a BSR) that sets the 802.1p bits based on the DiServ settings. This is depicted in

Figure 4.

Fig 4: msaN p-i qing bd n 8021p bi kd by Bsr

Per-subscriber QoS:

Ensuring that each subscriber gets his/her air share o bandwidth requires per-subscriber QoS where there is a separate set o priority queues or every subscriber. This also allows the

network to deliver dierent types o traic to dierent subscribers at the same time. Figure 5 provides a simple

example o per-subscriber queuing.

Due to the large number o queues and associated memory, per-subscriber queuing is typically provided only by

custom application-speciic integrated circuits (ASICs) in BSRs.

Fig 5: P-bib Qs

Scheduler

802.1p = 7

MSAN

BSR

802.1p = 7, 6

802.1p = 5, 4VoIP Frame

VoIP Frame

802.1p = 3, 2

802.1p = 1, 0

802.1p = 6

802.1p = 5

802.1p = 4 802.1p802.1p = 3

802.1p = 2

802.1p = 1

802.1p = 0

Control1 1 2 2 1 1 2 2 1 1

Sub. 1

IPTV

VoD

VoIP

VPN

Gaming

Web

Control

Sub. 2

IPTV

VoD

VoIP

VPN

Gaming

Web

Control

Sub. N

IPTV

VoD

VoIP

VPN

Gaming

Web

Sorted packets:

subscriber in

priority order

Sorting based on:

Unsorted packets

subscribers

Subscriber #2

Subscriber #1

BSR

8/3/2019 2000259-en

8/13



Hierarchical queuing: A related capability is hierarchical queuing, which looks at dierent potential bottlenecks

beore determining how to schedule traic. For example, the MSAN or BSR can look at bandwidth utilization on

a shared PON link to ensure that this link is not oversubscribed, and to ensure that each subscriber gets their

air share o the shared iber connection.

In addition, the BSR can veriy that bandwidth to the MSAN is available. Internet-based video, video on demand (VoD)

and HDTV are driving up bandwidth requirements to the MSAN, making this link a potential bottleneck. By controlling

traic being sent to the MSAN, the BSR urther ensures that each subscriber gets a air share o bandwidth.

This unction, depicted in Figure 6, is provided by custom ASICs in a BSR.

Fig 6: Hihil p-bib Qs

QoS continues to be an important dierentiator or BSRs. Commercial chipsets used in MSANs cannot support

separate queues or each subscriber, and only the BSR can dynamically control bandwidth to each MSAN.

Dynamic Bandwidth ManagementClosely related to QoS is dynamic bandwidth managementensuring that the bandwidth is available to support a

new application, making network changes to support requests, and preventing new services that can aect existing

sessions. This last capability is call admission control and is similar to what is done in traditional voice networks.

Multicast Call Admission Control (MCAC): This capability prevents the network (MSAN or BSR) rom honoring

channel change requests that would oversubscribe bandwidth to the subscriber. For example, a subscriber

may have enough bandwidth to support one SDTV and one HDTV connection. I one TV is already viewing HDTV

content, then the other TVs must be prevented rom attempting to view a dierent HD channel.

Most oten, operators avoid this situation by only limiting the number and type (SD/HD) o set-top box receiverseach subscriber can have. This is becoming a serious concern or both subscribers and operators, who oten

would like to support more TVs that use the same bandwidth or choose which TV on which to view the HD

content. For these situations, MCAC is the preerred solution.

An additional complication arises as video traic moves to a unicast model. In this case, it is more likely that the

connection to the MSAN, rather than the link to the subscriber, can be the bandwidth bottleneck. Thereore, it is

necessary to look at available bandwidth to both the MSAN and the subscriber to determine whether the request

can be honored.

Home 1Queues

VLANPer MSAN Scheduler

(if required)

To DSLAM or Switch

GigE

BSR

VoIP

Internet Access

VPN Service

Broadcast TV

IP/VLAN Node(per household)

IP QueueService Queues(per subscriber)

Home 2Queues

Business 1Queues

DSLAM x DSLAM y DSLAM 1

Multicast Traffic(unique VLAN)

8/3/2019 2000259-en

9/13



Figure 7 shows a sample calculation to decide whether a channel change request can be honored. In this

example, this unction is perormed by the BSR, based solely upon bandwidth to the subscriber. An analogous

calculation can check bandwidth available to the MSAN as well. Some MSANs also support multicast CAC,

although only BSRs can consider bandwidth to the MSAN when determining whether to honor the request.

Fig 7: mcac Bsr, bd n bib link ilizin

Unicast bandwidth management: Incoming requests to establish new sessions can be checked against

criteria such as available bandwidth to determine whether the connection can be permitted. For instance, a

session border controller that cannot accept any more calls must inorm the MSAN or BSR that the call cannot

be completed.

Unlike multicast IPTV, these applications each have their own control protocols. Thereore, the application

server must ask the network whether resources are available, ater determining the required resources. For

example, when a subscriber requests to view VoD content, the VoD system irst determines that the requested

content is 3.75 Mbps (SDTV), and then asks whether this much bandwidth is available rom server to subscriber.

To accomplish this, there must be a single device that holds a complete picture o the network, including

existing bandwidth commitments. This device, architecturally called a Pliy Diin Pin (PDP), makes

the decision about whether new requests can be honored. In addition to inorming the application, it may also

need to tell certain network elements, called Pliy enfn Pin (PeP), how to treat this traic. For

example, once it is determined that a VoIP session can be supported, this traic can be marked as high priority

i (and only i) the subscriber has signed up or VoIP service. Otherwise, a dierent policy is applied to mark it

as best eorts traic.

Dynamic bandwidth management is recognized as an important mechanism or protecting the network and

improving revenues by controlling network access. Current MSANs do not work with PDPs (that is, do not unction as

a PEP), while many BSRs do support this. An important requirement is that the PDP use standard Web services such

as Simple Object Access Protocol (SOAP) to communicate with application servers, making it as easy as possible to

support a wide range o applications.

Group Bandwidth

Bandwidth per channel

IGMP (join 224.1.1.2)

Bandwidth (per subscriber)

224.1.1.2224.1.12.101

224.1.12.102

2 (SD)6 (HD)

6 (HD)

Sub Total Commit Request

Approved: Total bandwidth is < 10 Mbps

Approved: Total bandwidth is < 10 Mbps

Denied: Total bandwidth exceeds 10 Mbps

Total

10.10.1.3 10 0 2 2

Sub Total Commit Request Total

10.10.1.3 10 2 6 8

Sub Total Commit Request Total

10.10.1.3 10 8 6 14

IGMP (join 224.1.12.101)

IGMP (join 224.1.12.102)

Denial Message

10 Mbps

Subscriber

1 Gbps 1 Gbps

DSLAM Port

Channel 318

Channel 2

MSAN Switch BSR

8/3/2019 2000259-en

10/13



SecurityProtecting the application servers rom attack is another undamental network requirement.

IP Address Tracking: The network should ensure that only authorized subscribers can access the network

by dropping traic rom IP addresses that have not been assigned to this subscriber. This inormation can be

learned rom DHCP lows. As a related capability, the network should limit the number o IP addresses that can

be assigned to a subscriber.

Firewall: Incoming traic rom subscribers can be redirected to a security appliance to protect against networkattacks. I an attack is noted, the policy enorcement node can be instructed to drop incoming packets rom

a given subscriber. Generally, all traic rom all subscribers is validated, while traic to subscribers (which

originates at trusted servers within the network) bypasses the security check. This prevents the security

appliance rom being overwhelmed by IP video traic.

Figure 8 depicts a network supporting asymmetric security. On the let, traic rom the subscriber is checked and

allowed to pass to the application server, which responds by orwarding application traic. On the right, an attack is

detected, so the security device notiies the network to drop all traic rom this subscriber. In addition, inormation

about the attack will be displayed on an operator console. The application server does not see the attack.

Providing this unction requires deploying a security appliance alongside the redirection engine, as well as support

or this asymmetric model. It is not cost eective to do the ormer, and most MSANs do not support the latter. The

most common solution is to have the MSAN itsel provide some level o checking to protect against common attacks

such as Distributed Denial o Service (DDoS). The MSAN vendor provides periodic updates that the operator mustapply to each MSAN.

Fig 8: ayi iy in bdbnd nwk

ISG Series

BSR

Policy

Enforcement

Point

Security

Appliance

SRC Policy

Engine

CORE

MSAN

ISG Series

BSR

Policy

Enforcement

Point

Security

Appliance

CORE

MSAN

8/3/2019 2000259-en

11/13



Juniper SupportAs shown in Figure 9, Juniper supports a wide range o connectivity or access networks. MSANs and aggregation

switches can connect upstream to any o three Juniper Networks routers:

Ethernet aggregation switches (Juniper Networks MX Series Ethernet Services Routers)

IP routers with high Ethernet density (Juniper Networks M Series Multiservice Edge Routers)

Broadband Services Routers (Juniper Networks E Series Broadband Services Routers)

Fig 9: oiw f Jnip Nwk pping wilin bdbnd nwk

For networks that require a BSR, Juniper Networks E Series portolio o IP edge routing platorms is a critical elemen

in the control, delivery and accounting o services at the network edge. The E Series routers support DHCP and PPPoX

operational models including PPPoX termination and DHC Proxy Relay. In addition, they shape traic to individual

subscribers, to MSANs, and to aggregation switches. Policy enorcement is provided in conjunction with the Juniper

Networks SRC Series Session and Resource Control Modules, which provides the policy decision point unction.

For networks using smart MSANs, the Juniper Networks M Series Multiservice Edge Routing portolio and MX Series

Ethernet Services Routers (ESRs) combine best-in-class capabilities with unmatched reliability, stability, security

and service richness. These products allow providers to consolidate multiple networks into a single inrastructure

while simultaneously generating new revenues with leading-edge services. M Series Multiservice Edge Routers

support both Ethernet-based and ATM-based MSANs, while the MX Series Ethernet Services Routers establish

a new industry standard or Carrier Ethernet capacity, density and perormance. The Juniper Neworks MX960

Ethernet Services Router is the industrys largest-capacity Carrier Ethernet platorm, with up to 960 gigabits per

second o switching and routing capacity, while the Juniper Networks MX480 and Juniper Networks MX240 Ethernet

Services Routers provide smaller capacity routers or those locations and subscriber densities where ewer ports

are required. In addition, the MX Series can serve as a smart Ethernet switch that aggregates MSAN traic while

supporting required broadband unctions such as Internet Group Management Protocol (IGMP) snooping.

MSAN

MSAN

M Series

T Series

BSR

Head-End

MX Series

E Series

Apps

MX Series

8/3/2019 2000259-en

12/13



ConclusionEach o the the unctions described in this paper may be provided by MSANs that use commercially available

chipsets, by MSANs that use custom ASICs or by BSRs. Its not surprising that MSANs with custom ASICs cost more

than those using commercially available chipsets but provide more unctionality. Similarly, BSRs generally provide

more unctionality than MSANs. Table 2 summarizes which type o platorm supports each unction.

FEATURE DESCRIPTION COMMERCIAL

MSANS

ADVANCED MSANS JUNIPER

NETWORKSE SERIES BSR

Centralized Control

singl pin f nl, gni,msaN indpndn

3

DHCP Support

DHcP rly 3 3 3

DHcP Pxy, DHcP raDIus Pxy 3 3

DHcP Ll s 3

PPPoX

PPPX tinin 3 3

QoS

Qs p i 3 3 3

Qs p bib, hihil Qs 3

Dynamic Bandwidth Management

mcac 3 3

uni bndwidh ngn, pliynfn pin

3

Security

IP add tking 3 3 3

cnlizd Fiwll 3

BSRs have evolved rom their initial role or terminating PPPoX traic. Most importantly, they increase Average

Revenue per User (ARPU) potential by controlling network access and using bandwidth more eiciently, while

reducing operational costs. However, the initial cost o implementing a BSR may outweigh the beneits, notably or

smaller service providers with relatively ew MSANs.

8/3/2019 2000259-en

13/13


cp and sl Hdq

Juniper Networks, Inc.1194 North Mathilda AvenueSunnyvale, CA 94089 USAPhone: 888.JUNIPER(888.586.4737)or 408.745.2000Fax: 408.745.2100

aPac Hdq

Juniper Networks (Hong Kong)26/F, Cityplaza One1111 Kings RoadTaikoo Shing, Hong KongPhone: 852.2332.3636Fax: 852.2574.7803

emea Hdq

Juniper Networks IrelandAirside Business ParkSwords, County Dublin,IrelandPhone: 35.31.8903.600Fax: 35.31.8903.601

Copyright 2009 Juniper Networks, Inc.All rights reserved. Juniper Networks, theJuniper Networks logo, JUNOS, NetScreen,and ScreenOS are registered trademarks oJuniper Networks, Inc. in the United States andother countries. Engineered or the networkahead and JUNOSe are trademarks o JuniperNetworks, Inc. All other trademarks, servicemarks, registered marks, or registered servicemarks are the property o their respectiveowners. Juniper Networks assumes noresponsibility or any inaccuracies in thisdocument. Juniper Networks reserves the rightto change, modiy, transer, or otherwise revisethis publication without notice.

2000259- 001-EN Feb 2009 Printed on recycled paper.

1

To purchase Juniper Networks solutions, pleasecontact your Juniper Networks representative

at 1-866-298-6428 or authorized reseller.

About Juniper NetworksJuniper Networks, Inc. is the leader in high-perormance networking. Juniper oers a high-perormance network

inrastructure that creates a responsive and trusted environment or accelerating the deployment o services and

applications over a single network. This uels high-perormance businesses. Additional inormation can be ound at

wwwjnipn

2000259-en

Documents