RBFS C-BNG with CGNAT for IPoE and PPPoE Subscribers
Overview
This document provides information for validating CGNAT (Carrier-Grade Network Address Translation) implementation using the CGNAT-enabled RBFS Consolidated-BNG (C-BNG) device. It depicts the implementation that uses both IPoE and PPPoE subscriber traffic and IPv4 network address translation in the RBFS C-BNG deployed at the ISP network.
The document presents a use-case scenario that shows 10,000 single Q subscribers (8000 IPoE subscribers and 2000 PPPoE subscribers) on the same port. It implements a QoS profile that enables queueing, scheduling, and shaping for downstream traffic and single-level policing for upstream traffic per subscriber. The implementation uses port-block size 256 for address translation and OSPFv2/v3 protocols for route distribution.
The document presents a single use case scenario and configuration information required to validate the use case. The guide provides configuration information for general platform settings, Carrier-Grade Network Address Translation, various Access and Routing Protocols, Subscriber Management, and Quality of Service (QoS). The document provides information specifically on how to validate this particular implementation and for more information on any specific application, refer to https://documents.rtbrick.com/.
This guide is not intended to be an exhaustive guide of all RBFS features and does not provide information on features such as Multicast, Lawful Intercept, and so on.
Currently, the scope of the guide is limited to the basic features and configurations for validation purposes. This guide does not provide information about the advanced RBFS features such as multicast.
About RBFS Consolidated-BNG
The RtBrick C-BNG is delivered as a container, running on Open Network Linux (ONL) provided by the hardware ODM manufacturers. Platforms that support C-BNG include EdgeCore CSR440, Edgecore AGR420, UfiSpace S9510-28DC, UfiSpace S9600-72XC, and UfiSpace S9600-102XC. The RtBrick C-BNG software runs on powerful bare-metal switches as an open BNG.
The BNG is designed to dynamically deliver the following services:
-
Discovering and managing subscriber sessions for IPoE/PPPoE subscribers
-
Providing authentication, authorization and accounting (AAA)
About BNG Blaster
BNG Blaster is an open-source network tester developed by RtBrick to validate the performance and scalability of BNG devices. The BNG blaster can emulate both subscribers at scale and network elements such as routers. Therefore, it is possible to create complex topologies with just the DUT and a server that hosts the BNG Blaster, thereby minimizing the equipment needed to test the DU. For more information, refer to the BNG Blaster documentation. To use BNG Blaster, download and install the BNG Blaster software onto the system that meets the tool’s system requirements. The software can be downloaded from https://github.com/rtbrick/bngblaster/releases.
About RBFS Carrier-Grade NAT
Both BNG and CGNAT functionalities coexist in a CGNAT-enabled RBFS platform. RBFS CGNAT supports NAT44 functionality that maps IPv4 subscriber private addresses to IPv4 public addresses. RBFS CGNAT translates the source private IPv4 address and port number to a public source IPv4 address and port. Multiple private source IPv4 addresses can be translated into a single public IPv4 address, and the unique port numbers help to identify the private network devices from each other.
Address Translation for Upstream Traffic
When a device with a private IP address initiates communication with a destination device on the Internet, RBFS CGNAT chooses an available public IP address from the pool and creates an entry in its translation table. When packets from the private IP address traverse the network toward the internet, the CGNAT device translates the source IP address of these packets from the private address to the corresponding public address based on the entries in the translation table. It also performs port translation to maintain uniqueness, as multiple private addresses are mapped to the same public address.
It performs the address translation by replacing the source private IPv4 address with the public IPv4 address and the source port number (TCP/UDP) with the unique port number.
Reverse Address Translation for Downstream Traffic
When downstream traffic is received from servers on the Internet, the CGNAT device reverses the translation by replacing the destination public IP address with the corresponding private IP address from its translation table and the unique port number with the original port number.
RBFS C-BNG with CGNAT Implementation Architecture
When your device with a private IP address sends a request to the destination device, CGNAT assigns to the packets a unique port number and translates the private IPv4 address of the device into the public IPv4 address.
The following diagram illustrates the architecture of C-BNG with CGNAT that serves routing and address translation functions between a private network and a public network.
About this topology:
-
The Service Node is an Ubuntu server on which a new container is spawned with the associated interfaces for running BNG Blaster tests.
-
BNG Blaster emulates both the routing and access functions. It is an open-source network tester developed by RtBrick to validate the performance and scalability of BNG devices. The BNG blaster can emulate both subscribers at scale and network elements such as routers. Therefore, it is possible to create complex topologies with just the DUT and a server that hosts the BNG Blaster, thereby minimizing the equipment needed to test the DU. For more information, refer to the BNG Blaster documentation. To use BNG Blaster, download and install the BNG Blaster software onto the system that meets the tool’s system requirements. The software can be downloaded from https://github.com/rtbrick/bngblaster/releases.
-
The topology emulates PPPoE and IPoE subscribers and traffic between RBFS switch and the core network.
-
In this topology, OSPFv2/v3 is used for internal routing within the AS, LDP is used to build the MPLS underlay for label switching, and iBGP is used to learn Internet prefixes and exchange routing information within the AS. These protocols establish route reachability.
-
The objective of this topology is to demonstrate complete RBFS Carrier-Grade Network Address Translation for IPoE and PPPoE subscribers.
-
R-1 and R-2 are simulated using BNG Blaster.
At a high level, the diagram shows a private network and the public network which are simulated using BNG Blaster. Three host devices in a private network send traffic to servers on the public network. The host devices, that run two or three applications such as App1-1
, App2-2
, and so on, send traffic to servers on the Internet.
The private and public networks are simulated using BNG Blaster.
The PPPoE and IPoE subscriber traffic received by the CGNAT device interfaces ifp-0/1/3
and ifp-0/1/5
. The CGNAT-enabled RBFS performs address translation and sends the packets to the destination.
The address translation table shows the mapping between the private IPv4 address (plus the port number) and the public IPv4 address (plus the unique port number).
For example, the private IPv4 address 10.18.18.1
and port number 65001
(App1-1) is mapped to the public IPv4 100.100.64.10
and port number 1234
. CGNAT performs address translation from private IPv4 address to public IPv4 address upstream traffic and a reversal address translation from public IPv4 address to private IPv4 address for downstream traffic.
RBFS CGNAT maintains an Address Translation Table that records the mapping between the private IPv4 address and the public IPv4 address (with the port numbers).
It performs the address translation by replacing the source private IPv4 address with the public IPv4 address and the source port number (TCP/UDP) with the unique port number. The private IPv4 address and port number and the mapped public IPv4 address and the port number are recorded in the Address Translation Table. After the address translation, the traffic is forwarded to the R-1 router and finally to the destination servers in the public network.
A reversal address translation happens for the downstream traffic when the destination servers send packets to the RBFS device. After receiving the downstream packets, the CGNAT device examines the translation table mapping and performs a reversal address translation. It replaces the public IPv4 with the respective private IPv4 addresses and port numbers.
Deploying RBFS C-BNG
RBFS C-BNG runs on small form-factor hardware that allows deployments in street-site cabinets. The rtbrick-toolkit
is a meta package that can be used to install all the tools needed to work with RBFS images (container or ONL installer) and the RBFS APIs. For more information, see RBFS Installation Guide.
Using the RBFS CLI
Connect to the C-BNG
node.
$ ssh <C-BNG-management-ip> -l supervisor supervisor@<C-BNG-management-ip>'s password:
The password for C-BNG-management-ip
should be entered here.
As a result, the CLI prompt will look like this:
supervisor@rtbrick>C-BNG.rtbrick.net:~ $
Open the RBFS CLI.
supervisor@rtbrick>C-BNG.rtbrick.net:~ $ cli
The CLI has three different modes:
-
operation
mode is a read-only mode to inspect and analyse the system state -
config
mode allows modifying the RBFS configuration -
debug
mode provides advanced tools for trouble-shooting
The switch-mode
command allows switching between the different modes.
The show
commands allow inspecting the system state.
The set
and delete
commands, which are only available in the configuration mode, allow modifying or deleting the current configuration. The commit
command persists the changes. RBFS provides a commit history that allows reviewing changes (show commit log
) and restoring a previous configuration (rollback
). There are also commands to ping
destinations, capture
network traffic, save
the configuration to or load
the configuration from a file.
The CLI supports abbreviating commands, provides suggestions by hitting the [tab]
key and displays a context help by entering ?
.
For more information on how to use the RBFS CLI, see the RBFS CLI User Guide.