Contact
FireBrick FB9000

FB9000 - LNS

  1. Home
  2. FB9000
  3. FB9000 - LNS

The FB9000 is designed primarily for termination of multi-gigabit wholesale broadband links allowing termination of broadband and mobile L2TP sessions from networks such as BT Wholesale, TalkTalk Business, Vodafone, Zen Wholesale, CityFibre and others. It is designed to handle multiple gigabits of normal Internet traffic levels and handle sufficient tunnels and sessions for that level of usage.

Authentication and accounting is by means of RADIUS. Allocated IPv4 and IPv6 addresses being announced by BGP sessions.

Fixed line and Mobile

  • Terminate fixed line from wholesalers providing ADSL, VSDL, FTTP
  • Terminate IoT and Data SIMs that are handed over via L2TP

Overview

  • Built in platform RADIUS
  • Session steering logic allowing a pool of LNSs to be easily managed.
  • End user loss/latency/throughput graphs/xml data - based on LCP echoes every second for every connection.
  • Two 10G ports, intended for LACP.
  • Very low power consumption (around 30W), dual PSU, 1U box. Save money on space and power in data centre.
  • Simple L2TP relay for reselling L2TP hand-off to smaller ISPs.
  • PPPoE server and L2TP integration acting as a BRAS for direct connection to DSLAMs.
  • Comprehensive shaper sharing between multiple LNSs allows multiple gigabit handling with aggregate shaping in to the carrier network if required.
FB9000-prototype-front

Constant Quality Monitoring

Always-on monitoring

One of the stand-out features of the FireBrick running as an LNS is it's ability to send LCP echoes every second to every circuit and create loss/latency/throughput graphs and xml data files.

This happens all the time, no need to enable it when a customer calls up saying they have problems.

You can archive and store historical graphs so that they can be integrated with your own staff or customer management portals.

Save time, find faults faster

Technical support staff will find the graphs invaluable when investigating faults with customer's circuits when faced with questions regarding speeds or congestion.

Loss, latency and throughput all tell a story about the quality of the connection, a poorly running service is instantly easy to spot.

Staff can compare graphs across your estate to find problems with particular back-haul services, and find patterns when investigating similar-sounding fault reports.

CQM Examples

Heavy packet loss

Low packet loss

Heavy packet loss during upload

Disconnects and packet loss

Constant upload and constant packet loss

No traffic

FireBrick LNSs in an ISP:

FireBrick LNS Overview.png

General Features

Licensing

Full features for one price, no per session licencing or other extra costs.

Warranty

Five year warranty on hardware against any manufacturing defect. Normal working hours / courier replacement. Recommended that two units are used together to provide hardware redundancy. On-going maintenance contracts available for extended hardware support beyond one year.

Hardware

1U, dual AC 120/240V inlets (monitored), 2 internal fans (monitored), approx 30W total power consumption.

Multi-position 19" rack mount ears, with variation for hanging mount in shallow depth telco racks.

Software upgrades

Free of charge, beta and released software. Internal flash holds up to 8 prior versions with automatic fallback on crash/watchdog.

Reboot or software upgrade with clean shutdown of L2TP, BGP, VRRP, etc, for minimal disruption. Boot time under 1 second.

UK based s/w support team - email and irc support during office hours.

Configuration

Configuration defined by an XML document according to a published XSD schema. The configuration may be uploaded and downloaded by HTTP (e.g. using curl). In addition the web interface contains an interactive configuration editor.

Configuration changes are applied as seamlessly as possible when loaded without the need to re-boot.

Command line interface

The command line provides a number of commands to provide viewing of BGP, and pinging status data, as well as clearing BGP sessions. Includes tab completion and interactive help text.

Ports

Two SFP+ 10-Gigabit ports and eight SFP 1-gigabit ports allowing 4096 VLANs on each. 100 independent routing tables which can be used with BGP. Each port/VLAN can be attached to a specific routing table.

Access control

Access lists of telnet, web, SNMP. These can also be attached to an independent routing table for specific port/VLANs.

SNMP

SNMP (read only) support for a number of functions including interface stats for each port/VLAN in use and individual ping state (up/down).

NTP

Simple NTP client to set clock for accurate logging with fallback via list of configured servers.

DHCP/RA

DHCP client mode available, multiple instances. Also RA client for IPv6 addressing.

RA server for passive IPv6 adress allocation to LAN.

VRRP

IPv4 VRRP2 and IPv4/6 VRRP3 server.

  • Multiple VRRP IP addresses per port/VLAN.
  • Can use standard floating MAC address, or can use fixed per machine MAC with promiscuous ARPs as configured.
  • Dynamic VRRP priority based on routability of a list of addresses, allows VRRP to only become master when external routing in place.
  • Pingable VRRP addresses for easier diagnostics.

L2TP & RADIUS

L2TP

L2TP incoming connections and outgoing L2TP relay. RADIUS is used for authentication and accounting.

  • Real-world traffic capacity of around 8Gb/s
  • Routing of multiple IPv4 and IPv6 address blocks to a session allocated by RADIUS.
  • Routing IP blocks to multiple sessions (same metric) to perform load balancing based on line speed.
  • Fallback routing of IP blocks (different metric).
  • Source IP checking IPv4, IPv6, and tunnelled IPv6 including 2002::/16 prefix against IPv4 source addresses.
  • Native and tunnelled IPv6 wrapped and unwrapped at the L2TP interface.
  • Constant Quality Monitoring (CQM) graphs.
  • 20,000 L2TP tunnels
  • 65,535 L2TP sessions (total across all tunnels).
  • 4,096 simultaneously negotiating sessions.
  • 32,767 closed user groups which can also incorporate specific port/VLANs for hosted servers as part of the group.
  • 100 independent routing tables, which can be assigned by RADIUS.
  • Snapshot RADIUS accounting on configurable interval, e.g. accounting for all lines on the hour.
  • 64 bit counters for RADIUS byte counts to allow for high speed lines and hourly reporting.
  • Per session traffic shaping from RADIUS.
  • DOS limiter per session, dropping line on DOS at configurable level.
  • Configurable aggregate traffic shaping and metering to work with BT's split WBC/IPSC operation.
  • L2TP relay on static pattern match, and per line on RADIUS.
  • PPPoE server integration acting as a BRAS to direct linking to DSLAMs.

CQM

CQM provides graphs for last day, and for nightly archive, for L2TP sessions based on circuit ID from RADIUS, and for external interfaces.

  • >15,000 separate graphs (an increase is planned at a later date)
  • LCP echo every second on every session aggregated to 100 second samples over last day.
  • Packet loss to 1%.
  • Minimum, Average, and Maximum latency to 4 decimal places of ns.
  • Average Tx and Rx rate.
  • Directly http served CSV for analysis.
  • Directly http served PNG graphs for direct integration in to support systems.
  • MD5 in URL for linking for external authenticated viewing.
  • Configurable colours and text and data selection.
  • Configurable scoring of graphs for matching similar lines and identifying common problems.
  • Shaper sharing with other FireBricks for aggregate policing of traffic over multi gigabit networks.

RADIUS

RADIUS authentication and accounting allows configuration of session settings and logging of usage. Configurable fallback and blacklisting of non responsible servers.

RADIUS DM and CoA

RFC5176 Disconnect message and change of authorisation are supported allowing on the fly changes of routing table, closed user group, routes, and line speed without dropping session. Ideal for handling BRAS rate changes seamlessly.

Platform RADIUS

A RADIUS server provides responses to platform RADIUS requests directing sessions to the FB9000 or alternative endpoints based on simple pattern match. Tested against BT, Be, Zen and 3UK hand-overs.

  • Allows control over RADIUS response based on calling and called station ID, and username including pattern matching.
  • Allows tagged and untagged responses, with ordering/selection controlled by in various ways including hash based ordering on calling or called ID, login, username, realm or random.
  • Includes additional parameters for working with mobile GGSN hand-over.
  • Includes additional parameters for working with BT 20CN session steering on IPSC (SIN502).

BGP

BGP is provided to allow interface to carrier (e.g. BT) to accept routes to BRASs, etc, and announcing routes to ISP core network.

IPv4 and IPv6 BGP sessions.

  • IPv4 and IPv6 routing data.
  • AS4 (32 bit) AS number support.
  • IPv6 protocol 41 tunnel announcements using 2002::/16 next hop.

Syslog

Syslog to external server with various levels of debugging data available. Logs also available live via command line interface.

Sales & Dealer Enquiries

email sales@firebrick.co.uk
phone 01344 400 500
Mon - Fri, 9am-5pm,
calls are recorded
sms 01344 400 500

Support Contact

email support@firebrick.co.uk
phone 01344 400 500
Mon-Fri 9am-5pm,
calls are recorded
sms 01344 400 500

Close Get Support