Getting Started API Reference Integrations vBNG Deployment

vBNG Deployment Guide

Deploy ISPChamp vBNG on commodity x86 hardware. This guide covers hardware requirements, architecture, and component configuration.

Architecture Overview

# ISPChamp vBNG — Packet Flow

# ┌─────────┐ ┌──────────┐ ┌───────────┐ ┌──────────┐ ┌───────────┐

# │ OLT │───▶│ Kea DHCP │───▶│ RADIUS │───▶│ VPP/DPDK │───▶│ FRRouting │

# │ (GPON) │ │ (DHCPv46)│ │ (Auth+Acct│ │ (Fwd+NAT)│ │ (BGP/OSPF)│

# └─────────┘ └──────────┘ └───────────┘ └──────────┘ └───────────┘

# Option 82 Lease Req Auth Check Wire-speed Upstream

# insertion + PD + Policy forwarding peering

# Data plane (VPP) runs in userspace with DPDK — zero kernel involvement

# Control plane (Kea + RADIUS + FRR) runs as standard services

Hardware Requirements

Component	Minimum (10Gbps)	Recommended (100Gbps)
CPU	Intel Xeon E-2300 (8C/16T)	Dual Intel Xeon Gold 6300+ (32C+)
RAM	32 GB DDR4 ECC	128 GB DDR4/DDR5 ECC
NIC	2x 10GbE Intel X710	2x 25GbE Intel E810 or Mellanox CX-6
Storage	240 GB SSD	480 GB NVMe SSD
OS	Ubuntu 22.04 LTS	Ubuntu 24.04 LTS

Component Configuration

VPP/DPDK — Data Plane

Vector Packet Processing with DPDK handles all subscriber traffic at wire speed. Manages per-subscriber QoS, NAT, and packet forwarding without kernel overhead.

Hugepages: 2MB x 8192 (16GB) for flow tables

CPU isolation: isolcpus for DPDK worker threads

NIC binding: DPDK-compatible driver (vfio-pci)

Forwarding graph: classify → policer → NAT → route → output

ISC Kea 3.0 — DHCP

Handles DHCPv4, DHCPv6, and prefix delegation for all subscribers. Integrates with RADIUS via the Kea RADIUS hook for authentication.

DHCPv4 with Option 82 relay agent parsing

DHCPv6 with Prefix Delegation (PD) for /56 or /64

RADIUS hook for auth before lease assignment

Lease database in PostgreSQL (shared with ISPChamp)

FreeRADIUS — AAA

Handles subscriber authentication, bandwidth policy assignment, and accounting. PostgreSQL-backed with ISPChamp as the management layer.

Auth: PAP/CHAP for PPPoE, MAC-auth for IPoE

CoA: Dynamic bandwidth changes without disconnect

Accounting: Interim updates every 300 seconds

Failover: Proxy to secondary RADIUS on timeout

FRRouting — Control Plane

Manages BGP/OSPF peering with upstream providers and internal routing. Advertises subscriber prefixes and handles failover.

BGP: eBGP peering with upstream + iBGP mesh

OSPF: Internal routing between BNG nodes

BFD: Bidirectional Forwarding Detection for fast failover

Route maps: Policy-based routing for traffic engineering

CGNAT — NAT44

Inline Carrier-Grade NAT with deterministic mapping and BTRC-compliant session logging.

Deterministic NAT: Predictable port allocation

Port block size: 256 ports per subscriber

Logging: Full session logs for BTRC compliance

IPv6 bypass: Dual-stack traffic skips NAT

Quick Deploy

# 1. Prepare the server

sudo apt update && sudo apt upgrade -y

sudo apt install -y linux-tools-common hugepages dpdk dpdk-dev

# 2. Configure hugepages

echo 'vm.nr_hugepages=8192' | sudo tee -a /etc/sysctl.conf

sudo sysctl -p

# 3. Bind NICs to DPDK

sudo dpdk-devbind --bind=vfio-pci 0000:01:00.0

sudo dpdk-devbind --bind=vfio-pci 0000:01:00.1

# 4. Deploy ISPChamp vBNG (Docker Compose)

curl -sL https://get.ispchamp.com/vbng | bash

cd /opt/ispchamp-vbng

docker compose up -d

# 5. Verify

vppctl show interface

vppctl show nat44 sessions

vtysh -c "show bgp summary"