Posts

In two previous articles, we discussed why interest in BNG and RADIUS-based provisioning is growing and what makes COS’s solution unique. In this article, we will take a deeper look at the key factors to consider when selecting a RADIUS solution.

When implementing a BNG in your network, you will need to decide on a RADIUS solution and how to set up the database. This decision is far from straightforward and can be complex, which is why we want to provide guidance here.

At COS, we have encountered several different methods for implementing RADIUS provisioning. Since this solution plays a crucial role in network reliability, it is well worth investing time in making an informed decision. Naturally, your specific circumstances will determine which solution best fits your network, but below are our general recommendations.

The following solutions are based on FreeRADIUS and PostgreSQL but are similar for MariaDB/MySQL.

Three RADIUS Authentication & Authorization Solutions with FreeRADIUS

Option 1: The Simplest Setup – No Redundancy

  • 1 VM (Virtual Machine) with FreeRADIUS
  • 1 VM with the database, with automatic backup/export

Since virtual servers are used, it is easy to perform backup/restore/replication, create snapshots before updates, and similar tasks. In this scenario, the underlying virtualization platform (e.g., VMware) minimizes downtime compared to physical machines. This setup is straightforward and works well for less critical implementations and lab environments.

Option 2: Redundancy via Replication

  • 2 VMs with FreeRADIUS
  • 2 VMs for the database (1 primary, 1 secondary/standby)

FreeRADIUS must be configured to recognize both databases (primary and secondary) so that it automatically switches to the secondary if the primary stops responding. To promote the secondary database to primary automatically, additional configuration and usually an extra VM (quorum) are required. Otherwise, this must be done manually. This setup is a good balance between complexity and reliability.

Option 3: Redundancy via Clustering

  • 2 VMs with FreeRADIUS
  • 2 VMs with the database in cluster mode, either active-passive (the passive takes over if the active fails) or active-active (both share the load)

The clustering setup is significantly more advanced than the replication approach in Option 2 but enables even higher uptime. The two RADIUS servers connect to an IP address representing the cluster. In active-active mode, both database VMs are operational simultaneously, sharing the load. Failover occurs automatically without manual intervention. However, this is the most complex setup and requires advanced database expertise for monitoring and maintenance. It is best suited for large operators with the highest availability requirements and in-house expertise to manage this setup.

RADIUS Accounting

Collecting RADIUS Accounting data—detailed statistics and usage information—can be demanding and should be handled by a separate RADIUS server with its own database. The redundancy options described above focus on managing Authentication and Authorization functions.

COS Systems: Helping You Choose the Right RADIUS Solution

At COS, we have built expertise in collaboration with our partners and are happy to guide you in selecting the right RADIUS and BNG solution. Our philosophy is pragmatic: “Don’t let the perfect be the enemy of the good.” The most complex solution is not always the best choice; instead, the ability to manage the solution over time should be the deciding factor. At the same time, technology is constantly evolving, and it is essential to take advantage of innovations and advancements. We stay up to date with these developments and are happy to help you make the right decision.

More from COS Systems

In our next article, we will take a broader perspective and present COS Business Engine – our complete solution for municipal network operations.

Stay tuned and read more about our solutions here!

In our previous article, which you can read here, we discussed how Active Ethernet networks can be modernized with BNG (Broadband Network Gateway) and RADIUS provisioning, simplifying operations and increasing scalability. However, not all BNG and RADIUS implementations are the same—and this is where COS Systems stands out. Our solution is designed to provide higher operational reliability, easier management, and better control while being flexible enough to fit different network models.

What Makes COS Systems’ Solution Unique?

COS Systems has developed a flexible and automated RADIUS integration to manage BNGs, eliminating many of the challenges faced by previous implementations. Here are some of the key advantages:

  • Simplified Configuration and Management – Our solution requires minimal manual configuration, making network deployment and maintenance quick and easy.

  • All Data in One Place – Provisioning parameters and customer information are centrally managed within COS Business Engine instead of being scattered across different systems. This means there’s no need to log into the RADIUS database directly to view and manage provisioning attributes.

  • Robust Backup and Recovery – Since all data is stored in the COS platform, an up-to-date copy of the network’s provisioning information is always available. If anything happens, the system can be easily resynchronized and restored! Additionally, since COS Business Engine itself is backed up, this provides multiple layers of security.

  • Monitoring – Our solution not only monitors RADIUS itself but also the underlying database, providing better visibility and insight for operators.

  • Seamless Migration from Legacy Solutions – If you already have information on where customers are connected (e.g., switch ports), we can build a RADIUS database to facilitate an easier transition to BNG provisioning.

Support for Different BNG Provisioning Models

Our solution is flexible and supports multiple established BNG provisioning models, including:

  • Centralized BNG – A single BNG handling all traffic and provisioning from a central location.

  • Distributed BNG – Multiple BNG units sharing the load and creating redundancy.

  • Virtual BNG (vBNG) – Software-based BNG that can run virtually or on dedicated hardware, such as solutions from our partner netElastic.

Technical Enhancements in Our Implementation

We have also made key technical improvements compared to older BNG and RADIUS implementations:

  • Support for provisioning via RADIUS using a combination of users, groups, and user profiles.

  • Pre-built integrations for MariaDB/MySQL and PostgreSQL.

  • Support for both modern WireGuard and traditional IPSec-based VPNs.

  • Management of RADIUS attributes, operators, and values directly in COS Business Engine’s web interface.

  • Support for various VLAN schemes, including those using pseudo-wires.

  • Ability to resynchronize RADIUS data in case of catastrophic failure.

  • Full compliance with the FreeRADIUS standard schema, making FreeRADIUS updates simpler and less risky.

A Smooth, Robust, and Future-Proof Solution

With our BNG and RADIUS implementation, you get a reliable and flexible solution that makes network management easier. Our centralized management, automated provisioning, and monitoring give operators and network owners better control and lower operational costs. At COS, we’re ready to help you transition to BNG provisioning in a cost-effective way.

More from COS Systems

In article three, we dive deeper into what to consider when designing your RADIUS solution. Read the article here.

Stay tuned and read more about our solutions here!

Network owners are facing an exciting transformation. Thanks to recent price reductions in Broadband Network Gateway (BNG) solutions, opportunities that were once reserved for larger operators are now within reach for small and mid-sized network owners. Today, these investments are not only justifiable for streamlining operations but also for enabling the rapid deployment of new services and technologies.

RADIUS and BNG – An Efficient Path Forward

Traditional provisioning of Active Ethernet networks often requires manual or semi-automated provisioning of network switches. Many networks consist of switches from multiple hardware vendors, demanding deep technical expertise to ensure secure and scalable operations. By implementing BNG solutions, provisioning can be simplified, automated, and centralized. This is achieved by configuring the access portion of the network statically, allowing all service changes to be managed centrally via the BNG—eliminating the need for local reconfiguration of switches.

Provisioning is controlled using RADIUS, a standardized and proven protocol for centralized authentication, authorization, and accounting (AAA). To fully automate this process, integration with a BSS/OSS system—such as COS Business Engine—is required.

Key Benefits of RADIUS and BNG Provisioning

  • Reduced Complexity – Enables the use of simpler and more cost-efficient access switches.
  • Improved Reliability and Easier Troubleshooting – The static access layer allows for quicker problem identification.
  • Enhanced Security and Policy Management – RADIUS centrally handles authentication, authorization, and accounting (AAA), while BNG supports Quality of Service (QoS) and policy-based traffic control.
  • Scalability and Future-Proofing – The solution works equally well for both small and large networks.
  • Flexible Service Delivery and Integration – Changes can be implemented without manual intervention.
  • Free Seating – Simplifies customer equipment setup and reduces support calls since the customer’s device can connect to any port without requiring predefined settings. A practical example is that a customer’s IP telephony service will work regardless of which port their device is connected to.

COS Systems – The Smartest Path to Modernization

COS Systems has extensive experience in automated provisioning. Our software efficiently handles provisioning for Active Ethernet networks, and we partner with all major hardware vendors for PON provisioning. We’ve closely followed the evolution of RADIUS and BNG and have developed a solution in collaboration with leading manufacturers—built on industry standards and the latest technologies.

However, we offer much more than just provisioning. With our BSS/OSS system, you get an end-to-end solution for managing and automating the operations of open-access networks. Our platform covers everything from customer interest registrations and customer portal management to flexible administration of service providers, services, and pricing across different network segments or properties. Additionally, it includes built-in ticketing, fiber installation management, and automated invoice generation—streamlining the entire process.

With COS Business Engine, BNG, and RADIUS, you get:

  • A cost-effective solution – Lower operational costs without replacing existing infrastructure.
  • High reliability and scalability – A solution that grows with your network.
  • Standardized and future-proof technology – Open standards with support for leading manufacturers.

More from COS Systems

In article two, we’re diving into how COS Systems’ RADIUS and BNG provisioning solution works and how it can help you optimize your network operations. Read the article here.

Click here to learn more about our solutions.

Illustration of houses benefiting from FTTH technology, showcasing our leadership among FTTH innovators on Broadband Communities' Top 100 list for nine years.We are very proud to have made the Broadband Communities’ Top 100 Companies list of FTTH leaders and innovators 2022, for the ninth concecutive year! Our products and dedication to our customers stand the test of time.

Selection Criteria*

In selecting the FTTH Top 100, the editors looked for organizations that advance the cause of fiber-based broadband by

  • Deploying networks that are large or ambitious, have innovative business plans, or are intended to transform local economies or improve communities’ quality of life
  • Supplying key hardware, software or services to deployers
  • Introducing innovative technologies with game-changing potential, even if they have not yet been commercially deployed
  • Providing critical conditions for fiber builds, such as advocacy or demand aggregation

Read more here

(*source: https://www.bbcmag.com/tools-and-resources/ftth-top-100/2022)