Mini-Gateway for Traffic Analysis

The Stingray Gateway Service solution allows telecom operators to simply and efficiently restrict user access to resources on the Internet.

• Up to 4 billion URLs with a compact representation in memory
• Up to 80 gigabits/s performance in the BASE version
• Less then 30 microseconds to process requests on a 1U server
• guaranteed resource blocking

Stingray Gateway allows the implementation of “smart” Access Control Lists (ACLs). Unlike traditional network ACLs, which define service ports or domain names on an OSI Layer 3 device to which services are allowed or denied access, Stingray Gateway controls traffic all the way up to OSI Layer 7. This means that it is possible to restrict or allow access to certain services, applications, resources for certain users or groups of users.

• Work at all layers of the OSI with DPI technology
• Flexible configuration of access rules
• Allow lists for subscribers
• Captive Portal

The Stingray Gateway Network Address and Port Translation feature allows a service provider to share a single public IPv4 address with multiple subscribers, extend the use of limited IPv4 address space, and simplify migration to IPv6 addressing. Since the DPI platform is designed for heavy loads with deep traffic analysis, it also handles Carrier-Grade NAT (address translation) with full DPI capabilities.

• Leverages the limited IPv4 address space
• Conforms to industry standards enshrined in RFC 6888, RFC 4787
• Enables transparent operation of peer-to-peer protocols (torrents, games)
• Allows limiting the number of TCP and UDP ports for a subscriber (DDoS protection)

The BRAS Service Gateway is a feature of the Stingray Getaway traffic control and analysis system for subscriber termination. This solution allows the broadband operator to control subscribers’ access to the Internet and apply tariff plan policies and additional tariff options.

It works in L2 BRAS and L3 BRAS modes, supports Dual Stack IPv6/IPv4, IPoE, PPTP and PPPoE authorization, Radius CoA, and user redirection to Captive Portal (blocking).

Benefits of BRAS mode based on Stingray Getaway

• QoS provisioning as part of the plan
• Dual-Stack IPv6/IPv4
• Multiple users — one login is associated with multiple IPs
• Whitelisting by domain — does not depend on IP changes
• Marketing capabilities (Quality of Experience (QoE) acquisition and processing, clickstream)

QoS is achieved by the ability of DPI technology to prioritize all traffic, giving certain applications and protocols more bandwidth. The greatest use of QoS is to provide subscriber IP-telephony, IP-television, video conferencing, and other delay-sensitive services.

Availability and quality of services are one of the main indicators of the telecommunications operator or Internet provider. Stuttering of sound, colored squares on video, slow loading of pages are some of the main annoyances of the user, which can be eliminated and QoE (Quality of Experience) can be improved with the QoS function of the Stingray Service Getaway system.

Stingray Getaway subscriber communication function allows the telecom operator to conduct marketing campaigns, analyze subscriber visit history and his behavior on these resources, show targeted advertising and informational messages at any moment of time, segment subscribers based on accumulated billing data.

The creation of a “home page” makes it possible to obtain complete information about the subscriber (gender, age, browser, login devices, preferences, etc.), to sell partner services through it, to conduct surveys to improve QoS, to promote new services, and to drive traffic to pages with their descriptions.

• Communication with the subscriber
• Behavioral reports
• Starting pages

The Stingray Gateway Service system has built-in protection against DoS (Denial of Service) and DDoS (Distributed Denial of Service) attacks — a type of attack on computer systems, when users cannot access resources provided by the system or such access is complicated.

• Up to 20 mln packets per second depending on the configuration
• TCP SYN Flood and fragmented UDP Flood protection
• DDoS protection (LOIC, etc) based on Turing test (Human Detection)
• Dynamic control of bandwidth— both shared and to a separate IP
• Prioritization by the common band and separate IP protocols