Table of Contents
In the previous article, we introduced what PPPoE is, how it works, and how it can be configured on Asterfusion SONiC-based switches. For more : What Is PPPoE ? How Does It Work In SONiC ? In this follow-up, we take a step further into the architecture behind the scenes—how Asterfusion builds a scalable PPPoE gateway by combining SONiC and VPP.
In this design, SONiC handles control and orchestration, including configuration management and service abstraction, while VPP takes responsibility for the user-space datapath acceleration, enabling high-performance PPPoE session processing and packet forwarding.
This clean separation of control plane and data plane allows the system to achieve both operational simplicity and high throughput scalability—making it suitable for modern broadband and edge gateway deployments.
The Performance and Architectural Bottlenecks of Traditional vBNG
When diving into the underlying operational mechanisms of traditional vBNGs, one typically finds structural pain points that restrict high-concurrency services.
- Memory Consumption Under High Concurrency: Traditional PPPoE services often rely on external ip-up Python scripts for state synchronization. Under a concurrency pressure of 100 connections per second, this legacy mode can instantly consume up to 3GB of system memory, easily leading to resource exhaustion or system anomalies.
- Proprietary Ecosystem Lock-in: To implement QoS policies or billing, traditional architectures usually require binding to specific vendor dictionaries. This solidifies network control and makes the adaptation costs of migrating to standard open-source systems prohibitively high.
Building a Scalable PPPoE Gateway with SONiC and VPP Integration
In modern enterprise campus networks and ISP edge access scenarios, AsterNOS-VPP rearchitects the traditional vBNG design. It maximizes the processing capabilities of the ET2500 hardware platform, enabling a high-performance and cost-efficient BNG implementation with unified RADIUS management.
What is AsterNOS-VPP?
It is an open Router OS which is a disaggregated network operating system that combines SONiC as the control plane and VPP as the user-space forwarding engine.
This architecture enables:
- Centralized service orchestration via SONiC
- High-throughput packet processing via VPP in user space
- A scalable, software-defined routing and gateway platform
Core Architecture Upgrade
Traditional vBNG architectures are often constrained by kernel-space processing efficiency and script-based workflows, which leads to increased memory consumption under high concurrency scenarios. AsterNOS-VPP introduces the following key changes:
- Multithreaded architecture redesign: Replaces the traditional Python-based synchronous model with a single-process, multithreaded accel-ppp design. Through the in-house
extra/pppsyncplugin, interface state changes are directly synchronized to APPL_DB. This reduces memory overhead under high concurrency and avoids resource exhaustion issues. - VPP vectorized forwarding: Based on
libsaivpp.so, standard SAI operations are translated into VPP API calls. The data plane performs PPPoE encapsulation and forwarding in user space using a vector processing model, removing the per-packet processing bottleneck in the kernel space. - TCP MSS clamping optimization: The built-in
mss_clamp_pluginhandles MTU-related packet loss and network blackhole issues, improving stability for dial-in services in complex network environments.
Decoupling from Vendor Lock-In
AsterNOS-VPP is designed around an architecture decoupling model to build an open and vendor-neutral access ecosystem:
- Full RADIUS compatibility: Supports deep integration with standard AAA platforms such as FreeRADIUS. It supports both local IP pool allocation and centralized IP management driven by RADIUS, ensuring seamless integration and full operator control over policy enforcement.
- Elimination of VSA dependency: By adhering to standard protocol extensions, it removes reliance on vendor-specific attributes (VSA), reducing vendor lock-in and lowering migration complexity for QoS and billing policies.
Deployment Flexibility: Hardware and Software Balance
With AsterNOS-VPP, ET2500 functions not only as a switch but also as a high-performance edge gateway:
- Cross-platform consistency: Whether deployed on hardware platforms based on Marvell OCTEON CN102/CN103 (such as ET2500/ET3600) or in virtualized environments such as KVM or GNS3, AsterNOS-VPP provides a consistent control plane and high-performance forwarding behavior.
- Simplified migration path: By combining the SONiC-standard control plane with a VPP-based high-performance data plane, a standard Layer 3 gateway can be rapidly transformed into a carrier-grade vBNG node, reducing overall total cost of ownership (TCO).
Control Plane and Data Plane Decoupling and Coordination
In the AsterNOS-VPP architecture, PPPoE is not implemented as a simple kernel-based feature. Instead, it is split into control plane and data plane responsibilities:
- Control plane: Handles RADIUS interactions and session state management, with real-time synchronization via
pppsync, ensuring efficient and stable control-plane operations. - Data plane: Uses VPP in user space for high-speed forwarding, enabling line-rate performance for large-scale concurrent sessions.
- AsterNOS-VPP integration layer: Provides hardware abstraction, policy configuration delivery, and standardized APIs, reducing dependency on proprietary VSA mechanisms.
Migration from PPPoE to IPoE
As network traffic continues to grow and IPv6 adoption accelerates, many operators are gradually migrating from PPPoE to IPoE (IP over Ethernet). While both technologies support subscriber authentication and billing, IPoE eliminates the additional PPP encapsulation overhead, resulting in higher forwarding efficiency and improved network performance.
Comprison is show as below:
| Item | PPPoE | IPoE |
| Encapsulation Overhead | 8 bytes | No additional PPP encapsulation |
| MTU | Typically 1492 | Typically 1500 |
| User Authentication | Built-in PPP authentication | Relies on DHCP/AAA |
| Subscriber Billing Support | Yes | Yes |
| IP Address Assignment | Dynamic via IPCP | DHCP |
| Subscriber Management | Mature | Depends on operator architecture |
| IPv6 Support | PPPoE IPv6 support | Native and simpler |
| Performance | Slightly lower | Higher |
| Deployment Status | Widely used in traditional ISP networks | Preferred in new network deployments |
Compared with PPPoE, IPoE offers several advantages:
- Higher forwarding efficiency with lower protocol overhead
- Native 1500-byte MTU without PPPoE’s 1492-byte limitation
- Simplified IPv6 deployment and address management
- Reduced processing burden on BRAS/BNG platforms
As a result, IPoE has become the preferred architecture for many next-generation broadband networks. While PPPoE remains widely deployed due to its mature ecosystem and operational familiarity, the long-term trend is clear: operators are increasingly moving toward IPoE-based access networks to improve scalability, simplify operations, and support future service growth.
OpenBNG on SONiC
Evolve from Legacy BNG to High-Performance, Disaggregated OpenBNG
Conclusion
By combining SONiC’s strength in control and orchestration with VPP’s high-performance user-space forwarding, AsterNOS-VPP redefines how PPPoE-based access gateways are built and scaled. It moves beyond traditional kernel-bound vBNG architectures, delivering a more flexible, efficient, and software-defined approach to broadband edge services.
Running on platforms like ET2500, this architecture not only improves performance and scalability for existing PPPoE deployments, but also provides a clear evolution path toward IPoE-based next-generation access networks. More importantly, it enables operators to break free from vendor lock-in while maintaining full compatibility with standard AAA systems such as RADIUS.
As access networks continue to evolve toward higher concurrency, higher bandwidth, and greater openness, AsterNOS-VPP represents a practical step forward—where control intelligence and forwarding performance are cleanly separated, yet tightly optimized to work as one system.
