Capabilities
- Subscriber Termination: PPPoE, IPoE; RADIUS auth + accounting; CoA / Disconnect Messages
- Hierarchical QoS: Per-subscriber + per-VLAN-group caps; CDN-aware burst classification
- Carrier-Grade NAT: Full-cone, symmetric, FCFS; block-based port allocation; hairpinning; IPFIX export
- Stateful XDP Firewall: LPM-trie rules; HTTP 302 / HTTPS RST injection; per-domain blocklists
- DDoS Pre-Filter: Auto-block by per-source PPS; CIDR blocklist; inline drop at NIC
- Inactive Subscriber Redirect: Auto-redirect non-payment / suspended accounts to portal
- Two Modes: QoS-only or Full Integrated (CGNAT+FW+QoS in single XDP program)
- Operations: Web-based NOC2 management — no CLI required for day-to-day
Technical Specifications
| Supported NIC drivers | i40e, ice, ixgbe, bnxt_en, vmxnet3 |
| Linux kernel required | 5.10 or newer (7.x recommended) |
| Architecture | x86_64 (Intel / AMD); ARM64 in development |
| Subscribers per box (QoS-only) | up to 50,000+ |
| Subscribers per box (full) | up to 30,000+ |
| Throughput per box | 100+ Gbps validated |
| Per-packet XDP processing | ~500 ns (measured) |
| Flow cache hit rate | ~90% on residential traffic |
| Memory per subscriber | ~8 KB userspace + BPF state |
| Configuration reload | Hot-reload via NOC2 (no XDP gap for QoS/FW/DDoS) |
| License | ECDSA-signed, hardware-bound, online + offline grace |
| Bonding / LACP | Full support (802.3ad) |
| VLAN encapsulation | 802.1Q, Q-in-Q (S-tag + C-tag) |
| IPv4 / IPv6 | Both, native dual-stack |
| Logging / Export | syslog, IPFIX, JSON over TCP/UDP |