BNGSoft
bngsoft.com · NOC2 Operations Platform
NOC2 · Operations Platform
One control plane for the whole BNG fleet.
NOC2 is the operations layer that sits on top of every BNGSOFT XDP BNG you run — turns thousands of subscribers across many nodes into a single observable, controllable, and customer-facing service. Triage, impact, AQM/IFP visibility, public status, bulk actions, self-healing, RPKI hygiene — in one place.
1
Pane of glass for the whole fleet
<30s
From alert to customer-facing status update
5,000
Subscribers actionable in a single bulk job
15s
Live AQM / IFP metrics auto-refresh
NOC operators spend their day jumping between SSH sessions, RADIUS dashboards, BGP summaries, ticket queues and customer chat windows. NOC2 collapses that into one console — and exposes the parts customers care about (status page, outage email, complaint deflection) automatically.
If your customer asks "is my line up?", your operator should be able to answer in three seconds. NOC2 makes that the default.
What NOC2 does
FLEET-WIDE
Single fleet view
Every BNG, every interface, every BGP session.
- Live health + capacity dashboards per node
- BGP / RADIUS / XDP / CGNAT status side-by-side
- Region-scoped views for distributed NOC teams
OPERATOR
Investigate one customer
Username, IP, MAC — find them everywhere at once.
- Universal Triage console (IPv4 / IPv6 / MAC / username)
- Live session + 4 h bandwidth + 24 h connect history
- CGNAT lookup: public IP:port → subscriber
- Per-subscriber QoS / AQM / IFP via Sub Show
CUSTOMER-FACING
Talk to the customer's customer
Status pages, outage email, complaint deflection — automatic.
- Branded public status page per customer slug
- Outage broadcaster mails contacts within 60 s
- "Is my line up?" self-service check with rate limit
- Maintenance lifecycle emails (scheduled / started / done)
The NOC Wall-board
Drop on a hallway TV. One snapshot, dark theme, auto-refresh. Designed so anyone walking past knows whether the fleet is healthy.
noc2.example.com/wall
v1.74 · live
NOC Wall · Fleet Snapshot
16:42:11 · UTC
BNGs Online
28 / 28
all healthy
Subscribers
142,318
+412 / 5m
Throughput
38.6 Gbps
2.1 Mpps
Anomalies
2
vs 7-day baseline
CGNAT Pool
63%
443k blocks free
Per-BNG Health
Node A
2,527 subs · 1.43 Gbps
UP
Node B
3,184 subs · 2.01 Gbps
UP
Node C
1,902 subs · DL queuing 12 ms
WARN
Node D
4,512 subs · 3.88 Gbps
UP
Node E
2,184 subs · 1.62 Gbps
UP
Node F
5,802 subs · 4.21 Gbps
UP
Active Incidents
Node C · queuing latency spike
8m
Customer A · uplink degraded
12m
Top Talkers (5m)
192.0.2.144
412 Mbps · 38 Kpps
192.0.2.91
288 Mbps · 21 Kpps
2001:db8::1f9c
204 Mbps · 18 Kpps
Operational tooling — built for the way an ISP NOC actually works
TRIAGE
Subscriber Triage console
One search box. Username, IP, MAC. Done.
- Identity + live session + 4 h bandwidth
- 24 h connect / disconnect timeline
- Drill into BNG · port · CGNAT mapping
IMPACT
Customer Impact
Who is affected by this alert, right now.
- Customer × BNG × subscriber-count breakdown
- Refreshes every 20 s during an event
- Cross-references triggered alerts and health state
ANOMALY
Anomaly Watch
Spot a DDoS or BGP flap before the phone rings.
- 5-minute rate vs same-hour 7-day baseline
- Per-server bandwidth + session deltas
- Promotes to incident with one click
CAPACITY
Capacity Planning
When will this BNG run out of room?
- Runway projections per node, per region
- CGNAT block exhaustion forecast
- CSV / Excel / PDF export
SLA
SLA Reports
Audit-grade uptime, per customer, per period.
- Deduped outage intervals; incident timeline
- One-click PDF for B2B customers
- Customer-scoped — no fleet leakage
SELF-HEALING
Self-Healing Engine
When-then rules that page nobody.
- Restart-service, exec-command, webhook actions
- Cooldown per rule × server
- Full execution log for forensics
AQM / L4S / IFP visibility — the new latency SLA
BNGSOFT's XDP BNG ships AQM, L4S dual-queue and IFP. NOC2 makes those metrics first-class: live queuing latency, ECN-mark rate, IFP-saved-from-drop rate, with two-sample counter deltas the operator can read at a glance.
noc2.example.com/servers/32 · XDP Tools · Live Metrics
auto-refresh 15s
AQM/IFP Metrics · Node A
BNG service up · mode bond_native_cgnat · v3.2.103 · uptime 5h 12m · Δt 15.0s
Download
1.03 Gbps
99.3 Kpps
Subscribers
401
386 on CGNAT
CGNAT Sessions
25,489
0 conntrack
DL queuing avg
206 µs
max 1.15 ms
UL queuing avg
0 µs
max 0 µs
ECN marks/s
3.4 K
classic 0
L4S / AQM Health
AQM modedualq
ECN marks (cum)3,402,118
Classic drops (cum)0
Auto controllerrestrained
Auto max-drop %1%
IFP — Interactive Protection
Statusenabled · enforce
Interactive/s12.4 K
ACK priority/s9.8 K
Saved from drop/s418
Saved from drop (cum)2,517,002
Why it matters. AQM/L4S/IFP are real differentiators — but they're invisible to NOCs that only watch CPU and bandwidth. NOC2 surfaces them as plain, comparable numbers, so the team can prove the latency SLA without spelunking through CLI counters.
Investigate one subscriber, in one click
Right next to tcpdump on every Sessions row sit two icons: AQM Show and Sub Show. They wrap bngxdpctl sub show <ip> / aqm show <ip> and render the JSON as grouped cards. No SSH, no parsing.
Sub Show — 100.64.1.91 · Node A
JSON parsed
Overview
Interfaceppp79
Ifindex1989
Traffic Stats
Download Bytes8.55 GB
Upload Bytes1.27 GB
Download Packets7,646,649
Upload Packets3,748,146
Download Dropped0
Upload Dropped0
Latency SLA · Download
Avg µs206 µs
Max µs1.15 ms
Over-rate Pkts16,644
CE Marks0
Classic Drops0
Latency SLA · Upload
Avg µs0 µs
Max µs0 µs
Over-rate Pkts0
CE Marks0
Classic Drops0
Customer-facing layer — the missing half of NOC tooling
PUBLIC
Public status page · /status/<slug>
Dark-themed, branded per customer. Active incidents, history, post-mortems (markdown, sanitised), maintenance windows. Gated on customers.slug + customers.status_page_enabled — never leaks fleet-wide events.
SELF-SERVICE
"Is my line up?" · /check/<slug>
Subscribers type their IP, get a plain answer: online / fault / outage / offline / unknown. Rate-limited 10/min/IP. Deflects the easy support calls before they happen.
EMAIL
Outage Broadcaster
60-second ticker. The instant a customer goes into a service incident, NOC2 emails their contact_email and any opted-in subscribers. Plain end-user language — no BNG names, no counts, no jargon.
LIFECYCLE
Maintenance Notifier
Scheduled · reminder · started · completed emails with idempotent dedup. Customers know what's coming, what's running, and when it's done — without an operator having to remember to send anything.
What you ship to customers. A page they can bookmark, an email that arrives in seconds, and a self-service IP check. The same data you stare at in the NOC — wrapped in language a non-technical user can read.
The before / after for a NOC team
Before NOC2
SSH into each BNG · run bngxdpctl status by hand · cross-check with a Slack thread · open a ticket because nobody knows whether the LATENCY spike is real or baseline · email the customer 45 minutes later with raw alert text · post-mortem written in a Google Doc and never published.
After NOC2
Wall-board flags it · Anomaly Watch shows the delta vs 7-day baseline · Customer Impact lists the 412 affected subs and the customer brand · Outage Broadcaster has already emailed contacts · post-mortem markdown gets published to /status/<slug> with one click.
Operating at scale
BULK
Bulk Subscriber Actions
5,000 sessions in a single typed-CONFIRM job.
- Filter-based preview → typed CONFIRM → execute
- Parallel dispatch, semaphore-bounded (16 concurrent)
- Full audit log per job
REGIONS
Regional NOC Operator Scoping
Right server set in front of the right operator.
X-Region-ID header → server allow-list
- Region picker chip in the header
- Master-admin sees everything; teams see their slice
RPKI
RPKI Hygiene
Risk-sort every prefix the fleet announces.
- Risk-sorted view over
customer_prefixes
- On-demand re-validation against VRPs
- Master-admin tab
Network operations — every CLI you used to SSH for
NOC2 ships in-browser equivalents of the tools an NOC engineer reaches for on a 2 AM bridge. No more "give me a sec, I'm SSHing in." Everything is authenticated, logged, and respects the operator's region scope.
SHELL
In-browser SSH terminal
Full xterm, per-server, with PIN gating.
- Connects through the agent — no inbound SSH needed
- Operator SSH PIN + lock screen on idle
- Session recording into the activity log
DIAGNOSTICS
Network diagnostics
ping · traceroute · MTR · ARP · FDB · routes · DNS.
- Per-BNG, on-demand, results in seconds
- BGP summary + per-prefix lookup + advertised routes
- Conntrack + DS-Lite endpoint tables
CONTROL
Interface & service control
Bring the link up. Restart the daemon. Set the clock.
- Bring interfaces up/down, set MTU, add/remove IPs
- Create / tear down VLANs, bonds, slaves, blackholes
- systemd service control · crontab · timezone / NTP
Per-subscriber operations — every action you'd run on one user
Each Sessions table row exposes the operator actions an L1/L2 tech actually performs during a call. The ones that touch the data path are gated behind explicit confirmation and audited.
INVESTIGATE
One-click investigation
- Live session info dialog with auto-refresh
- Per-session live bandwidth chart
- Sub Show (full XDP state) · AQM Show (queue depth)
- View session logs · ping subscriber · session-info live polling
CAPTURE
Packet capture without leaving the UI
- Tcpdump or XDP-native capture on the session's interface
- 10-second windows, hex / ANSI-coloured output
- Auto-routes to XDP capture when the data path is XDP
CONTROL
Session control
- Terminate a single session
- Per-user XDP rate-limit & drop stats
- 4 h bandwidth + 24 h connect/disconnect history
Configuration & change management
Live config editing per server with form-based UIs for every section — XDP, CGNAT, Firewall, Protect/DDoS, AQM/L4S, IFP, CDN classification, IPv6, Redis, Daemon, License. Drift detection runs continuously; every change is snapshotted server-side.
LIVE
Live config editor
Every bngxdpd key with help text & validation.
- Section-aware UI: switches, selects, network lists
- Inline operator hints + ranges + default values
- Per-field "requires restart" indicators
- Transactional multi-file writes
TEMPLATES
Server Config Templates
Wizard-driven bring-up, no copy-paste.
- Reusable templates with
__PLACEHOLDER__ syntax
- Post-restart health checks
- Master-admin scoped; one source of truth across the fleet
SNAPSHOTS
Backups & drift detection
Every config file, every change, kept server-side.
- Snapshot history in
server_config_snapshots
- 15-min drift polling — flags hand-edits on the BNG
- Diff & restore previous versions
Security & data-plane protection
The data path itself participates in security — DDoS pre-filter and the Anti-Abuse Protect engine run on XDP, then NOC2 surfaces them. The operator side is locked down with role-based permissions, 2FA, PIN gates and full audit trail.
DDoS
DDoS pre-filter
- Manual + auto-block list with auto-expire
- Top blocked-IPs and rate stats
- One-click block / unblock from any view
PROTECT
Anti-Abuse Protection
- Per-protocol rate limits (TCP/UDP categories, ICMP, amplification)
- Whitelist + blocklist with file/URL load
- Per-subscriber Top Offenders + per-user drops view
- Observe vs Enforce modes
ACCESS
Operator access control
- Role-based permissions + custom roles + user groups
- TOTP & email 2FA · SSH PIN · idle lock-screen PIN
- Region scoping per user (master/super/team/operator)
- Impersonation with auditable trail
Platform & multi-tenancy
BRAND
White-label per customer
- Company name + logo upload per tenant
- Per-customer status page slug & branding
- Operator avatar & UI density preferences
i18n
Multi-language UI
- English, German, Russian, Bulgarian (and adding)
- Per-operator timezone + 12h/24h time format
- Records-per-page operator preference
DATA
Time-series at scale
- TimescaleDB hypertables — metrics, sessions, BGP history
- Built-in retention; tuned PG + MariaDB
- NetFlow / IPFIX / sFlow collector (opt-in)
TICKETS
Tickets & on-call
- Internal ticketing tied to subscribers / BNGs / incidents
- On-call rotation with hand-off log
- Notification bell with per-user filter rules
ALERTS
Alerts & integrations
- Configurable alert types with severity + auto-mute
- Email + webhook channels; routing per region/customer
- License expiry watchdog (NOC2 + per-BNG XDP)
AI
AI provider integration
- Pluggable LLM provider (Anthropic / OpenAI / local)
- Used for log summarisation & triage suggestions
- Self-hosted-friendly — no SaaS lock-in
One platform, every surface. Network, subscribers, config, security, tenants, alerts — everything wired to the same agent, the same database, the same RBAC. No "plug-in tax", no third-party dashboard to keep in sync.
How it fits together
Architecture
A
Agent on every BNG
Small Go binary, WebSocket to backend. Self-updating from VERSION pin. Ships metrics, executes xdp_tool / bng_tool commands on demand.
B
Backend — Go + Fiber
MariaDB for operator state, PostgreSQL + TimescaleDB hypertables for time-series. Background tickers for outage broadcast, maintenance lifecycle, self-healing.
C
Frontend — Vue 3 + Vuetify
Operator console + dark public surfaces. Built with Vite/rolldown, served from nginx, no SaaS dependency.
D
Deployed on your iron
Single-box or HA. Air-gapped friendly. Customer data never leaves your infrastructure.
Why NOC2, not "another network monitor"
| Capability | Generic NMS | NOC2 |
| Per-subscriber QoS / AQM / IFP visibility | — | Built-in. Sub Show + AQM Show per row |
| L4S / dual-queue latency tracking | — | Live, per-node, with deltas |
| CGNAT subscriber lookup (public IP:port → user) | — | Built-in tool |
| Branded public status page per customer | add-on, generic | Built-in, slug-gated, dark-themed |
| Outage broadcaster — plain end-user copy | — | 60s ticker, voice-checked for non-tech recipients |
| Bulk-disconnect with typed CONFIRM | — | 5,000-row cap, parallel-dispatched |
| Self-healing rules with cooldown | — | 30s engine, full execution log |
| SLA report per customer, PDF export | partial | Audit-grade, customer-scoped |
| RPKI hygiene over your announced prefixes | — | Risk-sorted, re-validate on demand |
Built to wrap bngxdpctl | — | Native; ships with BNGSOFT XDP BNG |
| Live config editor for the BNG data path | — | Every key, with help / ranges / drift detection |
| Server config templates & snapshots | — | Wizard bring-up + server-side history |
| In-browser SSH + diagnostics (ping/MTR/BGP/conntrack) | partial | Built-in, agent-tunnelled, audited |
| RBAC + 2FA + region scoping + impersonation audit | add-on | Built-in, single source of truth |
| White-label per customer (logo, slug, status page) | — | First-class multi-tenant model |
| NetFlow / IPFIX / sFlow ingest | add-on | Opt-in collector, on-box aggregation |
PROVEN AT SCALE
Designed for the BNG fleet, not a lab.
NOC2 has been operated against real-world ISP traffic on the BNGSOFT XDP BNG since 2025. Multi-region deployments, mixed CGNAT + standalone-QoS nodes, IPv4 + IPv6 dual-stack, with hundreds of thousands of subscribers.
28+
BNG nodes per typical fleet
100K+
Concurrent subscribers
5 min
Maintenance ticker cadence
30 s
Self-healing engine cycle
What you get on day one
FLEETOne console
All BNGs, all health, all the time.
CUSTOMERPublic status
Branded page + email + self-check.
RESPONSE30-second loop
Alert → impact → broadcast.
SLAAudit PDFs
Per customer, per period.
See NOC2 against your fleet.
30-minute live walkthrough. We'll show triage, AQM/IFP metrics, the public status page and an end-to-end outage broadcast — using a real demo BNG.