BNGSoft
bngsoft.com · NOC2 Operations Platform
NOC2 · Operations Platform

One control plane for the whole BNG fleet.

NOC2 is the operations layer that sits on top of every BNGSOFT XDP BNG you run — turns thousands of subscribers across many nodes into a single observable, controllable, and customer-facing service. Triage, impact, AQM/IFP visibility, public status, bulk actions, self-healing, RPKI hygiene — in one place.

1
Pane of glass for the whole fleet
<30s
From alert to customer-facing status update
5,000
Subscribers actionable in a single bulk job
15s
Live AQM / IFP metrics auto-refresh

NOC operators spend their day jumping between SSH sessions, RADIUS dashboards, BGP summaries, ticket queues and customer chat windows. NOC2 collapses that into one console — and exposes the parts customers care about (status page, outage email, complaint deflection) automatically.

If your customer asks "is my line up?", your operator should be able to answer in three seconds. NOC2 makes that the default.

What NOC2 does

FLEET-WIDE

Single fleet view

Every BNG, every interface, every BGP session.

  • Live health + capacity dashboards per node
  • BGP / RADIUS / XDP / CGNAT status side-by-side
  • Region-scoped views for distributed NOC teams
OPERATOR

Investigate one customer

Username, IP, MAC — find them everywhere at once.

  • Universal Triage console (IPv4 / IPv6 / MAC / username)
  • Live session + 4 h bandwidth + 24 h connect history
  • CGNAT lookup: public IP:port → subscriber
  • Per-subscriber QoS / AQM / IFP via Sub Show
CUSTOMER-FACING

Talk to the customer's customer

Status pages, outage email, complaint deflection — automatic.

  • Branded public status page per customer slug
  • Outage broadcaster mails contacts within 60 s
  • "Is my line up?" self-service check with rate limit
  • Maintenance lifecycle emails (scheduled / started / done)

The NOC Wall-board

Drop on a hallway TV. One snapshot, dark theme, auto-refresh. Designed so anyone walking past knows whether the fleet is healthy.

noc2.example.com/wall
v1.74 · live
NOC Wall · Fleet Snapshot
16:42:11 · UTC
BNGs Online
28 / 28
all healthy
Subscribers
142,318
+412 / 5m
Throughput
38.6 Gbps
2.1 Mpps
Anomalies
2
vs 7-day baseline
CGNAT Pool
63%
443k blocks free
Per-BNG Health
Node A
2,527 subs · 1.43 Gbps
UP
Node B
3,184 subs · 2.01 Gbps
UP
Node C
1,902 subs · DL queuing 12 ms
WARN
Node D
4,512 subs · 3.88 Gbps
UP
Node E
2,184 subs · 1.62 Gbps
UP
Node F
5,802 subs · 4.21 Gbps
UP
Active Incidents
Node C · queuing latency spike
8m
Customer A · uplink degraded
12m
Top Talkers (5m)
192.0.2.144
412 Mbps · 38 Kpps
192.0.2.91
288 Mbps · 21 Kpps
2001:db8::1f9c
204 Mbps · 18 Kpps

Operational tooling — built for the way an ISP NOC actually works

TRIAGE

Subscriber Triage console

One search box. Username, IP, MAC. Done.

  • Identity + live session + 4 h bandwidth
  • 24 h connect / disconnect timeline
  • Drill into BNG · port · CGNAT mapping
IMPACT

Customer Impact

Who is affected by this alert, right now.

  • Customer × BNG × subscriber-count breakdown
  • Refreshes every 20 s during an event
  • Cross-references triggered alerts and health state
ANOMALY

Anomaly Watch

Spot a DDoS or BGP flap before the phone rings.

  • 5-minute rate vs same-hour 7-day baseline
  • Per-server bandwidth + session deltas
  • Promotes to incident with one click
CAPACITY

Capacity Planning

When will this BNG run out of room?

  • Runway projections per node, per region
  • CGNAT block exhaustion forecast
  • CSV / Excel / PDF export
SLA

SLA Reports

Audit-grade uptime, per customer, per period.

  • Deduped outage intervals; incident timeline
  • One-click PDF for B2B customers
  • Customer-scoped — no fleet leakage
SELF-HEALING

Self-Healing Engine

When-then rules that page nobody.

  • Restart-service, exec-command, webhook actions
  • Cooldown per rule × server
  • Full execution log for forensics

AQM / L4S / IFP visibility — the new latency SLA

BNGSOFT's XDP BNG ships AQM, L4S dual-queue and IFP. NOC2 makes those metrics first-class: live queuing latency, ECN-mark rate, IFP-saved-from-drop rate, with two-sample counter deltas the operator can read at a glance.

noc2.example.com/servers/32 · XDP Tools · Live Metrics
auto-refresh 15s

AQM/IFP Metrics · Node A

BNG service up · mode bond_native_cgnat · v3.2.103 · uptime 5h 12m · Δt 15.0s

Download
1.03 Gbps
99.3 Kpps
Upload
73.4 Mbps
24.9 Kpps
Subscribers
401
386 on CGNAT
CGNAT Sessions
25,489
0 conntrack
DL queuing avg
206 µs
max 1.15 ms
UL queuing avg
0 µs
max 0 µs
ECN marks/s
3.4 K
classic 0
Loss
0.008%
10 pps drops
L4S / AQM Health
AQM modedualq
ECN marks (cum)3,402,118
Classic drops (cum)0
Auto controllerrestrained
Auto max-drop %1%
IFP — Interactive Protection
Statusenabled · enforce
Interactive/s12.4 K
ACK priority/s9.8 K
Saved from drop/s418
Saved from drop (cum)2,517,002

Why it matters. AQM/L4S/IFP are real differentiators — but they're invisible to NOCs that only watch CPU and bandwidth. NOC2 surfaces them as plain, comparable numbers, so the team can prove the latency SLA without spelunking through CLI counters.

Investigate one subscriber, in one click

Right next to tcpdump on every Sessions row sit two icons: AQM Show and Sub Show. They wrap bngxdpctl sub show <ip> / aqm show <ip> and render the JSON as grouped cards. No SSH, no parsing.

Sub Show — 100.64.1.91 · Node A
JSON parsed
Overview
Interfaceppp79
Ifindex1989
Traffic Stats
Download Bytes8.55 GB
Upload Bytes1.27 GB
Download Packets7,646,649
Upload Packets3,748,146
Download Dropped0
Upload Dropped0
Latency SLA · Download
Avg µs206 µs
Max µs1.15 ms
Over-rate Pkts16,644
CE Marks0
Classic Drops0
Latency SLA · Upload
Avg µs0 µs
Max µs0 µs
Over-rate Pkts0
CE Marks0
Classic Drops0

Customer-facing layer — the missing half of NOC tooling

PUBLIC

Public status page · /status/<slug>

Dark-themed, branded per customer. Active incidents, history, post-mortems (markdown, sanitised), maintenance windows. Gated on customers.slug + customers.status_page_enabled — never leaks fleet-wide events.

SELF-SERVICE

"Is my line up?" · /check/<slug>

Subscribers type their IP, get a plain answer: online / fault / outage / offline / unknown. Rate-limited 10/min/IP. Deflects the easy support calls before they happen.

EMAIL

Outage Broadcaster

60-second ticker. The instant a customer goes into a service incident, NOC2 emails their contact_email and any opted-in subscribers. Plain end-user language — no BNG names, no counts, no jargon.

LIFECYCLE

Maintenance Notifier

Scheduled · reminder · started · completed emails with idempotent dedup. Customers know what's coming, what's running, and when it's done — without an operator having to remember to send anything.

What you ship to customers. A page they can bookmark, an email that arrives in seconds, and a self-service IP check. The same data you stare at in the NOC — wrapped in language a non-technical user can read.

The before / after for a NOC team

Before NOC2

SSH into each BNG · run bngxdpctl status by hand · cross-check with a Slack thread · open a ticket because nobody knows whether the LATENCY spike is real or baseline · email the customer 45 minutes later with raw alert text · post-mortem written in a Google Doc and never published.

NOC2

After NOC2

Wall-board flags it · Anomaly Watch shows the delta vs 7-day baseline · Customer Impact lists the 412 affected subs and the customer brand · Outage Broadcaster has already emailed contacts · post-mortem markdown gets published to /status/<slug> with one click.

Operating at scale

BULK

Bulk Subscriber Actions

5,000 sessions in a single typed-CONFIRM job.

  • Filter-based preview → typed CONFIRM → execute
  • Parallel dispatch, semaphore-bounded (16 concurrent)
  • Full audit log per job
REGIONS

Regional NOC Operator Scoping

Right server set in front of the right operator.

  • X-Region-ID header → server allow-list
  • Region picker chip in the header
  • Master-admin sees everything; teams see their slice
RPKI

RPKI Hygiene

Risk-sort every prefix the fleet announces.

  • Risk-sorted view over customer_prefixes
  • On-demand re-validation against VRPs
  • Master-admin tab

Network operations — every CLI you used to SSH for

NOC2 ships in-browser equivalents of the tools an NOC engineer reaches for on a 2 AM bridge. No more "give me a sec, I'm SSHing in." Everything is authenticated, logged, and respects the operator's region scope.

SHELL

In-browser SSH terminal

Full xterm, per-server, with PIN gating.

  • Connects through the agent — no inbound SSH needed
  • Operator SSH PIN + lock screen on idle
  • Session recording into the activity log
DIAGNOSTICS

Network diagnostics

ping · traceroute · MTR · ARP · FDB · routes · DNS.

  • Per-BNG, on-demand, results in seconds
  • BGP summary + per-prefix lookup + advertised routes
  • Conntrack + DS-Lite endpoint tables
CONTROL

Interface & service control

Bring the link up. Restart the daemon. Set the clock.

  • Bring interfaces up/down, set MTU, add/remove IPs
  • Create / tear down VLANs, bonds, slaves, blackholes
  • systemd service control · crontab · timezone / NTP

Per-subscriber operations — every action you'd run on one user

Each Sessions table row exposes the operator actions an L1/L2 tech actually performs during a call. The ones that touch the data path are gated behind explicit confirmation and audited.

INVESTIGATE

One-click investigation

  • Live session info dialog with auto-refresh
  • Per-session live bandwidth chart
  • Sub Show (full XDP state) · AQM Show (queue depth)
  • View session logs · ping subscriber · session-info live polling
CAPTURE

Packet capture without leaving the UI

  • Tcpdump or XDP-native capture on the session's interface
  • 10-second windows, hex / ANSI-coloured output
  • Auto-routes to XDP capture when the data path is XDP
CONTROL

Session control

  • Terminate a single session
  • Per-user XDP rate-limit & drop stats
  • 4 h bandwidth + 24 h connect/disconnect history

Configuration & change management

Live config editing per server with form-based UIs for every section — XDP, CGNAT, Firewall, Protect/DDoS, AQM/L4S, IFP, CDN classification, IPv6, Redis, Daemon, License. Drift detection runs continuously; every change is snapshotted server-side.

LIVE

Live config editor

Every bngxdpd key with help text & validation.

  • Section-aware UI: switches, selects, network lists
  • Inline operator hints + ranges + default values
  • Per-field "requires restart" indicators
  • Transactional multi-file writes
TEMPLATES

Server Config Templates

Wizard-driven bring-up, no copy-paste.

  • Reusable templates with __PLACEHOLDER__ syntax
  • Post-restart health checks
  • Master-admin scoped; one source of truth across the fleet
SNAPSHOTS

Backups & drift detection

Every config file, every change, kept server-side.

  • Snapshot history in server_config_snapshots
  • 15-min drift polling — flags hand-edits on the BNG
  • Diff & restore previous versions

Security & data-plane protection

The data path itself participates in security — DDoS pre-filter and the Anti-Abuse Protect engine run on XDP, then NOC2 surfaces them. The operator side is locked down with role-based permissions, 2FA, PIN gates and full audit trail.

DDoS

DDoS pre-filter

  • Manual + auto-block list with auto-expire
  • Top blocked-IPs and rate stats
  • One-click block / unblock from any view
PROTECT

Anti-Abuse Protection

  • Per-protocol rate limits (TCP/UDP categories, ICMP, amplification)
  • Whitelist + blocklist with file/URL load
  • Per-subscriber Top Offenders + per-user drops view
  • Observe vs Enforce modes
ACCESS

Operator access control

  • Role-based permissions + custom roles + user groups
  • TOTP & email 2FA · SSH PIN · idle lock-screen PIN
  • Region scoping per user (master/super/team/operator)
  • Impersonation with auditable trail

Platform & multi-tenancy

BRAND

White-label per customer

  • Company name + logo upload per tenant
  • Per-customer status page slug & branding
  • Operator avatar & UI density preferences
i18n

Multi-language UI

  • English, German, Russian, Bulgarian (and adding)
  • Per-operator timezone + 12h/24h time format
  • Records-per-page operator preference
DATA

Time-series at scale

  • TimescaleDB hypertables — metrics, sessions, BGP history
  • Built-in retention; tuned PG + MariaDB
  • NetFlow / IPFIX / sFlow collector (opt-in)
TICKETS

Tickets & on-call

  • Internal ticketing tied to subscribers / BNGs / incidents
  • On-call rotation with hand-off log
  • Notification bell with per-user filter rules
ALERTS

Alerts & integrations

  • Configurable alert types with severity + auto-mute
  • Email + webhook channels; routing per region/customer
  • License expiry watchdog (NOC2 + per-BNG XDP)
AI

AI provider integration

  • Pluggable LLM provider (Anthropic / OpenAI / local)
  • Used for log summarisation & triage suggestions
  • Self-hosted-friendly — no SaaS lock-in

One platform, every surface. Network, subscribers, config, security, tenants, alerts — everything wired to the same agent, the same database, the same RBAC. No "plug-in tax", no third-party dashboard to keep in sync.

How it fits together

Architecture
A
Agent on every BNG Small Go binary, WebSocket to backend. Self-updating from VERSION pin. Ships metrics, executes xdp_tool / bng_tool commands on demand.
B
Backend — Go + Fiber MariaDB for operator state, PostgreSQL + TimescaleDB hypertables for time-series. Background tickers for outage broadcast, maintenance lifecycle, self-healing.
C
Frontend — Vue 3 + Vuetify Operator console + dark public surfaces. Built with Vite/rolldown, served from nginx, no SaaS dependency.
D
Deployed on your iron Single-box or HA. Air-gapped friendly. Customer data never leaves your infrastructure.

Why NOC2, not "another network monitor"

CapabilityGeneric NMSNOC2
Per-subscriber QoS / AQM / IFP visibilityBuilt-in. Sub Show + AQM Show per row
L4S / dual-queue latency trackingLive, per-node, with deltas
CGNAT subscriber lookup (public IP:port → user)Built-in tool
Branded public status page per customeradd-on, genericBuilt-in, slug-gated, dark-themed
Outage broadcaster — plain end-user copy60s ticker, voice-checked for non-tech recipients
Bulk-disconnect with typed CONFIRM5,000-row cap, parallel-dispatched
Self-healing rules with cooldown30s engine, full execution log
SLA report per customer, PDF exportpartialAudit-grade, customer-scoped
RPKI hygiene over your announced prefixesRisk-sorted, re-validate on demand
Built to wrap bngxdpctlNative; ships with BNGSOFT XDP BNG
Live config editor for the BNG data pathEvery key, with help / ranges / drift detection
Server config templates & snapshotsWizard bring-up + server-side history
In-browser SSH + diagnostics (ping/MTR/BGP/conntrack)partialBuilt-in, agent-tunnelled, audited
RBAC + 2FA + region scoping + impersonation auditadd-onBuilt-in, single source of truth
White-label per customer (logo, slug, status page)First-class multi-tenant model
NetFlow / IPFIX / sFlow ingestadd-onOpt-in collector, on-box aggregation
PROVEN AT SCALE

Designed for the BNG fleet, not a lab.

NOC2 has been operated against real-world ISP traffic on the BNGSOFT XDP BNG since 2025. Multi-region deployments, mixed CGNAT + standalone-QoS nodes, IPv4 + IPv6 dual-stack, with hundreds of thousands of subscribers.

28+
BNG nodes per typical fleet
100K+
Concurrent subscribers
5 min
Maintenance ticker cadence
30 s
Self-healing engine cycle

What you get on day one

FLEET

One console

All BNGs, all health, all the time.

CUSTOMER

Public status

Branded page + email + self-check.

RESPONSE

30-second loop

Alert → impact → broadcast.

SLA

Audit PDFs

Per customer, per period.

See NOC2 against your fleet.

30-minute live walkthrough. We'll show triage, AQM/IFP metrics, the public status page and an end-to-end outage broadcast — using a real demo BNG.

BNGSOFT NOC2 — Operations platform for the XDP BNG era. © BNGSOFT. bngsoft.com