The following concepts belong to the BRAS system

The following concepts belong to the BRAS system as a virtualized network function and they work as a reference for the terminology used throughout this document.  extit{Service discovery and negotiation} refers to the two first phases of the extit{access service provisioning} process. It comprehends the user discovery, user authentication and resources assignment. extit{BRAS control plane} is the central entity that provides the initialization of the BRAS data plane and processing of user’s sessions such as authentication and authorization. In addition, it determines the packet forwarding decisions to set appropriate entries into the extit{BRAS data plane}. All control packets and data packets are handled by the control plane unless an appropriate entry has been already installed in the extit{BRAS data plane}.   extit{BRAS data plane} is, in general, the hardware and software components, modules and functionalities from the BRAS architecture system, which are in charge of taking decisions over the received customer data packets based on implemented rules instructed by the extit{BRAS control plane}. Forwarding packets, dropping packets and changing a part or a complete packet are examples of basic actions that are required. extit{BRAS data path element} or a extit{BRAS data path platform} is an OpenFlow compliant packet forwarding device which enables the ability to provide encapsulation and decapsulation functionalities for customer access or core services. It must recognize when a received packet has to be redirected to the extit{BRAS control plane} to provide support to the requested services.subsection{Fundamental functional tasks of a virtual BRAS network function}Next, a detailed list of tasks that belong to a BRAS system is presented in table
ef{tab:BRAS_tasks}, the functionalities along with their exhibited description correspond directly with one of the access service creation phases from figure
ef{fig:Access_service_creation_tree}. These functional tasks define the requirements for the implementation of the BRAS system. According to the information presented in table
ef{tab:BRAS_tasks}, a deeper discussion is carried out next for each one of the related tasks. This information is based on citep{agilenttech2006}, citep{bifulco2013rethinking}, citep{SPARC3.3} and is adapted to fit the requirements of the current work.For the task of extit{customer tunneling} the home gateway (HGW) requires a connection tunnel that allows the isolation of the session requests from other subscribers. The idea is to establish a direct link between the two nodes, namely the HGW and the BRAS system. This is achieved through encapsulating header’s fields from a packet usually into Ethernet frames in form of tags that provide the respective customer isolation. Since we consider NFV, we decide to unify this tunneling concept as the encapsulation provided for lower layers for the sake of establishing a point to point communication between a client and the system that provides access services.The extit{authentication, authorization and accounting services}, are the native functions of a virtual BRAS system since they are in charge of the access registration, resource allocation and the collection of the service control information used for billing purposes. In short, these services refer to the ability of the system to decide whether a user is allowed to certain service and if so, provide a defined service profile and track the resources used.The extit{traffic rate enforcement} refers to the traffic control that the virtualized system must implement over the subscriber’s traffic, determined by a defined traffic-profile. A common technique to do so, delays the packets and buffers them when a link becomes saturated. It controls the volume of traffic being sent into a link in a time period, or with respect to the maximum traffic rate. On the other hand, exist techniques that measure the traffic and determines whether or not a limit rate is exceeded. If so, according to a pre-defined policy the packet must be dropped or marked. extit{Traffic access control} task for a BRAS virtualized system is basically a list of subscriber devices which are already authorized and therefore, network access and processing of packets is permitted or denied accordingly. The task of extit{L2 and L3 basic functionalities} refers to the capability of forwarding a packet based on an ingress port and source and destination addresses. Furthermore, it implies that the platforms performing a virtual BRAS function need to process packets in which address resolution protocol between L2 and L3 headers are required as a mean of finding a direct relationship between a layer 3 address and a layer 2 address for Ethernet packet processing and forwarding.    The extit{Multicast traffic} task is required in a BRAS as a VNF, in order to support, for example, new trending video technologies. It allows individual host members to join multicast groups, each requesting for identical content. The group traffic is delivered only once per link without increasing the amount of traffic transmission in each link according to the increment of the number of users served within a group. extit{Service differentiation} relates to the support of the encapsulation of Ethernet frames for the sake of reducing a broadcast domain into separated logical broadcast domains. It aims to create independent logical LANs that in the case of a virtual BRAS system must adjust to for example the separation of users, sessions or services. This encapsulation is represented in form of tags in the header of Ethernet packets.The extit{quality of service} task provides prioritization of packets according to a given type of service. In the context of a virtual BRAS function, the system must provide traffic classification techniques as well as queuing strategies to tailor the performance on the links adjacent to the system operation. Usually, this is called service differentiation and the classification mark is carried in a field part of the layer 2 or layer 3 headers.The task of extit{Service aggregation} points to the physical and logical ability to group several users or access multiplexer platforms to be processed by the virtual BRAS system. extit{Security assurance} task address a primordial functionality for the protection against misbehaviors within the virtualized system. Provide security against DDoS or spoofing attacks which impact the reliability of the system.The relationship between the tasks and the functional blocks presented in figure
ef{fig:Access_service_creation_tree} is in most of the cases straight one to one e.g. the customer tunneling task corresponds to the customer tunneling in the ‘discovery and authentication phase’. Nonetheless, the tasks of extit{multicast traffic} and extit{service aggregation} are part of the ‘Access specific services’ functional block which belongs to the ‘Access control and features enforcement’ phase. On the other hand, the likes of extit{service differentiation}, extit{quality of service} and extit{security assurance} are part of both the ‘Core and access specific services’ blocks which belong to the ‘Access control and features enforcement’ phase.