Dynamic VLAN Demultiplexing
Automatic subscriber VLAN interface creation — no pre-provisioning, no static configuration, no manual intervention.
The Problem
In traditional BNG deployments, every subscriber VLAN must be pre-configured on the BNG before a subscriber can connect. For networks with thousands of VLANs — especially QinQ deployments with S-Tag/C-Tag combinations — this means:
- Thousands of lines of static VLAN configuration
- Manual provisioning for every new subscriber
- Configuration drift when subscribers move or churn
- Stale interfaces consuming resources for inactive subscribers
How AthenaBNG Solves It
The abng-demux daemon listens on trunk interfaces using AF_PACKET sockets with BPF filters. When it sees a PPPoE Discovery (PADI) or DHCP Discover frame on a VLAN that doesn't yet have an interface, it automatically creates the entire VLAN interface chain.
How It Works
- Capture — BPF filter on the trunk captures only PPPoE Discovery and DHCP Discover frames (not data traffic)
- Parse — Extract VLAN tag stack from the Ethernet frame (supports arbitrary nesting)
- Validate — Check against rate limits, deduplication window, and max interface count
- Create — Build VLAN interface chain via netlink (outer → inner)
- Notify — Tell abngd the new interface is ready
- Bind — abngd tells accel-ppp or abng-dhcpd to listen on the new interface
VLAN Support
| Type | Ethertype | Example |
|---|---|---|
| 802.1Q | 0x8100 | trunk0.100 |
| 802.1ad (QinQ) | 0x88A8 | trunk0.200.100 |
| Triple-tagged | Mixed | trunk0.111.200.100 |
Interface naming follows the VLAN stack: {trunk}.{outer}.{stag}.{ctag}
Safety Features
- Rate limiting — Max interface creations per second (default: 100)
- Deduplication — Requires multiple matching packets within a time window before creating
- Hard limit — Maximum total dynamic interfaces (prevents resource exhaustion)
- Idle cleanup — Background task removes interfaces with no active sessions and no traffic
Performance
abng-demux is built for speed:
- BPF filtering at the socket level — only control-plane frames reach userspace
- Pre-allocated buffers — no per-packet memory allocation
- Kernel VLAN tag recovery — handles hardware VLAN offload transparently via
PACKET_AUXDATA - O(1) interface lookups — HashMap-based state tracking
Configuration
demux:
enabled: true
trunks:
- interface: eth1
vlan_ranges:
- start: 100
end: 4094
idle_timeout: 300
max_interfaces: 8192
creation_rate_limit: 100
Why This Matters
For an ISP with 2,000 subscribers across 200 S-Tags and 10 C-Tags per S-Tag, that's potentially 2,000 VLAN interfaces. With AthenaBNG, you configure zero of them. They appear when subscribers connect and disappear when they leave.