Orchestrating tomorrow

We take traditionally difficult-to-work-with protocols and make them easy to use.

Counter loading...

Subscriber Management (AAA)

A RESTful JSON API integrates seamlessly into existing OSS/BSS systems, offering a scalable solution without concerns about storage or redundancy. Designed for communication service providers, such as ISPs, it enables them to concentrate on their core business rather than developing and maintaining complex AAA systems.

Platform Overview

Interstellio provides a fully managed, carrier-grade Subscriber Management platform featuring a 100% in-house RADIUS implementation.

Unlike most AAA providers, we do not rely on third-party vendors or open-source projects such as FreeRADIUS. Most AAA solutions depend on:

Community-driven open-source projects
Third-party support contracts
External update cycles

This creates dependency risks that directly affect SLA guarantees and operational certainty.

Owning the entire RADIUS protocol stack from RFC 2865 onward allows us to deliver:

Full protocol-level control

Deterministic performance

Independent security patching and updates

Guaranteed roadmap alignment

End-to-end accountability

There is no upstream vendor. We are the vendor.

NebularStack

Our AAA service is built on NebularStack, a distributed SaaS platform with an API-first, cloud-native architecture that simplifies service deployment and removes infrastructure constraints.

The name reflects its philosophy:

Nebulaexpansion, growth, transformation

Stacklayered technologies

Architecture Highlights

NebularStack is built to run distributed services such as our Subscriber Management (AAA).

Horizontal scalability

Vertical scalability

Distributed processing

Built-in redundancy

API-driven orchestration

Integrated telemetry systems

Multi-Tenant Architecture & Role-Based Access Control

Interstellio is designed for multi-tenant environments, enabling operators to manage multiple business units, partners, or customer segments within a single platform while maintaining strict isolation and control.

Tenant Isolation: Each tenant accesses only its own subscribers, policies, sessions, and telemetry.

RBAC: Fine-grained permissions per tenant or function.

Centralised Oversight: Global visibility while tenants remain securely scoped.

Auditability: All actions logged for traceability and compliance.

Operational Flexibility: Wholesale, enterprise, or commercial segmentation without duplicating infrastructure.

Eliminating AAA Bottlenecks

Traditional RADIUS deployments often suffer from backend limitations that degrade user experience and operational efficiency:

Delayed AuthenticationSlow login responses frustrate subscribers

Timeout FailuresAccess-Requests and Accounting-Requests fail under load

Scalability ConstraintsPeak usage, reconnect storms, and subscriber state surges overwhelm monolithic systems

Operational Blind SpotsFragmented subscriber logs hinder troubleshooting

Interstellio removes these bottlenecks by decoupling authentication from monolithic systems and distributing processing across resilient infrastructure.

Core Architectural Advantages

Fully redundant, distributed architecture

Transparent horizontal scalability

No physical hardware required

No single point of failure

24/7 NOC monitoring and Critical (P1) support

Data replicated at least three times, with separate DR archival

Real-time log visibility without debug activation

Full API access to all platform capabilities

Scheduled and custom report generation

Direct integration support via tickets, Teams, or Zoom

Virtual AAA Instances & Scale

A Virtual is a fully distributed logical instance containing subscribers, policies, session data, and telemetry. This means the Virtual represents your subscribers everywhere it is deployed, rather than being limited to a single location.

Extended to any POP: One Virtual spans multiple Points of Presence with fully consistent subscribers, policies, and telemetry.

No single point of failure: State replicated across all nodes, clusters, and DR sites.

Operational & commercial flexibility: Multiple Virtuals coexist for wholesale, enterprise, or acquired networks.

Centralised management: Provisioning, session control, policies, reporting, and telemetry via a unified interface.

Secure On-Premise Proxy Option

For additional control or network isolation, we provide a lightweight on-premises proxy:

Runs on your own server or VM

Communicates with NAS/BNG devices using standard RADIUS

Establishes TLS-encrypted communication to our distributed platform

Uses a proprietary transport protocol for enhanced control

Requires minimal CPU and memory

This enables local RADIUS endpoints while leveraging our distributed intelligence.

Why Virtual Instances Matter?

Subscribers are always globally consistent, no matter where the service is delivered

Operational complexity is minimised. A single logical entity manages subscribers, sessions, and policies across multiple POPs

Commercial segmentation is simple without sacrificing control or consistency

Infrastructure resilience is built in. No isolated failure can impact subscriber sessions

In essence, a virtual is your subscribers, policies, and sessions. Everywhere, consistent, resilient, and centrally managed, giving ISPs freedom.

Subscriber State & Lifecycle Management

Our platform maintains a persistent, distributed subscriber state, including:

Session state tracking

IP allocation history

CDR records

Time-series telemetry (bandwidth usage)

Product and service associations

Policy enforcement status

State lives everywhere across all parts of the platform. Inactive subscribers continue to consume system resources and are billed separately to ensure complete tracking and replication.

Quota (Capped Subscribers)

A credit-based model manages capped subscriber accounts by allocating individual data allowances. Multiple credits can operate simultaneously on a single account, automatically renewing or expiring based on time-driven rules. Features like data rollover ensure unused data remains accessible until expiry. All credit usage is recorded in the telemetry backend for complete auditability, and credits can be managed via Credit Profiles in the UI or added through the API for external integrations.

Data Retention & Subscriber Removal

When a subscriber is purged:

Usage history, CDRs, and IP logs remain retained according to Lite (12 months) or Carrier (5 years) policies

Historical data incurs no additional cost

Automated inactivity policies, suspension, and purge rules can be applied and customised

Advanced Reporting

By default, two monthly reports are provided containing:

Active subscriber counts

Inactive subscriber counts

Data usage summaries

Platform metrics

Additional capabilities:

Custom report design and automated distribution

Raw data exports for investigations

Market research analytics (e.g., broadband usage trends)

Detailed RADIUS Processing

We provide near real-time insights:

Per-BNG/NAS RADIUS packet counts (access-requests, access-accepts, etc.)

Request volumes and failure analysis

Available globally and per NAS/BNG, providing operational visibility rarely found natively in AAA platforms.

Just as launch vehicles depend on real-time telemetry to monitor propulsion performance, structural loads, guidance data, and environmental conditions during ascent so engineers can analyse anomalies and improve future missions, we believe continuous, high-fidelity telemetry is vital to our platform: measure everything, learn from every signal, and keep improving.

Detailed Data Usage & Bandwidth Graphing

True 5-year data retention for bandwidth usage, CDRs, and IP logs

15-minute granularity preserved across the retention window

Compare FTTH vs FTTB usage, per-product, or per-service trends

Track active sessions for capacity planning and commercial insight

Full-Text Searchable RADIUS Logs

Every RADIUS transaction is captured and instantly searchable:

Full attribute capture (request & reply)

Real-time indexing

Full-text search across all log attributes

Immediate troubleshooting without debug or archived retrieval

API-First Integration Model

Documented RESTful JSON API

Complete access to subscriber provisioning, policy management, session management, reporting, telemetry, and administration

Integration support included

Intelligent Session Management

Unlike pure RADIUS solutions, our platform actively manages sessions:

Subscribers can have data caps, expiration times, and policy rules defined

Upon expiration, sessions are automatically disconnected

PUT or PATCH API calls automatically trigger re-authorisation, session disconnects, or policy updates

This removes the need for external orchestration, particularly for prepaid environments.

Under the Hood: Infrastructure

Delivering carrier-grade AAA at scale requires far more than RADIUS:

Redundant compute nodes

Dedicated backup servers

Multi-node SQL clusters

Distributed time-series database clusters

Distributed in-memory caching

Distributed scheduling

Distributed queueing both sync and async

Object storage clusters

Elastic indexed search

Layered load balancing

Distributed coordination (e.g., Apache ZooKeeper)

In-House Sharding & Partitioning

Custom sharding and partitioning logic

Predictable scaling of subscriber state, logs, and telemetry

No re-architecting required as subscribers grow

Engineering Distributed Systems

Designing large-scale distributed systems requires careful consideration of interdependent components and data flows. Latency, throughput, asynchronous processes, and resource contention interact in complex ways, much like flows in fluid or queuing networks studied in physics and operations research. By applying these principles, modelling pipelines, predicting bottlenecks, and optimising resource distribution, we ensure that our platform scales efficiently, performs predictably under stress, and remains stable even under extreme conditions.

AAA Service Options	Carrier	Lite
Telemetry Granularity	15 Minutes	Depends on Retention
15 Minute Aggregation Data Retention	5 years	60 days
Hourly Data Retention		6 months
6 Hour Aggregation Data Retention		5 years
CDR Records		12 months
IP Records		12 months
Bandwidth & Data Graphs	Hourly, Daily, Weekly, Monthly, Yearly
Multi-Timezone	Fully supported
Max Sessions Per Subscriber	10
Unlimited Session Subscribers	Included (No CDR or IP Logs)
Webhook Callback	Included
Credits (Data Usage Caps)
Fair Usage Policies
Subscriber Aliases
Time-based bandwidth boost
RADIUS clients/nas/bng	1000	25
Custom Scheduled Report Run	1 Included	Additional Charge
Multi-Tenancy	Included 1 per Subscriber	Not included
Multiple Platform Logins	250 + 1 per Subscriber	25
Active/Inactive Session Stats	5 years
Multi-Vendor Support	Included
Radius Statistics
Live Sessions
Per product bandwidth usage
Per service bandwidth usage
Per radius client bandwidth usage
Extensive Subscriber Logs
Audit Logs
Password Auth (CHAP / PAP)
MAC Authentication
PPPOE / IPOE Support
Hotspot Support
RESTful JSON API
24/7 Session monitoring + notifications
Support	24/7/365
P1 SLA Response time	1 hour

Why Interstellio

24/7 Support and Monitoring

Fully owned AAA protocol implementation

Distributed, cloud-native infrastructure

Carrier-grade redundancy

True five-year granular telemetry retention

Intelligent subscriber lifecycle control

Operational simplicity without sacrificing control

We remove the infrastructure burden of AAA, allowing ISPs to focus on network growth, service innovation, and customer experience.