ENT System Architecture

Core Components

The ENT Architecture shares its entry block with LTE to consolidate port listening:

  1. Virtual Server Context (ent_lte): The ent_lte server blocks port traffic and acts as a router. By reading the Called-Station-Id (which maps to the APN the client is connecting over), the system explicitly bypasses LTE logic to load ent_auth_policy and ent_log.

  2. Authentication Policy (ent_auth_policy): A heavily tailored logic script that normalizes input (removing spaces and invalid characters). It features an internal fork (ENT1 vs ENT2) depending on if the user authenticates with an ID card (domain-based username) or implicitly through their equipment (SIM MSISDN numbers).

  3. Accounting Splitter: Depending on if it is ENT or LTE, the accounting block dispatches either to ent_accounting or lte_accounting. For ENT1 specifically, it executes IMEI binding policies dynamic_cell and msisdn_imei to anchor the device identity cryptographically.

Database Tools

  • ENT SQL (ent_sql): Validates the processed Username string. Because ENT1 and ENT2 require drastically different string structures (e.g. 94123456789-corporateapn vs user), the SQL engine must match whichever string is handed over by the policy layer.

Flow Diagram (Conceptual)

Incoming Request (ent_lte site)
  --> Is APN in LTE list?
       Yes: Route to LTE policy
       No:  Route to ENT policy

[Inside ENT Policy]
  --> Validate Username formatting
  --> Does Username have '@'?
       Yes: Strip everything after '@'. Set Group-ID = "ENT2"
       No: Set Username = MSISDN + '-' + APN. Set Group-ID = "ENT1"
  --> Query Database (ent_sql)
  --> Validate against PAP
  --> Resolve Framed-Address overlaps
  --> Issue ACCEPT