A network service provider offers services to subscribers that access a service provider core network using an access network. Services offered may include, for example, traditional Internet access, Voice-over-Internet Protocol (VoIP), video and multimedia services, and security services. The service provider network may support multiple types of access network infrastructures that connect to service provider network access gateways to provide access to the offered services.
Because the access gateways are positioned near the edge of the service provider network directly upstream from the subscribers and operate to provide an operational endpoint (i.e., terminate) the subscriber connections (e.g., digital subscriber line- or cable-based connections) into the service provider network, the access gateways typically provide mechanisms for identifying subscriber traffic and providing subscriber-specific services. For example, the access gateways may include an integrated authentication, authorization, and accounting (AAA) component with which to authenticate individual subscribers. Conventionally, the access gateways associate network traffic with a subscriber identity to map predefined policies for the subscriber or subscriber class to the associated network traffic. The access gateways then apply the subscriber policies to manage subscriber traffic on a per-subscriber basis as such traffic traverses the service provider core network boundary.