To provide broadband network access to subscribers, operators need to solve                (i) the technical issues related to the provisioning of the network connection to the subscriber premises, and        (ii) the technical issues related to the process of Authentication, Accounting and Authorization (AAA) of the subscribers.        
Several solutions have been developed to this aim, with the use of tunneling being the most prominent. In particular, DSL access lines use the Point-to-Point Protocol (PPP) to establish a tunnel between a Customer Premises Equipment (CPE) and the operator's Broadband Network Gateway (BNG), which is the point where the operator performs AAA.
In order to obtain network connectivity, a subscriber establishes a PPP session in first place. The PPP session between the subscriber and the BNG provides several functions:                subscriber authentication, session establishment and session maintenance (i.e., if the subscriber session is alive or not)        IP address assignment including further options to configure network access of the client        subscriber traffic isolation through tunneling        subscriber policies enforcement (authorization)        session-based accounting        server discovery, automatic reconnect.        
The CPE is in charge of performing the PPP session establishment and subsequent network traffic encapsulation (i.e., it puts subscriber's packets into PPP frames).
The BNG is the termination point of the PPP session, so it is in charge of:                providing Authentication, Authorization and Accounting (AAA)        terminate the PPP sessions, i.e. de-capsulation of network packets so that they can be delivered to services (that are unaware of PPP)        
Terminating the PPP sessions at BNG enables operators to correctly apply policies on the subscribers' network traffic. Nevertheless, it introduces a hard constraint on the service provisioning architecture, since the subscribers' traffic can flow to services only after the PPP session termination, i.e., all the network traffic coming from a subscriber has to pass through the BNG server.
As network packets coming from or destined to the CPE are encapsulated into the PPP tunnel when traversing the network segment between CPE and BNG, there are certain constraints on the applicability of several network technologies that rely on IP forwarding mechanisms, which are hidden by the use of the PPP tunnel. E.g. multicast functions of the IP protocol are not applicable in the network segment between the CPE and the BNG, forcing the operators in applying complex and inefficient solutions to provide such feature.
Another drawback resides in the implementation of the BNG server itself. In fact, this server has to provide several functions (PPP session termination, policies application, traffic forwarding, etc.) in a centralized way. The BNG server, hence, is a really complex system in charge of providing many critical services (for the subscribers it is serving), and represent a single point of failure in the access network.
Additionally, the requirement of locating all services after the BNG prevents providing service breakout before the termination point, i.e. the BNG.
Some systems known in the art (based on PPP or other session based protocols) try to solve some of these issues. One solution is provided by TR-101 Issue 2 (see http:www.broadband-forum.org/technical/download/TR-101_Issue-2.pdf). In order to support multicast (e.g. for IPTV services), the CPE must be able to support at the same time PPP encapsulated traffic and plain IP traffic over the same WAN interface. A PPP session is established and all the network traffic flows through this session, with the exception of multicast traffic. A VLAN (Virtual Local Area Network) connects directly the CPE with the BNG. To support efficiently multicast, the multicast traffic is sent from the BNG to the DSLAM (Digital Subscriber Line Access Multiplexer) over a dedicated Multicast-VLAN, so that the DSLAM can separate the multicast flows, and send them to the CPE using plain IP.
Hence, the downstream multicast traffic to the CPE is sent over IP. The CPE is able to send plain IP in the upstream direction (towards the DSLAM) as well, i.e. to send IGMP (Internet Group Multicast Protocol) “joins”. Such messages, anyway, are sent with source IP address set to “0.0.0.0”.
However, this approach is restricted to IGMP traffic. It is not possible to flexibly define breakouts for the network traffic. Additionally, the traffic has to be handled by “multicast-architecture-aware devices” (DSLAMBNG).
Another approach is provided by TR-124 issue 3 (see http:www.broadband-forum.org/technical/download/TR-124_Issue-3.pdf). TR-124 issue 3 describes support for the handling of multiple sessions with mixed use of PPP packets and plain IP packets. This technique allows flexible traffic handling. However, management of the multiple sessions is complex.
In mobile networks, LIPA and SIPTO provide another approach. Local IP Access (LIPA) and Selected IP Traffic Offload architectures (SIPTO) use the concept of separated network flows for subscribers' session management and selected services access. LIPA is a traffic offload solution towards a local network, while SIPTO can be used to offload traffic to the global Internet as well. Both solutions can be applied in two different ways:                Dedicated offload PDN connection: The User Equipment (UE) is enabled at handling more than one PDN (Packet Data Network) connection at the same time. A dedicated PDN connection is used for handling LIPASIPTO traffic. The UE establishes a second session (e.g. it gets a second IP address) to handle the offload network traffic. It is an essential drawback of this solution that is requires multiple sessions.        NAT based solution: This solution uses a single PDN connection and NAT functions installed in the operator controlled equipment (see FIG. 5), e.g. HeNB (Home E-UTRAN NodeB) or L-PGW (Local PDN Gateway). The UE establishes a session via an S-GW (Serving Gateway) with a P-GW (PDN Gateway) using a GTP (Generic Transport Protocol) tunnel.                    The UE is configured with a single subscriber session using a single subscriber session and a single IP address. When a network flow should be offloaded, the HeNB (or the L-PGW) sends it out as plain IP. Since the IP address assigned through the subscriber's session to the UE belongs to the mobile network domain, it is not routable in the local network where the HeNB [L-PGW] is located. Hence, the HeNB [L-PGW] performs a source NAT (Network Address Translation) in order to properly forward traffic toward the global Internet.            A drawback of this approach is the requirement of a NAT which make in-network subscriber identification complicated and involves checking of NAT tables. Furthermore, this approach refers to the routing of packets to the (uncontrolled) global internet, i.e., it still requires the use of the broadband access network to deliver the packets to the global internet. As stated earlier, it means that network packets are encapsulated in, e.g. a PPP subscriber session, which involves the limitations and issues discussed earlier.                        