12 subscribers went quiet together
Correlated by circuit ID down to the OLT and PON port. One likely PON outage, not twelve separate tickets.
Point your BNGs at AuthMesh and we run the authentication, accounting and subscriber telemetry, turning every accounting packet into dashboards, anomalies and alerts. No FreeRADIUS to run, patch or scale.
You send RADIUS. Everything after ingress (auth, accounting, storage, correlation and alerting) is run and scaled by us. Here's the whole path.
BNGs, NAS & other RADIUS clients on your network
Lightweight process wraps the stream in TLS
Data engine terminates & validates the stream
Managed auth & accounting, fully handled
Isolated auth & telemetry stores, per account
Insights, alerts, API, Slack / Teams / webhooks
alt path: skip stage 02 and send RADIUS UDP straight to ingress over a private link (AWS Direct Connect / Azure ExpressRoute).
A small process on a VM, server or container you already run. Devices point at it; it encrypts to TLS before it leaves your network. Run two, point your BNGs at both RADIUS IPs, and it's redundant.
Send RADIUS UDP straight to the ingress engine. UDP is unencrypted, so we only advise it over a private link (Direct Connect or ExpressRoute) via private peering.
AuthMesh hides the parts of RADIUS nobody wants to own, so your team works with subscribers and outcomes, not attribute dictionaries and failover config.
Create a real ISP subscriber from the dashboard or the API. AuthMesh materialises the RADIUS profile (users, attributes and policy) so nobody on your team hand-writes a dictionary again.
{ "username": "sub-104822@isp", "plan": "fibre-500", "auth": "pppoe" }
Auth and accounting run, patched and scaled by us. No FreeRADIUS to babysit.
Dedicated auth, accounting and database instances. No noisy neighbours, no shared blast radius.
tested throughput
Spikes in auth or accounting scale automatically, with no added latency at two million requests a second.
Encrypted transport from a VM or container you already run. Deploy it redundantly.
A documented API to provision subscribers and wire AuthMesh into your OSS/BSS and pipelines.
Most RADIUS answers yes or no. AuthMesh reads the whole accounting stream and turns it into detections your NOC actually wants, then fires them where you already work. Because we run your auth, we see every request in full, not a sampled copy from a tap. A few we run out of the box:
Correlated by circuit ID down to the OLT and PON port. One likely PON outage, not twelve separate tickets.
Flapping sessions surface on their own, so you see the unstable line before the customer calls it in.
Low-bandwidth outliers flagged against everyone else on the same BNG port, using the same accounting data.
Every detection can raise an alert into Slack, Microsoft Teams or an HTTP webhook. No new console to watch.
These are the kind of features we build toward: the same NAS-Port and circuit-ID data your BNGs already emit, put to work. Need a detection specific to your topology? We'll build it with you.
Push events and alerts out, or pull everything through the API into your own systems.
Book a demo and we'll trace a topology for your ISP, wire up the proxy agent, and share pricing. You keep running the network; we'll run the RADIUS.
✓ fully managed, per-account isolated · ✓ support on every plan, 24/7 on Premium · ✓ updates & features included