+ All Categories
Home > Technology > ElasticISP

ElasticISP

Date post: 19-Feb-2017
Category:

Technology
Upload: khnog
View: 202 times
Download: 0 times
Download Report this document
Share this document with a friend
22
KHNOG Micro Event PHNOM PENH MAY2016 Skeeve Stevens & Try Chhay ElasticISP NFV in Action e intellego networks . a s i a
Transcript
Page 1: ElasticISP

KHNOG Micro Event – PHNOM PENH MAY2016

Skeeve Stevens & Try Chhay

ElasticISPNFV in Action

eintellegonetworks. a s i a

Page 2: ElasticISP

ElasticISP KHNOG MAY 2016

• NFV• ElasticISP – The (Original) Concept• ElasticISP – The Reality• Elastic Architecture• Q&A

Agenda

ELASTICISP

Page 3: ElasticISP

ElasticISP KHNOG MAY 2016

• Network Function Virtualisation• https://en.wikipedia.org/wiki/Network_function_virtualization

• The NFV framework consists of three main components1. Virtualized network functions (VNFs) are software implementations

of network functions that can be deployed on NFVI1. Network function virtualization infrastructure2. Network functions virtualization management and orchestration

architectural framework

NFV

ELASTICISP

Page 4: ElasticISP

ElasticISP KHNOG MAY 2016

ELASTICISP

The Business

Page 5: ElasticISP

ElasticISP KHNOG MAY 2016

• We had a lot of hardware in the AU office• We have many people who want to start ISP

• Talk to 10 per month, Proposal to 3, build maybe 1• Capex intensive• Start small ISP cost is around $35k PS and $50k-$100k for hardware• 50% of small ISP fail because they are not good at business• No skills to run ISP network

Why ElasticISP?

ELASTICISP

Page 6: ElasticISP

ElasticISP KHNOG MAY 2016

• Cloud – Direct Access (AWS, Azure, Google Compute, OrionVM, Vmware)• Core ISP Infrastructure (LNS, CGN, Routing, Peering, etc)• IP Transit – Backup paths, OnDemand capacity• Tails - xDSL, Fibre/NBN, MetroE, International Circuits - anything Layer 2• Voice - SIP Trunks, Hosted Voice; Full Enterprise PABXs• DDoS Protection-aaS• VPN, Proxy, Security

What can we do?

ELASTICISP

Page 7: ElasticISP

ElasticISP KHNOG MAY 2016

• Make it easy for Cheap to start ~$15k (less CapEx, move to OpEx)• Fast to start ~0.5 – 2 days• Minimal risk of loss• No Expertise for Network infrastructure• Professional ISP Engineers doing management and liaise with providers• Legal relationship remains with ISP (not EIN)• Grow to beyond 1000 customers – can move to physical or hybrid options• EIN can use excess hardware (7200/MX80/switching)• Use Cloud for off-load after exceeding hardware capacity

ElasticISP – The (Original) Concept

ELASTICISP

Page 8: ElasticISP

ElasticISP KHNOG MAY 2016

• Orchestration is easy (Ansible)• Cloud is awesome (once we found layer 2 cloud provider)• Do not actually need any hardware except Switching - We are using

• Open Networking Switching (Cumulus + Dell for 10/40Gb)• Juniper MX80 / Cisco 7200 (all to be retired?)

• Scales to massive numbers – million users? Capacity?• Can be used for outsourced corporate network core

ElasticISP – The Reality

ELASTICISP

Page 9: ElasticISP

ElasticISP KHNOG MAY 2016

ELASTICISP

The Architecture

Page 10: ElasticISP

ElasticISP KHNOG MAY 2016

• APNIC Membership + ASN and IP Address Resources• If not, eintellego will consult/help to get them

• Transit provider + Peering (IX)• Wholesale Tail/carrier provider (i.e. CFOCN, Telecom, Wicam, SI, etc..)• Own your billing system/authentication service (we can help find)• $$$• Support skills (EIN does not do Level 1 support!)

ElasticISP – Pre-Requisites

ELASTICISP

Page 11: ElasticISP

ElasticISP KHNOG MAY 2016

• BGP Edge Router: Transit and Peering• Core Routing/Switching (IGP)• LNS/LAC: Terminate PPPoE sessions• CGN (if needed)• Firewall - Security if needed• Authentication server – Radius (AAA server)• Anything else of your choosing (Proxy/Cache, Physical hardware, etc)

ElasticISP – ISP Equipment

ELASTICISP

Page 12: ElasticISP

ElasticISP KHNOG MAY 2016

Physical Topology

ELASTICISPTransit

CORE-SW

LNS FW

IX Peering

CPE

Auth Server

Carrier

• Example of small/medium ISP• Core Switch/Router• LNS• Firewall• Authentication server

Page 13: ElasticISP

ElasticISP KHNOG MAY 2016

Logical Topology

ELASTICISP

• Public user access Internet throughLNS and Core router

• Private user access Internet through firewall by using NAT

Transit

Core

LNS

Firewall

IX Peering

Private CPEAuth Server

Public CPE

NAT

Private Internet session

Public Internet session

Page 14: ElasticISP

ElasticISP KHNOG MAY 2016

• The same Core Switch/Router/LNS/FW• But they are inside physical devices• Ex: Vmware inside physical server• You don’t need any hardware

• Less budget

Physical Network - eISP

ELASTICISPTransit

CORE-SW

LNS FW

IX Peering

CPE

Auth Server

Carrier

EISP

Page 15: ElasticISP

ElasticISP KHNOG MAY 2016

• The same process as normal ISP• Less cost, less risk and scalable

Logical Network eISP

ELASTICISP Transit

Core-SW

LNS Firewall

IX Peering

Private CPEAuth Server

Public CPE

NAT

Private Internet session

Public Internet session

EISP

Page 16: ElasticISP

ElasticISP KHNOG MAY 2016

• Only physical switch for connectivity• LNS and FW are in Cloud• Ex: Cisco CRS1kv is

free 60 days• Easy to scale as you grow• Also easy to stop

if you give up the business

Physical Network – Cloud Provider

ELASTICISP

Transit-01

Wholesale-01

Wholesale-02

Transit-02

IX Peering-01

IX Peering-02CPE-02

CPE-01

Cloud-01

Cloud-02

EISP

CORE-SW01

CORE-SW02

LNS-01

LNS-02

FW-01

FW-02

Page 17: ElasticISP

ElasticISP KHNOG MAY 2016

• Totally the same functionas previous ISP

• More easier to scale from small/medium to big ISP

Logical Network – Cloud Provider

ELASTICISP

Transit-01

Wholesale-01

Wholesale-02

Transit-02

IX Peering-01

IX Peering-02CPE-02

CPE-01

EISP

CORE-SW01

CORE-SW02

LNS-01

LNS-02

FW-01

FW-02

Cloud-01

Cloud-01

Page 18: ElasticISP

ElasticISP KHNOG MAY 2016

• User send PPPOE request to LNS• Divide user to two types: private user and public user• LNS checks PPOE request and forward to authentication server (Radius)• After authenticating, public user can access Internet directly• Private user access Internet through firewall or CGN• LNS and firewall access Internet through Core router with specific

virtual instance (VRF)• Core router setup eBGP with Transit for Internet access for the network• User is able to access Internet

ElasticISP – The User Process

ELASTICISP

Page 19: ElasticISP

ElasticISP KHNOG MAY 2016

• Cisco CSR1000v• Juniper vSRX• Cumulus VX• Debian Linux as Edge Router (BGP Quagga)• Centos

• Racoon (IPSec VPN)

• More to come!• LNS

ElasticISP – What We’ve Tested

ELASTICISP

Page 20: ElasticISP

ElasticISP KHNOG MAY 2016

• Orchestration / Automation via web portal• More Cloud providers• More Wholesale providers

ElasticISP – Plans

ELASTICISP

Page 21: ElasticISP

ElasticISP KHNOG MAY 2016

• Elastic Everything• ElasticISP concept is possible here in KH – more capex though• This will be the future for everywhere, including Cambodia• This is the new way – do not be left behind• Network Engineers need to understand NFV and associated technologies, esp

ecially virtualisation, cloud providers and elastic fabrics• Open Networking is going to be a big part due to choice and costs

Summary & QA

ELASTICISP

Page 22: ElasticISP

TRY CHHAY

THANK YOU.

e: [email protected]: @skeevestevenslinkedin: /in/skeeve

e: [email protected]: /in/trychhay

SKEEVE STEVENS

eintellegonetworks.asia