I'm so naive...
I had assumed that they'd have had all these sorts of networking options and variations on-the-shelf since the 1990s.
Wide Area Networking (WAN) solutions are not discussed enough in the tech press. We babble incessantly about consumer broadband, or some new top end fibre speed achieved in a lab, but this is merely a fraction of the story. There is a very real revolution in WAN connectivity that is occurring right now, today. It goes largely …
The main difference between the 1990s and today, and the real point that Mr. Pott should have made, is that Ethernet has become the dominant WAN technology for Layer 2 networks. The ubiquity of Ethernet in WAN connectivity opens a large bevy of technology choices that just couldn't exist with other technologies, same as it did for LAN connectivity decades ago.
These solutions are available to anyone who's willing to pay the enormous price. There's no getting round the fact that someone's going to have to dig a big trench to put your fibre in, and that doesn't come cheap. Still, it's more cost effective than relocating a big factory or farm to a city centre.
Almost. In practical terms I think you'll find that some providers will say no even to money no object customers if it's "too far" off their patch. But you are right, the costs can soon put anyone into Yorkshireman mode How Much ? when trenching is typically charged in the 10s of k per kilometer.
"...only available to those people in big cities..."
Becoming less true with the latest fiber optic technologies.
We live on several acres of forested lakefront, miles outside the downtown core of a middling size city. The fiber optic crew came through in 2014, stringing fiber on poles faster than a person can walk. Now we could have up to Gb service if we wished, but 150 Mbps is enough. That fiber optic "last many miles" (up to 40km, all passive) link enables the rest.
Those decision makers mystified by the concept should look up Bell Aliant FibreOP. It's the example that proves that it can be done, including the mystical business case ($) angle. Those claiming it's impossible are simply ill-informed.
It's nice that we randomly happen to live in the exact location where they've 'cracked the code' and rolled trucks. As opposed to waiting decades more.
With a fast connection, the rest is trivial.
Bell Aliant FibreOP is great. I have the minimum Home Internet, I think it's 75 Down and 30 Up. I haven't bothered to check in quite awhile as it's fast enough for my usage. The TV service is great too. Fibre to the Home had to be well worth it for them, as the only people who don't use it are those who it hasn't been run to yet (and it does have a huge footprint in Atlantic Canada) or those wanting a lower cost alternative and the alternatives aren't that much less, especially considering that the usage caps are much lower (or were, again haven't looked at anything else in years).
So what's the difference instead of routing it to your HQ? You're just outsourcing security - you still have traffic routed to a central location. Does outsourcing security works? Yes/No/Maybe - it all depends on your security needs and resources. Just IMHO makes little sense to have branches security outsourced, and HQ in house. You have a "split brain" situation that usually doesn't help - especially if there is little difference between the sensitivity of data sent through the Internet and those exchanged across the dedicated connection.
... but I don't get the point of the article. Or rather, I get the point but would not consider this news. Of course a local Internet breakout is necessary, and has been forever. Because of the huge cost of high bandwidth MPLS, and because there's a redundant connection available.
Basic SOP :
- large branches : get MPLS + local breakout. MPLS used for critical services, breakout for Internet and VPN backup if/when MPLS fails. Do not use same telco for both. Added advantage : for MPLS a lower SLA might be ok, thus lowering cost.
- small branches : get 2 consumer grade Internet connections. Use one for VPN to HQ and the other for Internet breakout/VPN backup.
If you shop for MPLS across continents (and it's allowed by HQ), check pricing with telco's on all continents. It might be cheaper to get from B to A then from A to B.
Yeah, Trevor - all that you mentioned my firewall can do... Along with IDS, IPS, etc., etc. Why? Because we choose our firewalls well (no Cisco ASs-A). The revolution in WAN is actually next-gen firewalls - pick well and you don't have to rely on bunch of crew-ups otherwise known as "service providers".
Simple policy worked for us - get the minimal, most generic service ISP (inet with ethernet hand-off, p2p ethernet, etc.), then integrate it into your infrastructure properly.
And any time we got away from it - SP finger pointing every time there is a problem.
networking is pretty boring
I don't agree. When you actually sit down and work out how a chunk of data gets from my laptop in south northamptonshire to a server somewhere on the west coast of America there's a helluva lot going on. All those protocols, wires and switches playing 'pass the parcel'..and yet it works.
Maybe it's because I'm old enough to remember when computers mostly only talked to themselves but I find it almost fascinating, both the technology and the politics of it.
being both sys and netadmin for all of my career, i cannot imagine taking purely sysadmin position...
Not to mention that having decent understanding about networking will be immensely beneficial for sysadmin work.
I come across increasing number of sysadmins with no clue at all about networking, and it severly limits their ability to diagnose issues with processes and daemons.
I agree. I've implemented and designed some interesting things in my career that covers all infrastructure elements but networking is the one thing that i continue to find interesting. Also, the people that intimately know networking and its concepts have a great advantage in every other field
I love it. Its almost a science to understand fully and has been the one skill set that i have consistently used throughout my career.
both the technology and the politics of it
And the economics. The economics, man!
I wouldn't say I know nothing about networking, but I sure am not ready to design a WAN for my increasingly crazy-arse company. In case I dont't burn out soon or leave, I guess I will be asked to come up with something, probably between breakfast and lunch due to all the other "priority 1" projects that occupy my time.
What book will bring me up to speed?
There's no one book that you could read... I've been a network engineer/developer/administrator for over a decade, got some pretty high level qualifications from a number of hardware manufacturers and I'm still learning new stuff every day.
Anyone who says they're an expert in all fields of networking is telling fibs.
Best thing to do is start with some basic training, e.g. Cisco CCNA. Learn Subnetting, The 7 layer Model, get some routers and switches to play with (it's amazing how well you can simulate a large WAN with just a decent layer 3 switch, a few Linux boxes and GNS3.)
It's also only through experience that you learn which carriers are good, and which ones to avoid, for example BT, Verizon, Level3, XO all are great and want to do well by their customers. Avoid DTAG (Deutsche Telekom / T-systems) And Orange (France Telecom) like the plague... They seemingly deliberately oversubscribe their peering links meaning that you experience unexplained packet loss that they just blame on you - this is a plot to get you to purchase high bandwidth links direct from them in other countries to avoid your traffic going through their peer links.
And please don't get me stated on Airtel in India. I mean none of the carriers there are particularly good, but these guys happily drop your traffic left right and centre, do nothing about it except to say they can't see any problem, then immediately close the ticket when the transient event had passed instead of getting us a Reason For Outage, or providing any info on what has happened.
One of the things we're currently working on is intelligent load sharing (NOT load balancing) across multiple unreliable links... e.g. take a few 4g cards, a couple of DSLs and maybe an enterprise circuit or two and use them all together like one big virtual link back to your NAP. Works great, but hellishly complicated.
Way back, in the dim and distant past, a wan link would be implemented between proprietary equipment at each end supplied by us over a bit of wire supplied by the telco.
When a failure occurred an argument would ensue between the telco and us.
We knew our equipment and ran diagnostics over the link to show fault with the telco.
No-one else knew our equipment, we didn't tell anyone else how it worked, it was confidential.
The telco could probably run a protocol analyser on the link.
We were running video conferencing over multiple links but the sharing was accomplished by a proprietary switch at each end. The switch had some custom ICs which performed all the required magic.
Most equipment I worked on were just boring processors with boring peripherals implementing boring protocols, ho hum. Some equipment had some custom trickery which made life a bit more interesting. I worked with a few guys in networking who were absolute wizards. I was lucky to learn a bit from some really clever people.
My knowledge will pass away when I die, I hope you are passing on your knowledge.
It's still the last mile that matters first and foremost. While reading the article, I was itching with curiosity all along, wondering if telepathic broadband transfer has finally been invented, or if the article would culminate with postal pidgeons over MPLS or something... none of that, actually.
In terms of weird stuff over MPLS, the weirdest I've read about was something like SDH over MPLS.
Back to last mile.
Even if you have a local cable co. / ISP wiring the whole neighborhood (around your offices) with dense FTTB at very friendly consumer prices, and you let him enter your building with a plastic pipe (the extra trench is like 15 m), once you ask for an actual proposal, for some modest symmetric bandwidth over fiber, with a /29 block of public static IPv4... if there's no competition, he will possibly propose the fairly basic service at an outrageous sum of money. I was in that situation as a small business admin and kept using two microwave links (redundancy) for several years, until the local optical ISP finally gave in and proposed something sensible (and the sales guy got fired shortly afterwards.)
Here in CZ in a mid-size town (100k people), the real news in the recent years has been that local optical startups have started trenching across our post-commie residential areas (highrise condos with lots of grass inbetween). Actually in our very town, it's not that optimistic - it's a nation-wide cable co. vs. a local optical competitor. The nation-wide behemoth doesn't bother to offer better pricing, hence the local cable/optical company (in the business for some 25 years now) is earning most of the new consumer customers, for its symmetric optical (FTTB) Ethernet... but they're actually not a new startup, they're more like a local incumbent. Next to the incumbent telco, selling DSL over 20 years old copper, which was then (in mid nineties) totally overhauled using govt subsidies...
The midsize and bigger cities tend to be barricaded against "trenching optical startups" by local incumbents with political connections. I keep hearing about even smaller towns (~10-20k residents) where wireless ISP's turned optical startups are busy trenching consumer broadband and selling it cheap, with the support of an elucidated local authority. Excellent places to live, less excellent to find a job apparently...
Hell I'm told that many locations in Prague are absolutely hopeless in terms of modern broadband, consumer or business-class. And, it's always about the last mile. Noone bothers to lay new optical cables in the densely cobbled urban areas. I used to work for two ISP's in Prague for several years around Y2k, I remember very well the numerous sales opportunities where there simply was no last mile transmission line to use... Where I work now, we have an office in Prague as well, at an outskirt of the city (a residential area with highrises and lots of grass) and our office still uses a microwave link!
I work for an admittedly small business. We don't care about MPLS. Most of our sales people are scattered throughout the country anyway, and the business software has to be useable for them from anywhere they stop for a while, so it wouldn't matter if some bigger "remote offices" had MPLS or some L2 VPN... It's OpenVPN for all of them and RDP on top of that, and the database client running against a local RDBMS on an RDP desktop is throttled mostly by ODBC latency, much more than by RDP screen refresh.
Once you get a good last mile, VPN can be quite a breeze. Perhaps we're lucky that we have a good local (national level) peering arrangement: the independent peering point (called NIX.CZ) now actually runs a distributed infrastructure with nodes in several cities... and I haven't heard about bilateral peering skirmishes among ISP's in the last 15 years or so. As for the firewalls... if you know the necessary basics, a good basic firewall can consist of a Linux PC with OpenVPN for the tunnels and Quagga(Zebra) to do some internal routing of your private subnets. Dual uplinks to two ISP's (with a double NAT) have their inherent limits for outbound internet traffic, but can be pretty nifty for a redundant VPN = if combined with redundant VPN tunnels and some dynamic routing on top (I prefer iBGP over OSPF, as BGP does *not* require a clear "link state" from the lower layers and keeps checking the connectivity on its own). You don't even need a PC for this, you can run OpenWRT on some SoHo router hardware, and theoretically Mikrotik HW/FW should also be capable of this.
Yeah right - I'm at the lowest end in terms of headcounts and bandwidth. It only starts to get interesting when you struggle with bandwidth and complexity (imagine multiple sites linked together in a massive VPN mesh).
I am told that there are off-the-shelf firewall boxes (no, not Cisco) that are miles ahead of my homebrew cobbled gateways. For the lazy folks it must be an excellent solution.
"Local Internet Breakout" - hell, I never knew it's got a dedicated name :-)
Outsourced VPN, outsourced security? God forbid, as long as I have a word... I used to work for the other side.
Same thing here in the rural areas of parts of Canada.
Except we have wooden 'telephone poles' where the power, copper and now FibreOP lines are strung. Up in the air, no trenches.
When the fiber optic crew came through in 2014, they moved so fast that the safety crew couldn't keep up.
Huge multi-acre lots in the forest. Up to Gb FibreOP service. It's sweet.
Some companies have figured out the business model, others haven't.
I'm not affiliated with them, just a happy customer (or my company is)
The company I work for rolled out a hosted wan solution from Aryaka last year between our main office in Europe and a certain Asian country with a bit of firewall problems. This was after years of trying different VPN solutions, WAN optimizers, and other appliances. For us, MPLS is way too expensive.
After half a year of running on Aryaka, we're a very happy customer. It's loads cheaper than MPLS and it works. Latency dropped to half, and the very few connection drops have been last mile problems.
We connect to Aryakas endpoints as we would with a regular VPN, and then (as far as I has understood) Aryaka uses their own leased and private lines to connect us to an endpoint close to our final location.