Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: [1] 2

Author Topic: Home lab / thesis project / dual provider SD-WAN  (Read 5828 times)

niemand

  • Kitizen
  • ****
  • Posts: 1836
Home lab / thesis project / dual provider SD-WAN
« on: September 22, 2018, 05:34:47 PM »

Folks,

This is a bit of a placeholder thread that will be added to as I go on and might be interesting for those so inclined.

My home network is, intentionally, relatively simple right now. I'm about to blur the distinction between my MSc lab, my work lab and the home network.

What's about to happen is:

Replace Virgin Media Business with 2 x VDSL lines.

Build an SD-WAN using full IKE-less IPSEC across those two carriers to an SD-WAN instance running in AWS. The edge of my network will be an SD-WAN appliance, with VDSL modems on its two WAN ports. The AWS instance will be the hub of the network.

Along with this having a hardware appliance coming on the road with me as I travel for business that will also be part of the fabric.

Have 4 virtual SD-WAN appliances, with public IPs on one WAN port and private addressing on the other to simulate MPLS, each with a single Linux VM behind them as a virtual client machine.

A wireless access point will of course be present.

The 4 publicly addressed SD-WAN VMs will actually use an L2TP tunnel so that they are logically outside the LAN of the edge SD-WAN appliance. It will just see a stream of L2TP which it will be required not to send to AWS.

As part of the build SSL decryption will be used, zone-based security, DPI firewalling and proprietary application identification.

There will then be various attacks on provisioning process and externally to try and spoof nodes, DoS them or compromise their communication.

Might make an interesting thread.
Logged

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33879
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Home lab / thesis project / dual provider SD-WAN
« Reply #1 on: September 22, 2018, 05:45:12 PM »

Should make an interesting read.  :)
But before you get going may I ask a quick question to satisfy my own curiosity or fill in on something I may have missed.  I  saw you mention it in another thread too, but don't want to derail things too much, so a one liner will do as to why you are doing this. 

>> Replace Virgin Media Business with 2 x VDSL lines.

Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: Home lab / thesis project / dual provider SD-WAN
« Reply #2 on: September 22, 2018, 05:46:09 PM »

Hmm . . . Yes, it does look interesting. So I shall be watching:)
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

niemand

  • Kitizen
  • ****
  • Posts: 1836
Re: Home lab / thesis project / dual provider SD-WAN
« Reply #3 on: September 22, 2018, 05:59:27 PM »

Should make an interesting read.  :)
But before you get going may I ask a quick question to satisfy my own curiosity or fill in on something I may have missed.  I  saw you mention it in another thread too, but don't want to derail things too much, so a one liner will do as to why you are doing this. 

>> Replace Virgin Media Business with 2 x VDSL lines.

Sure!

My home office is not so much a home office as it is a branch office. It holds lab facilities that I and others in my team use. It also runs all the applications a 'power user' runs, as well as being my VPN back home to my content.

I was told higher uploads were on the way in 2016 and would arrive on business tiers first. They were trialed in 2015. They don't seem any closer. 20Mb is not enough to run home, branch office and road warrior services. For the same price I can get 38Mb out of 2 VDSL lines so sayonara VM, and may your complacency and arrogance bite you in the future if the competition catch up leaving you scampering to upgrade and release the products you haven't bothered to, preferring (allegedly) executive compensation.
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: Home lab / thesis project / dual provider SD-WAN
« Reply #4 on: September 23, 2018, 04:21:22 AM »

CarlT - will be watching with interest. Some links to reading matter for remedial and relatively geriatric users such as myself appreciated.
Logged

dee.jay

  • ISP Rep
  • Reg Member
  • *
  • Posts: 952
Re: Home lab / thesis project / dual provider SD-WAN
« Reply #5 on: September 23, 2018, 11:40:58 AM »

As a Network Engineer, I shall be watching with interest too. I've not seen much in the way of real SD-WAN out there, so this will be one to follow, for sure.
Logged
Starlink and AAISP L2TP combo routed by opnSense on proxmox

niemand

  • Kitizen
  • ****
  • Posts: 1836
Re: Home lab / thesis project / dual provider SD-WAN
« Reply #6 on: September 23, 2018, 12:09:15 PM »

As a Network Engineer, I shall be watching with interest too. I've not seen much in the way of real SD-WAN out there, so this will be one to follow, for sure.

I'm not on commission so will save the sales pitches for the folks that are  ;D
Logged

niemand

  • Kitizen
  • ****
  • Posts: 1836
Re: Home lab / thesis project / dual provider SD-WAN
« Reply #7 on: September 23, 2018, 12:11:17 PM »

CarlT - will be watching with interest. Some links to reading matter for remedial and relatively geriatric users such as myself appreciated.

Hmm reading matter. Umm my thesis is going to be a good part of it. If I find quality sources I will share them. It's an emerging field and has had relatively little academic work done on it.

Nightmare for referencing.
Logged

niemand

  • Kitizen
  • ****
  • Posts: 1836
Re: Home lab / thesis project / dual provider SD-WAN
« Reply #8 on: October 01, 2018, 01:43:55 AM »

Work in progress. Cut over once VMB is disconnected in a month.

As an aside: https://community.virginmedia.com/t5/Speed/Higher-upload-speeds/m-p/3839697#M197426
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300
Re: Home lab / thesis project / dual provider SD-WAN
« Reply #9 on: October 01, 2018, 06:14:16 AM »

Typical rip off Britain, I only went with Vivid 350 to get a decent upload speed.
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

dee.jay

  • ISP Rep
  • Reg Member
  • *
  • Posts: 952
Re: Home lab / thesis project / dual provider SD-WAN
« Reply #10 on: October 01, 2018, 03:27:48 PM »

I'm not on commission so will save the sales pitches for the folks that are  ;D

Phew, I like gory technical details, please.
Logged
Starlink and AAISP L2TP combo routed by opnSense on proxmox

niemand

  • Kitizen
  • ****
  • Posts: 1836
Re: Home lab / thesis project / dual provider SD-WAN
« Reply #11 on: October 03, 2018, 01:48:40 PM »

I took the opportunity to take a poke at Virgin Media Business on Twitter.

Mwahaha.

https://twitter.com/CarlTSpeak/status/1047467820093771776
Logged

dee.jay

  • ISP Rep
  • Reg Member
  • *
  • Posts: 952
Re: Home lab / thesis project / dual provider SD-WAN
« Reply #12 on: October 03, 2018, 03:09:35 PM »

Will this SD-WAN setup allow you to effectively bond two internet connections that could be from two different providers?

I use pfSense that just does outbound load-balancing - it's very nice if I am performing transfers where I can make multiple connections at once, but it falls on it's face when, for example, I recently had to pay my road fund license for my car - and the gov.uk website did not like me load balancing in that manner and I had to revert to using a single connection in order to make it through, I guess the entire "flow" or the session needed to originate from one ISP.
Logged
Starlink and AAISP L2TP combo routed by opnSense on proxmox

niemand

  • Kitizen
  • ****
  • Posts: 1836
Re: Home lab / thesis project / dual provider SD-WAN
« Reply #13 on: October 03, 2018, 03:52:38 PM »

I can bond anything from any provider, and not per-flow, per-packet. It'll be as noted 2 x VDSL lines with LTE/4G as a fallback if those both drop offline.

I can control how individual domains, types of traffic, classes of traffic, etc, flow and whether I want traffic to go out to AWS via tunnels and be SNATed there as with a VPN solution, meaning full load balancing, or let it go straight out of a connection direct to net and not be bonded.
« Last Edit: October 03, 2018, 03:57:21 PM by CarlT »
Logged

dee.jay

  • ISP Rep
  • Reg Member
  • *
  • Posts: 952
Re: Home lab / thesis project / dual provider SD-WAN
« Reply #14 on: October 03, 2018, 07:41:19 PM »

OK - how much effort is this to setup, and is there anything I can do to aid you with this?

I have 2 VDSL lines, admittedly from two different providers. Not bothered about LTE backup as I've got 2 cell phones that can deliver 60Mbit over 4G at home so if I'm desperate I can tether a laptop off that.

However, I am very keen to explore this solution some more.
Logged
Starlink and AAISP L2TP combo routed by opnSense on proxmox
Pages: [1] 2
 

anything