IPAM DDI Software, Subscriber Management, CMDB and Per Customer VLANs
charles at thefnf.org
charles at thefnf.org
Wed May 14 15:14:25 UTC 2014
On 2014-05-13 16:37, Kyle Leissner wrote:
> I would like recommendations on the following software/hardware
> elements required to run an access network. Assume you are building a
> greenfield network using a combination of access technologies such as
> DSL, GPON, AE, and WiFi.
What a timely thread! With all the talk the past several days about
incumbents and lack of alternatives, I'm glad to see someone starting a
If it's not ultra proprietary, what (major) geographical region are you
looking to start in, how many homes/businesses do you intend to pass? Or
is this all theoretical?
I've recently helped a coalation of non profits start an access network
in Kansans City Missiouri/Kansas. It passes about 1,000 homes. Uses wifi
exclusively. Meraki / Ubiquiti gear in the access layer, Ubiquiti gear
in the backbone. We've been ironing out things like grounding/access to
facilities, user access policies, dealing with bandwidth hogs etc etc.
Now we are getting to the support suite and asking some of the same
questions you are.
One thing I don't see you mention below is a network monitoring system.
What are you using for that?
> IPAM / DDI Solution: Needs full support for IPv6,
Of course. That's important.
> Customer VLANs,
QinQ? You looking at offering metro-e services?
ewww. v6 sir! Greenfield network and everything.
> VRF, Overlapping Address Space,
ewww again. Those are horrible hacks, v6 all the things.
> integration with DNS, DNSSEC,
So what does that mean? Create forward/reverse zone entries? Do you want
to be able to delegate zone editing to customers? You'll need strong
ACLs and what not. What does integration with DNSSEC mean to you?
> Integration with DHCP,
v4? v6? SLACC? RADVD?
> and integration with ARIN.
You mean the ARIN API? So you can setup auto SWIP?
Looks like there are
> both open source and commercial solutions available according to old
> NANOG posts.
Indeed. I've been looking at http://nocproject.org/ which should cater
to most of the above requirements.
Which cater to service providers? Who are the leaders in
> this space? Does anyone have experience with dealing with multiple
Multiple vendors in what regard? You mean integrating offerings from
Honestly I'd spend money on a couple good integration engineers. What
you are looking for almost certainly will need a good amount of
perl/python/bash glue to work. You could also throw money at proprietary
solutions, which might get you what you want.
> Subscriber Management/BRAS/BNG: Redback was the big player back in the
> day, but I believe they are no longer. Juniper has their Subscriber
> Management feature pack on their MX routers, and Cisco has their
> Broadband Network Gateway on their ASR routers. Besides these two
> vendors I am not sure what other solutions are out there. I believe
> both of these solutions communicate upstream to external radius
> servers and DHCP servers. Is anyone using Subscriber Management, or is
> there another way of doing it?
What is subscriber management? You mean like provisioning and such?
Ah here is a description:
"Broadband Subscriber Management is a method of dynamically provisioning
and managing subscriber access in a multiplay or triple play network
environment. This method uses AAA configuration in conjunction with
dynamic profiles to provide dynamic, per-subscriber authentication,
addressing, access, and configuration for a host of broadband services
including Internet access, gaming, IPTV, Video on Demand (VoD), and
We (Free Network Foundation) are doing this with RADIUS. FreeRadius on
the backend, hostapd on the access layer (fairly heavily modified, we'll
be submitting patches upstream soon), pfsense (with pfblocker, but used
in a reverse manner). This gives us full AAA capabilities. It's somewhat
"hacked" together, but our testing has seen good results so far. We hope
to deploy in limited production test this weekend.
> CMDB: A centralized database to keep track of all assets within the
> network would be nice. I would assume this would need to tie in with
> the IPAM solution and billing systems.
Yes. Agreed. I've not necessarily come up with a good system for this.
I'm using a combination of Zenoss / Observium (will retire Observium
once I have figured out the Zenoss API).
> If you had your choice starting from the ground up how would you
> deploy an access network today?
Well since I'm in the process of doing that:
v6 only (though to be honest, we are v4 right now, but heavily testing
v6. Still lots of broken stuff, like gaming)
Pfsense for internet edge (OSPF/BGP) routing, full l7
Zenoss (up/down, trending) Observium (used as a CMDB, will be
retiring for Zenoss soon)
Slack/Rundeck (configuration management, command dispatching). Since
everything is *NIX with a shell, I can just treat the routers/access
points like *NIX boxes and have access to a full suite of tools.
OpenWRT (qmp.cat firmware build) + Quagga (to redistribute the bmx6
protocol routes (adhoc/dynamic wireless) into OSPF/BGP (static
hostapd (heavily patched)
Users fund/own the equipment. They can buy as little or much as they
like (we advise them on a recommended bill of materials and help with
sizing etc). This keeps costs low.
Multiple transit providers of course.
That's it off the top of my head.
More information about the NANOG