What is a uCPE anyway?
A uCPE (Universal Customer Premises Equipment) is a flexible, software-driven platform that replaces traditional fixed-function network/server appliances with a virtualized device. Essentially a low footprint hardware appliance running a hypervisor to offer the most flexibility in software selection and future-proofing service deployment.
In this blog post we go over some of the challenges associated with ensuring top quality remote monitoring and access capabilities while maintaining a level of consistency in service delivery and support. We also highlight what we see as an industry trend towards converged virtual networking and infrastructure as a service. Our solution to enabling rapid deployment of services as well as 24/7 remote access is the Archous uCPE.
The Challenges, Concerns, and Needs – Explained
Challenge: Remote Probe Reliability
At Archous, we strive to be as flexible as possible when it comes to our deployment strategy for monitoring and remote access to customer networks. We also like to be frugal and re-use what resources customers may have already available. However, when it comes to onboarding remote probes to customer environments we have found that customer-provided remote probes aren’t always the best fit. Some examples below of issues we have faced when we try to deploy remote probes in to customer environments.
- Remote probes do not have proper redundant connectivity to the Internet
- Remote probes do not meet our system requirements in terms of CPU/memory/storage
- Remote probes are not on dedicated machines or are being shared with others
- The underlying hardware supporting remote probes is unreliable or unhealthy
- Customer timelines and availability to prepare their network and compute for remote probes are non-determinate or very limited
Remote probes are Archous’ way in to a customer’s network to manage devices that we have onboarded to our Managed Devices plan. Without them, we cannot provide the monitoring services, backups, and we routine management to your networking and compute hardware. Ensuring reliable remote probe connectivity is perhaps most critical in an emergency support scenario and the last thing we want is for the remote access to be down in that dire time of need.
Need: A Platform for Network Virtualization and Infrastructure SaaS Delivery
As Archous has grown, and brought more infrastructure “as a service” applications to our customers, our ability to deliver these services in a rapid and reliable manner has at times been bottlenecked. Some current examples of our Infrastructure SaaS services are Managed DNS, NetFlow as a Service, and Cloud Monitoring. These are all services that have have a good fit to be deployed on-premise within the customer’s network.
There’s also a trend in the industry to move to network virtualization primarily due to benefits from deployment flexibility, regulatory reasons and cost savings compared to traditional silicon-based networking products. Virtualized solutions like netElastic vBNG, VyOS, and 6WIND VSR are front runners in network virtualization in the ISP space. More broadly speaking, there’s virtual network operating systems from Sophos, Sonicwall, Juniper, Cisco, Arista, and MikroTik that allow operators to stay within their preferred ecosystem while taking advantage of the benefits from virtualization.
The following are examples of some of the challenges associated with delivery of Infrastructure SaaS and Network Virtualized services:
- Every customer’s network and compute deployment is different. Finding the right way to integrate with the customer’s network can be cumbersome and slows down deployment
- Customer’s don’t have any existing compute resources or the compute resources are inadequate
- Customer timelines and availability to prepare their network and compute are non-determinate or very limited
The common theme here is some underlying hurdle with the customer’s network and compute deployment. It’s an unknown that isn’t always an obstacle but when it is we usually find out during deployment time or when there’s a need to bring up some critical service ASAP. Finding out in this way leads to a bad customer experience. Customers need a solution for when there’s an urgent need at hand, their Network Virtualization and Infrastructure SaaS can be deployed rapidly and within predictable timeframes.
Concern: Managed Services Mean Customers Lose Control
Customers want to maintain as much control over their network and compute as possible. Headless vendor-owned, or vendor-locked Blackbox appliances are not the solution. ISPs, enterprises, and campuses are operating in an era of open networking and automation that enables controlling their own destiny. Frugality is key. Rack space, power, and connectivity come at a cost.
Many customer engineering teams have skilled staff available to troubleshoot and self-service their infrastructure needs. Management doesn’t want to see their capex invested in hardware that is useless after severing the relationship with the vendor. A robust solution is needed that provides an appropriate balance of vendor-driven support with future-proofing, customer ownership and self-serviceability.
Solutions and Use Cases
Rapid, Reliable Deployment: Archous uCPE
The Archous uCPE provides a consistent, ISP-managed platform that enables rapid and reliable service deployment by standardizing hardware and centralizing provisioning. It eliminates the challenges of deploying remote probes by offering a stable, always-available environment with assured connectivity and remote management. With built-in support for multiple WAN uplinks and automated failover, it maintains service continuity during upstream Internet outages. Additionally, by serving as a virtualization-capable edge platform, it allows Network Virtualization and Infrastructure SaaS along with remote probes to be deployed, updated, and scaled dynamically without requiring integration with existing hardware or new on-site hardware, reducing both deployment time and operational complexity.
Shared but Centralized Management
Archous’s uCPE solution is powered by the VMware ESXi hypervisor and, as part of the monthly service for the uCPE, both the customer and Archous support staff gain access to the Big Network Edge OS networking capabilities as well as the toolset to manage VMs in the underlying hypervisor. A new ArchNOC portal is being developed to enhance the customer experience to include the ability to manage uCPEs centrally, create / deploy / reboot virtual machines, and orchestrate Ethernet Pseudowires within Edge OS. Archous is also working to bring the ability to rapid deploy network and Infrastructure SaaS functions to uCPEs; enabling the deployment of remote probes for Managed Devices and services such as Managed DNS, NetFlow as a Service, and Cloud Monitoring all from the click of a button.
Customer Owned Hardware
Customers like to own their own networks in every way possible and at Archous we agree with that approach. Archous’s typical managed services offering is one that is meant to be a shared-responsibility engagement. We like to grant customers as much full control of their network hardware, software, and supporting infrastructure services as possible — all while Archous continues to make our team available as a technical resource for the ultimate escalation point for managing and maintaining the platform and services.
Archous uCPEs are purchased by the customer. Since customers own the hardware, there is peace of mind knowing that if services discontinue with Archous, the customer has full capability to repurpose the hardware and install whatever operating system or hypervisor that fulfills their needs.
uCPE Use Cases
Managed Customer Premise Device
Enable a centrally managed, remotely provisioned, operator-controlled platform deployed at the customer site to deliver network services. Provide routing, NAT, and DHCP for local network connectivity, along with remote access VPN and Cloud Network VPN capabilities for secure connectivity as a service to customer’s enterprise network resources. Extend connectivity by building Ethernet Pseudowires to extend Layer 2 services across the provider network.
Cloud Networking Extension
Extend cloud-hosted network functions directly into on-premise environments using simple Layer 2 or Layer 3 connectivity. Designed for simplicity, the uCPE allows organizations to bridge cloud and on-prem environments without complex reconfiguration.
Network Edge, BNG, or Core Virtualization
Enable virtualization at the network edge, supporting Network Virtual Services such as edge routing, firewalls, and BNG for thousands of customers. Rapidly deploy network functions while maintaining high performance, lower cost, and efficient resource consolidation.
Infrastructure SaaS Virtualization Hypervisor
Quickly spin up and manage virtual machines for infrastructure and enterprise workloads. Enable rapid provisioning, local processing, and reduced latency by running services closer to users and devices. Support centralized management while operating reliably in distributed environments.
Reliable Remote Management
Reliable remote management protected by WAN failover to ensure continuous access, automatically switching connections if one link goes down. Enable secure control at Layer 3 for routed, IP-based management and at Layer 2 for direct access to local networks and devices. This combination provides resilient, always-on visibility and control across the entire infrastructure.
Ethernet Pseudowire Termination
Thanks to the collaborative work between Archous, Core Transit, and Big Network, we can offer you a unique over-the-top layer 2 tunneling technology on uCPEs. This tunnel technology, coined here as “Ethernet Pseudowires”, is capable of transporting packets over the Internet (or any IP underlay) securely with encryption, transparently at layer 2, and performantly with multi-gigabit throughput. The Ethernet Pseudowires also support multiple topology types including E-LINE, E-LAN, and E-TREE to align with Carrier Ethernet standards.
Ethernet Pseudowire transport features and capabilities:
- ChaCha20 encryption for high-performance
- Full sized and jumbo PDUs: Tested up to 2000 bytes without fragmentation
- Layer 3 packets: GRE, IPSEC, IPv4 and IPv6
- Layer 2 frames: VRRP, STP, LACP, VLANs, MPLS, CDP, LLDP, MNDP, MAC-Telnet
- Active/standby WAN failover with multi-gigabit throughput per-pseudowire