We’re watching the Ukraine situation closely, but we’re watching the potential fallout even more closely. Russia controls a lot of the raw materials we rely on to power our technology - titanium, palladium. China uses those to create our technology, and though we trade with them, we’re not aligned politically. When we add those concerns to the existing supply chain issues, oil prices, astronomically increased threat of cyberattacks, and the growing spread of disinformation, we see a lot of risks that could change our industry and the world as we know it.
In our industry, we’re all aware of the increased threat of cyberattacks coming out of Russia. IMO, wipers - the idea that the malware can totally wipe out a machine's software code making it unusable - are the real threat. An attack on one is an attack on all when it comes to malicious code. The code they are slinging back and forth in the attack on Ukraine most certainly will end up elsewhere. We saw that in 2017 (NotPetya, WannaCry, Equifax) and it cost the world billions.
Across the US, we have a lot of unprotected critical infrastructure. Our hospitals, our energy and power sector, our water supply, and of course our telecommunications all depend on technology that is vulnerable to cyberattacks, ransomware, DDOS attacks, and wipers. And, of course, the supply chain issues that started with COVID have made it incredibly challenging to upgrade critical equipment that could be used for protection. In my opinion, we’re not ready as a country for what could come up.
We all need to exercise a 3 part strategy to protect against cyberattacks, wipers, and ransomware. First and foremost, we need to harden our systems to make it as hard as possible for offenders to have an impact. Then we need to create a lot of urgency and momentum around this and warn everyone involved in the business of the impact an attack could have. Third, we need to make sure our incident response teams are prepared to get systems back up as quickly as possible, and have a tested, supported plan in place to do that.
Even if you have a cyberattack mitigation plan in place, you’re still going to have some challenges with business continuity. Those are going to be exacerbated by the inability to get critical hardware in a timely way and the ongoing challenges in hiring good cybersecurity experts. So make sure you’re doing everything you can to be efficient with capacity - peering, caching, etc. Know what attacks might come up (DDOS, blackholing, wipers, ransomware, and so on) and have a plan for each. And find a firm (like ours) that knows what they’re doing and can help.
Of course, the increased threat of cyberattacks are only one of the issues our industry is facing now. We’re also dealing with the impact of supply chain slowdowns. These started with COVID, but they’re going to continue to grow as the price of oil and gas becomes higher, and Russia stops allowing exports (or countries stop accepting them) of its critical raw materials. So, we’re estimating that these shortages will continue for at least another year, and maybe much longer than that.
Gas prices are now at the highest levels they’ve ever been in the United States. Unless something changes we may be seeing prices this high for the next 6-9 months. What does that mean for your teams? Your people are going to have to pay more to get to work. Some of your subscribers may revert back to working from home, or start working from home more, to avoid paying the high cost of gas, which means they’re going to have higher bandwidth demands during the day. Each of your truck rolls will be more expensive - but we can help you reduce those costs.
It’s already hard to find good people. Unemployment rates are the lowest they’ve been in years. It’s particularly challenging to find people in your area with the types of skillsets they need to do the job. I believe that, as the information technology environment changes, the deep knowledge required is only going to increase, making it even more difficult to find the right people.
I also expect this crisis to lead to growing amounts of disinformation. First, we’re going to see that directly with Russia. Despite the efforts of hackers to open up the information environment for the average Russian, the country is moving towards levels of information control that rival North Korea and China. That means that their own people aren’t going to hear anything positive about the US and may start to believe what they hear. That makes them more willing to view the US as a target.
We’re already seeing state control of media expanding in Russia. We should also expect growing amounts of disinformation targeted at the US from Russia and its allies. Social media is too easy to manipulate and the platforms are too slow or too unwilling to block or censor bad-actor content. And since lies tend to spread far more quickly and widely on social media than the truth, these bad actors are able to sow disinformation and falsehood throughout our own communities.
Overall, there are a lot of reasons to watch this conflict very closely. Increased cyberthreats, long-term high gas prices, continuing supply chain issues, ongoing hiring problems, and growing disinformation are all going to have an impact on our industry long term. We’ll keep a very close eye on any new developments and changes, and will ensure we help our clients avoid any issues as much as possible.
What is BNG?
Broadband Network Gateway (BNG) allows for a centralized access point for subscribers to which they connect to the internet. BNG establishes and manages subscriber sessions in this centralized access point for easy management and scalability. When a session is active, BNG aggregates the traffic from various subscriber points on an access network and routes it to the network of the service provider.
We’re seeing ISPs of all sizes go to this type of model to help ease the challenges of managing a customer base and all the network equipment that goes into it.
One of the main goals with BNG is to move all customer-facing logical interfaces to one or two points on the network. In most designs, QinQ (IEEE 802.1Q) is used to bring the customer's data back to the BNG router (but there are other options). For example, on a per chassis basis you would assign a VLAN per subscriber with an outer tag assigned to that chassis. The customer speeds and other settings are all managed in one or two centralized RADIUS servers, making a single place to make a customer change.
How can BNG help avoid an IPv4 address acquisition?
One of the biggest issues challenging all ISPs right now is the IPv4 exhaustion problem. Unlike traditional ISP services where it is necessary to split up customer's subnets, with BNG, all customers can be put on a single broadcast domain and a single DHCP pool because BNG does not allow customers to broadcast outside of their own virtual interface. This prevents wasting IP addresses by not having to split them up and having a dangerously large broadcast domain.
The other way to alleviate the IPv4 exhaustion is to dual-stack IPv6 and CGNAT IPv4. Because everything in BNG is centralized, it makes it very easy to apply IPv6 to a single customer or all customers without having to redesign the entire network to get IPv6 to the edge. CGNAT can then also be applied with an appliance sitting between the outgoing interface of the BNG and the internet creating a "catch-all" for customers that need NAT added to their connection. The dual-stack option allows approximately 80% of the traffic destined for the internet to use IPv6 and the other 20% needing to be NAT'd. Many of our 7Sigma customers with this design have been able to lower the hardware and licensing requirements on their CGNAT box, saving money in that area and keeping the majority of traffic off of NAT giving customers a better user experience.
How does BNG work?
One of the ways this works is by “dumbing down” the access gear to make each chassis more like a fiber switch (or DSL switch), which allows the ability to have a single template to use over and over on the network for each chassis. In the event of a failure or bringing up a new site, there is really only the name, IP and outer VLAN that need to be changed to get things online. Chassis’ can be pre-configured, freeing up higher-end resources from having to spend so much time configuring and installing.
All the customer speeds would be located as a policer and shaper on the BNG router. The RADIUS server then holds the package that each customer is on that corresponds to the policer and shaper on the router. To do a mass upgrade of customers (ie. upgrade all customers on 10Mb to 20Mb), only an update to the speeds associated with the BNG router is required along with a one-line mass database update in RADIUS. The process is the same to upgrade 10 customers or 1,000 customers, which means it only takes a few minutes to upgrade thousands of customers.
These examples demonstrate the scalability of the network. Deploying BNG can greatly improve all the difficulties that come with scaling on your network. It also allows a smaller staff the ability to manage a much larger network, without needing to add staff for every nth customer added as a subscriber.
Is BNG right for you?
If you’re struggling to scale, or managing a network with a reduced staff, BNG may be a good approach. Want to talk through your options? Give us a call or send us an email any time.
We’re here to help you stay safe, stay in business, and keep your subscribers happy!
Are you and your team working from home?
NOC360 makes it easier for you and your coworkers to stay safe and stay at home.
Are your technicians staying as safe as possible?
We’re working from home, but we’re always here and always ready to help. Please send us a note or give us a call if there’s anything you need.