Many Virtual Network Operators (VNOs) have started adding their own routers to Internet circuits that they are getting from NSPs (network service providers) and ISPs (Internet service providers). These routers are used to monitor, test, and troubleshoot Internet circuits and to pinpoint where a problem is occurring. They do not participate in Border Gateway Protocol (BGP), capture packets, or monitor customer traffic such as which IP addresses are talking to each other. They are designed to fail open (i.e., continue passing traffic) if something goes wrong. The question is if this additional device is worth the expense, which is typically passed along to the enterprise customer?
In the past, this monitoring/testing/troubleshooting role was played by Channel Service Units (CSUs), which were used for decades on T1/E1 delivery as a standard demarcation point between the network service provider and the customer edge network. The telecommunications industry was famous for blaming others for problems, so CSUs were used to monitor, test, and troubleshoot T1/E1 circuits. These copper-based circuits were prone to intermittent weather-related problems that are not seen as much today with fiber, which generally either works perfectly or not at all.
VNOs operate globally with the business value proposition of aggregating all Internet and other circuits with a single organization that is responsible for ordering, provisioning, supporting and billing. VNOs buy from ISPs and NSPs at a wholesale rate and resell the services under their own brands. Expereo, Granite, and MetTel are a few examples of VNOs.
An enterprise does not want to have to deal with hundreds of different local and regional ISPs and NSPs. Many enterprises started using VNOs for POTS lines in the 1990s and have migrated their Internet service to this model. VNOs are playing an increasing role in the deployment of SD-WANs, allowing enterprises to get the best (fastest, cheapest, and/or fewest dropped packets) local Internet connections as the industry migrates away from using MPLS for WAN transport. Thanks to portals and automation, an enterprise can see and manage all their Internet circuits in a single pane of glass.
The upside of VNOs adding this router to the service includes:
- High Confidence Provisioning – After the ISP installs their circuit, the VNO then installs their router and stress tests the Internet circuit to ensure it is ready for production when the enterprise needs it. It costs approximately $500 to roll a van to install an SD-WAN router at a site, so an enterprise needs to know the circuit is ready at cutover time.
- Proactive Monitoring – This consists of speed tests and link monitoring to ensure the ISP is providing the level of service that was contracted, and creating real-time and historical reports on Internet link performance. If an ISP underperforms for too long, replacing the ISP is an option.
- Faster Outage Resolution – When a problem does occur, being able to isolate and resolve the problem quickly is critical. Those of us in the network business know that we are held guilty until proven innocent. The router helps determine if it the user’s device, Wi-Fi, the Internet, or host that is the source of an application running slow.
While these are all good things, the downside includes:
- Additional Hardware – The cost to buy, install, and maintain the hardware is not cheap. Sure, whitebox routers running on commodity hardware have brought down the cost of a monitoring router to a few hundred dollars. Installation and maintenance may cost more than the router itself. Still, if the enterprise wants to upgrade from a 1Gbps to a 10Gbps circuit, the router most likely will need to get upgraded.
- Another Point of Failure – Yes, these routers are supposed to fail open if they lose power or die. But what happens when they get sick from a memory leak or other problem and slow down packets going through them?
- Security Concerns – While VNOs put tight restrictions on who has access to these monitoring routers, they still can be maliciously used to gather metadata on traffic patterns, even if all the network traffic is encrypted.
SD-WAN routers are designed to route around Internet brown-outs and are very effective at doing this when multiple circuits are in place. Internet can be delivered by fiber, copper, wireless (cellular, point-to-point, or satellite) and the SD-WAN will ensure the best path for every network session. The top tier SD-WAN solutions have ISP CSU monitoring and troubleshooting tools built in.
My conclusion is that the ISP CSU makes sense if the VNO is not managing the SD-WAN router, or there is only one primary circuit going into a critical site and the business wants to ensure the best performance out of a low cost Internet circuit. Eighty percent of SD-WANs are third party managed, but only a small fraction of these are being managed by a VNO. As Network as a Service (NaaS) takes off, SD-WAN management and VNOs will become more popular and the need for this ISP CSU will fade.
Every technology/product has its time and place, and it is your job as a technologist to decide when and where ISP CSUs fit into your enterprise WAN strategy.