top of page
Search

Bumblebee Internet DIA Architecture

Updated: 2 days ago


The Current Internet DIA Architecture

Internet DIA is becoming the most popular circuit type for businesses to connect to the Internet. A typical Internet DIA architecture provided by carriers and ISPs is shown in the diagram below.


Traditional Internet DIA Architecture
Traditional Internet DIA Architecture

Where the service provider deploys a NID device as the demarcation device at the customer site. On this demarcation device, two L2 VLANs are configured: one Data VLAN for customer data traffic and the other a Management VLAN for the service provider’s internal management traffic.


As can be seen from the diagram above, the management VLAN traffic is forwarded to an aggregation switch and is then routed to the provider’s internal central NMS station. An entire auxiliary network is required to route and connect the management traffic. Since the NID is an L2 device with a management IP tied to the management network, even the PE router cannot perform a simple ping test to check reachability to the NID.


This type of network is complex to manage and expensive to maintain. In addition, operators have very little upside. Everyone is trapped in a rigid, standards-driven architecture (governed by IEEE, Metro Ethernet standards, OAM protocols, and associated certifications). The high entry barriers in this model prevent meaningful competition.


The Bumblebee Internet DIA Architecture

Below is the Bumblebee Internet DIA architecture diagram.


Bumblebee DIA Architecture
Bumblebee DIA Architecture

As can be seen from the above diagram, in the Bumblebee Internet DIA architecture, data path is unchanged from the existing architecture. What is removed is the entire management network.


Benefits

Benefits can be discussed from several areas: security, reliability, simplicity and scalability.


Backward Compatible

Service providers do not need to make any changes to their existing Access Layer or Provider Core. All that is needed is to replace NIDs with Bumblebee CPE.


More Secure

In the traditional NID architecture, each NID is assigned a private IP address for communication with the central NMS station. The NMS uses SNMP commands to access the NID, which requires the NID to have specific TCP/UDP ports open to allow inbound traffic initiated from outside. As a result, if the central NMS station or data center servers are compromised, all connected NID devices are also at risk.


In contrast, the Bumblebee DIA architecture eliminates this exposure. The Bumblebee CPE has no TCP/UDP ports open for inbound traffic initiated from outside. All telemetry data is streamed to the cloud using modern push-based technologies. Consequently, even if the Bumblebee cloud portal is compromised, the Bumblebee CPEs remain secure and unaffected. No unauthorized traffic originating from the portal can reach the CPEs.


A traditional on-premises NMS deployment requires the service provider to secure the physical facility, harden third-party appliances in the data center, and implement strict controls to prevent lateral movement. Additionally, the provider must secure the entire management network, as there are many more components to protect.


Modern cloud infrastructure providers, on the other hand, have the expertise, resources, and scale to deliver highly secure facilities, strong isolation mechanisms, and dedicated VPCs to protect customer resources.


More Robust

Without an on-premises management network to maintain, the Bumblebee DIA architecture has significantly fewer components that can fail or require repair, making the overall deployment more robust and reliable.


In addition, the Bumblebee CPE natively supports cellular failover, delivering 99.99% (“four nines”) uptime for customers.The Bumblebee cloud portal is deployed with multiple instances behind a cloud load balancer. All databases and data lakes are deployed across multiple Availability Zones (multi-AZ) with built-in redundancy.


Elastic Scale

The Bumblebee cloud portal leverages the elastic scaling capabilities of cloud architecture to dynamically allocate resources as needed. This allows it to support any number of deployed CPEs with virtually unlimited scale, while providing a cost-effective way to manage deployments of any size


Better Troubleshooting

In this architecture, the Bumblebee CPE takes one IP address from the PE router (which serves as the default gateway for the subnet). As a result, the PE router can ping the CPE and effectively use other IP networking tools.


All modern networking tools for monitoring and troubleshooting can now be deployed. For example, the Bumblebee CPE monitors WAN link state and link utilization, provides application visibility, and offers packet capture, ping, traceroute, and speed test capabilities — both as a target server and as a client.


Shared Observability

Today, aggregators and carrier-agnostic ISPs have to deploy their own devices in order to gain visibility into the circuit.


This often results in multiple devices being installed on the same circuit. This reduces network uptime, as the failure of any single device can cause the entire Internet connection to go down.


In addition, troubleshooting to pinpoint the root cause of a failure becomes significantly more difficult with multiple devices in the path.With the Bumblebee DIA architecture, only one device is needed. Carriers can provide portal access to their partner ISPs and channel partners, eliminating the need to install multiple devices.


New Services

Service providers no longer need to maintain a separate management network or run rigid tools for managing an L2 network. In addition, the CPE can be used for DDoS protection, cellular failover, remote PDU management, and remote serial console access, among other functions. All of this can be done remotely from the comfort of the cloud portal.


How to Configure

Setting up Bumblebee CPE for DIA NID function is straight forward, as describe in the steps below.


  1. Login to the Bumblebee portal

  2. Create a CPE as described in Create Device link. Note you must select Pass Through mode.

  3. Select the just created device, click Actions -> Edit Network Info

  4. Check the box for Enable VLAN tagging

    1. Enter VLAN ID

  5. If Q-in-Q VLAN tagging is required, check the box for Enable Q-in-Q VLAN tagging

    1. Enter Q-in-Q VLAN ID

  6. Click Save


Now the CPE is capable of DIA NID functions.

Recent Posts

See All
New Releases

This document describes highlights of new Bumblebee feature releases.

 
 
 

Comments

bottom of page