Software, technology, sysadmin war stories, and more. Feed
Tuesday, February 19, 2013

"The cloud" used to mean something else to me

Before everyone was all hot and bothered about "the cloud" in the way we use it now, it used to mean something else. Specifically, I used to hear "cloud" as a term used with frame relay circuits. The general idea was that of a nebulous place where you throw things at it, and they would emerge on the other side, but you didn't worry too much about how it worked. That's what the telcos wanted you to believe, at least.

I never saw frame relay being used in a way which really made sense to me. In my experience at my school district gig, it only showed up as a half-baked way to move packets from one place to another. It was never used as the "cloud" thing that was at the center of the hype.

It entered my life a couple of years into the gig when a bunch of local school districts decided to set up an "Internet access co-op". The idea was that they'd all connect to a common point, and then that point would have decent connectivity to the outside world. This is what you might do if you were setting up a peering point, for instance, but the way they did it turned out to be rather annoying.

When they did this, the school districts which already cared about the Internet in any way had long since established their own links to the outside world. One of them decided they wanted nothing of this and didn't link into it. My district, however, despite already being "online" for a couple of years at that point, decided to join to be neighborly and politically expedient. I figured it would be potentially useful in the sense of having better routes to local districts for whatever nebulous "learning" tech people might try to use in the near future, so I didn't complain.

All of the participating districts wound up with a frame relay circuit into the local telco's "cloud", and a single PVC (permanent virtual circuit) through that cloud configured on that circuit. The PVC ran from the various school district offices to the common aggregation point which happened to be at an area high school. In other words, we had a pipe into a cloud which conceivably could have been used to spray packets in multiple directions, but then we cranked it down to make it behave as a point to point circuit. A packet leaving any of the subscriber networks could only emerge at the central site. There was no way for a packet from me to another subscriber district to go there "directly" via the cloud fabric itself.

This wouldn't have been too terrible if they had a reasonable platform with all of this, but they didn't. The system they had built amounted to some hideous little router facing "in" to all of the school districts, a Solaris box running some kind of firewall, and then a second router facing "out" to a pair of load balanced T1 circuits going to the telco's ISP business.

I think there were a dozen school districts plugged into this thing, and yes, that's 2 T1s, or about 3 Mbps of bandwidth for everyone to share. Most of the subscribers had frame relay T1s with a 50% CIR (so at least 768 kbps) into this thing. However, the biggest district had two frame relay circuits going into there, so in theory, they could slurp down all of the bandwidth to the outside.

There was just so much craziness in this system. First, we were using the telco as the ISP, the vendor operating the aggregation point, and as the circuit provider. They weren't too clueful, and problems tended to be "resolved" with someone driving out there and rebooting a box. They didn't really understand what was going on. They just won the contract, slapped it together, and proceeded to cash the checks.

Second, they really wanted everyone on RFC 1918 10/8 address space, but again, those of us who had been around for a while already had our own space. They didn't deal with that too well initially. This also created no small number of network anomalies pertaining to NAT. Sometimes, one or more of the districts would find themselves unable to talk to each other. This would sometimes happen due to asymmetrical routing where the packets were being rewritten to their public addresses on the way out, but not on the way back in, or vice-versa. I used to catch this by running my own tests while looking for evidence of "leakage" from the RFC 1918 space.

Third, there was the aforementioned bandwidth crunch. When the kids discovered Napster and friends a few years into all of this, life got more and more interesting. We were suffering any time any of the other subscribers got out of hand, and for really no benefit.

Ultimately, we pulled the plug on it. While we didn't get entirely free of the "telco as ISP" thing, we did get away from their horrible little aggregation point. I had them set up another PVC straight from us to the same ISP platform they had been using for that thing, and then swung the routing over. That got us free of that bottleneck and removed all of the instability it introduced. It wasn't great service, but it was still an improvement over what we had been running.

I'm not sure what ever happened to that thing. I imagine the state probably built a Shiny New Backbone at some point and forced all of the schools to plug into that. That seems to be the way of things now.