Dedicated Internet Access Design Guide
Dedicated internet access, or a DIA, can be implemented in a few different ways from an IP addressing perspective. Business and technical needs typically dictate how the DIA is configured. Most service providers will offer configurable options as part of the design and installation process. The team here at Sure Fiber will happily work with you to engineer and implement the right design.
First, it’s important to understand the basic components of a Dedicated Internet Access connection. There will be a service provider router that will serve as the default gateway for your DIA connection. Service provider networks are all structured differently, which is summarized with the service provider cloud on the right in figure 1 below. Then to connect to the service provider network, you need an access network. Access networks can also vary in design, but you can think of this as the connection path back to the service provider’s core network. The yellow line depicts this in figure 1. Sometimes you will hear this connection call “access” or the “loop.” The loop is then connected to a “port,” which sets your connection’s speed. Think of it as a physical port your connection is connected to at the service provider. Each component can be priced separately. However, this may or may not be visible on a quote. In a data center where you are cross-connecting directly, there are typically no access or loop costs, only a port fee. This is one of the reasons data center connectivity is less expensive. Sure Fiber can help demystify service provider quotes and invoices, so don’t hesitate to contact us if you have questions about anything you have today or are considering for the future.
DIA Managed Router
Direct Internet Access will terminate to a router, either customer or service provider managed. Most service providers will offer a managed router as an option. Utilizing a provider-managed router has many benefits. However, IT departments often manage their own as an alternative. The customer network then sites behind this router. If the service provider doesn’t provide a routing device, they often will have a simple, transparent, or bridging device to monitor the basics of the connection. This could be a switch or a purpose-built Network Interface Device (NID). Because this is a discussion about IP routing (layer 3), we have omitted the NID and other transport components to simplify the drawings. IP routing and addressing can be designed in a few separate ways, which we will go into next.
Single IP Address DIA
The first and most simplistic DIA design is to have a single IP address assigned to the customer router or firewall, which then performs network address translation (NAT) for the customer’s end users. All customers’ IP address space is private and usable only within that organization’s internal network. The customer will configure the router or firewall with a default route towards the service provider over the DIA. The service provider network will already have the needed routes and network availability to reach the internet, as shown in figure 2. Typically, this design is excellent for a branch office with general cloud access needs. A DIA configuration like this would also be suitable for transport for an SD-WAN network.
DIA with a Block of Leased IP Addresses
Another IP addressing option is for the service provider to issue a block of public IP addresses to the customer for use with their DIA service. There will be a dedicated IP subnet between the customer router and the service provider in the example above. However, the service provider also includes a block of addresses the customer assigns behind their router. These addresses are assigned to multiple firewalls or servers so the customer can offer public-facing internet services such as VPN, a website, email, etc. The cost to lease addresses from a service provider for a configuration like this is typically a few dollars more a month per IP address. The example below shows that 203.0.113.0/24 is the address space leased to the customer.
Single DIA with BGP Peering
Similar to the previous example, a customer who owns their own block of IP addresses can also use them with a DIA connection. The primary difference would be that they use BGP for advertising these addresses to the internet over the DIA. This is typically most common in larger enterprises, universities, and ISPs. Larger blocks of IP addresses are available from ARIN if the organization can justify the need for this IP address space. IP addresses allocated directly to an organization by ARIN are portable to another provider, so this configuration has more flexibility. The configuration in figure 4 shows the 203.0.113.0/24 address space as being advertised to the service provider via a BGP session.
Multiple DIAs with BGP Peering
BGP allows an organization to advertise its IP addresses over more than one service provider. This creates redundancy so that a single service provider outage will not cause an outage for that customer. When ordering separate DIA circuits, it’s important to ensure they are geographically diverse to get the most value from this type of configuration. Sure Fiber has access to physical fiber route maps for hundreds of providers and can help ensure redundancy is achieved. With the connections established, each provider will provide internet routing information over its respective link with a BGP session. This can be a simple default route, the entire internet routing table, or some hybrid of the two, as shown in Figure 5 below. The customer’s address space, 203.0.113.0/24, is being advertised over BGP sessions with both carriers and, without additional BGP manipulation, will be visible on the internet through both links.
Connect with Us!
As you can see, dedicated internet connections come with a robust set of options. Our team is happy to talk you through your technical and business requirements to ensure you get the right solution! You can enter your service address on our home page to get started!