Independent Online
Bookmark article to read laterSearch IOL
IOLTechnologyMobile AppsGadgetsFintechGamingTechspertsBig TechEsportsShopping
Independent Online | Technology
Search IOL
IOLTechnologyMobile AppsGadgetsFintechGamingTechspertsBig TechEsportsShopping
Shop @ Loot
Independent Online

Wednesday, February 12, 2025

View 0 recent articles pushed to you.Like us on FacebookFollow us on TwitterView weather by location

Understanding Last Mile Providers and ISPs in South Africa

Designing a secure and efficient internet breakout solution requires a balance between performance, cost, and security.

Designing a secure and efficient internet breakout solution requires a balance between performance, cost, and security.

Published 12h ago

Share

By Benjamin Liebenberg

In networking and internet connectivity, a Last Mile Provider refers to the telecommunications company responsible for delivering the internet connection from a central point (such as an exchange or fiber cabinet) to the end-user’s premises. This segment is called the “last mile,” even though it can be shorter or longer than a mile. These providers ensure that businesses and individuals are physically connected to the broader internet infrastructure.

An Internet Service Provider (ISP), on the other hand, is the company that supplies internet access, routing traffic to and from the global internet. ISPs work with last mile providers to deliver end-to-end internet connectivity.

Types of Last Mile Connectivity

The last mile can be delivered through various technologies, including:

  1. Fibre: Known for high speeds, low latency, and reliability. Fiber connections can have contention ratios, which refer to the number of users sharing the same bandwidth. A low contention ratio (e.g., 1:1) ensures better performance, while higher ratios may lead to slower speeds during peak times. For example, a 10:1 contention ratio means up to 10 users share the same bandwidth, and peak-time performance may degrade. Fibre is available in speeds ranging from 10 Mbps to several Gbps, making it ideal for businesses with high bandwidth demands.
  2. Microwave: A wireless option that provides connectivity in areas where fibre is unavailable. While reliable, it can be affected by environmental factors such as weather.
  3. Fixed Wireless Access (FWA): Uses radio signals to deliver internet over short distances. This option is often more cost-effective but may lack the reliability of fibre or microwave.
  4. Satellite: Ideal for remote areas but often has higher latency and lower speeds compared to other options. This is typically a last-resort solution.

Determining Required Internet Breakout Speed

To calculate the required internet breakout speed, consider the following factors:

  1. Bandwidth per User: Estimate how much bandwidth each user requires based on activities like browsing, video streaming, or file transfers. For example:
    • Browsing: 1-2 Mbps
    • Streaming (HD): 5-10 Mbps
    • Video Conferencing: 3-4 Mbps
  2. VOIP Requirements: For VOIP calls, allocate 100-120 Kbps per concurrent call, ensuring low latency and jitter.
  3. Email and Web Access: Standard email usage with attachments typically requires 0.5-1 Mbps per user. Web-based applications, depending on complexity, can add additional requirements.
  4. Access to Centralised Applications (e.g., SAP, SQL Databases): Remote access to centralised applications requires additional bandwidth. For example, accessing SQL databases or SAP systems can require 0.5-2 Mbps per active user, depending on transaction volume and data size.
  5. Concurrent Users: Multiply the bandwidth needs by the number of users or concurrent devices.

Example Calculation: If 50 employees use the internet simultaneously, each requiring 2 Mbps for general use, 20 concurrent VOIP calls are made (120 Kbps each), and 10 users access a central SAP server (2 Mbps each), the total required speed would be:

  • General usage: 50 users x 2 Mbps = 100 Mbps
  • VOIP calls: 20 calls x 0.12 Mbps = 2.4 Mbps
  • SAP access: 10 users x 2 Mbps = 20 Mbps
  • Total = 100 Mbps + 2.4 Mbps + 20 Mbps = 122.4 Mbps
  • Add a buffer (e.g., 20%) to ensure consistent performance: 122.4 Mbps x 1.2 = 146.88 Mbps.

This calculation ensures that your network can handle peak usage without degradation in performance.

Designing a Secure Internet Breakout for a Single Branch

When building a secure internet breakout for a single branch, security is paramount. Here is a step-by-step approach:

  1. Choose a Reliable Last Mile Provider and ISP:
    • Select providers with a reputation for uptime, low latency, and strong Service Level Agreements (SLAs).
    • Ensure the last mile provider offers redundancy options (e.g., dual fiber paths or wireless failover).
  2. Install a Firewall After the Router:
    • Placing a firewall between your router and internal network is essential for filtering traffic, detecting threats, and enforcing security policies.
    • Use an enterprise-grade firewall with Unified Threat Management (UTM) capabilities, such as intrusion detection/prevention, antivirus, and web filtering.
  3. Segment the Network:
    • Use VLANs to isolate guest networks, corporate systems, and IoT devices.
    • This segmentation limits the blast radius of potential attacks.
  4. Enable Secure Protocols:
    • Use VPNs for remote access to internal systems.
    • Employ DNS filtering and encrypted DNS protocols like DNS over HTTPS (DoH).

Designing a Secure Multi-Branch Internet Breakout

In a multi-branch setup, you face a critical decision: should each branch have its own internet breakout, or should all traffic route through a central point? Let’s examine both approaches:

  1. Decentralised Internet Breakout (Each Branch Has Its Own Connection):
  • Advantages:
    • Reduced latency for branch users accessing internet resources directly.
    • No dependency on the central site for internet access.
  • Disadvantages:
    • Higher operational costs due to multiple connections.
    • Security policies must be implemented and managed at each branch.
  • Security Tip: Deploy a firewall at each branch to secure traffic before it touches the internal network.

    2. Centralised Internet Breakout (Traffic Routed Through a Datacenter):
  • Advantages:
    • Centralised management of security policies.
    • Easier implementation of advanced security measures, such as Data Loss Prevention (DLP) and next-generation firewalls.
    • Cost efficiency through shared connectivity.
  • Disadvantages:
    • Increased latency for branches far from the central site.
    • Requires a robust MPLS or SD-WAN infrastructure to handle branch traffic.
  • Security Tip: Use a high-availability setup at the datacenter with redundant firewalls, load balancers, and internet links.

What Comes After the Router in Both Scenarios

Single Branch Setup:

  • Firewall: Acts as the first line of defence, filtering incoming and outgoing traffic.
  • Intrusion Detection and Prevention Systems (IDS/IPS): Monitors and blocks malicious traffic.
  • Proxy Servers or Secure Web Gateways (Optional): Adds an additional layer of traffic filtering and inspection.

Multi-Branch Setup:

  • For decentralised breakouts, each branch should have its own firewall, IDS/IPS, and monitoring tools.
  • For centralised breakouts, deploy these systems at the datacenter, ensuring high capacity and redundancy.

Breaking Out Internet from a Datacenter

If you decide to route internet breakout through a datacenter, there are additional options to consider:

  1. Direct Internet Access (DIA):
    • High-speed, dedicated fiber connections ensure consistent performance.
    • Ideal for handling large volumes of traffic.
  2. Cloud-Based Secure Web Gateways:
    • Internet traffic is routed through cloud-based security solutions for filtering and monitoring.
    • Reduces the load on on-premise hardware.
  3. SD-WAN Integration:
    • SD-WAN technology can prioritise and route traffic dynamically, optimising performance for critical applications.
  4. Hybrid Approach:
    • Combine centralised breakout for corporate systems with decentralised breakouts for non-critical internet traffic.

Each approach depends on your organisation’s scale, budget, and performance requirements. Whether on-premises or at a datacenter, always prioritise redundancy, monitoring, and robust security measures to protect your network.

Conclusion

Designing a secure and efficient internet breakout solution requires a balance between performance, cost, and security. For single-branch setups, implementing a robust firewall and securing the network directly after the router ensures localised control. In multi-branch environments, the choice between decentralised and centralised breakouts depends on the organisation’s operational priorities, with centralised solutions offering greater control and scalability at the cost of potential latency.

When considering a datacenter for internet breakout, options like Direct Internet Access, SD-WAN, and cloud-based gateways provide flexible and scalable solutions. Ultimately, the ideal setup involves careful planning of bandwidth needs, technology choices for the last mile, and consistent implementation of security measures to safeguard the organisation’s data and operations. With the right approach, businesses can achieve reliable, high-performance connectivity that supports their growth and digital transformation goals.

* Benjamin Liebenberg is CTO at Kathea Communication.

** The views expressed do not necessarily reflect the views of IOL or Independent Media.

Related Topics:

technology and engineeringtechnologyinternet connectivityinternetdata protection policydatainternet service provider