BiB090 – Deploying a 10000 user VPN in a Month
Mar 26 2020
Robin Gilijamse deployed a 10000 user remote working VPN in about 4 weeks. We briefly discuss the design and some lessions learned from the project. Transcript The following transcript is software (“AI”) generated and is only 80-90% accurate. You are warned. [00:00:00] Greg Ferro: [00:00:05] welcome to briefings in brief, a digest using information from the packet pushers, typically covering information, vendor briefings, industry research and commentary. But today I was recently observing a conversation. In the packet pushers select channel, and Robin popped up to say he had deployed a VPN solution for thousands of people using, AWS as a base layer for that. And I asked Robin if he would be able to come on and just sort of give us a hint. We can’t talk about a lot of the details, but just give us a hint on how he went about it, because that’s something that might be worth hearing if you are in the same situation with the pandemic thing that’s going on around us. So Robin, welcome very much. Well do the packet pushes. And thanks so much for giving us your time. Tell who you are and what you want to say, what you can say in Robin Gilijamse: [00:00:46] public. hi. Thank you for having me. I’m hoping to Williamson, I’m a Dutch network architects and I’m working, for a customer that’s a M. Fairly large globally, operating company [00:01:00] into high tech manufacturing, Greg Ferro: [00:01:01] this customer, I imagine, didn’t really have a system in place for remote working. You know, everybody’s gone home for coven, You know, with the context of the discussion was how are we handling scaling up large-scale VPNs? And you said you worked with a client to actually put a VPN Terminator in AWS, and you’ve scaled it up to several thousand clients. Robin Gilijamse: [00:01:20] that’s true. We did have a remote work solution in place. But it’s well scaled for, well, a couple of hundred users, 250, simultaneously, 200, pretty traditional, in hardware, in four regional data centers worldwide. U S East, West, Europa, ACR, and all of those connected, true MPLS. and at the NPN, wide area network. Greg Ferro: [00:01:44] traditional sort of thing fit, you know, 50 simultaneous users working from home or you know, people traveling, connecting to head office where the VPN concentrators in the data center, I guess. And then, internet through the firewalls and away you go. And now you’ve done something with AWS. So those [00:02:00] on-premise stuff, you know, but I guessing by the time you bought new hardware, it’d be weeks or something like that. So you needed something you do in days. Robin Gilijamse: [00:02:08] yeah, yes, exactly. It was about a couple of weeks ago, management came to us, just, fishing for a solution. We might be considering suspending all travel and having people work from home. Would that be possible with the current setup? No. what would it cost to scale it up? And we did a, a quick sketch. We had to scale up lines in all data centers, order hardware, ship hardware, because we had to replace not only the VPN concentrators, but also the routers and firewalls to be able to cope with the traffic. and then we had to, get some way to, to physically replace everything, including in AACR, which was already more or less looked down at the moment. Greg Ferro: [00:02:46] it becomes clear pretty quickly that it doesn’t, it’s not gonna work. You’re not going to get access to the data centers. You’re not even going to get the gear shipped in, in time no matter how many arms you twisted or how much money you promised. you ended up choosing AWS as a, as a [00:03:00] cloud service. Now, did you use the AWS VPN service or are you doing it some other way?