We recently met with Colin Whitbread, TalkTalk's chief operations officer for technology, to learn more about the company's strategy for network modernization and automation.
Whitbread leads a team responsible for the operator's public (i.e. customer-serving) network and associated services and operations. With a role that spans both the network and associated IT elements of operations, Whitbread has a strong interest in the convergence of these traditionally separate domains.
TalkTalk provides broadband, telephony, pay-TV and mobile services to around 4 million customers in the UK. In the consumer broadband market TalkTalk has the fourth-largest customer base, behind incumbent telco BT, satellite TV operator Sky, and cable operator Virgin Media. TalkTalk also competes in the enterprise market where its circa 60,000 Ethernet circuits represent a market share of 10-12%.
Moving DNS and security to the edge
One major initiative Whitbread's team has been working on involves migrating DNS and associated security controls away from disparate central data centers/IT servers and closer to the customer. Around five years ago TalkTalk began a major upgrade of its BRAS edge routers in order to support the ever-increasing broadband traffic on its network. The solution involved replacing 100-plus edge routers with around 60 devices with significantly greater capacity.
Subsequently, Whitbread's team was looking at their ageing DNS infrastructure, which comprised over 100 servers spread over six data centers, considering whether it was time to upgrade to new servers to support the increase in DNS requests from web browsing customers. But rather than upgrading the existing DNS servers, the capabilities of TalkTalk's new edge routers provided for an innovative idea: "Wouldn't it be better to have something integral within the network?" The idea was to decommission the existing 100-plus DNS servers and move this functionality onto a line card running on the 60-plus BRAS/edge routers. By placing DNS software closer to the customer, TalkTalk would significantly reduce the latency of IP address lookups leading to a better customer experience.
Along with its new edge routers, TalkTalk had purchased modular line cards with processing and storage that allowed them to run additional services on the routers. They had originally intended to use them for caching content at the edge; instead they decided to put their DNS software on these cards. After an evaluation process TalkTalk chose a new DNS software supplier, Nominum (the existing solution had been based on open source components). The Nominum solution also came with cyber-threat protection and could additionally replace a URL blocking service (Homesafe) which was being provided on legacy Huawei Technologies Co. Ltd. infrastructure.
Lab tests were carried out to ensure the DNS and security applications would run satisfactorily on the line cards and support arrangements were established between the router vendor and the DNS supplier to ensure no finger pointing in the case of problems. The decision to run not only DNS on the edge router cards, but also the customer cyber-threat protection service required some significant OSS and BSS adaptation which took around nine months to complete.
By running DNS and cyber-threat protection on the edge router cards TalkTalk was able to retire around 200 servers that had previously been running these functions. Additionally, TalkTalk's new DNS and cyber threat protection vendor supplied a new cybersecurity application (that protects the network and subscribers against DDoS, DNS tunnelling, botnets, etc.) running on the same cards. This now provides TalkTalk's security operations center with a wealth of information that they can use to keep their domestic and corporate customers safe.
Organizationally, this convergence of network (edge router) and IT (DNS, security) capability can pose issues. "Who looks after the compute card sitting on the router on which the DNS and security software runs? Is that the network organization or IT?" Whitbread's approach has been to move some key personnel from the IT department to the network team to look after this specific DNS and security capability. This has helped to break down some of the cultural barriers between network and IT staff that often exists in telco organisations.
Next page: Early days for automation