The GÉANT Research Network Goes Global with Infoblox

OVERVIEW

The GÉANT network is a pan-European, high-speed, high-capacity network connecting Europe’s National Research and Education Networks (NRENs) and linking them to over 100 countries in every region of the world via extensive global connectivity.

Together, they link more than 50 million users at 10,000 institutions across Europe, supporting research in areas such as energy, the environment, space, and medicine. Operating at speeds of up to 500 Gbps and reaching over 100 national networks worldwide, the powerful, stable, always-on GÉANT network facilitates seamless data exchange, collaboration, and innovation among academic institutions, scientists, and innovators. In addition to connectivity, GÉANT delivers advanced web services, including high-speed data transfer and secure communication for its users, enabling groundbreaking research in such diverse fields as physics, engineering, and technology. As a collaborative initiative, GÉANT promotes knowledge exchange, empowers international partnerships, and supports the evolution of digital infrastructure. Its robust network infrastructure serves as a catalyst for transformative discoveries and advancements in the global academic community.

THE CHALLENGE:

Maintaining Continuous Connectivity for the Global Research Community
The GÉANT network is a highly demanding environment that carries more than seven petabytes of data per day, supporting up to eight terabits per second of backbone capacity, all while maintaining 99.999% availability on average. Through links to research networks in other regions, GÉANT enables collaboration between researchers in more than half the world’s countries.

Maintaining a network of such vast scope and operational capacity is a round-the-clock effort led by Tony Barber, head of the GÉANT Operations Centre, and his team. GÉANT has enjoyed a long-time association with Infoblox and relies on NIOS DDI and a host of Infoblox offerings to keep its network continuously operating at peak performance. In fact, the relationship with Infoblox stretches back a decade to when GÉANT migrated its core DNS capabilities off the open-source BIND platform and onto NIOS DDI.

“Infoblox is an organization and a product that is dedicated to what it does best: DDI,” explains Barber, alluding to Infoblox’s longtime focus on core DNS, DHCP, and IPAM (DDI) operations. “It’s not trying to be a jack-of-all-trades and it’s completely dedicated to its task. Historically, for GÉANT, NIOS DDI and our Trinzic appliances have been very stable.” That stability has been critical to GÉANT’s long track record of maintaining continuous uptime and enabling ongoing network scalability through changing demands.

THE SOLUTION:

NIOS DDI Backed by Trinzic Appliances
GÉANT’s Infoblox implementation began as a relatively modest deployment of NIOS DDI, with Infoblox Grid managing a small group of Trinzic appliances. At the time, GÉANT’s service offerings were limited compared to what they are today. DNS operations were handled by the organization’s internal IT team rather than through the core operations center. As GÉANT’s network expanded, that arrangement became unworkable and all Infoblox-powered DDI operations came under Barber’s purview as critical network operations. Currently, GÉANT is running five, state-of-the-art Trinzic 825 hardware appliances to power DDI operations, and it manages the system via a single Infoblox Grid interface in the network operations center. “One of the screens that we have up at all times on our wall in the data center is the serviceability of our Infoblox instance,” says Barber. “So, if there are any issues at all, we very quickly become aware, and I can honestly say that problems have been few and far between. Infoblox is very impressive and very stable.”

With Infoblox, Barber and team have been able to split DNS operations into different levels. “We have external-facing authoritative DNS resolvers and internal authoritative DNS, which power our secure masters with centralized management,” explains Barber. “We operate quite a bit of compute services for our users through data centers where we house a host of different services and websites. This is where we provide domain name services for all of our web service offerings and our internal users. Infoblox powers all of this for us.”

The GÉANT Team Considers Infoblox an Easy Decision
In 2019, Barber and team assessed their DDI capabilities to determine whether to keep their existing Infoblox deployment as is, modernize it, or perhaps even go back to their original, open-source BIND solution. “What prompted the assessment was that our original Trinzic equipment was aging and going out of support, so we had some decisions to make,” says Barber. “While the assessment played out, GÉANT moved to an interim deployment that added virtualized DDI servers to the existing hardware, buying the association time to compare the cost of upgrading Infoblox versus going back to a raw BIND install. Ultimately, it was a fairly easy decision to stay with Infoblox, taking into account the ongoing cost of licensing rather than building out the additional hardware needed to run open-source software, which wouldn’t have included expert support,” he explains.

RESULTS:

Maximizing the Investment in Infoblox
Following the assessment, Barber and team secured budget to increase the scope of their Infoblox deployment. They then transitioned to Trinzic 825 appliances and began expanding their use of NIOS DDI capabilities. “By increasing the number of nodes, deploying more hardware, and retaining all the virtual nodes, we split out the internal and external zones, which we had never done before,” relates Barber. “We also started taking full advantage of NIOS DDI’s automated IPAM capabilities.” GÉANT has experienced significant benefits from migrating all of its IP data into the IPAM system because IP address management for any large organization is crucial and can be really time consuming. The automation of IPAM is proving to be a big time saver. GÉANT is now able to maximize resources and ensure it doesn’t end up with duplications and a mess of data, which was previously a challenge given its dearth of IP space.

Final Thoughts on the Value of an Ongoing Partnership
Barber concludes that partnering with Infoblox makes the most sense from a number of aspects. “I wasn’t involved in the initial decision to deploy NIOS DDI,” he recounts. “But based on the quality of the performance we’re getting, I’m very much a supporter of maintaining the status quo. We have looked at options for change in the last five years, but we’ve determined that we are on the best course with the best hardware and with a solution that is trouble free and relatively low cost. I feel comfortable sleeping at night knowing that if anything were to go wrong, we’re just a phone call away from getting back up and running. Whereas, with open source, we’d have to worry about building out and servicing solutions all on our own.”

Barber and his team are also making good use of NIOS DDI’s API, which they’re using to support automatic address allocation and to spin up virtual machines as needed for other DNS processes. Finally, the GÉANT team is exploring Infoblox’s security offerings and expects to build out that aspect of their implementation in the months and years ahead. “We’ve just placed an order for licenses of Advanced DNS Protection, so the ability to have those additional security layers built in is going to be beneficial,” says Barber. “We intend to give BloxOne® Threat Defense a look as well. Overall, partnering with Infoblox has been a really positive experience for GÉANT.”