Starlink: A backup service for the maintenance of our network equipment

Last year, we presented our equipment implementation Starlink at Aqua Ray. As a reminder, designed by SpaceX, Starlink is a low latency broadband internet system the most advanced in the world. In our article, we talked about the deployed equipment as well as the few tests of operation and mentioned the use of this network to access our equipment independently of ours.
Since then, what has happened to this use?

We have designed our network infrastructure to be resilient, meaning that the loss of a link should not result in an outage.
We have deployed several fiber paths to connect our data centers. Each path is physically independent of the others and does not follow the same route. Each data center is connected to at least two other data centers through these fibers.

These fibers can carry several wavelengths, allowing us to create multiple logical links between our equipment. One of these wavelengths carries, for example, the network traffic of our customers' dedicated servers, while another carries the traffic of our internal services. In addition, of these wavelengths carries the traffic of a slightly different network: the Out-of-Band (OOB).

When we experience an attack to saturate our network, access to our equipment to respond to this attack is disrupted. We have decided to set up a secondary network, in parallel to the main one, dedicated to join only our network equipment and some associated services when necessary.
The OOB is connected within a logically independent network (no IP address of this network is used elsewhere). It is carried between data centers by a dedicated wavelength and within a data center by a dedicated VLAN (Virtual Local Area Network) as well.
In this network, we find several monitoring and configuration services for our equipment, such as Observium or Andrisoft Wanguard. These services are made available to our teams via a gateway accessible on our VPN.
Finally, a « bastion » server (connected to both the OOB and the Starlink public network) is configured to regularly connect to a device hosted by one of our colleagues. This configuration allows the opening of a tunnel between the two different networks. This equipment is accessible by our teams on a dedicated domain name and records the IP address changes of our Starlink.

If our internal network is not reachable, we can connect to this external equipment and use the open tunnel to reach our network equipment to troubleshoot it.

Contrary to what we announced in the first article, we did not set up a third party router, nor a system based on a dynamic DNS in order not to depend on an additional external provider. In the end, we preferred to stay with the options officially supported by Starlink. Our Out-of-Band network allows us, through Starlink, to always be able to reach and administer our equipment efficiently even if our main network is not functional.