i find myself breaking things far too often. maybe i’ve broken a lot more than i wanted to.

i’m a software engineer gone cyber security geek. i love to pentest, code, and break things… not in that order. i also game from time to time. stick around, you may like my content.

tech – tips – reviews – gaming

a developer gone cyber security geek

The Geek Bin

Why I’m switching to Blesta for billing customers.

As you may of read on this blog, I’ve started to become an ISP in my area. Previously, I’ve been billing customers with QuickBook invoices and manually marking them as being paid, however, I haven’t given the simple options most people enjoy of paying online without delay. I must say, the automation effort that goes into these applications is incredibly complex.

Without wanting to re-engineer the wheel, I compared three major pieces of software: HostBill, WHMCS and Blesta. As you can see from the title, I settled on Blesta. Here’s why I made this decision:

  1. WHMCS is definitely popular in the industry, but it’s tiered pricing makes it unattractive and no owned licenses, even more unattractive. It also has a questionable security history.
  2. HostBill is expensive, it’s powerful, but it’s whack-a-mole from what I’ve read about bugs, and I need something that’s stable.
  3. Blesta may not be feature-packed, but it’s lightweight, user-friendly and has fairly cheap owned licenses. It’s also incredibly stable from my free trial test, and fits well with my current semi-automated setup.

I’ve never really discussed the systems at work in the background of my ISP, and now is a perfect time to do it! Let’s begin!

What Powers my ISP?

My ISP is currently powered by a few services, on the monitoring side we have Prometheus, Grafana, and InfluxDB. Over on the infrastructure side, I’m running dual 10GbE switches bonded together and split these off into individual 1GbE lines as necessary. I’m using RADIUS for authentication for customer systems, and FreeIPA (Kerberos/LDAP) for main server systems.

Being a hybrid ISP has its advantages, and due to very low latency to the nearest datacenter (<15ms round trip) and direct peering with Google, YouTube, and numerous other online services, I’m able to provide fast connectivity. Top this all off with my edge network having various DDoS mitigating appliances, I’m in a pretty good position. I’ve decided to throw some DDoS mitigation appliances into the stack in order to reduce bad, targetted traffic and allow me to keep relatively stable lines. At this point, I’m only able to handle about 40Gbit/s of DDoS, but for my customers, this is definitely more than needed.

More on this subject will be available in another post.

Till next time, where I’ll discuss in-depth exactly the architecture of my ISP and the appliances running in order to keep it afloat.

Add Comment