Where It Stands: Building an Open-Source ISP Stack from the Ground UP
May 2025 Project Update – by Bryan Vest
If you’ve been following my posts on LinkedIn, you’ve probably seen names like CodexMCP, GoatMUX+++, and CGNATSearch float past. Each one seems like its own standalone experiment—and in a sense, they are.
But together, they form something bigger.
This post is a long-overdue recap of where this project stands: what’s built, what’s still coming, what’s changed, and why this is more than just a collection of side projects. It’s my blueprint for a fully open-source, operator-first ISP stack.
A Real-World Simulated ISP: Under 3 Minutes from Zero to Full Stack
Let’s start with deployment.
Currently, the full CodexMCP base stack spins up a fully operational virtual ISP in under 3 minutes. That includes:
- A multi-node OpenSearch cluster
- A dozen VMs deployed via Proxmox
- DHCP (Kea), RADIUS, DNS (Bind), web, email, and SIP infrastructure
- Monitoring, logging, and telemetry collection
- Preconfigured VPN
- Working on IPTV Simulation
All of this is orchestrated from scratch. There are no Terraform bills or hyperscaler bills. There is just lean, local automation and a few shell and Go scripts doing exactly what they need to.
This speed boost was partly due to a WD Black NVMe drive upgrade. Spinning rust wasn’t cutting it anymore—not when you’re trying to emulate the full logical flow of a working ISP on one box. The spinning ZFS pool will come back into play for long-term storage.
CodexMCP: The Operational Cortex
CodexMCP was the origin point. The problem I was trying to solve was simple:
How do you make decades of telecom tribal knowledge, logs, and configs instantly accessible?
CodexMCP uses OpenSearch the way Lucene was meant to be used: a smart, NLP-tuned search layer that ranks what matters and connects the dots across your entire operation.
- Custom analyzers and synonym maps for telecom
- A working article system that supports KB lookups and document ingestion
- Pollers that feed in system metrics, status checks, and config snapshots
CodexMCP isn’t just a dashboard—it’s the mind of the stack. And yes, the interface is still rough. I’m not an interface designer, and I’m not pretending to be. But it works. It searches. And it can tell you things your network team forgot five years ago.
GoatMUX: The Control Layer in Early Testing
GoatMUM came next—not because I was bored, but because once CodexMCP was online, I needed something smart to route SIP traffic, monitor signaling, and detect faults in real time. Dealing with vendor-locked systems also caused some frustration.
GoatMUX is still in early testing, but here’s what’s in the pipeline:
- VyOS for multi-interface VLAN-aware routing
- Kamailio for SIP signaling control
- Asterisk as a reference endpoint and media handler
- Suricata in port-mirror mode for traffic inspection
- OpenSearch backend for real-time telemetry analysis
Ultimately, GoatMUX is meant to act like a stripped-down, smarter BroadSoft/BroadWorks core—but built from open source, wired for observability, and controlled by logic you can understand.
I have basic SIP routing working with Kamailio. Forward we march.
CGNATSearch: The Forensic Engine
CGNATSearch A.K.A TSPG is the most recent addition, and it's already doing valuable work in the lab.
It’s a log mining engine designed for speed and scale:
- Parses
.zst-compressed CGNAT logs - Uses time-partitioned, parallelized grep logic
- Doesn’t need an index—just timestamps and regex
- Built for forensic audits, traceback, and high-volume session analysis
I’ve already simulated over 1.6 billion lines of data with realistic CGNAT behavior. The core system is running, the performance is solid, and next up is deeper metric extraction, user behavior emulation, and reporting layers.
There’s still a lot to do—but the foundation is real.
Tying It Together: This Isn’t Just R&D
These aren’t separate projects anymore.
They’re pieces of the same architecture—a fully open-source stack for running an ISP without handing control to a vendor or a hyperscaler.
If I had the team and the capital, this is what I’d deploy in production.
- CodexMCP: Search, knowledge, and operational context
- GoatMUX+++: SIP routing, health logic, and observability
- CGNATSearch: Forensics, compliance, and deep trace
For now, it all lives in my lab. But it’s not a toy. This is how I validate real-world ideas—by building them, simulating them, and testing how they’d behave under load.
If you want to follow along, watch the repo updates, or just talk shop about telecom, SIP, CGNAT, or ops architecture, I’m always open to connecting.
Until then—this project keeps moving forward, one piece at a time.
--Bryan