INTEGRATED
NETWORK DIVERSITY
Encore Networks’ BANDIT™ line of environmentally
and electrical immunity hardened products
offer diverse routing and extensive failover
capabilities with integrated network
interface options. These include a 56K/T1
CSU/DSU, Frame Relay/MPLS, single or
dual mode-fiber, DMZ Ethernet, and cellular
(with embedded EVDO or HSDPA modem).
External interfaces are limitless with
our WAN connections including Satellite,
VSAT, Microwave or Radio. The BANDIT™
can be configured to support any or all
of these connections simultaneously while
utilizing Quality of Service/Class of
Service (QoS/CoS.) Should any WAN connection
fail, traffic is automatically re-routed
over the remaining WAN connection(s)
with minimal data loss.
CHALLENGES
Wherever a remote site requires an ultra-reliable
network connection and cannot be serviced
by terrestrially based solutions, the
best choice is BANDIT™ technology over
satellite service using Very Small Aperture
Terminal (VSAT) technology. Deployment
using dual VSAT systems provides both
reliability and ensures maximum availability.
DESIGN CONSIDERATIONS
When considering a satellite network,
the designer must evaluate several factors
such as weather, delay, and Machine-to-Machine
(M2M) protocol support to design an optimized
network. When deploying satellite, a
user may run into situations where weather
affects the network performance and availability.
One such situation is atmospheric attenuation
commonly referred to as ‘rain-fade’.
An additional issue is found when using
an end-to-end Virtual Private Network
(VPN) over a VSAT link from remote sites
to a central headquarters location. The
most common form of VPN is IPSec using
3DES or AES-256.
When running any IP-based
applications over VSAT, TCP acceleration
is required to efficiently support basic
TCP communication. Without this acceleration
the IP sessions time out due to delays
in the IP acknowledgements caused by
the distance between the satellite and
remote locations. This acceleration is
commonly comprised of processors and
software called Performance Enhancing
Proxy Servers (PEP). All VSAT service
providers have a similar process but
all are unique to their network topology.
To
improve VPN over VSAT, Encore Networks
has patented an IPSec based VPN solution
for the VSAT industry called Selective
Layer Encryption (SLE). SLE is designed
to enhance VPN and work in tandem with
PEP and provide fully encrypted IPSec
data.
In a dual VSAT solution, two parallel
VPN tunnels are used to maintain data
integrity and the automatic fail-over
and recovery tasks can be completed.
Since the tunnels are maintained within
the BANDIT™, any data that would be lost
over the failed link is re-transmitted
over the backup link, providing minimized
loss of data.
The Performance Chart below presents
the bandwidth efficiencies of SLE over
IPSec on a VSAT network. SLE performed
at theoretical maximum for both Inbound
(IB) and Outbound (OB) data streams.
The purchased data plan was 1.5Mbps x
225Kbps.
The test data in the performance
chart is based upon a 1Mbs FTP file sent
in both directions of the data flow.
The test network capacity parameters
were 1.5Mbs OB x 200Kbs IB. Test performance
shows SLE obtained maximum throughput
in both directions and IPSec at an 80%
loss of usable bandwidth.
SOLUTION
To provide
reliable, cost effective communications
to remote locations, Encore Networks
has developed and deployed dual VSAT
communication paths.This will address
improved network availability as it relates
to atmospheric attenuation. The network
must be designed with two diverse VSAT
technologies used as primary and backup
VSAT links.
In the example shown below,
the primary VSAT link is based on a Ku
or Ka frequency band private hub to provide
carrier grade services. The backup VSAT
link is based on Broadband Global Area
Network (BGAN). The BGAN system uses
the L Band frequency which is not affected
by ‘rain-fade’ as are other VSAT network
services and is, therefore, the solution
of choice for a truly diverse, highly
optimized, backup route.
The primary
VSAT link will carry all data fully encrypted
for added security and data integrity.
When a failure on the primary VSAT link
occurs, the backup VSAT link will automatically
carry the network load through the BANDIT™
configured for this high-speed switch.
SUMMARY
We discussed how to effectively use redundant
dual VSAT networks for maximized availability
to leverage their full potential with
the BANDIT™. In this example, we offered
a private Ka VSAT network that can handle
back-office applications, SCADA, VoIP
and Video. If the need is there, M2M
data in serial or IP format can also
traverse the network. To complement the
Ka networks we picked a BGAN VSAT network
due to its ability to operate in all
weather conditions. Combined, these network
solutions cost approximately $100 per
month, excluding installation and monitoring,
and provide better than 99.99% network
availability.
Behind the VSAT networks
is a BANDIT™. The role of the BANDIT™
is to be an intelligent A-B switch and
network monitor. The BANDIT™ will accept
and route any data format over the primary
network. When the primary network fails,
the BANDIT™ will re-route all traffic
to the backup network (in this example,
BGAN). Because the BANDIT™ maintains
both the primary and backup data connections,
there is minimized data loss, thus providing
industry requirements of teleprotection
and achieving extremely high network
availability to any site.
Where there
is a need to provide a secure, diverse
dual VSAT network, the SLE enabled BANDIT™,
combined with Ku/KA and BGAN broadband
satellite networks, offers the perfect
solution.
|
