INTEGRATED
NETWORK DIVERSITY AND INCREASED NETWORK
RELIABILITYY
Encore Networks’ BANDIT™ line of environmentally
and electrical immunity hardened products
offer diverse routing, and increased
reliability with extensive failover
capabilities. Using integrated network
interfaces that include a 56K/T1 CSU/DSU,
Frame Relay/MPLS, single or dual mode-fiber,
DMZ Ethernet, and cellular (with embedded
EVDO or HSDPA modem).
The BANDIT™ can be configured with limitless
WAN connection options including Satellite,
VSAT, Microwave or Radio, supporting
any or all of these connections simultaneously
while utilizing Quality of Service/Class
of Service (QoS/CoS.) Should any WAN
connection fail, traffic is automatically
re-routed over the remaining WAN connection(s)
with minimal data loss.
CHALLENGES
Whenever a new or existing remote
site requires an ultra-reliable network
connection to meet either NERC-CIP diverse
route requirements or to better increase
overall network reliability with diverse
network routing design, the best choice
is BANDIT™ based technology using a satellite
service with Very Small Aperture Terminal
(VSAT) technology.
SATELLITE DESIGN
CONSIDERATIONS
When considering a satellite network,
the designer must evaluate several
factors such as weather, delay, and
Machine-to-Machine (M2M) protocol support
to design an optimized network. When
deploying satellite, a user may run
into situations where weather affects
the network performance and availability.
One such situation is atmospheric attenuation
commonly referred to as ‘rain-fade’.
An additional issue is found when using
an end-to-end Virtual Private Network
(VPN) over a VSAT link from remote
sites to a central headquarters location.
The most common form of VPN is IPSec
using 3DES or AES-256.
When running any IP-based applications
over VSAT, TCP acceleration is required
to efficiently support basic TCP communication.
Without this acceleration the IP sessions
time out due to delays in the IP acknowledgements
caused by the distance between the satellite
and remote locations. This acceleration
is commonly comprised of processors and
software called Performance Enhancing
Proxy Servers (PEP). All VSAT service
providers have a similar process but
all are unique to their network topology.
To improve VPN over VSAT, Encore Networks
has patented an IPSec based VPN solution
for the VSAT industry called Selective
Layer Encryption (SLE). SLE is designed
to enhance VPN and work in tandem with
PEP and provide fully encrypted IPSec
data.
The test data in the performance chart
is based upon a 1Mbs FTP file sent in
both directions of the data flow. The
test network capacity parameters were
1.5Mbs OB x 200Kbs IB. Test performance
shows SLE obtained maximum throughput
in both directions and IPSec at an 80%
loss of usable bandwidth. The Performance
Chart below presents the bandwidth efficiencies
of SLE over IPSec on a VSAT network.
SLE performed at theoretical maximum
for both Inbound (IB) and Outbound (OB)
data streams. The purchased data plan
was 1.5Mbps x 225Kbps.
NEW SITE SOLUTION
Designing with the BANDIT™ using
a terrestrial and a VSAT WAN connection
for optimal infrastructure diversification,
two parallel VPN tunnels are used to
maintain data integrity with automatic
fail-over and recovery tasks. Since the
tunnels are maintained within the BANDIT™,
any data that would be lost over the
failed link is re-transmitted over the
backup link, providing minimized loss
of data.
EXISTING SITE
SOLUTION
Since the BANDIT™ is standards based IP;
it can be easily integrated into operations
with any standards based third party router
to provide a VSAT WAN connection for optimal
infrastructure diversification.
Designing with the BANDIT™ with a VSAT
WAN connection and a third party router
that already has the existing terrestrial
WAN connection requires the implementation
of Virtual Router Redundancy Protocol
(VRRP). Invoking VRRP increases reliability
at the site by creating a “virtual” router
with the third party router and BANDIT™.
These routers now act as a master and
backup residing on the same subnet. Only
the “master” router is actively transmitting
data across its hosted VPN tunnel. If
the master VPN connection fails, an automatic
switchover occurs between the third party
router and the BANDIT™ with all traffic
being routed across the backup VPN connection.
Once the primary route is restored, all
data is routed back through the primary
terrestrial VPN connection.
SUMMARY
The role of the BANDIT™ is to be an intelligent
network monitoring A/B switch between
two WAN interface connections, automatically
able to route any data format over any
WAN connections. In a new deployment
where only the BANDIT™ is used, it maintains
both the primary and backup data connections
in one device. There is minimized data
loss when switching from the terrestrial
network VPN (IPSec) to the satellite
network VPN (SLE over Ku-VSAT).
For existing sites where the BANDIT™
is integrated with a third party WAN
router, it will re-route all traffic
to the backup network (in this example,
Ku VSAT) through the use of VRRP. Once
the primary route is restored, all data
is routed back through the primary terrestrial
connection.
In both these deployments the BANDIT™
is providing industry requirements of
teleprotection and achieving extremely
high network availability to any site.
Where there is a need to provide diverse
network routes, a SLE enabled BANDIT™,
combined with secure broadband satellite
network, offers the perfect solution.
In conclusion we discussed how to effectively
add a VSAT network for maximized availability
to any terrestrial solution utilizing
VRRP and leveraging the full potential
of the BANDIT™ to handle back-office
applications, M2M, SCADA, AMR collection,
VoIP and/or Video. This diversely routed
network solution provides better than
99.99% network availability.
|
