Maximized Network Availability With Dual VSAT Technology

Integrated Network Diversity
Encore Networks’ BANDIT™ line of environmentally and electrical immunity hardened products offer diverse routing and extensive failover capabilities with integrated network interface options. These include a 56K/T1 CSU/DSU, Frame Relay/MPLS, single or dual mode-fiber, DMZ Ethernet, and cellular (with embedded EVDO or HSDPA modem). External interfaces are limitless with our WAN connections including Satellite, VSAT, Microwave or Radio. The BANDIT™ can be configured to support any or all of these connections simultaneously while utilizing Quality of Service/Class of Service (QoS/CoS.) Should any WAN connection fail, traffic is automatically re-routed over the remaining WAN connection(s) with minimal data loss.

Wherever a remote site requires an ultra-reliable network connection and cannot be serviced by terrestrially based solutions, the best choice is BANDIT™ technology over satellite service using Very Small Aperture Terminal (VSAT) technology. Deployment using dual VSAT systems provides both reliability and ensures maximum availability.

Design Considerations
When considering a satellite network, the designer must evaluate several factors such as weather, delay, and Machine-to-Machine (M2M) protocol support to design an optimized network. When deploying satellite, a user may run into situations where weather affects the network performance and availability. One such situation is atmospheric attenuation commonly referred to as ‘rain-fade’. An additional issue is found when using an end-to-end Virtual Private Network (VPN) over a VSAT link from remote sites to a central headquarters location. The most common form of VPN is IPSec using 3DES or AES-256.

When running any IP-based applications over VSAT, TCP acceleration is required to efficiently support basic TCP communication. Without this acceleration the IP sessions time out due to delays in the IP acknowledgements caused by the distance between the satellite and remote locations. This acceleration is commonly comprised of processors and software called Performance Enhancing Proxy Servers (PEP). All VSAT service providers have a similar process but all are unique to their network topology.

To improve VPN over VSAT, Encore Networks has patented an IPSec based VPN solution for the VSAT industry called Selective Layer Encryption (SLE). SLE is designed to enhance VPN and work in tandem with PEP and provide fully encrypted IPSec data.

In a dual VSAT solution, two parallel VPN tunnels are used to maintain data integrity and the automatic fail-over and recovery tasks can be completed. Since the tunnels are maintained within the BANDIT™, any data that would be lost over the failed link is re-transmitted over the backup link, providing minimized loss of data.
The Performance Chart below presents the bandwidth efficiencies of SLE over IPSec on a VSAT network. SLE performed at theoretical maximum for both Inbound (IB) and Outbound (OB) data streams. The purchased data plan was 1.5Mbps x 225Kbps.

The test data in the performance chart is based upon a 1Mbs FTP file sent in both directions of the data flow. The test network capacity parameters were 1.5Mbs OB x 200Kbs IB. Test performance shows SLE obtained maximum throughput in both directions and IPSec at an 80% loss of usable bandwidth.


To provide reliable, cost effective communications to remote locations, Encore Networks has developed and deployed dual VSAT communication paths.This will address improved network availability as it relates to atmospheric attenuation. The network must be designed with two diverse VSAT technologies used as primary and backup VSAT links.

In the example shown below, the primary VSAT link is based on a Ku or Ka frequency band private hub to provide carrier grade services. The backup VSAT link is based on Broadband Global Area Network (BGAN). The BGAN system uses the L Band frequency which is not affected by ‘rain-fade’ as are other VSAT network services and is, therefore, the solution of choice for a truly diverse, highly optimized, backup route.

The primary VSAT link will carry all data fully encrypted for added security and data integrity. When a failure on the primary VSAT link occurs, the backup VSAT link will automatically carry the network load through the BANDIT™ configured for this high-speed switch.

We discussed how to effectively use redundant dual VSAT networks for maximized availability to leverage their full potential with the BANDIT™. In this example, we offered a private Ka VSAT network that can handle back-office applications, SCADA, VoIP and Video. If the need is there, M2M data in serial or IP format can also traverse the network. To complement the Ka networks we picked a BGAN VSAT network due to its ability to operate in all weather conditions. Combined, these network solutions cost approximately $100 per month, excluding installation and monitoring, and provide better than 99.99% network availability.

Behind the VSAT networks is a BANDIT™. The role of the BANDIT™ is to be an intelligent A-B switch and network monitor. The BANDIT™ will accept and route any data format over the primary network. When the primary network fails, the BANDIT™ will re-route all traffic to the backup network (in this example, BGAN). Because the BANDIT™ maintains both the primary and backup data connections, there is minimized data loss, thus providing industry requirements of teleprotection and achieving extremely high network availability to any site.

Where there is a need to provide a secure, diverse dual VSAT network, the SLE enabled BANDIT™, combined with Ku/KA and BGAN broadband satellite networks, offers the perfect solution.

Network Diagram

Printable Version