Dear,
Could anybody recommend any hardware that can build a VPN that works well
over satellite connections? (TCP enhancements)
I want to setup a L3 VPN between 2 satellite connections
Even additionally if that hardware would also support WAN bonding even
better because I also have a scenario to connect 2 times 2 satellites to
have more capacity for my L3 VPN
Regards,
Rens
Why not use a standard Cisco router or Asa for the routing and VPN and put a riverbed steelhead on both ends to do Tcp optimization and compression.
IPSec does not run well over satellite since the TCP headers are also
encrypted
I did developed my own accelerator in 2006(globax) and have customers till now, but only for one-way ISP's in CIS region, and partially Europe (Germany). Sure worked with satellite internet all that years.
But since i am not interested to advertise it here(working only for ISPs), i will mention possible alternatives:
There was few solutions, most of them was from Tellinet and Mentat. Tellinet are for Newtec now, and Mentat are for Packeteer(and Packeteer for Bluecoat). Last time i seen optimization option in Packetshaper from Bluecoat. Probably worth to visit Newtec, as i see your domain are .be, and their HQ in Belgium.
Riverbed, i heard about them, but never tried. Most of TDMA VSAT modems also has embedded accelerators.
Please let me know if you want to know anything else.
Most satellite modems offer built in TCP acceleration options heavily
optimized for VSAT use and an encryption option (proprietary to their
hardware only) which is probably your best bet. You can then use
traditional encryption to your satellite provider (or take Ethernet handoff
at the satellite earth station with co-located equipment, if appropriate).
Otherwise, if this is not adequate you can use any traditional acceleration
solution at the end sites, just check with the vendor for how optimized
they are for your latency scenario.
For various reasons, you're best not bonding. Just obtain a bigger space
segment. It's literally scalable to at least ~35 megabit with ease by
buying the appropriate sized pipe. Otherwise if you must bond I suggest
you consider traditional ip routing mechanisms to do so on a per-flow basis.
"You can then use
traditional encryption to your satellite provider (or take Ethernet handoff
at the satellite earth station with co-located equipment, if appropriate)."
True...except for most audit/regulatory purposes, having the traffic
unencrypted in any part of the chain is unacceptable.
"Just obtain a bigger space
segment. It's literally scalable to at least ~35 megabit with ease by
buying the appropriate sized pipe."
True, but you have to make sure you have the right modem. The
majority of modems in VSAT stacks can go up to ~10mbps. You usually
have to shell out quite a bit more money to get a modem capable of
handling larger bandwidths.
"Otherwise, if this is not adequate you can use any traditional acceleration
solution at the end sites, just check with the vendor for how optimized
they are for your latency scenario."
Exactly. Figuring out *what* specifically you want to accelerate is
vital. Virtually any accelerator on the market can handle FTP, HTTP
and other simple protocols. It takes a lot of know-how to properly
accelerate some of the more complex ones.
Hi Rens,
I work with one of the leading satellite providers. Depending on the customer type, we deploy a number of solutions (some work better for some, some work better for others). Most off-the-shelf solutions are more or less designed in a client/server manner (the optimizations they employ are usually asymmetrical, as most clients either just push or just pull data).
It sounds like you need an end to end solution that is not optimizing a particular type of data. Riverbed could be one, but I haven't really tested it in a setup resembling yours. Some of our customers use it, but they mostly pull data so I can't really tell if it works for you. You could contact me off-list to let me know who your satellite provider is. If it's the company I work with, perhaps we can bounce some ideas around.
Cheers
Vlad
Could anybody recommend any hardware that can build a VPN that works well
over satellite connections? (TCP enhancements)
I'd try splitting the solution into two devices: at the lower layer, the
tunneling part, which can be done with any traditional transport-layer VPN
solution; at the higher layer (prior to encryption), the TCP enhancement
part, for which, I'd look for dedicated and specialized multipoint WAN
optimization devices.
I want to setup a L3 VPN between 2 satellite connections
That's brave! I'd check with the satellite provider if they are able to
forward your frames directly from VSAT to VSAT without going through the
hub, and, if multiple satellites are used, if they can route between
satellites. Most don't. Those two above are NOT easy to do. They will most
probably make your packets "double-hop", so your latency will be about 1.4
seconds.
Hi,