?Functional attributes of the FBSA SD-WAN
- Multitenant - installation supports multiple clients across multiple ISPs;
- X86 based hardware solution using hardware-based encryption and network offloading;
- Desktop and rack mount CPEs shipping;
- Integration with Ethernet based handoffs as well as fibre solutions;
- Stable linux debian based networking kernel that is a performance leader;
- Hardened operating system certified for government and federal use;
- Administration portal - cloud based administration using the IBM Cloud;
- Secure administration of secure edge using key based management protocols;
- Separate client portal - client has access to dashboard, configuration and performance;
- IBM cloud-based management server includes SLA guarantees for management, security and performance;
- Analytics provided for determining mitigation of down time;
- Hierarchical administration and assignment rights – managed service provider can allocate reseller area;
- RAG (Red Amber Green dashboard) scalable to thousands of sites including core statistics;
- Online product documentation of all functions and features;
- Hub and spoke architecture eliminating last mile problems known as the leg. Lollipop routers are by implementation incapable of mitigating these problems;
- Leg and interface widgets for status and error conditions;
- Instantaneous failover of connectivity within a maximum of 150ms;
- Secondary and failover hubs for resilience;
- Meshed hubs using vxlans, wireguard and babel;
- Asset management fields and annotation of CPE and leg details;
- Quality of Service (QoS) ability providing crystal clear voice;
- Default real time, interactive, routine and bulk categories. Full customization of (QoS) available;
- Reservation percentages and bandwidth limitations available for QoS;
- Overhead backhaul encapsulation configuration ;
- Low latency/jitter algorithm;
- High bandwidth algorithm;
- Packet filters using IP headers;
- Bandwidth adaptation to dynamically adjust to congestion situations such as interference and backhaul congestion;
- Split tunnelling including bandwidth reservation;
- Traffic flow visualization using Netflow/IPFIX ability and integration with 3rd part collectors such as Elastiflow or NFDUMP based tools such as NeDi;
- Compression algorithms on spoke to hub links;
- Uplink security including HMAC, AES128, AES256 and SALSA20;
- Encryption handshaking ;
- Prevention of encryption interception;
- Packet Distribution using Weighted round robin, Flowlet and IDMPQ;
- CPU optimization;
- TCP clamping and Source address verification;
- Automated monitoring and instant failover of legs;
- Aggregation of bandwidth using bonding;
- Packet loss detection including setting of limits, warnings, and notifications;
- Leg flap detection;
- Automated MTU detection and monitoring;
- Full log and troubleshooting ability including debug;
- TCP Acceleration;
- Optional WAN optimization using Replify;
- Port and concurrency selection;
- Congestion control algorithm selection including those for satellite, fibre, wireless and international links;
- Cloud Connector and Accelerator;
- Automated CPE and zero touch provisioning
- 3 to 7 ISP legs;
- Leg upload and download speed provisioning;
- Automated speed and tuning algorithms;
- DHCP, Static and PPPoE settings for legs;
- Secondary and multiple leg settings per interface including unlimited use of vlans;
- Floating IP and CPE based NAT;
- Public and private IP address integration for connected IPs;
- IP space management;
- IPV6 and IPV4 support;
- Monitoring of CPE and Leg statistics;
- Integrated Performance Graphing scaling from 15 minutes to 1 year;
- Utilization, Latency, Packet loss graphs, Leg changes, Quality of service graphs and CPU graphs;
- Built-in bandwidth testing tool including history log;
- 24/7 international support - without limits;
- Service chaining using 3rd party firewalls such as Watchguard, pfsense, Mikrotik, Cisco and Fortinet. Firewall as a service integration with any 3rd party ISO.
- Consolidation of all firewalls instances to a single central pair based in the data centre;
- Road warrior VPN integration such as Wireguard, Strongswan or Softether;
- Threat intelligence (3rd party block lists) . Protects against malware, ransomware and crypto mining. Ability to optionally and additional email and security protection;
- Content based filtering at the edge using DNS filtering integration;
- Private Wide Area Networking / branch networking;
- Centralized branch breakout in data centre or headquarters;
- Device management micro plane for administration of 3rd part networking equipment;
- Full SNMP management ability and integration with 3rd party SNMP tools;
- LLDP visibility;
- Ability to provide CVE based vulnerability assessment of locations as well as infrastructure and networking device inventory;
- Full packet capture ability to any edge node in the network using Wireshark;
- Integration with 3rd party wireless controllers and ceiling mounted access points;
- Certified integration with fixed wireless solutions such as RADWIN;
- Log management;
- Bandwidth tool to summarize per IP and port data usage.