???The Ultimate List of Functionality for Fusion's Software Defined Wide Area Network Solution??
Solution highlights
Data Centre Functionality
Aggregators are allocated for a IP Address space and can support subspaces. Persistent Aggregators are able to operate across multiple IP spaces and are utilized for Internet or datacentre breakouts.
A edge node is able to connect to either a primary or secondary aggregator. The routing between an aggregator and the datacentre router can be either BGP, OSPF or via Proxy ARP.
Aggregators can be used to support smaller sites of a few people to larger sites of a thousand devices. The same aggregator infrastructure is used for both scenarios.
Upstream Last Mile Legs
Most SD-WAN solution charge in bandwidth increments, so the more bandwidth allocated to a site the greater the billing burden. The Fusion SD-WAN solution has no billing charge related to bandwidth and no associated licensing restriction.
The Fusion solution is able to eliminate the spaghetti mess created by multiple CPE and demarcation devices deployed by operators and ISPs. The Fusion Edge device becomes a universal CPE.
The ability exists to manually select a clamping speed for an upstream leg interface or alternatively run a speedtest to automatically determine the most appropriate speed of the available bandwidth, balancing throughput and latency.
Bandwidth Adaption uses an estimation via a delay-based algorithm that uses the features of standard TCP, including the calculation of RTT and bytes acknowledged. This calculation avoids the multiplicative decrease in rate detected in other algorithms in the presence of packet loss. Bandwidth estimation is thus appropriate for broadband environments where there is variable bandwidth and delay.
Bandwidth reservation ensures that traffic that is using split tunneling never exists a certain percentage.
Fusion is able to use HMAC and AES. Hash-based message authentication codes (HMAC) is where data is signed and verified using a code. The algorithm uses MD5 hashing and a 30-byte secret key. HMAC-MD5 is defined in RFC 2104. This security mode offers data integrity but not secrecy. That is, a receiving host can detect if an attacker has changed network data after it has been sent. However, the data is not hidden and can be seen by anyone with access to the networks between the edge node and aggregator. Data is encrypted between edge nodes and aggregators using the DTLS 1.2 protocol. DTLS is based on SSL/TLS, and is defined in RFC 4347 and RFC 6347. Two ciphers are available, namely AES 128 and AES 256 which are accelerated by the CPUs on 64-bit operating systems. Perfect forward secrecy is assured and is the property that encrypted traffic cannot be decrypted at a later time even if the private key is compromised. Encryption is performed using private keys generated when the aggregator and edge node were provisioned, and nodes are authenticated with x.509 certificates signed by a certificate authority via the management server. Each leg has its own encryption session. Encryption increases the amount of overhead in each packet sent between the edge node and aggregator, resulting in a smaller MTU available to sites. The amount of overhead is different for each cipher.
Acceleration is achieved using a performance-enhancing TCP proxy that greatly increases throughput in certain conditions. It is helpful when bonding diverse types of Internet connections or when a connection has high jitter or varying bandwidth. In these conditions, the congestion control feature of TCP often reduces the available throughput on the upstream links to a small fraction of the expected throughput. The proxy is completely transparent. It requires no configuration on clients. SSL and other encryption protocols are fully supported. UDP traffic is ignored. The proxy intercepts connections from clients and forwards them to a process on the edge node or aggregator. The data stream is split into a number of parallel connections, then combined into the original stream by the remote node and sent onwards to the destination. By default, when the proxy is enabled, all outgoing HTTP and HTTPS connections use the proxy, including those from the edge node itself. The proxy should not be enabled if the edge node provides acceptable performance as it results in higher resource utilization.
The SD-WAN is able to measure and detect packet loss over the last mile legs.
The SD-WAN is able to detect whether a leg is flapping, which is an automated method to delay putting a link back into service if it goes offline before stabilizing.
Th
e SD-WAN measures and detects the appropriate MTU to use between the edge node and the aggregator on a regular basis.
Downstream service chain
CPE NAT is a single LAN small business deployment that combined with DNSMASQ is able to be deployed within a few minutes to have an office up and running. Typically used when there are 10 people or less in a location.
Branch networking
Private WANs is the SD-WAN feature that allows geographically separated sites to securely route traffic to each other as if each site was connected to the same router. It also allows access to the Internet to be centralized for all connections associated with an address space. Address spaces are the basis for Private WANs. Within a PWAN all associated links in the address space route their traffic to and from each other through the aggregators, rather than through the core public routers at each routing group. This allows the SD-WAN nodes to keep the address space’s traffic isolated. In addition to offering private routing among separate sites, Private WAN are also the basis in which to centralize Internet access for all associated links in an address space.
Antares Client Portal
Antares is a client portal that support multiple organizations.
A full hierarchical access model is available and applied within Antares.
A full IP Address space management ability exists within Antares including delegation.
Antares has a brilliant dashboard using Red, Amber and Green (RAG) status icons that can scale to thousands of sites being monitored from a single plane of glass.
The primary display for a edge node has the real time bandwidth which provides a great overview of utilization at a site.
领英推荐
The Antares platform stores all configuration associated with a site in a secure manner as well as allowing the deployment to be achieved using automation.
Antares has a built-in speedtest tool that performs throughput tests between the edge node and aggregator. This includes uplinks and downlink bandwidth as well as latency and jitter. The results are captured and recorded with the Antares database.
Antares has a full set of performance metrics that is the equivalence of Nagios or Cacti in a box. All the information and metrics available via those platforms are automatically available for each edge node and site. This allows legacy performance metric tools to be decommissioned.
Antares maintains a a running total of downtime statistics for a site.
Antares enables a Fusion edge node to be automatically provisioned by just providing and Internet connection.
High available of Fusion Edge Nodes is achieved using Pulse.
Antares will automatically email notifications of leg outages.
The platform contains a full set of online documentation.
Edge devices
The Fusion Edge Node supports the full use of VLANs.
The Fusion Edge Node support the full use of VXLANs.
The Fusion Edge Nodes provide RJ45 connections of 1gbs as standard while the Edge2000 has support for SFP+'s.
The industry standard Cisco rollover cable used for console serial connections.
Mobile networks are support by upstream modems connected via Ethernet or alternatively via PCI-E radio cards.
Effectively the Fusion Edge Node is capable of deploying any Linux binary.
DNS caching can be enabled on a Fusion Edge Node.
LLDP can be enabled allowing a the IPs of VoIP phones or other devices on the LAN to be detected.
Bot behaviour can easily be suppressed using low level firewalling.
Cyber Defense
Monitoring
Any 3rd party collector using IPFIX/Netflow is supported if required.
As this Fusion Edge Node can be managed using any platform that is able to manage Linux, the host of supported offering is wide.
Billing
Fusion's offering negates the requirement for a large upfront and long term licensing commitments such as those associated with Cisco Meraki.
At Fusion Broadband, we specialize in connecting the Internet of Things (IoT) and offer SD-WAN solutions designed to keep your connectivity failure-proof. ??Learn more: Contact Fusion