SD-WAN Solution: Multipath Internet Gateway

About the Client

The company is an independent managed services provider. The client maintains partnerships with several major networking vendors and carriers, including; Cisco, Meraki, Viptela, Silver-peak, Fortinet, Virgin Media, TalkTalk Business and SSE.
Wireless, Telecom

Company’s Request

Design and create Software Defined WAN internet gateway that can utilize several WAN links simultaneously. It should be controlled via the cloud dashboard.
The system should have site2site VPN (one network for a few offices). Traffic should be managed according to categories.

Technology Set

Linux as system kernel
Utilized as the core operating system, Linux provided a stable and flexible foundation for embedding networking functionalities and Wi-Fi support.
Full-featured Debian OS (containers for 3rd-party apps)
Leveraged to run third-party applications in isolated containers, enhancing security and manageability on the Debian operating system.
L4, LARTC: L3 for traffic aggregation and balancing over connections: Implemented to optimize internet connectivity by aggregating and balancing traffic across multiple WAN links, improving bandwidth utilization and redundancy.
Shadowsocks as gateway-side MPTCP endpoint and proxy, encryption of TCP traffic
Used at the gateway to serve as an endpoint for MPTCP connections and as a proxy, providing encryption to secure TCP traffic effectively.
OpenVPN as a non-TCP traffic carrier and for point-to-point VPN
Deployed to handle non-TCP traffic and establish secure point-to-point VPN connections, ensuring privacy and security across the network.
Traffic analysis
Conducted to monitor and manage network traffic flow, enabling detailed insights and data transmission optimization.
Cisco-compatible DMVPN for point-to-point VPN
Cisco-compatible DMVPN technology was used to facilitate dynamic, secure, point-to-point VPN connections.
Shadowsocks as gateway-side MPTCP endpoint and proxy
Utilized as the primary method for establishing a secure, encrypted gateway-side endpoint for the MPTCP connection, Shadowsocks also functioned as a proxy to manage and route TCP traffic efficiently.
Encryption of TCP traffic
Ensured all TCP traffic routed through the MPTCP system was encrypted, enhancing security and protecting data integrity during transmission across multiple WAN links.

MVP was made on top of embedded Linux system with wi-fi support. The system uses MPTCP protocol to provide simultaneous access via several WAN links. To avoid using poor connection implemented link status monitor which takes care of active connections. The second endpoint for MPTCP connection is a cloud server which is relatively stable because it is located in the data center.

If all available links are down, according to failover feature traffic can be redirected to LTE.

Control, configurations and status reporting were implemented via MQTT protocol.

Stable and redundant internet connection. User will ll have internet access until at least one ISP is alive.

Squeezes maximum bandwidth of your connections. The resulting bandwidth is the almost direct sum of all connections’ bandwidth.

Manual and automatic traffic prioritization: you can specify priority by traffic type (web, VoIP, p2p) and by specific service (Skype, Salesforce, Gmail or whatever is important in your business).

Detailed live reports of traffic usage in web dashboard and mobile application.

Group your gateways in different offices in a cluster and manage them in a batch.

Initialize point to point encrypted tunnels between gateways in your cluster to organize inter-office VPN.

Value Delivered

Advanced Wireless Connectivity
Gateway natively supports next-generation 3G, 4G, LTE, & Wi-Fi wireless connections for fixed or mobile applications.
Enhanced Security for Data Privacy
The solution keeps data private and safe using any Internet connection. The gateway automatically secures networking communications at each location.
Effortless Device Setup and Configuration
The user can set up new devices in seconds. The Gateway controller pushes all remaining configuration settings automatically.
Unified Management of Multiple Entities
The customer can manage multiple entities on a single control plane. Each entity remains unique and keeps its own private network.
Innovative Cluster Management Features
Next Generation Cluster Management allows for auto device discovery, centralized analytics, and redundancy.