Multiple remote VSATs must contend for bandwidth in order to transmit or uplink their data.
To share or not to share?
Some legacy broadband satellite systems contend for bandwidth, leveraging technology that works much like shared Ethernet. As more users are added to the system there are collisions that result when multiple users request bandwidth at the same time. As the load increases, this can create a snowball effect until all the bandwidth is chewed up just handling the contention. Thus it is very important that the network not be highly over-subscribed or service may be seriously impacted.
Once a VSAT has contended for access, the hub will assign bandwidth on the same frequency or channel (TDMA) or on multiple frequencies or channels (MF-TDMA). This bandwidth assignment will be made based on some sort of fair access algorithm and the active bandwidth request from the remote VSATs. Unfortunately the access is inconsistent because collisions may occur when multiple VSATs request a connection and bandwidth at the same time, and must back off and retransmit. This causes slow startup times and adds jitter which affects applications like VoIP and Video/IP.
Most of these systems (which are based on the DVB/RCS specification) allocate bandwidth in 8 or 16 Kbps chunks for pre-configured amounts of time, frequently measured in seconds. As the time period expires, if the remote VSAT isn’t using the bandwidth or if a higher priority request is made, then the bandwidth is released and may be reassigned. Unfortunately this method of allocating bandwidth can be very wasteful and inefficient, and is very difficult to optimize for best performance. Internet or web based traffic is very bursty. Transmission times are generally very short and random in nature. Since bandwidth is generally allocated for a minimum of several seconds, all the idle time in which a VSAT holds assigned bandwidth, but is not actively transmitting is wasted transmission capacity.
The iDirect system minimizes the connect time by assigning a small amount of dedicated bandwidth or CIR (Committed Information Rate) to each satellite router, so a VSAT never has to contend’ for access. It always has a connection to the hub. An additional pool of shared bandwidth is dynamically allocated to each remote site up to 8 times/second using a fair access’ algorithm to prevent high usage sites from starving other sites. Bandwidth, or timeslots are never held’ by VSATs, but are constantly assigned and allocated in real time, taking maximum advantage of available bandwidth and distributing it between users in real time. Bandwidth efficiency increases from 10 to 20% for most legacy systems, to over 95% on an iDirect system.
The iDirect solution is excellent for VoIP and Video/IP for several reasons. Because of the dedicated bandwidth, there is no contention required to begin a transmission, managing jitter for these sensitive applications. Additionally, allocated bandwidth for a VSAT is feathered’ or spread out across entire frames, creating a smooth even data flow, rather than the jerky delivery experienced with many other systems.
The hub dynamically allocates bandwidth to each site based on configured rate limits, QoS, CIR and current queue depths. In some ways, this technology can be thought of as upgrading from a shared Ethernet hub to a smart Ethernet switch, with all of the resultant performance benefits provided by that solution.
Many legacy systems use a 250ms frame size. That means sampling at only 4 times/second which yields a sluggish web response and very poor voice quality. The iDirect frame size is variable depending on the application, but is generally set at 125ms which means sampling 8 times/second. This yields a crisp user web response and business class quality VoIP service. Of equal importance is the ability mentioned above, to feather’ or spread out the transmission data smoothly and evenly across the transport frames for a consistent low-jitter service.
Quality of Service (QoS)
Application QoS based on Class Based Queuing, found in leading QoS engines like Lucent’s Access Point router, Sitara, etc. allows the administrator to allocate a percentage of bandwidth to specific applications or protocols and to set the priority level (basically the queue depth) in order to deliver the desired quality. QoS works in both directions, so a VoIP call won’t be stepped on by another VSAT’s large download file. When the prioritized application is idle, the bandwidth is available for general use. A further advantage and unique capability of the iDirect solution is the ability to do fragmentation and interleaving. This eliminates the case where the system has started to transmit a large data packet and a small voice packet comes behind and is delayed (even though it is prioritized in the queue). When large packets are fragmented, then the voice packet only has to wait for one slot.
The QoS feature can also be used to filter out or discard unwanted data based on the same criteria, basically by assigning zero (0%) bandwidth allocation for the undesirable application or protocol. For example, an organization might want to block gaming, or MP-3 downloads or Kazaa file sharing, or restrict the amount of bandwidth available for these and other applications.
The amount of upstream and downstream bandwidth for each individual site is controlled and managed using rate limiting. In this way, a business pays only for the amount of bandwidth they require on a per site basis. A site can use all the bandwidth available up to the point that it is rate limited.
Committed Information Rate (CIR)
As indicated above, each iDirect remote VSAT satellite router is assigned a small amount of dedicated bandwidth, eliminating the need to contend for an opportunity to transmit, and guaranteeing that no matter how busy the network, at least that basic amount of bandwidth will always be available. Additional CIR bandwidth can be permanently dedicated or dynamically allocated on a per site basis to support specific requirements for an additional cost. Dedicated CIR is bandwidth time slots permanently assigned to specific remotes that cannot be used by any other VSAT. Dynamic CIR is allocated to specific sites when they have data to send, otherwise the bandwidth time slots are put back in the shared pool for general use among all VSATs. A key differentiator is the speed with which dynamic CIR can be assigned. Most systems that provide a CIR capability will take 10’s of seconds to establish the dedicated bandwidth capacity, while the iDirect system will make it available in sub-second time.
Many companies desire the use of satellite broadband for private IP networking instead of, or in addition to Internet access. This is easily accomplished. Traffic from remote sites lands at the teleport, where Internet traffic is directed to a firewall and dropped with no intermediate hops onto a Tier One ISP backbone at very high speeds. Private IP traffic is directed to a Frame Relay, T-1, VPN or other wireline link that terminates back at the company’s headquarters location. The connection is private in all regards, similar to a Frame Relay network. For additional security, most iDirect-enabled Network Operators support iDirect’s optional 3DES encrypted service across the satellite link. Everything to and from the remote VSAT is encrypted across the satellite link. The benefits of TCP and web acceleration are maintained. The customer can decide whether to encrypt links to some or all of their remote offices. The 3DES encryption is provided by the Hifn chipset that is found in VPN appliances and routers from many vendors. The performance hit for 3DES encryption is less than 1%.
Some organizations have specific requirements for security, and satellite latency can create some interesting challenges for VPNs. We understand these limitations and can provide consulting and advice for a range of security solutions that work over satellite such as:
- SSL-based VPNs that are easy to deploy because no client software is required. They ride on top of TCP, so TCP Acceleration continues to operate.
- SLE or Selective Layer Encryption solutions that encrypt data but leave the TCP control information alone so that TCP Acceleration can work properly.
- Encapsulation techniques that wrap an IPSec VPN packet in a new TCP header that can be accelerated.