Jump to content

Bondix by SIMA: Difference between revisions

no edit summary
(Changed topology of Bondix.)
No edit summary
(10 intermediate revisions by 3 users not shown)
Line 4: Line 4:


==Introduction==
==Introduction==
The need for reliable connectivity with high bandwidths is continuously growing. BONDIX developed its SANE (Simple Aggregation of Networks) software to ensure reliable connectivity for all applications such as voice, video and data transmission. This applies to mobile as well as stationary deployments.
The need for reliable connectivity with high bandwidths is continuously growing. Bondix Intelligence (hereinafter: Bondix) developed its Simple Aggregation of Networks (hereinafter: S.A.NE) software to ensure reliable connectivity for all applications such as voice, video and data transmission. This applies to mobile as well as stationary deployments.


This simple and efficient software solution can be installed on different platforms to enable these WAN aggregation functions. The SANE software implements bonding (aggregation) of, load balancing between, and seamless handover across, different WAN interfaces and WAN providers. It thus provides a highly available overall connection that keeps you online without interruption.
This simple and efficient software solution can be installed on different platforms to enable these WAN aggregation functions. The S.A.NE software implements bonding (aggregation) of, load balancing between, and seamless handover across, different WAN interfaces and WAN providers. It thus provides a highly available overall connection that keeps you online without interruption.


==Application==
==Application==
To increase the throughput or availability of access to remote applications, the use of two or more connections is often chosen. These can be fixed network or wireless (WiFi, cellular) connections, or a combination of these. The question is how to manage the use of these different connections efficiently and easily. This is where the SANE software comes in. With the unique SANE technology, you ensure a highly available connection and optimal throughput.
To increase the throughput or availability of access to remote applications, the use of two or more connections is often chosen. These can be fixed network or wireless (Fiber, DSL, WiFi, cellular, satellite) connections, or a combination of these. The question is how to manage the use of these different connections efficiently and easily. This is where the S.A.NE software comes in. With the unique S.A.NE technology you ensure a highly available connection and optimal throughput.


===High availability and bonding===
===High availability and bonding===
With a second connection via an alternative cellular network operator (or another WAN medium such as WiFi or satellite), the total bandwidth available for even a single TCP/IP connection can be increased, as well as the uptime. Line failures or network problems at service providers can thus be mitigated. With SANE, WAN scheduling is based on a wide range of policies and presets, which are available in the SANE Client and can be selected by the user based on his requirements:
With a second connection via an alternative cellular network operator (or another WAN medium such as WiFi or satellite), the total bandwidth available for even a single TCP/IP connection can be increased, as well as the uptime. Line failures or network problems at service providers can thus be mitigated. With S.A.NE, WAN scheduling is based on a wide range of policies and presets, which are available in the S.A.NE Client and can be selected by the user based on his requirements. With its very efficient bonding and wide feature set, the S.A.NE software enables a highly resilient and cost-effective virtual uplink for mobile as well as fixed locations.


SANE technology offers three options here:
S.A.NE technology offers three options here:


*'''Seamless handover''': different connections are available, but only one connection is used by the running application at a time. In the event of a failure of this active  connection, the system automatically switches to the next available connection. This switchover is seamless because this connection is already established and does not have to be re-established.
*'''Seamless backup''': different WAN uplinks are available, but only the primary uplink is used by the running application at a time. In the event of an primary uplink-failure, the system automatically switches to the next available interface/uplink seamlessly without interrupting or disconnecting existing connections.
*'''Load balancing with seamless handover''': the data of the application is distributed evenly over the available connections using a fixed algorithm (Round Robin method). The maximum available bandwidth for an application is limited by the available bandwidth of the best single connection. If a connection fails, the data traffic is distributed to the remaining connections.  However, it is possible that an application may no longer function error-free after switching due to the now lower available bandwidth.
*'''Load balancing with seamless handover''': the data of the application is distributed evenly over the available WAN uplinks. The maximum available bandwidth for an application is limited by the available bandwidth of its assigned uplink. If one uplink fails, affected traffic is distributed to a different uplink.
*'''Bonding (WAN aggregation)''': The optimal solution for the simultaneous use of several WAN connections is SANE Bonding (aggregation). With bonding, the user application benefits from the aggregate of the bandwidth available from the individual WANs. SANE optimizes the distribution of traffic flows across the various connections. This is particularly advantageous if the bandwidth of a single connection cannot provide the bandwidth required by the application.
*'''Bonding (WAN aggregation)''': the optimal solution for the simultaneous use of several WAN uplink is S.A.NE Bonding (aggregation). With bonding, the user application benefits from the aggregated bandwidth from the available WAN uplinks. S.A.NE optimizes the distribution of traffic flows across the various uplinks. This is particularly advantageous if the bandwidth of a single connection cannot provide the bandwidth required by the application.
*Replication: For low-latency real-time applications, this option reduces jitter and loss by replicating the user’s packet-flow on two or more available WANs.  With its very efficient bonding and wide feature set, the SANE software enables an optimal and cost-effective connection for mobile as well as fixed locations.


===Optimal throughput===
=== Additional features ===
With SANE you can easily add a mobile connection to enhance throughput from a fixed internet connection during times of peak demand – SANE will automatically switch this connection on as soon as more data throughput is required, and off again to save data costs when user traffic recedes.
 
* S.A.NE Packet Duplication: For low-latency real-time applications, this option reduces jitter and loss by replicating the user’s packet-flow on two or more available WAN uplinks.
* S.A.NE Bonding Proxy: a specialized optimization for TCP connections that allows higher data throughput where uplink characteristics are vastly different (e.g. Satellite and 4G).
* S.A.NE Latency Smoothing: By constantly monitoring the performance and latency of each uplink, S.A.NE bonding ensures that a single uplink Is never saturated, ensuring stable latency. Interactive, low-bandwidth streams are sent over the fastest link, while bulk traffic Is distributed over all uplinks.
* Optimal use of available WANs: You can easily add additional uplinks to enhance throughput of your fixed internet uplink during times of peak demand. S.A.NE will automatically utilize additional uplinks as soon as more bandwidth is required and keep them on stand-by to save cost when bandwidth demands recedes.


==The architecture==
==The architecture==
The SANE architecture consists of the SANE client and the SANE server (relay). The client software is installed on the router (CPE) and allows all existing interfaces of these routers to be combined into a virtual tunnel. The tunnel can be established via any type of WAN medium and uses a SANE Server as a relay, from which the data is then forwarded to its end point. This creates a connection that is transparent to IP traffic. The router and server send and receive the standard data, and forward it to the corresponding destinations in the intranet. Here it can also be decided whether direct internet access is also possible.
The S.A.NE architecture consists of the S.A.NE client and the S.A.NE server (relay). The client software is installed on the router (CPE) and allows all existing WAN interfaces to be combined into a virtual tunnel. This tunnel can be established via any type of WAN medium and uses the S.A.NE server as a relay, from which the data is then forwarded to the inter- or intranet.
 
The following example provides an overview of a common router that sets up a S.A.NE bonded tunnel via multiple WAN uplinks:


The following example provides an overview of a router that sets up a virtual tunnel using SANE via two LTE and one WiFi connections:
[[File:Sane architecture.png|alt=|997x997px]]
[[File:Sane architecture.png|alt=|997x997px]]
Unlike other WAN bonding solutions on the market, due to its unique architecture, SANE does not rely on a proprietary VPN to effectively bundle data traffic. The SANE application serves as a transparent transport layer for reliable transmission of user data, and existing encryption already used or certified by the user (IPsec, OpenVPN, Openwired, Wireguard etc) can continue to be used.


==Security==
==Security==
The SANE software has several built-in security mechanisms:
The S.A.NE software has several built-in security mechanisms:


===Distributed transmission===
===Certificate-Based Authentication===
Due to the pseudo-random distribution of the data packets over all available WAN interfaces and thus over different provider networks during transmission, a "man in the middle" attack is practically impossible. If the user encrypts the data, there is usually no possibility of third parties being able to decrypt the data.
S.A.NE supports certificate-based authentication for both client & server. If a router Is lost or stolen, It can be permanently excluded In just a few steps.


===Certificate-based authentication===
===VPN Support===
Due to its certificate-based, automated authentication and configuration process, Bondix SANE offers the highest level of security with minimal configuration effort. The use of the customers own certificates is possible and recommended. If a router is lost or stolen, it can be permanently excluded from the network in just a few steps.
Unlike other WAN bonding solutions in the market and due to its unique architecture, S.A.NE does not introduce a proprietary VPN to effectively bundle data traffic but has excellent support for Industry leading VPN solutions like IPSec, OpenVPN & Wireguard.  


===Local access===
===Server Geo-Redundancy ===
The configuration web interface available on the SANE client is deactivated by default, but can be activated on the server side if required. This function reliably prevents access to elementary settings of the local SANE Client and further increases security.
S.A.NE supports server redundancy. In case of a back-end failure, clients can be configured to automatically switch between multiple endpoints, keeping downtime to an absolute minimum.


==Management==
==Management==
SANE has several tools built in to monitor the status of the client, gateway, and all WAN connections during operation.
S.A.NE has built-In tools to monitor the status of the clients, gateway, and all WAN connections in operation.
 


'''<small>S.A.NE Realtime Monitoring:</small>'''
[[File:S.a.ne.png|thumb|657x657px|''All status information can be queried via command-line interface, a custom API or SNMP and can be easily integrated in existing monitoring platforms like Nagios or comparable products.''|alt=|none]]
==Hardware platform==
==Hardware platform==
The SANE client software is intended as a hardware-agnostic multi-WAN router operating system and is available today on the following Teltonika platforms:
The S.A.NE client software is intended as a hardware-agnostic multi-WAN router operating system and is already available today on the following Teltonika platforms:


*Teltonika RUTX 9
* Teltonika RUTX Series
*Teltonika RUTX 11
* Teltonika RUT 950/955
*Teltonika RUTX 12
*Teltonika RUTX R1
*Teltonika RUT 950/955 (3rd quarter 2021)


On the server side, the software is delivered as an Open Virtual Appliance (OVA), which can be installed on a local server as well as in the cloud.
On the server side, the software is delivered as an Open Virtual Appliance (OVA), which can be installed on a local server as well as in the cloud.


===Disclaimer===
 
'''NOTE''': Bondix Inteligence S.A.NE on RUTX devices available only on firmware version RUTX_R_00.02.06.1
== Contact ==
For questions or more information, please contact us via: [Mailto:[email protected]%[email protected]]
====Disclaimer====
----
This page describes installation of a third party (Bondix Intelligence) platform package, which was not developed by Teltonika Networks. Teltonika Networks is under no circumstances responsible for, including but not limited to, package's compatibility with the rest of Teltonika's Networks functionality, interoperability with other services, security or general stability. The user of this package acknowledges and agrees that the Teltonika Networks shall not be responsible or liable, whether directly or indirectly, for any damages or loss caused or sustained by the user, in connection with any use or reliance usage of said package.
 
''Any of the trademarks, service marks, collective marks, design rights or similar rights that are mentioned, used or cited in the articles are the property of their respective owners.''
''Any of the trademarks, service marks, collective marks, design rights or similar rights that are mentioned, used or cited in the articles are the property of their respective owners.''


Anonymous user