Bandwidth aggregation and efficient WAN optimization is achieved through the permanent communication between a comBOX network appliance and a comBOX network server.
The comBOX network appliance is placed between the Customer’s LAN and the modems / routers of the available WAN connections and acts as the Internet gateway by controlling and distributing data traffic flows.
The comBOX network server is a fully-managed cloud server within our global private cloud infrastructure. For each new comBOX deployment, we provision a new dedicated virtual server located in the nearest data center to the Customer premises. The network server or bandwidth aggregation server is essentially the other end of the circuit, where multiple WAN connections are transformed into a single one.
Why comBOX VLL Technology?
The comBOX VLL technology enables the deployment of cost effective, flexible, easily managed, high performing professional WANs. Through the intelligent traffic distribution to multiple WAN paths, comBOX services perform real bandwidth aggregation, allowing the maximum utilization of the available telecom resources.
Splitting Traffic at the Packet Level
The comBOX VLL Technology makes real bandwidth aggregation possible by distributing individual packets to multiple Internet connections. By splitting all your Internet traffic at the packet-level, even large single socket transfers can be given a major speed boost! As a result, your business network can support high performing VPNs, uninterrupted video/audio streaming and ultra fast file transfers.
Optimized bandwidth aggregation of diverse media
All comBOX multi-WAN services use our proprietary traffic distribution algorithm to aggregate the bandwidth of multiple WAN connections and create a virtual “fat-pipe” whose speed is equal to the sum of the speeds of the individual WAN connections used.
The aggregated bandwidth offered by comBOX VLL technology is available even for a single session (e.g. the transfer of a single file), since the data is sent simultaneously utilizing all the available WAN connections. The algorithm is self-tuning and adaptive to changes by monitoring the available WAN connections in real time; continuously measuring and monitoring each link for loss, latency, jitter and congestion. This allows intelligent traffic handling of applications’ data across the WAN and the cloud.
Furthermore, the algorithm mitigates WAN connections’ outages and errors by rerouting data packets to the functional connections. As a result, we get a predictable and consistent network without impacting the applications’ performance.
Smart (Transparent) same IP Failover
It enables the ability to survive WAN connections’ outages without a change in public IP addresses allowing for session continuity.
Low-cost public IP connections often suffer from many interruptions (downtime). As a result these connections are unusable for certain periods of time. In order to improve the availability of corporate WAN networks, the comBOX VLL technology uses the Smart Failover algorithm. The algorithm reroutes sent and received data over the remaining WAN connections when part of these fail, isolating the faulty connections and ensuring that the end user does not notice any session interruption.
To achieve the maximum uptime, it is recommended to combine connections of different types and ISPs. The combination of wired and wireless WAN connections results in a hybrid WAN of unprecedented availability.
End-to-end, bi-directional Quality of Service
The comBOX SD-WAN services offer reliable end-to-end QoS over multiple WAN connections in a simplified manner.
Many real-time or business critical applications need to be routed with high priority, in order to achieve constant speeds without interruptions. This is extremely important when there is simultaneous traffic of other types which exceeds the maximum WAN throughput. Priority setting as well as definition of the available bandwidth for each type of Internet traffic is undertaken by the Bandwidth Management (QoS) system, which manages the flow of data and allows for better performing real-time services (VoIP, Video-Conferences, Audio & Video Streaming, E-Learning platforms etc) and the control of the reserved bandwidth per application/device.
The Bandwidth Management system is able to support QoS classification via DSCP when the QoS classes are configured in a third party appliance (VPN server, Router, Firewall, UTM etc).
Packet loss & Latency management
The comBOX VLL technology incorporates a Performance Enhancing Proxy designed to improve TCP performance over high latency and congested links.
By splitting the TCP sessions it enables an optimized TCP stack introducing cutting edge congestion control and loss recovery mechanisms. These mechanisms rely on link utilization metrics that are calculated in real time to ensure fast and uninterrupted data flows. This feature is a must have when individual WAN links face high packet loss or latency such as satellite connections.
The Transparent Performance Enhancing Proxy involves the breaking up of long end-to-end control loops to several smaller control loops by intercepting and relaying TCP connections within the network. By adopting this procedure, it allows for the TCP flows to have a shorter reaction time to packet losses which may occur within the WAN, thus guaranteeing a higher throughput.
Real-time data compression
The comBOX VLL technology enables real time data compression on the network layer to accelerate data transfers for uncompressed data.
Sent and received data is automatically compressed in real time to save bandwidth and further improve the WAN performance. The transmitted data can be reduced by 90% depending on the packets’ payload. This feature is extremely useful when it comes to broadband connections with traffic caps as it reduces the data transmitted, thus saving costs.
The comBOX VLL technology uses Jumbo frames to achieve higher protocol efficiency.
With larger frame size, thus larger payload size, the comBOX VLL technology achieves less protocol overhead and the bandwidth saved is available for the packets’ payload. This feature also helps in the real time compression mechanism, as it enables greater degree of data compression saving even more bandwidth from the available WAN connections.
Forward Error Correction
Real-time application traffic can be duplicated to guarantee no loss and optimal performance.
This feature normalizes the performance of real-time applications by transmitting data in redundant mode via multiple WAN paths.
The system selects the best two WAN connections in order to transmit two identical copies of the real-time data packets at the same time. Whichever packet gets through first, is the one to be delivered. This feature guarantees the smooth operation of real time protocols even when the available individual WAN connections face high packet loss and jitter.
Special Purpose Connection Legs
This technology feature allows specific WAN connections to be used by the bandwidth aggregation algorithm for specific types of traffic. As a result, the corporate network can take advantage of WAN connections with traffic caps for business critical applications.
This feature allows the configuration of sophisticated policies regarding the utilization of the available WAN connections. In fact, it allows each connection to be used by the bandwidth aggregation algorithm for specific QoS classes. This results in further increasing the available bandwidth or enabling additional WAN paths for redundancy.
Policy Based Routing
It allows the definition of rules in order to route specific types of traffic directly via specific WAN connections
Legacy session Load Balancing
The legacy session load balancing functionality offers the ability to distribute different sessions to the available WAN connections.
The comBOX network appliance offers the ability of transparent routing via the bridged mode functionality.
State of the art network security
Traffic Authentication at the Node Level
The CPE and the aggregation server authenticate each other using 4096-bit RSA keys and the TLS v1.2 protocol along with the TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 strong encryption cipher suite (256-bit AES encryption with SHA-384 message authentication and ephemeral ECDH key exchange signed with an RSA certificate). Keys are generated, managed and signed by a private PKI, avoiding the problems of trusting third party CAs, presenting a far smaller attack surface by eliminating the complex certificate chain validation risks commonly lInked with SSL security. All the above ensure no attacker can modify or forge bonded traffic between the CPE and aggregation server.
Furthermore, all network traffic between the CPE and the aggregation server can optionally be encrypted using the above algorithm/cipher suite to safeguard the user data transmitted between the comBOX VLL service endpoints.
Packet-Level Distribution Across Bonded Connections.
By its nature, the technology is highly secure. The packet-level distribution algorithm spreads traffic across multiple Internet connections. Even if an attacker manages to capture one of your individual Internet connections, only a small part of your entire traffic is visible. So, even though this is not a standardized security feature, it clearly provides a strong additional level of security.n server.
Seamless Integration with Existing Network Architecture
Your existing network security design will not be impacted. The technology supports all encrypted VPN traffic, and is also completely transparent to SSL traffic.
Remote Bonding Appliance (CPE) Security
Industry-standard SSL protects the appliance from unauthorized control. The CLI that could be accessed with SSH is equipped with protective functions by using access control lists. All services integrated in the router can be precisely configured in regards to how these services are accessible via which interfaces and IP networks.
Standard IP VPN encryption
The system has the ability to perform SSL IP VPN encryption for hub-and-spoke VPNs using 4096-bit RSA keys with SHA256 certificates, TLS v1.2, and Diffie-Hellman key exchange with elliptic curves.
Secure Operating System
Our service uses the popular open source Linux distribution CentOS. Many contributors around the world work to enhance the security of this operating system, from reviewing code to ensure security issues are eliminated before release, to implementing fixes within hours of a vulnerability becoming known. You benefit from their experience and abilities
Hardware failover cluster support
The hardware failover cluster functionality eliminates single points of failure and service downtime.
Centralized Service Management and Monitoring
The comBOX multi-WAN services can be managed remotely via the centralized management platform.
The centralized management platform allows our NOC and our service partners to monitor comBOX services and manage remotely the available CPEs through a simple to use interface. The centralized management platform offers the following functionality:
- Service Monitoring (Reporting and alerting of comBOX multi-WAN services deployment metrics)
- Remote CPE configuration management