Equant beams in VPN services over satellite

Equant is offering dual VPN-over-satellite services that can solve some connection problems for remote sites, but users should be aware of what Equant means by VPN in this case.

The two services are called Dedicated Satellite Access and IP Satellite Access, and have different configurations and characteristics. In both cases, the VPN involved is based on MPLS within Equant’s network, starting with the provider’s edge router, which in this case is Cisco gear. The differenc is in the access between customer sites and the nearest Equant point of presence.

Dedicated Satellite Access offers dedicated bandwidth in increments of 64K bit/sec up to 2M bit/sec over a clear channel. Because of the performance hit that satellite delay exacts on IPSec, the connection is not encrypted or tunneled. Acknowledgements would take too long to return and the sessions would time out, at least at high speeds. Equant says it can arrange to encrypt these links, but the speeds will be limited.

IP Satellite Access offers up to 64K bit/sec of dedicated bandwidth, with some bursting allowed over that speed. Equant uses gear from iDirect Technologies that optimizes TCP exchanges over the satellite link so satellite delay doesn’t ratchet down the connection speed. This link is encrypted using Triple-DES, although it does not create a full IPSec VPN tunnel.

There are many definitions of VPN therefore it’s important to know what vendors and service providers mean when they say they support a VPN.

By the way, the problem of satellite delay and VPNs is not new. V-One has a secure, application-layer product that deals with it by spoofing acknowledgments. For a discussion of this see https://www.nwfusion.com/newsletters/vpn/2002/01418492.html