Networking

System On Grid is powered by highly redundant, optimized and low latency data network to augment the growth and performance load demanded by today’s applications. As application growth steers towards IoT (Internet of Things), Machine Learning, Deep Learning, Big Data, Artificial Intelligence (AI), Augmented Reality (AR) and Virtual Reality (VR) etc. there is an ever increasing challenge for the Network Fabric to meet the challenges head on. At System On Grid, we have built a network that is highly scalable, redundant, modular and flexible enough to meet the goals of today and tomorrow. Our Orbits come with multiple vNICs (Virtual Network Interface Cards) and have provisions for an isolated private network and dedicated RFV (Routing Function Virtualization).

Features

System On Grid provides the latest state of the art features with high
automation and availability.

floating-ip

Floating IP

Orbits come with multiple private vNICs that can be assigned with a floating Public IP.


Intuitive Dashboard

Network Firewalls

Experience hypervisor level Network Firewall to filter traffic based on IP/TCP/UDP ports.

2-Factor Auth

High Throughput

Get access to 20 gbps bandwidth on the private vNICs.

DNS

DNS

Free Forward and Reverse DNS resolution for all assigned Public IPs.

Ipvs6

IP V6

Experience IPv6 with a block of /64 assigned to every account absolutely free.

How is Network Built?

The Network is built using equipment from renowned OEMs Cisco and Juniper. The primary Switching Backbone is based on Cisco and Arista devices, whereas the Internet Edge is made of Juniper devices. The backbone network provides a fully forwarding 20 gbps throughput to all Hypervisors using 802.3ad and using the latest multi-chassis link aggregation technologies provided by both Cisco and Juniper. The data network is completely separate from the Storage network, used by our Block Storage system, and both networks have access to dedicated and full forwarding 20 gbps network each. The Hypervisor and the Storage Hardware use redundant 10 gbps NICs (Network Interface cards) and use the 802.3ad standard for a combined throughput of 20 gbps.

Will that be enough?

The Network is built using equipment from renowned OEMs Cisco and Juniper. The primary Switching Backbone is based on Cisco and Arista devices, whereas the Internet Edge is made of Juniper devices. The backbone network provides a fully forwarding 20 gbps throughput to all Hypervisors using 802.3ad and using the latest multi-chassis link aggregation technologies provided by both Cisco and Juniper. The data network is completely separate from the Storage network, used by our Block Storage system, and both networks have access to dedicated and full forwarding 20 gbps network each. The Hypervisor and the Storage Hardware use redundant 10 gbps NICs (Network Interface cards) and use the 802.3ad standard for a combined throughput of 20 gbps.

That’s for the Hardware,
but what about the Orbits?

Our architecture allows our Orbits to have multiple vNICs. We are providing 2 vNICs to every Orbit by default. The first vNIC (vNIC1) comes with a public IPv4 and is used to communicate with the Internet. The second vNIC (vNIC2) comes with a private IPv4 and can be used for private traffic exchange between your Orbits.

vNIC 1

vNIC1 is connected to a public network which provides access to public virtual router (VR1). vNIC1 is meant primarily for internet access and all Orbits across all user accounts have their vNIC1s connected to VR1. Orbits belonging to different user accounts can communicate using vNIC1 with each other and with hosts on Internet. As this is a shared network, there is no isolation of data and comes with the same inherent risks associated with Internet facing hosts.

vNIC 2

vNIC2 is connected to a private network, a dedicated isolated network reserved for your individual account. vNIC2 is meant to be used for private data communications like Database synchronization, application communication etc. This private network is connected to a dedicated virtual router (VR2) and is not shared with any other user account. All Orbits belonging to the same account, have all their vNIC2s connected to this VR2. vNIC2 is meant for all private communication and data synchronization.

Apart from vNIC1 and vNIC2, the architecture supports having even more vNICs on demand and can be requested.

What about Floating IPs?

vNIC2 can be assigned with a floating IP. Floating IP can also be moved from vNIC2 to another vNIC, between multiple Orbits. As vNIC2 comes with a dedicated virtual router and the most optimum utilization of IP space, Floating IPs can be purchased in multiples of 8 out of which 7 can be assigned to any of your Orbits on vNIC2. One IP is assigned to VR2 for Network reachability. If all 7 IPs are not used, they are still reserved for your account and can be used in future.

Isn’t there are problem of
Asymmetric traffic with 2 vNICs?

Our architecture allows our Orbits to have multiple vNICs. We are providing 2 vNICs to every Orbit by default. The first vNIC (vNIC1) comes with a public IPv4 and is used to communicate with the Internet. The second vNIC (vNIC2) comes with a private IPv4 and can be used for private traffic exchange between your Orbits.

How much throughput I get?

As vNIC1 has access to Internet, we give a maximum burstable throughput of 1 gbps and is throttled for a consistent performance of 500 mbps. vNIC2 has full access to 20 gbps.

What about Network Security?

Our backbone Network is constantly monitored by a team 24×7 using Network Management Software (NMS). We have network firewalls at different exchange points to ensure that there is no unauthorized access. Our Internet access is secured by Network Firewalls. These firewalls do not block any traffic belonging to any of the Orbits, as we provide full Internet access. These firewalls are primarily meant to mitigate risks to our Network backbone originating from the Internet and/or Internal.

How Secure are my Orbits?

We offer Firewall As A service, which is Hypervisor level firewall and can be used to set access rules for individual orbit. The security architecture has been built so that every user account can have their own firewall rules without interfering with other users. This service allows you to create firewall filters to ensure safety and security of your Orbits.

What kind of assurance I can get against DDoS?

Internet has been witnessing a steady increase in DDoS Distributed Denial of Service attacks and the situation will not be improving anytime soon. We have multiple monitoring systems in place to constantly analyze the Internet pipes. The greatest challenge with DDoS attacks is that it cripples the resources of the intended Victim and in shared environment like Cloud hosting, it also affects the other users. The best way for any user to mitigate DDoS attacks is to opt for a 3rd Party mitigation service, that can secure Web Servers, DNS and other services against DDoS attacks. System On Grid follows a blackholing policy of 24 hours for any destination IP, which is experiencing a DDoS attack. This is to safeguard the other users and customers. In future we plan to introduce a network based DDoS mitigation and packet scrubbing service.

Do you provide IPv6?

It gets as futuristic as it can with System On Grid offering a IPv6 block of /64, free with every account. This is consistent with our vision of step forward in evolution and we take the burden out by providing FQDN for all IPv6 IPs assigned to any of the resources. Futuristic need not be complicated and the FQDN easily takes care of accessing your IPv6 space.