Management Data Utilization

Understanding management data utilization

When a mbox (CMG/HSG/HSA) is managed by mfusion, there can be several management sessions that will consume bandwidth. If you’re using a 4G/5G SIM with quota limits for the WAN connection, it’s important to understand the “underlying” management data usage, on top of your application data.

  1. Monitoring and orchestration session. Each mbox will automatically report its operating status (eg. cpu, memory, link usage, latency, etc) to mfusion at 2-minute interval. When each mbox is added to the orchestrator for configuration management the box will try to check and pull (if there’s config change) config at 15-second interval. So even if there’s no config change, the box will still send queries to mfusion for config update status every 15s and that will consume bandwidth too. Depending on what monitoring items are enabled and how often you push configs, typically this session can consume about 8Kbps download and 2Kbps upload. In terms of data usage, this translates to (12Kbps x 3600s/hr x 24hr/day x 30 day/month)/8 2.5GB/month download, and 1GB/month upload.
  1. VPN tunnel. When a VPN tunnel is configured, mbox needs to establish tunnels with CMG gateway, and the tunnel needs to be kept alive (permanent) together with tunnel overheads etc. Each tunnel typically consumes about 10Kbps download and 5Kbps upload, which is (10Kbps x 3600s/hr x 24hr/day x 30 day/month)/8 3GB/month download, and 1.5GB/month upload.
  1. Dynamic routing. Under SD-WAN scenario, when VPN tunnel is in “L3 VPN” mode, there’s dynamic routing protocol update within each tunnel, and this can consume another 10Kbps download and 5Kbps upload, eg. (10Kbps x 3600s/hr x 24hr/day x 30 day/month)/8 3GB/month download, and 1.5 GB/month upload.

So in a full SD-WAN connection, the expected extra data usage overhead can be up to 10GB/month download and  5GB/month upload; if you’re running dual tunnels, especially if both tunnels are on the same SIM connection, then it will potentially end up 15GB/month download and  7GB/month upload. 

This overhead can be significant if the SIM card has a quota limit. Many ISP offer xx GB/month data plan, and some even offer “unlimited” plans but the “unlimited” comes at a throttled speed after a certain quota is exceeded.

So there’s a need to optimize management data usage when it’s running on a SIM card:

  1. Try not to use dual VPN tunnels, even if you have 2 SIM cards. Use single tunnel with tracking feature to do failover. Although the failover can be slower (up to 50s compared with 15s for dual tunnels), this helps to save substantial data usage.
  1.  Use “Remote Access” VPN mode instead of “L3 VPN” mode so that there are no dynamic routing protocols running. This requires explicitly injecting routes for each site, but again, some extra configuration efforts can save some data usage.
  1. Do not use VPN tunnels. If your application server is in the cloud and your devices (behind mbox) can send outbound data directly the server via your own secure application sessions (eg. SSL/TLS), you may not need VPN tunnels.