Why to choose CMG as your enterprise router?

Today almost all businesses rely on IT and require reliable Internet or WAN (Wide Area Network) connectivity for their IT transactions. Choosing the right CPE router is the first step to guaranteeing optimal connectivity.

RansNet Cloud Managed Gateway (CMG) SD-WAN routers have been selected and deployed in thousands of locations empowering business successes for tens of thousands of enterprises.

There are several reasons why CMG is particularly positioned for enterprise businesses and why customers choose us.

Secure your corporate network at a lesser cost

Now almost every company network is connected to the public Internet. However, “connected” doesn’t mean “exposed” to the Internet. With the proliferation of cloud computing and SaaS/PaaS offerings, most corporate resources are no longer hosted in the company’s physical network, and we don’t need to open up (expose) our network to allow public users to come into our private network (no “inbound” access). So generally, most of the connections are “outbound”, eg. corporate users going out to access external Internet resources.

Some legacy network designs still put a dedicated firewall at the Internet edge, but, what to protect when you don’t need to open up your network anymore?
You could simply shield your corporate network from the Internet by blocking all inbound access. All you need is a router (it’s needed to connect to the ISP link anyway) with a stateful firewall and address translation capabilities.

In addition to all the needs of routing functions, CMG comes with a built-in stateful firewall that permits legitimate “outbound” connections, tracks and stores each permitted connection in a state table, automatically permits return packets for each tracked connection and denies all inbound access originated from the public Internet, completely isolate your network from the public Internet. It’s like installing a door that only your family members can open from inside (to go out and come back) and unknown people can’t open from outside (to go in). (NOTE, other aspects of security like host protection, etc are outside of this document’s scope). While corporate users are having “outbound” accesses, CMG also translates/hides their private IP (PAT/NAT) to another public IP address, adding further perimeter defense to your private network.

In case you do need additional content security for your users, CMG can easily work with many cloud security offerings, where you can subscribe on a “pay per use” basis, such as DNS filter, titanic, zscaler, menlosecurity, etc.

With CMG as a high-performance router and stateful firewall, you can secure your network while saving the cost of a dedicated expensive firewall.

Meet your throughput requirement with maximum scalability

Speed is the information superhighway to your business success. The faster, the better, particularly in today’s digital economy era. Many ISPs now offer high-speed Internet service, from over 100Mbps up to 10Gbps. If you’re paying a lot of money for the ISP broadband service, you want to fully enjoy what you pay for, eg. if you subscribe to a 500Mbps plan, you want to be able to fully and effectively use up to 500Mbps. So it’s imperative to make sure the CPE router is not a bottleneck along your superhighway.

The major computing resources that determine router throughput include CPU clock speed, no. of cores, OS efficiency, related accessories, etc. RansNet CMG is a purpose-built industrial computing appliance, powered by a multi-core Intel x86 CPU, with super optimized Linux OS, to deliver true wire speed. Each CMG model minimally comes with 4 x Gigabit Ethernet ports, and some models can slot in several 10G modules to scale to maximum throughput requirements. It’s worth noting that many (almost all) consumer-grade routers are SoC (System on a chip), with much-limited computing resources. That’s why they can work for a home network but can’t scale up to enterprise needs.

Besides throughput, another key performance indicator is the ability to handle concurrent user connections, which would require lots of RAM (in addition to CPU processing). Traditional routers only need RAM to store MAC table, routing table, FIB table, and several other running state data, which don’t require much storage space. That’s why many routers’ default comes with a relatively small RAM size, mostly less than 1GB. However, now we need the routers to perform stateful firewall inspection and IP address translations (PAT/NAT). And with the vast application transactions happening, a single user device/PC can trigger tens of hundreds of connections, eg. for a network with 5000 users you could expect up to 500,000 user connections. The router needs to track each user connection and store them in a state table, translate each private IP address and store the record into in a xlate table etc. Each state record consumes about 1KB of RAM and because the connection is 2-way (2 state records), so each connection can consume 2KB of RAM, eg. for 500,000 user connection, we need 1GB of RAM just for the state table, without counting the storage needs for MAC table, routing table, VPN tunnel sessions if any, and many other running processes and temp files etc. Many “enterprise” routers have less than 1GB RAM, and even if upgrade to 2GB etc, it won’t be able to handle such load. We’ve seen many routers instantly collapse under high load. Resource limitation is one of the major reasons.

CMG is well designed to address such performance needs. Our lowest model CMG-800 already comes with default 4GB RAM, and higher-end model goes up to 16GB and 32GB etc. The mfusion graph below shows a typical CMG-1500 utilization with 3000 users and 350Mbps bandwidth utilization. The CPU and RAM usage are both very healthy.

Connect your business entities with SD-WAN features

For organizations with multiple remote entities, having secure and reliable remote connectivity between sites is critical to consolidate and standardize business applications. Emerging SD-WAN technologies are starting to replace traditional expensive MPLS or leased-lines, by overlaying secure VPN tunnels over cheaper public Internet connections. However, many SD-WAN solutions in the market can cost more than traditional MPLS rather than helping companies to save money, as they typically charge by subscription, throughput and no. of tunnels/sites etc, and the total cost of ownership can be much higher over years.

As a high-performance gateway with abundant computing resources and versatile networking features, CMG can be used as both SD-WAN gateway and remote appliances, supporting hundreds and thousands of VPN tunnels per box, at no extra licensing or feature costs. Together with the mfusion SD-WAN orchestrator, administrators can provision configurations on the fly for hundreds of remote locations. Traffic will dynamically flow through the optimal available path based on pre-defined business metrics, eg. applications, availability, latency, jitter, packet loss etc.

Maximize your user experience and application performance

With BYOD and flexible working hours/places etc, many private networks are no longer “private”. You could be sharing with different groups of people and accessing different types of applications etc. With CMG granular bandwidth control (QoS) features, you can easily prioritize your mission-critical applications and guarantee bandwidth for VIP users, etc. Please refer to more details here.

Maximize your business uptime

CMG comes with several resiliency features that ensure your enterprise networks are always up and running:

  • Link aggregation/bonding for redundant connection between the router and your enterprise core switch.
  • Multi-WAN link balancing for increasing speed and resiliency to the Internet.
  • VRRP for hardware device redundancy.