But what if those “campuses” weren’t physically tied to one geography? What if the campus moved around? Sort of like a ship? Well, how about exactly like a cruise ship? Never in one location long, but always on the go. Legacy maritime networks and the engineers that design them face some unique challenges: large latency variations, high cost, limited bandwidth, transient interference, and variable data rates. In this blog, I will cover the high-level design my team uses to deploy HPE Aruba Networking Secure Access Service Edge (SASE) leveraging Starlink connectivity.
To start, leisure cruise network engineering teams have to temper application expectations or work around design parameters. The long distance between users and legacy geostationary satellites, which orbit 22,000 miles (35,000 km) above Earth, results in significant latency. This makes it challenging to support activities that require low latency, like streaming, gaming, and video calls.
To overcome legacy maritime network challenges, cruise lines are moving quickly to Starlink. Unlike traditional geostationary satellites, Starlink's thousands of satellites orbit about 60 times closer to Earth, at an altitude of about 340 miles (550 km). This proximity results in significantly lower latency, reducing the time it takes for data to travel between the user and the satellite. Each Starlink satellite contains three space lasers that operate at speeds up to 200 Gbps. This forms a global mesh that can connect ships anywhere in the world. When paired with HPE Aruba Networking SASE, cruise lines can provide connectivity like never before.
The benefits of SASE for cruise lines
My previous reference to a ship as a campus was only a little tongue-in-cheek. These vessels take years to construct, can be more than 1,000 feet (350M) long, and often have 15 or more decks. Their networks need to support 5,000 passengers and another 2,000 crew members. These really are floating “campuses” that move around the world!
Much like a campus, ships have multiple MDF’s (Main Distribution Frames), IDF’s (Intermediate Distribution Frames) and data centers. Shipbuilders plan for redundancy, so the hardware is split into two forward and aft redundant data centers. These are in different fire zones and often on different deck levels. For the wide area network that connects the ship to the outside world, we base the design on SASE, using the principles of zero trust, converged network and security architecture, centralized management, DLP, and dynamic perimeter. The ship-side LAN and WLAN could fill another blog, so I will focus on the SASE connectivity uplinking these two data centers to the outside world. But suffice it to say HPE Aruba Networking solutions are deployed in those areas as well.
The differences start to become apparent when we look at how these ships obtain Wide Area Network (WAN) connectivity. If in port, there may be additional Starlink connections, a physical Ethernet link, or point-to-point wireless. While at sea the connectivity options are limited to satellite links. In a legacy network, the IT team must take manual action to swing the WAN between the uplinks that are available.
With HPE Aruba Networking EdgeConnect SASE platform, the SD-WAN is self-driving and automatically adjusts to use all available WAN connections. EdgeConnect SD-WAN can take many WAN links, intelligently bond them, and appear to the Local Area Network (LAN) as a single larger WAN link. It also provides path conditioning technologies and per-application controls on which applications can access these various links. The beauty and simplicity of the HPE Aruba Networking EdgeConnect SD-WAN solution allows for up to 16 WAN links to be bonded. It includes a built-in firewall to nimbly secure and segment traffic and seamlessly integrates with HPE Aruba Networking Security Service Edge (SSE) to form a unified SASE platform.
Unique HPE Aruba Networking differentiation
Until recently, multi-gigabit, low-latency connections via satellite were not an option. However, with the wide buildout of Starlink’s low Earth orbit (LEO) services, we can leverage lower latency and higher bandwidths to provide a high-quality experience even while at sea.
Several Starlink terminals serve as the uplinks and downlinks feeding into two pairs (four total, two in each of the ship’s data centers) of EdgeConnect SD-WAN appliances. As the ship goes underway, the Starlink terminals take care of the handoff between satellite and radio bands, providing a robust Layer 3 link to the EdgeConnect SD-WAN which handles path conditioning, tunnel bonding, QoS, and WAN optimization.
Our work with Starlink allows our mutual customers to take advantage of rapidly evolving satellite technology. Current antennas can provide up to 500Mbps/40Mbps connectivity with sub-150ms latency. Our design bonds several antennas that can achieve speeds in excess of 5Gbps. In future generations, I anticipate Ka/E dual-band and V-band antennas pushing these speeds in excess of 10Gbps. This will provide a second revolutionary change for the passenger experience; one that is enabled because of HPE Aruba Networking’s SD-WAN and SSE solutions.
In any network, packet loss is a concern. Typical reasons for loss may be buffer overruns, TCP windowing, tail drops, etc. However, maritime satellite networks must accommodate other factors in loss. Weather, (generically called rain fade), can interfere with communications. The satellites themselves move at about 17,000 mph (27,350 km/h), necessitating handoffs between them and the antennas. Starlink antennas minimize this type of loss during these transitions to under 0.25%. The satellite providers have physical ways to help mitigate rain fade for a single link. HPE Aruba Networking EdgeConnect SD-WAN builds on Starlink’s mitigation features for all links and does so at several layers of the ISO model. We call this group of features Path Conditioning. One aspect of Path Conditioning is forward error correction or FEC. If you are familiar with RAID for hard disk storage arrays, you know where this is going. We use our ability to bond multiple links and apply a mathematical approach to reconstruct lost packets. Based on network policy, EdgeConnect SD-WAN sends a parity packet for several data packets and places “the math” on the next best alternate link. This gives the data a better chance of making it to the receiving EdgeConnect appliance. EdgeConnect also supports header compression, packet coalescing and WAN optimization to reduce packet overhead and compress the payload. A further benefit of SD-WAN is that cruise line IT staff can program which applications should receive this enhanced path conditioning. This efficiently utilizes all available bandwidth. The security-first nature of this SASE solution means that segmenting passenger, crew, and OT traffic is based on a business policy that reacts dynamically.
Conclusion
Much like cruising itself, we’re on a journey! We, at HPE Aruba Networking, are excited to be on this journey with our customers and partners. Some of the largest cruise ships afloat use HPE Aruba Networking to deliver and enhance the best passenger experience. They are leveraging EdgeConnect SD-WAN with emerging high-speed satellite networks to give passengers a network experience much like being at home. Whether you are on a cruise, in the office, or on the road, HPE Aruba Networking keeps you connected.
