Smart Access Gateway (SAG) supports connecting private networks to Alibaba Cloud over broadband networks, 4G networks, and leased lines. It also provides various features such as flow logs, access control, and NAT services to facilitate network management.

Multiple network types

SAG supports connecting private networks to Alibaba Cloud over WANs, 4G networks, and leased lines. These networks supports active-standby mode to ensure the availability of network connections.

  • Active and standby networks - WAN and 4G: Each SAG device can be connected to Alibaba Cloud over WANs and 4G networks. WANs and 4G networks support active-standby mode.
    Note SAG devices have a 4G subscriber identification module (SIM) card, which is a default factory accessory. This card receives configuration information transmitted from Alibaba Cloud, but cannot transmit data. To enable an SAG device to transmit data, we recommend that you purchase a 4G SIM card from an Internet service provider (ISP). After you insert the card into an SAG device, the card can provide standby network connections. When an error occurs to the broadband network, network connections are switched to the card.
  • Active and standby networks - leased lines and SAG devices: If your private network already has a leased line, you can deploy an SAG device in the private network to set up standby network connections between the private network and Alibaba Cloud.
  • Active and standby networks - leased lines and the Internet: SAG supports Internet connections and physical connections established by leased lines. These types of connections support active-standby mode. When an error occurs to the active network, connections to Alibaba Cloud are switched to the standby network.
    Note Currently, only the SAG-1000 device type supports leased lines. SAG-100WM does not support leased lines. For more information, see What is Express Connect?

Routing methods

SAG devices support multiple routing methods, including static routing, BGP dynamic routing, and OSPF dynamic routing. For more information, see Add a static route.

Quality of service

SAG supports quality of service (QoS) policies that consist of five tuples (the source IP address, source port, destination IP address, destination port, and protocol). You can create QoS policies to prioritize your workloads and allocate bandwidth resources based on the priority of the workloads.

The QoS feature allocates bandwidth resources for data transmission and reduces latency, package loss, and network jitter to improve the network performance.

If your business has multiple branches that use different systems such as Enterprise Resource Planning (ERP), order management, and Office Automation, these systems may compete for bandwidth resources. As a result, core workloads may have insufficient bandwidth resources, which causes package loss.

In such cases, you can create QoS policies to properly allocate bandwidth resources based on the characteristics of different workloads. This helps you improve the utilization of network resources. For more information, see Overview.

Network address translation

SAG supports network address translation (NAT). This feature allows you to hide internal IP addresses, resolve IP overlapping issues in private networks, and improves network security.

  • SNAT: Source network address translation (SNAT) allows you to hide internal IP addresses and resolve IP overlapping issues in private networks. SNAT enables SAG devices to convert internal IP addresses to public IP addresses. In this way, you can access external networks from an internal network while access from external network to the internal network is denied. For more information, see Configure an SNAT rule.
  • DNAT: Destination network address translation (DNAT) maps the internal IP address of an SAG device to a public IP address. DNAT allows you to access internal networks from an external network. This enables internal networks to provide external services. For more information, see Add a DNAT rule.

Access control

SAG supports the access control list (ACL) feature that allows you to configure whitelists and blacklists for different SAG instances. For more information, see Overview.

Flow logs

SAG supports flow logs that can record information about inbound and outbound traffic of SAG instances. Flow logs help you monitor network traffic and troubleshoot network errors. You can also analyze workload distributions and optimize the workloads based on flow logs. For more information, see Overview.

Health check

SAG supports health check. You can create a health check instance and transmit packets from your SAG device to test the network connectivity. For more information, see Create a health check instance.