Smart Access Gateway (SAG) supports connecting private networks to Alibaba Cloud over broadband networks, 4G networks, and leased lines. It also provides various features such as flow logs, access control, and NAT services to facilitate network management.
Multiple network types
SAG supports connecting private networks to Alibaba Cloud over WANs, 4G networks, and leased lines. These networks supports the active-standby mode to ensure the availability of network connections.
- Active and standby networks - WAN and 4G: Each SAG device can be connected to Alibaba Cloud over WANs and 4G networks. WANs and 4G networks support active-standby mode.
Note SAG devices have a 4G subscriber identification module (SIM) card, which is a default factory accessory. This card receives configuration information transmitted from Alibaba Cloud, but cannot transmit data. To enable an SAG device to transmit data, we recommend that you purchase a 4G SIM card from an Internet service provider (ISP). After you insert the card into an SAG device, the card can provide standby network connections. When an error occurs to the broadband network, network connections are switched to the card.
- Standby dedicated connections: If your private network already has a leased line, it provides standby network connections to connect private networks to Alibaba Cloud.
- Active and standby networks - leased lines and the Internet: SAG supports Internet connections and dedicated connections. These types of connections support active-standby mode. When an error occurs in the active network, connections to Alibaba Cloud are switched to the standby network.
Note Currently, only the SAG-1000 device model supports dedicated connections. SAG-100WM does not support dedicated connections. For more information, see What is Express Connect?.
SAG devices support multiple routing methods, including static routing, BGP dynamic routing, and OSPF dynamic routing. For more information, see Add a static route.
Quality of service
SAG supports quality of service (QoS) policies that consist of five tuples (the source IP address, source port, destination IP address, destination port, and protocol). You can create QoS policies to prioritize your workloads and allocate bandwidth resources based on the priority of the workloads.
The QoS feature allocates bandwidth resources for data transmission and reduces latency, package loss, and network jitter to improve the network performance.
If you have multiple stores that use different service systems such as enterprise resource planning (ERP), office automation (OA), and order management, these systems may compete for bandwidth resources. As a result, business-critical systems may have insufficient bandwidth resources, which causes packet loss.
In such cases, you can create QoS policies to properly allocate bandwidth resources based on the characteristics of different workloads. This helps you improve the utilization of network resources. For more information, see Overview.
Network address translation
SAG supports network address translation (NAT). This feature allows you to hide private IP addresses, resolve IP overlapping issues in private networks, and improves network security.
- SNAT: Source network address translation (SNAT) allows you to hide private IP addresses and resolve IP overlapping issues in private networks. SNAT enables an SAG device to convert a private IP address to a public IP address. This allows you to access a public network from a private network whereas access from the public network to the private network is denied. For more information, see Configure an SNAT rule.
- DNAT: Destination network address translation (DNAT) maps the private IP address of an SAG device to a public IP address. DNAT allows you to access private networks from a public network. This enables private networks to provide public services. For more information, see Add a DNAT rule.
SAG supports the access control list (ACL) feature that allows you to configure whitelists and blacklists for different SAG instances. For more information, see Overview.
SAG supports flow logs that can record information about inbound and outbound traffic of SAG instances. Flow logs help you monitor network traffic and troubleshoot network errors. You can also analyze workloads and make informed business decisions based on flow logs. For more information, see Overview.
SAG supports health check. You can create a health check instance and transmit packets from your SAG device to test the network connectivity. For more information, see Create a health check instance.