Smart Access Gateway (SAG) allows you to connect private networks to Alibaba Cloud over WANs, 4G networks, and Express Connect circuits. SAG also provides various features such as flow logs, access control lists (ACLs), and NAT to facilitate network management.

Multiple network types

SAG allows you to connect private networks to Alibaba Cloud over WANs, 4G networks, and Express Connect circuits. These network connections support the active-standby mode to ensure network high availability.

  • Active and standby connections - WAN and 4G: SAG devices can be connected to Alibaba Cloud over WANs and 4G networks. Connections over WANs and 4G networks support the active-standby mode.
    Note Each SAG device has a built-in 4G SIM card. However, this card is used only to receive configurations from Alibaba Cloud and does not support data transmission. We recommend that you purchase a 4G SIM card that supports data transmission from an Internet service provider (ISP). After you insert the card into an SAG device, the card can provide a standby network connection. When the WAN connection fails, the 4G network connection takes over.
  • Active and standby connections - SAG and Express Connect: If your private networks are already connected to Alibaba Cloud over an Express Connect circuit, you can use an SAG device to provide a standby connection.
  • Active and standby connections - Express Connect and Internet: SAG supports Internet connections and connections over Express Connect circuits as active and standby connections. When the active connection is down, the standby connection takes over.
    Note Only SAG-1000 devices support connections over Express Connect circuits. SAG-100WM devices do not support connections over Express Connect circuits. For more information, see What is Express Connect?.

Routing methods

SAG devices support multiple routing methods, including static routing, Border Gateway Protocol (BGP) dynamic routing, and Open Shortest Path First (OSPF) dynamic routing. For more information, see Manage routes.

Quality of service (QoS)

SAG supports QoS policies that consist of 5-tuples. You can create QoS policies to prioritize your workloads and allocate bandwidth resources based on workload priorities.

You can use QoS policies to allocate bandwidth resources for data transmission and reduce network latency, packet loss, and network jitter. This improves the network performance.

If you use different service systems such as enterprise resource planning (ERP), office automation (OA), and order management, these systems may compete for bandwidth resources. As a result, business-critical services may have insufficient bandwidth resources, which causes packet loss.

In this case, you can create QoS policies to properly allocate bandwidth resources based on the priorities of your services. This ensures that your business-critical services have sufficient bandwidth resources. For more information, see What is a QoS policy?.

NAT

SAG supports NAT. You can use NAT to hide private IP addresses, resolve IP conflicts in private networks, and improve network security.

  • SNAT: hides private IP addresses and resolves IP conflicts in private networks. You can use SNAT to translate private IP addresses to public IP addresses. This way, you can use the SAG device to access external networks over the Internet. However, your private networks cannot be accessed over the Internet. For more information, see Configure an SNAT rule.
    Note If the protocol is TCP, UDP, DCCP, or SCTP that requires a specific port, and the source port number falls into the following ranges, the port number after SNAT translation and the source port number fall into the same range:
    • Smaller than 512
    • Between 512 and 1023
    • 1024 and larger
  • DNAT: maps private IP addresses to public IP addresses. Your private networks can provide services over the Internet. For more information, see Add a DNAT rule.

ACLs

SAG supports ACLs that allow you to configure whitelists and blacklists for different SAG instances. For more information, see ACL overview.

Flow Logs

SAG supports flow logs that can record information about inbound and outbound traffic of SAG instances. Flow logs help you monitor network traffic and troubleshoot network errors. You can also analyze flow log data and make informed business decisions based on the log data. For more information, see Flow log overview.

Health checks

SAG supports health checks. You can create a health check to test the network connectivity between an SAG device and the destination. For more information, see Create a health check.