Why choose CMG as your enterprise router?

Today almost all businesses rely on IT, and require reliable Internet or WAN (Wide Area Network) connectivity for their IT transactions. Choosing the right CPE router is the first step to guarantee an optimal connectivity. RansNet Cloud Managed Gateway (CMG) SD-WAN routers have been selected and deployed in thousands of locations empowering business successes for tens of thousands of enterprises.

There are several reasons why CMG is particularly positioned for enterprise businesses and why customers choose us.

Secure your corporate network at lesser cost

Now almost every company network is connected to public Internet. However, "connected" doesn't mean "exposed" to Internet. With the proliferation of cloud computing and SaaS/PaaS offerings, most corporate resources are no longer hosted in company's physical network, and we don't need to open up (expose) our network to allow public users to come into our private network (no "inbound" access). So generally, most of the connections are "outbound", eg. corporate users going out to access external Internet resources.

Some legacy network designs still put a dedicated firewall at Internet edge, but, what to protect when you don't need to open up your network anymore? You could simply shield your corporate network from Internet by blocking all inbound access. All you need is a router (it's needed to connect to ISP link anyway) with stateful firewall and address translation capabilities.

In addition to all the needed routing functions, CMG comes with builtin stateful firewall which permits legitimate "outbound" connections, tracks and stores each permitted connections in a state table, automatically permits return packets for each tracked connection, and denies all inbound access originated from public Internet, completely isolate your network from public Internet. It's like installing a door that only your family members can open from inside (to go out and come back) and unknown people can't open from outside (to go in). (NOTE, other aspects of security like host protection etc are outside of this document scope). While corporate users are having "outbound" accesses, CMG also translate/hides their private IP (PAT/NAT) to another public IP address, adding further perimeter defense to your private network.

In case you do need additional content security for your users, CMG can easily work with many cloud security offerings, where you can subscribe on a "pay per use" basis, such as dnsfilter, titanhq, zscaler, menlosecurity, etc.

With CMG as a high performance router and stateful firewall, you can secure your network while saving the cost of a dedicated expensive firewall.

Meet your throughput requirement with maximum scalability

Speed is the information superhighway to your business successes. The faster, the better, particularly in today's digital economy era. Many ISPs now offer high-speed Internet service, from over 100Mbps up to 10Gbps. If you're paying a lot of money for the ISP broadband service, you want to fully enjoy what you pay for, eg. if you subscribe to a 500Mbps plan, you want to be able to fully and effectively use up to 500Mbps. So it's imperative to make sure the CPE router is not a bottleneck along your superhighway.

The major computing resources that determine router throughput include CPU clock-speed, no. of cores, and OS efficiency and related accessories etc. RansNet CMG are purpose built industrial computing appliances, powered by multi-core Intel x86 CPU, with super optimized Linux OS, to deliver true wire speed. Each CMG model minimally comes with 4 x Gigabit Ethernet ports, and some models can slot in several 10G modules to scale to maximum throughput requirements. It's worth noting that many (almost all) consumer grade routers are SoC (System on a chip), with much limited computing resources. That's why they can work for a home network but can't scale up to enterprise needs.

Besides throughput, another key performance indicator is the ability to handle concurrent user connections, which would require lots of RAM (in addition to CPU processing). Traditional routers only need RAM to store MAC table, routing table, FIB table and several other running state data, which don't require much storage space. That's why many routers default come with relatively small RAM size, mostly less than 1GB. However, now we need the routers to perform stateful firewall inspection and IP address translations (PAT/NAT). And with the vast application transactions happening, a single user device/PC can trigger tens of hundreds of connections, eg. for a network with 5000 users you could expect up to 500,000 user connections. The router needs to track each user connection and store them into a state table, and translate each private IP address and store the record into in a xlate table etc. Each state record consumes about 1KB of RAM and because connection is 2-way (2 state records), so each connection can consume 2KB of RAM, eg. for 500,000 user connection, we need 1GB of RAM just for the state table, without counting the storage needs for MAC table, routing table, VPN tunnel sessions if any, and many other running processes and temp files etc. Many "enterprise" routers have less than 1GB RAM, and even if upgrade to 2GB etc, it won't be able to handle such load. We've seen many routers instantly collapsed under high load. Resource limitation is one of the major reasons.

CMG is well designed to address such performance needs. Our lowest model CMG-800 already comes with default 4GB RAM, and higher-end model goes up to 16GB and 32GB etc. The mfusion graph below shows a typical CMG-1500 utilization with 3000 users and 350Mbps bandwidth utilization. The CPU and RAM usage are both very healthy.

Connect your business entities with SD-WAN features

For organizations with multiple remote entities, having secure and reliable remote connectivity between sites is critical to consolidate and standardize business applications. Emerging SD-WAN technologies are starting to replace traditional expensive MPLS or leased-lines, by overlaying secure VPN tunnels over cheaper public Internet connections. However, many SD-WAN solutions in the market can cost more than traditional MPLS rather than helping companies to save money, as they typically charge by subscription, throughput and no. of tunnels/sites etc, and the total cost of ownership can be much higher over years.

As a high performance gateway with abundant computing resources and versatile networking features, CMG can be used as both SD-WAN gateway and remote appliances, supporting hundreds and thousands of VPN tunnels per box, at no extra licensing or feature costs. Together with mfusion SD-WAN orchestrator, administrators can provision configurations on the fly for hundreds of remote locations. Traffic will dynamically flow through the optimal available path based on pre-defined business metrics, eg. applications, availability, latency, jitter, packet loss etc.

Maximize your user experience and application performance

With BYOD and flexible working hours/places etc, many private networks are no longer "private". You could be sharing with different groups of people and accessing different types of applications etc. With CMG granular bandwidth control (QoS) features, you can easily prioritize your mission critical applications and guarantee bandwidth for VIP users etc. Please refer to more details here.

Maximize your business uptime

CMG comes with several resiliency features that ensures your enterprise networks are always up and running:

  • Link aggregation/bonding for redundant connection between router and your enterprise core switch (see details).
  • Multi-WAN link balancing for increasing speed and resiliency to Internet (see details).
  • VRRP for hardware device redundancy (see details).

Ease your operational support

For organizations with multiple locations, having visibility for each network running status is critical. With CMG integrated with mfusion SD-WAN platform, you can easily manage and monitor all router centrally from a web dashboard (see demo).


A real case study

A few years ago, a very innovative and agile ISP strategized as the first provider to offer high speed Internet package at disruptive price, as a new comer to penetrate into the enterprise market space. The package bundles a CPE router and fiber broadband service - which means the CPE router needs to perform both routing, NAT/Firewall and high-speed throughput. They evaluated several "branded" CPE solutions and found that many routers were really just "routers", eg. they deliver wire speed when doing routing only, but the speed dropped drastically when turned on NAT/firewall functions; and some consumer grade router seem to produce high speed but nearly became unusable when user connections increase.

To meet all the requirements, a branded router (must be high-end model) would cost more than the total 24-month price bundle, which was certainly no go, and the cheaper consumer grade routers couldn't support enterprise needs. After rigorous testing and evaluation, CMG became the optimal choice, in all aspects - performance, features, security, price point, etc.

The ISP strategy worked with great success. Within a few years, it has won the largest market share in high-speed broadband offering, particularly among the SME space. And it is still growing today.

Download CMG datasheet (contact us sales@ransnet.com)