SD-IoT and How to Ensure Ultra Resilient Connectivity for Next-Generation IoT Applications

We’re living in an exciting era where digital dreams are becoming reality. IoT has moved beyond simple data collection to power advanced applications like robotics and self-driving vehicles. Yet, these applications, which are extremely sensitive to any service disruption, together with the many connected devices, translate to highly demanding requirements from the network. In this blog, we’ll explore software defined IoT (SD-IoT) use cases and examine how it delivers the flexibility and scalability essential for IoT deployments, particularly in private campuses and critical infrastructure.

Where is the IoT market heading?

The IoT market is experiencing rapid advancements, especially within the critical infrastructure sectors, such as water and power utilities and the rise of Industry 4.0. Furthermore, it is becoming more accessible across various business sizes. The expansion of IoT is fueled by digital transformation and the growing demand for solutions that combine automation and ready-to-use capabilities to enhance operational efficiency and gain deeper business insights. IoT and 5G, both public and private 5G, go hand-in-hand, as can be seen from this market snapshot:

Notably, an increasing share of IoT is being integrated into private campus networks.

As for the relevant use cases, we can see that the beyond providing date rates to simple sensors, we’re now seeing more advanced uses, such as remote controller, robotics and automated guided vehicles (AGVs). These use case need enhanced performance form the network:

Satellite connectivity is also becoming more popular when referring to IoT solutions, especially in areas without reliable coverage. While geostationary satellites at medium to high orbit aren’t fit for such applications due to the high latency in data travel time, some lower orbit satellites – such as Starlink – offer a significantly lower latency, along with high-speed bandwidth. This makes them a good fit for IoT communications, as either primary or backup links.

Critical requirements for new IoT deployments

Resiliency and redundancy are vital to ensuring uninterrupted operation, especially as services increasingly demand zero packet loss for optimal functionality.

When discussing efficiency, we not only observe growth in capacity but also aim to gain valuable insights on the best way to use it. For instance, when managing both satellite and fiber links, determining how to balance traffic effectively—whether based on daily or hourly charges, for example — becomes important.

In terms of cybersecurity threats, the demand for robust solutions is increasing. End-to-end encryption, starting from layer 2 encryption and extending to data integrity measures, is becoming essential to protect data and ensure secure operations. Today, solutions like SASE are addressing the need to better understand the types of data that’s collected, identifying what data is authorized to be received from sensors and other sources, while ensuring no interruptions in the data flow. This creates an additional layer of threat that must be managed.

Lastly, we must always consider how to guarantee service level agreements (SLAs), ensuring the performance of systems, particularly in use cases such as robotics or autonomous vehicles. These high-performance requirements often necessitate changes in the network to support them effectively.

Building ultra-resilient IoT communications

Creating ultra-resilient communications requires a multilayered approach that incorporates physical redundancy, backup connectivity, policy-based failover mechanisms, and SD-IoT. Let’s look at each layer:

Physical Redundancy:

This is achieved by using multiple physical interfaces in the network CPE or IoT gateway. In addition to providing flexibility, these interfaces have to be redundant one to each other. There are several levels of physical redundancy.

• Dual SIM Modems: Each modem supports two SIM cards to enhance reliability. If one cellular network fails, the system switches to the second SIM connected to a different carrier.

• Dual Modem Platforms: Incorporating dual modems allows redundancy across technologies (e.g., LTE and 5G) or networks/carriers. For instance, in a dual LTE setup, a failure in one modem triggers a switch to the other, ensuring uninterrupted connectivity.

• Gateway Redundancy: To protect against hardware failure, two gateways can be used, each implemented with a Virtual Router Redundancy Protocol (VRRP). The backup gateway acts as a clone of the primary gateway, automatically taking over if the primary fails. 

Policy-Based Failover:

These are software-based solutions that can employ one or more of various mechanisms that define under which conditions the primary link switches over to the secondary/backup link. These mechanisms could be as simple as ICMP to a destination IP, which detects if the line is up. After a pre-determined number of failed attempts, the link will switch to the backup. Alternatively, routing protocols like OSPF or BGP can be used, with customizable thresholds for detecting connectivity issues. Users can define failover policies based on their requirements.

The first two methods are illustrated in the following use case:

This is a very common use case that can be seen in water utilities, oil and gas, and power utilities, remote terminal units (RTUs or IEDs) are connected to an IoT gateway, which, in turn, is connected to a security gateway in the central site. From there, the data is transmitted to the supervisory control and data acquisition (SCADA) human machine interface (HMI). The primary connection is based on a IPsec tunnel over an LTE network. If a tunnel fails, automatic redundancy ensures a smooth switchover to the backup, demonstrating IP-Link Monitoring.

If a SIM card fails to register on the LTE network, automatic failover activates a second SIM, which opens a new PDP context over the LTE network – either the same one or a different carrier.

But what happens if the LTE modem experiences failure? In this case, the switchover will be to the second, backup modem, that can be connected over satellite, e.g., Starlink, or over fiber, another LTE connection or 5G.

And in case that we need a redundancy of the entire IoT gateway, we use the VRRP protocol to activate the clone IoT gateway and serve the same application seamlessly.

Advanced Resiliency Services – SD-IoT:

Given the zero-packet loss requirement of many new applications, the above methods, even when combined, are not enough. This brings us to software defined IoT. At RAD, we developed three SD-IoT services that enhance reliability and provide ultra resiliency for demanding applications:

• Load Balancing: Distributes traffic across multiple links at Layer 3, enhancing performance and reliability.

• Packet Duplication: Ensures zero packet loss by duplicating data packets across different links.

• Layer-over-Layer 3 Transport: Allows Layer 2 traffic to be carried over Layer 3 networks, ensuring flexibility in complex environments.

SD-IoT: Advanced Transport Load Balancing

Load balancing also uses two different networks to carry traffic, however unlike in the previous use case, it’s not the same data that is sent over the two links. Here, the data is divided between them based on a threshold that can be set by the user or by policy. There could also be automatic steering between the links.

In the example of the diagram below, the data to be transferred is in packets one through six. The primary connection is fiber, where the performance is typically better, and therefore the majority of traffic – 70% – will be sent over this link to the central site. The secondary network is based on LTE or satellite, which has lower performance, therefore only 30% of the traffic will be sent over it. This service increases bandwidth utilization, as well as enables fast resiliency, while the SSL tunnels ensure security.

SD-IoT: Layer 2 over Layer 3

This is quite a unique service that addresses many challenges in the in critical infrastructure networks, as well as in other industries. Within modern substations, the traffic going between devices and controllers follows the IEC 61850 GOOSE protocol, which uses Layer 2 broadcasting messages. Nowadays, such messages need to traverse, not only inside the substation, but to neighboring substations as well. When transmitted over fiber, they can be kept as Layer 2, however this isn’t straightforward when there is a fiber failure. When the backup link is a cellular one, LTE or 5G, then it is a native Layer 3 link. To transmit Layer 2 messages over it, we use SD-IoT to encapsulate them and send them to the secondary substations using SSL tunnels.  While the latency level would not be the same as over fiber – 30 milliseconds compared to under 10 – this still enables service continuity, alerting substations of events occurring at neighboring locations.

There are additional use cases, such as seamless failover to enable indoor-outdoor mobile IoT, Private 5G brownfield for machine meta data, and others. More use cases are likely to be quickly added over the next few years.

Final Thoughts

As the IoT landscape continues to evolve, new use cases require reliable connectivity and the communications infrastructure must address those new needs. The growth in private campus deployments and next-gen applications, such as robotics and AVGs, mandates solutions that provide ultra resiliency, such as SD-IoT.

To learn how RAD's offerings can support your organization’s IoT deployment needs, contact us at [email protected].