Beyond Terrestrial Limits: Cisco's Validated Architecture for Secure, High-Performance Satellite Connectivity White Paper
Available Languages
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Satellite connectivity has transformed from a supplementary technology to a strategic primary solution for global network expansion. This technical white paper presents Cisco's validated reference architecture for integrating Low Earth Orbit (LEO) satellite networks with terrestrial infrastructure, delivering enterprise-grade performance for mission-critical applications. Through rigorous testing with Satellite Network Operator (SNO) partners, we demonstrate how Cisco® Provider Connectivity Assurance (PCA) and advanced Cisco NCS and 8000 Series platforms address the unique challenges of non-terrestrial networking, including variable latency, signal reliability, and security concerns. Key performance metrics confirm MEF 3.0 service readiness for enterprise private VPNs and mobile backhaul, with average latencies of 22 to 24 milliseconds and comprehensive path redundancy. We provide detailed deployment scenarios, Quality-of-Service (QoS) configurations, and strategic monitoring approaches that enable SNOs and service providers to deliver Service-Level Agreement (SLA)-backed connectivity to mining, agriculture, transportation, and other industries operating beyond conventional network boundaries.
The satellite networking market is undergoing a fundamental shift, driven by the low-latency and high-bandwidth connectivity provided by LEO satellites. These LEO satellite-based networks are purposefully designed to complement terrestrial infrastructure by offering:
● Broadband services that extend existing coverage areas
● Direct-to-device and Internet of Things (IoT) services for seamless connectivity transitions
● Layer 2/Layer 3 MEF service for unified fixed connectivity solutions
Enterprises and telecom operators are adopting these services to strategically extend their terrestrial network reach to unconnected and uncovered regions, creating a unified connectivity experience. Non-terrestrial networking is evolving from connectivity of last resort to an integrated connectivity option that works alongside terrestrial networks, enabling service providers to offer comprehensive coverage portfolios that seamlessly blend terrestrial and satellite capabilities.
Technical characteristics of LEO-based non-terrestrial networking
LEO satellites (such as SpaceX’s Starlink constellation) offer several advantages over Geostationary Earth Orbit (GEO) satellites. LEO satellites orbit the Earth at a much lower altitude, typically between 500 and 2000 kilometers. This results in much lower latency, typically around 25 to 60 milliseconds, making LEO satellites a viable transport for enterprise networking transactional and even real-time applications. LEO satellites are designed to operate across the Ku, K, or Ka frequency bands, which offer more bandwidth than GEO satellites by efficiently using frequency allocations with focused small beam sizes over targeted coverage. Additionally, LEO satellite constellations consist of many satellites that can work together to provide a wider coverage area and more bandwidth. For satellite operators that are focused primarily on providing broadband services, the connectivity is mostly asymmetric, with the upload bandwidth typically ranging between 5 and 50 Mbps, while the download bandwidth can reach 250 Mbps or more. In cases where more throughput is required, satellite user terminals can be aggregated to drive more bandwidth per site. As a result of these advantages, LEO satellites are becoming increasingly popular for a wide range of applications, including mobile broadband, IoT devices, enterprise private VPNs, 5G backhaul, and cloud computing.
Despite its advantages, satellite technology faces certain challenges and limitations when used in conjunction with routed IP networks.
● Variable latency and loss: While significantly improved compared to traditional GEO satellites, LEO satellites exhibit higher variable latency (jitter) and loss than most terrestrial networks.
● Weather sensitivity: Satellite performance can be affected by adverse weather conditions, such as heavy rain or snow. These conditions can attenuate the signal, leading to slower speeds or temporary outages.
● Obstructions: Satellites require a clear line of sight to the sky. Obstructions from trees, buildings, or other structures can interfere with the signal and reduce performance.
● Limited coverage: While LEO operators provide global coverage, it is still limited by licensing in certain countries.
● Security considerations: Satellite networks built to offer internet broadband services open doors for cyberattacks, such as data breaches and denial-of-service attacks. Implementing robust security measures is crucial to protect sensitive data.
Cisco Non-Terrestrial Networking
Substantial commercial opportunities exist in regions lacking robust terrestrial connectivity, particularly across industries such as mining, agriculture, rural retail, banking, transportation, and ecotourism. LEO satellite-based connectivity helps service providers reach these businesses. However, maintaining reliability and resiliency, SLAs, and security is still a challenge with non-terrestrial connectivity options.
Non-terrestrial connectivity is used primarily as a last-mile access technology by enterprises and telecom operators. The satellite ground stations or gateway sites are typically deployed at the terrestrial Partner Point-of-Presence (POP) site or nearby. Ground-station sites are aggregated at the POP location where satellite operators are deploying their services within a small data center fabric. Hosting services at partner POP locations helps satellite operators interconnect with cloud operators, telecom operators, and large enterprises, and to deploy internet peering points.
Convergence of terrestrial and non-terrestrial networks
Because multiple partners and domains are typically involved (as shown in Figure 1), when the service is constructed, end-to-end service provisioning, service visibility, monitoring, and assurance become a concern. End customers also seek the assurance of end-to-end security and faster response during outages.
The Cisco Non-Terrestrial Networking (NTN) solution helps operators build agile, reliable, and secure networks. Built around proven technology and product portfolios, non-terrestrial networks can be seamlessly integrated with existing terrestrial networks with complete network visibility and security.
Cisco’s NTN solution includes the following components to offer reliable Layer 2/Layer 3 MEF services-based connectivity using non-terrestrial networking:
● Cisco Provider Connectivity Assurance
● Cisco NCS and 8000 Series platforms
Cisco Provider Connectivity Assurance for non-terrestrial networking
Cisco PCA is designed to deliver granular service-centric performance visibility and “provider-grade” assurance for network operators and any business or public sector entity that operates its own private network. The solution combines advanced data collection, analytics, and visualization capabilities and provides a deep understanding in real time of network and service performance.
The PCA solution comprises of three core components: sensors, an analytics engine, and a dashboard.
● Sensors are deployed at strategic locations within the network to monitor real-time connectivity for the data path.
● The analytics engine processes the collected data using advanced algorithms to proactively identify anomalies, detect performance bottlenecks, and generate actionable insights.
● The dashboard provides a centralized view of network performance, allowing administrators to monitor key metrics and troubleshoot issues.
Performance alerts can be sent directly to the Splunk® AIOps cloud data platform for unified observability and cross-domain monitoring, enabling faster decision making and operational intelligence.
Cisco validated the PCA solution along with a major SNO in a joint test effort to measure satellite network performance, end-to-end service Key Performance Indicators (KPIs), and protocol support for Carrier Ethernet and telecom backhaul services across terrestrial and non-terrestrial networks.
As shown in Figure 2, the SNO provided last-mile access connectivity to two remote customer sites—Fremont and Milpitas. The head office location was connected to the SNO’s POP over a terrestrial network. The SNO offered complete redundancy and resiliency for each site by constructing two Ethernet virtual connections (EVCs) and terminating them on redundant switches within the POP fabric.
Cisco NTN lab topology
By deploying sensors at strategic points, the SNO and its customer are able to measure network and service performance with clear demarcation between non-terrestrial and terrestrial networks.
Sensors are configured for data collection to monitor relevant metrics such as latency, packet loss, throughput, and jitter; thresholds (static or dynamic) are set to trigger alerts when performance deviates from acceptable levels. The dashboard provides visual displays for these key metrics in real time to identify performance bottlenecks and diagnose common issues. The analytics engine is used to identify trends and patterns in network performance, enabling proactive optimization.
Scenario 1
The sensors deployed within the satellite network (as shown in Figure 3) are used to provide KPI information for non-terrestrial connectivity between terminal and ground station.
Measuring KPIs within the SNO network
Satellite networks are built to measure KPIs from the terminal to the ground-station gateway using a radio control plane by prioritizing the packets in a special high-priority queue. However, this data does not accurately provide the data-path performance. By integrating sensors within the satellite network, satellite operators can have a more gradual and real-time view of data-path performance based on QoS policies, application type, user, or device. The data collected by the sensors on the satellite networks provides complete visibility into the data-path performance.
Cisco PCA dashboard highlighting the SNO’s KPIs
The following performance metrics were observed on the SNO network for Layer 2 enterprise and telecom backhaul service testing:
● Average latency: 22 to 24 ms; minimum latency: 11 to 14 ms
● Average jitter: 4 to 6 ms; minimum jitter: 4 to 5 microseconds
● Average packet drop: 1% to 2%; maximum packet drop: 4%; convergence time of 300 to 500 ms
Scenario 2
The sensors deployed on the end customer network (Assurance SFP-based sensors on NCS 540 routers in this topology) are used to measure end-to-end service performance across terrestrial and non-terrestrial connectivity.
Cisco PCA enables end-to-end service insights and KPIs
Operators as well as customers can run service activation tests based on Y.1564 and RFC 2544 for successful EVC delivery, and run them on demand to measure the performance of the EVCs.
Real-time bandwidth metering can also be activated on the EVC to detect microbursts and help with efficient capacity planning.
PCA also allows customers to consolidate various KPIs on a single dashboard, including data from third-party measurements for deeper insight and correlation. For example, SNO user terminal details and telemetry data are integrated with Scenario 1 and Scenario 2 measurement data on a single dashboard, as shown in Figure 6.
Unified PCA dashboard provides insight by correlating data from multiple sources
Such capabilities not only help drive effective network planning but significantly reduce the mean time to recovery (MTTR) by correlating datasets to identify the exact fault point in the network.
The built-in correlation and analysis module allows multidimensional datasets to be correlated for patterns, trends, logical topology insights, and geolocation. For example, Figure 7 represents a scenario in which degradation in the performance of one of the satellite terminals (cisco gt2 in the figure) has impacted the SLA for the site, while the SLA for another site is intact.
Correlation and analysis highlighting trends and patterns in the logical topology
Benefits of PCA for non-terrestrial networking
Cisco PCA sensors and analytics provide a comprehensive solution for assuring, optimizing, and troubleshooting non-terrestrial connectivity for both network operators and their enterprise customers. By leveraging real-time monitoring, advanced analytics, and intelligent optimization techniques, network operators can improve application performance, reduce latency and packet loss, enhance network visibility and control, simplify network management and troubleshooting, and increase the return on investment from their satellite network investments.
Cisco NCS and 8000 Series routers for non-terrestrial networking
LEO satellite-based non-terrestrial networks are built to offer transparent Metro Ethernet Layer 2 VPN services. These services are designed for enterprises and telecom networks to provide private point-to-point, point-to-multipoint, or multipoint-to-multipoint EVCs for various use cases. Before this solution, customers using satellite broadband services would need to traverse the internet (best effort) and create secure tunnels (Generic Routing Encapsulation [GRE] or IPsec) to ensure data integrity.
Cisco verified customer private VPN services over the SNO's network using Segment Routing for IPv6 (SRv6)/Ethernet VPN (EVPN) overlay topology. The SNO provided the following design parameters.
Resiliency and redundancy
As shown earlier in Figure 2, one primary and one secondary VLAN is configured between the customer’s remote site routers (NCS540-1 and NCS540-2) and their head office edge router (NCS540-3) to provide redundancy to the site. The SNO in our trial recommends using two Private Network Interconnect (PNI) links between the POP and customer edge routers for complete redundancy purposes. However, multichassis link aggregation (MLAG) between PNIs is not supported in the current architecture. Redundancy is managed by customer remote routers and customer network routers via Bidirectional Forwarding Detection (BFD), Border Gateway Protocol (BGP), Open Shortest Path First (OSPF), etc. Up to 4096 VLANs are supported per pair of PNIs.
Quality of service
The SNO’s network supported Strict Priority and provided three latency classes with two drop queues. With Ethernet Layer 2 VPN service, all Layer 3, Differentiated Services Code Point (DSCP), and Explicit Congestion Notification (ECN) values are preserved.
Overlay technology support
Overlay technology is transparent to the SNO’s network, with support for a maximum transmission unit (MTU) of up to 1600 bytes. Customers can deploy their own IP addressing schema and Layer 2 or Layer 3 VPN services.
Cisco solution benefits to extend private VPN services over non-terrestrial networks
At the heart of Cisco’s unified NTN strategy is the proven Cisco Agile Services Networking architecture, which transforms how satellite and terrestrial networks interact. It enables organizations to generate revenue by connecting previously unserved areas and integrating them into a streamlined, intelligent service delivery network that unifies both non-terrestrial and terrestrial systems.
Cisco’s Agile Services Networking architecture also converges diverse access technologies to support last-mile connectivity. Designed with an automation-first approach, it simplifies deployment and operations, ensuring a seamless experience regardless of the last-mile technology used.
Cisco Agile Services Networking
For non-terrestrial networking, the architecture is differentiated by the following key aspects:
Zero-touch provisioning
Zero-touch provisioning (ZTP) is a method of provisioning network devices without manual intervention. Once the remote site is connected to a non-terrestrial connection, ZTP helps to seamlessly onboard new sites within a short span of time. ZTP also reduces the manual tasks required to scale network capacity.
SRv6 overlay
Adopting SRv6 as an overlay technology can simplify route management and improve network performance by embedding the forwarding path within the packet itself. It can also reduce overhead costs and make the network more responsive to changes. SRv6 allows for more flexibility and simplifies the configuration of overlay services by leveraging the existing IPv6 infrastructure.
Network infrastructure assurance
Network operators or enterprises can use various software features to measure latency and loss across the SRv6 overlay network, and these matrices can be integrated within PCA.
● The Segment Routing Performance Measurement (SR-PM) feature monitors the network metrics for links and end-to-end Traffic Engineering (TE) label-switched paths (LSPs).
◦ SR-PM for network endpoint liveness can help monitor the liveness of a specific IP endpoint node.
◦ SR-PM policy liveness monitoring reduces the number of monitoring protocols on the network and helps measure a specific SLA for a defined service across terrestrial and non-terrestrial paths.
● SRv6 Integrated Performance Measurement (SR-IPM) supports loss, latency plus jitter, and liveness detection by using high-frequency Two-Way Active Measurement Protocol (TWAMP) packets between SRv6 endpoints.
Network infrastructure security
Cisco platforms implement a hardware-based Trust Anchor chip to provide Secure Boot with run-time integrity checks. The distributed denial-of-service (DDoS) feature protects against malicious attacks at the network perimeter and, for enhanced security and reliability, features like post-quantum safe cryptographic key support for MACsec allow the customer to build a secure infrastructure over non-terrestrial connectivity.
Cisco platform advantages
Cisco NCS and 8000 Series platforms are MEF 3.0 certified and designed for lowest power consumption, high performance, and port density to support 1/10/25/50 Gigabit Ethernet (GE) and 100/200/400GE interconnect options. Carrier-grade features supporting SRv6 and EVPN are ideal for deploying enterprise and telecom overlay services with non-terrestrial networking. These platforms built with trust and security are ideal for public sector and defense applications.
As connectivity demands expand beyond traditional infrastructure, Cisco's Non-Terrestrial Networking solution represents a breakthrough for enterprises and telecom operators, extending their reach to previously inaccessible regions. By seamlessly integrating LEO satellite technology with Cisco's advanced networking capabilities, including Provider Connectivity Assurance and advanced NCS and 8000 Series platforms, organizations can now deploy secure, reliable, and high-performance MEF services across blended terrestrial and non-terrestrial networks. This validated architecture directly addresses the inherent challenges of satellite connectivity—variable latency, weather sensitivity, and security vulnerabilities—while providing unmatched visibility through strategically deployed sensors, sophisticated analytics, and intuitive dashboards. Compelling performance metrics demonstrate that non-terrestrial networking has evolved from a backup option to a robust primary connectivity solution for mission-critical applications requiring global coverage. For industries operating in remote environments—mining, agriculture, transportation, rural banking, and ecotourism—Cisco's architecture delivers resilience, service assurance, and security essential for modern digital operations. This innovative approach enables a new generation of truly borderless network services, empowering digital transformation in even the most challenging environments while maintaining the performance, visibility, and security that enterprises expect from their critical infrastructure.
Unlocking the full potential of non-terrestrial networks hinges on strategic partnerships among satellite operators, service providers, equipment vendors, and systems integrators. By collaborating with Cisco and leveraging our extensive ecosystem and converged network architecture blueprint, service providers and enterprises can lead the charge in this rapidly evolving market. Choosing the right partners is crucial to achieving success and staying ahead in the non-terrestrial networking space.
Ready to transform your connectivity capabilities? Explore the reference links below to discover how Cisco’s Non-Terrestrial Networking solution can help you capture this opportunity.
To learn more about the Cisco’s Non-Terrestrial Networking solution, visit https://www.cisco.com/go/ntn.
To learn more about Cisco Agile Services Networking, visit https://www.cisco.com/site/us/en/solutions/service-provider/networking/agile-services/index.html.
To schedule a demonstration of the Cisco Non-Terrestrial Networking solution, contact your Cisco sales representative.