The Outernet for Enterprise Networking White Paper

 

LEO satellite architectures: From ground stations to space-based networks

Global demand for reliable, high-bandwidth connectivity is rapidly increasing due to the pervasive adoption of digital technologies. Today’s global enterprise networks require solutions that extend their reach and overcome the issues of cybersecurity, latency, and speed associated with the complexity and fragmentation of terrestrial infrastructure, both wired and wireless. This need is particularly critical in remote and underserved areas lacking traditional terrestrial infrastructure, where robust connectivity is essential for vital industries such as healthcare, emergency response, finance and transportation. Low Earth orbit (LEO) satellite constellations offer a promising approach. By deploying numerous satellites in LEO (160 to 2000 km altitude), these systems create a space-based network capable of providing access to a resilient data network virtually anywhere on the planet. Compared to traditional Geostationary (GEO) satellites, LEO satellites orbit closer to Earth, resulting in significantly lower latency and higher bandwidth, making them well-suited for data-intensive applications and providing connectivity where terrestrial solutions are impractical or cost-prohibitive.

Traditional LEO satellite providers leverage ground station gateway sites to connect users to the internet. This requires user data to travel from the satellite to a ground station before traversing terrestrial networks, introducing latency with each satellite-to-ground hop. These hops also increase the risk of packet loss due to potential bottlenecks at congested earth ground stations and middle-mile networks. Network latency and packet loss both degrade the user experience. Excessive latency impacts real-time applications such as voice and video as well as transactional applications where users must wait to input or output data.

Packet loss is particularly bad for applications transferring large files (e.g., cloud storage, backups, software updates, file downloads) because TCP, the dominant protocol for such transfers, is highly sensitive to packet loss. High latency and loss are most apparent with LEO Type 1 satellites, which use a single satellite for last-mile connectivity between a user terminal and ground station, backhauling traffic through middle-mile networks as illustrated in Figure 1.

LEO Type 1 – Single satellite providing internet connectivity

Intersatellite links (ISLs) enable direct data exchange between orbiting satellites to create a mesh network in space. LEO Type 2 satellites using ISL relays can extend the last mile between user terminals and gateways from 1,000 km to over 10,000 km, thereby extending coverage and potentially reducing latency by bypassing terrestrial ISP hops. Although the concept of ISLs has existed for decades, recent advances in laser technology, miniaturization, and space-qualified components have made practical implementation, especially using optical (laser-based) ISLs more feasible. While ISLs offer significant advantages, their implementation is not universal due to the associated costs and complexity of laser communication and onboard satellite hardware.

The example in Figure 2 illustrates the concept of a LEO Type 2 satellite extending coverage by relaying the aircraft’s data stream across an ISL to an adjacent satellite within range of a ground station.

LEO Type 2 – Multiple satellites with ISLs

Enterprise networking: Leveraging satellite internet underlay

LEO Type 1 and 2 satellite architectures, designed primarily for residential broadband, can be leveraged by businesses as a Layer 3, routed underlay for their site-to-site VPNs and SD-WANs. This allows for the creation of unified network environments across both satellite and terrestrial connections, offering efficient routing and consistent security policies for geographically dispersed operations, data centers, and mobile platforms.

However, deploying VPNs over a mixed Layer 3 LEO and internet underlay introduces challenges. Performance variability due to fluctuating latency and bandwidth can impact real-time applications. Security complexities arise from potential vulnerabilities inherent in public networks, demanding careful configuration and monitoring. Furthermore, reliance on internet transit exposes VPNs to congestion and outages, potentially disrupting business-critical operations. The inherent complexity of managing a hybrid satellite and terrestrial network also adds to operational overhead.

LEO Type 3 satellite architectures represent a significant shift, using intersatellite laser links to establish a “gateway-less” space-based mesh network, eliminating reliance on terrestrial infrastructure. This approach promises to revolutionize enterprise network communication, offering enhanced security, reduced latency, and truly global reach.

A key advancement is the integration of onboard routers, enabling the delivery of Layer 2 Carrier Ethernet services directly from space. By building enterprise networks directly on this Layer 2 foundation, businesses achieve simpler, more performant, and more flexible connectivity compared to navigating the complexities of Layer 3 internet-based solutions. This eliminates the need for complex tunneling, minimizes the inherent uncertainties of public internet transit, and provides a more deterministic and controllable network experience, particularly for latency-sensitive applications.

Rivada Space Networks’ Outernet

The Rivada Outernet is a next-generation Type 3 LEO constellation. When fully deployed it will provide Gigabit Ethernet speeds to any point on the globe, without needing to touch the public internet or any third-party infrastructure. Rivada has designed the Outernet to serve the most demanding customers who need highly secure, high-bandwidth connectivity in even the most far-flung locations.

A global low-latency point-to-point connectivity network of 600 LEO satellites, Rivada's Outernet is a unique next-generation architecture combining ISLs with advanced onboard processing that provides unique routing and switching capabilities to create an optical mesh network in space. This approach to "orbital networking," in which data stays in space from origin to destination, creates an ultra-secure satellite network with true pole-to-pole coverage, offering end-to-end latencies that are much lower than terrestrial fiber over similar long distances. Routing traffic on a physically separated network provides a layer of defense for any organization that needs to securely share data between widely distributed sites.

Rivada's satellites will be equipped with onboard routers with advanced switching capabilities that closely resemble terrestrial (Carrier Ethernet and Multiprotocol Label Switching [MPLS]) services, but with global reach. Since the entire orbital network is owned and managed by a single provider, the earth-to-space local loop feeds directly into the space-based fabric, providing global uniform access to both mobile and fixed sites.

This means the satellite link serves as the "last mile" or "local loop," directly connecting end users to the global network.

Furthermore, Rivada is building its products and services portfolio following MEF 3.0 Carrier Ethernet standards, which will allow for rapid integration with existing terrestrial networks. This combination of low latency, global coverage, advanced onboard processing, full end-to-end MPLS capabilities, direct-to-user connectivity, and MEF compliance enables seamless communication and data transfer across the planet, including enabling remote and underserved areas to benefit from the same high-speed, low-latency connectivity you would expect in any urban center. In terms of security, latency, capacity, and coverage Rivada’s Outernet will empower telecommunications infrastructure, support national digital strategies, ensure uninterrupted connectivity, and expand international bandwidth.

LEO Type 3 – Rivada Space Networks’ Outernet

Cisco and Rivada: Powering next-generation connectivity across industries

For decades, Cisco has been a driving force in networking, powering the internet and enabling businesses worldwide to connect and operate more effectively. Now, by providing their advanced networking technology to Rivada Space Networks and their innovative Outernet, Cisco is helping to enable a new era of global connectivity. This collaboration integrates Cisco's terrestrial expertise with Rivada's space-based network, creating a powerful solution that addresses the demanding requirements of today's diverse industries.

The following industry use cases illustrate the combined potential of Cisco and Rivada Space Networks to provide comprehensive connectivity and security solutions.

Global financial enterprises

Global Financial Enterprises (GFEs) require robust, secure, high-performing networks for mission-critical operations, from high-frequency trading to real-time customer interactions. These operations demand a network infrastructure that guarantees reliability, predictable latency, and uncompromising security, with the flexibility to adapt to evolving financial trends and regulations.

While traditional WAN solutions like Carrier Ethernet and MPLS remain prevalent in the financial sector, they increasingly struggle to meet the stringent demands of modern GFEs. Carrier Ethernet, while offering strong regional performance and flexibility, lacks the global reach required for many financial institutions. MPLS, though capable of global connectivity, faces inherent limitations due to the speed of light and signal degradation over long distances across fiber optic and undersea cable networks, hindering the low-latency performance crucial for many financial applications. Rivada's satellite network addresses these limitations, offering both global reach and the low latency required for demanding financial applications.

The use cases presented below illustrate the tangible benefits of this combined solution, including improved performance, enhanced security, and greater agility for GFEs.

Rapid expansion into emerging markets

South Africa's growing financial markets attract significant international investment, especially from trading firms needing high-speed, low-latency connectivity. However, terrestrial options are limited and unreliable, as evidenced by recent outages affecting key links like Johannesburg–Cape Town, compounded by subsea cable damage. While alternatives such as the Paratus Express Route exist, these remain vulnerable and may not offer optimal latency.

When a London-based global financial company expands into South Africa, it often chooses dedicated connections like international private leased lines or MPLS circuits from global network providers, secured with IPsec encryption. However, this conventional approach presents several disadvantages. First, the cost of international private lines is substantial, significantly impacting budget considerations. Second, the long undersea cable routes introduce significant latency, negatively affecting application performance and user experience. Third, provisioning these circuits can take weeks or even months, causing delays in operational deployment. Fourth, scaling bandwidth or modifying network configurations is complex and time-consuming, hindering flexibility. Finally, managing and maintaining these connections, including the necessary IPsec tunnels, requires specialized expertise, adding to operational overhead.

Leveraging Cisco Catalyst^™ SD-WAN to power Rivada's Outernet offers a more agile and robust alternative, combining satellites’ rapid deployment and global reach with SD-WAN's advanced traffic management, security capabilities, and automated zero-trust IPsec provisioning for a flexible and scalable solution in emerging markets.

Figure 4 illustrates the latency differences between traditional fiber optic (terrestrial and undersea) connections and satellite links for data transmission between South Africa and London.

RTT comparison of fiber vs. satellite paths from South Africa to London

Global WAN core

GFEs commonly structure their WANs hierarchically, using three distinct layers: core, distribution, and access. The core layer serves as a high-speed backbone, responsible for transporting traffic between regions. Given the critical role of this layer, GFEs often deploy dual core networks from different carriers for redundancy and resilience.

The distribution layer connects the core and access layers, providing routing, traffic management, Quality of Service (QoS), and security policies at a regional level. The access layer connects individual users, devices, and branch offices to the network, offering connectivity and access to network resources.

Figure 5 illustrates a traditional approach to core redundancy, using two global MPLS carriers to create a highly redundant enterprise WAN core.

Hierarchical WAN design for a global enterprise

While deploying a second MPLS provider offers a level of redundancy for a global core network, it doesn't fully address the inherent vulnerabilities of terrestrial-based solutions. Cable cuts, natural disasters, and regional outages can still impact both providers, leaving the network exposed. Rivada's LEO satellite network represents a paradigm shift, offering a truly diverse and independent backbone that mitigates these risks while providing additional benefits such as simplified deployment and global coverage.

Integrating Rivada with Cisco Catalyst SD-WAN creates a powerful and agile solution for global WAN core networks. Rivada provides the resilient and globally accessible connectivity, while Catalyst SD-WAN adds intelligent path selection, application optimization, and enhanced security. The multiregional fabric framework within Catalyst SD-WAN is particularly relevant, allowing Rivada's satellite links to be seamlessly incorporated into each region's core connectivity, providing a diverse and manageable transport option.

Catalyst SD-WAN multiregion fabric

Enterprise SD-WAN last-mile connectivity

Rivada’s satellite network offers a compelling solution for connecting remote banking offices to a central enterprise network. For retail bank branches, often located in areas with limited terrestrial infrastructure, Rivada provides reliable, high-bandwidth connectivity, enabling seamless transactions, customer interactions, and data synchronization. Individual traders, whether working from home or in remote locations, can leverage Rivada’s low-latency network to access real-time market data and execute trades with the speed and reliability required for competitive advantage. Even ATMs, frequently deployed in remote or challenging environments, can benefit from Rivada’s ubiquitous coverage, ensuring consistent uptime and secure transaction processing.

Figure 6 illustrates a hybrid network design combining Cisco^® and Rivada technologies. Remote branches, ATMs, and home users connect to a regional hub via a single Rivada satellite Emulated Virtual Circuit (EVC), while a separate EVC links the regional hub to the network core.

Rivada for last-mile connectivity to global SD-WAN fabric

Beyond basic connectivity, integrating Rivada’s satellite solution with an SD-WAN overlay unlocks several key benefits. SD-WAN's intelligent path selection capabilities allow for dynamic traffic routing based on real-time network conditions. This means that even if the satellite link experiences temporary fluctuations, the SD-WAN can steer critical traffic over alternative paths (if available) or prioritize essential applications to maintain business continuity.

Furthermore, SD-WAN simplifies network management by providing a centralized control plane. Instead of managing each remote connection individually, IT teams can configure and monitor the entire network through a single interface. This simplifies tasks like deploying new branches, applying security policies, and optimizing network performance.

The SD-WAN also provides visibility into application performance across the entire WAN, enabling proactive identification and resolution of potential issues.

Security is paramount in the financial sector. SD-WAN enhances security by integrating advanced features such as built-in firewalls, intrusion prevention systems, and secure VPN connectivity. In this architecture, the SD-WAN overlay provides IPsec encryption for secure connectivity over the Rivada satellite links, protecting sensitive financial data in transit. Furthermore, Cisco cloud security (Security Service Edge [SSE]/Secure Access Service Edge [SASE]) can be integrated to provide secure internet access for these remote sites, extending consistent security policies and threat protection to cloud applications and internet-bound traffic.

Mobile carrier backhaul

Mobile backhaul is the critical component of a telecommunications network responsible for transporting data between base stations (cell towers) and the core network. Both control and user plane traffic is carried over a backhaul network to facilitate essential services such as voice, data, and video communications. Traditionally, backhaul has relied on terrestrial technologies such as fiber optics, microwave links, and copper lines. However, as mobile networks evolve—particularly with the introduction of 5G and upcoming 6G technologies—the need for more flexible, scalable, and cost-effective solutions becomes increasingly apparent. Key Performance Indicators (KPIs) for backhaul include throughput, latency, availability, reliability, and jitter. These metrics are crucial in ensuring that mobile networks meet the growing demand for high-speed data, ultra-low latency, and seamless connectivity, particularly as new services such as edge computing, massive IoT, and autonomous systems gain prominence.

Nonterrestrial connectivity, particularly LEO satellites, can significantly enhance mobile backhaul performance, especially in remote, rural, or underserved areas where traditional terrestrial solutions are impractical. LEO satellite-based networks are better positioned to minimize latency and offer high-throughput links, making them more suitable for latency-sensitive services like real-time video and gaming, as well as applications in IoT. Nonterrestrial solutions also offer enhanced resilience and redundancy, important KPIs in maintaining continuous service during natural disasters or network outages.

As the telecommunications industry moves toward advanced network architectures, the evolution of services such as network slicing, edge computing, and autonomous vehicle networks introduces new requirements for backhaul. Network slicing, for instance, enables operators to provide tailored, end-to-end services to different industries with varying QoS demands. This increases the complexity of backhaul, which must support multiple slices with differing performance metrics.

Metro Ethernet Framework (MEF) service architecture

Rivada’s Outernet-based meshed LEO satellite architecture offers significant advantages for last-mile backhaul connectivity. Built on a Segment Routing (SR)/MPLS-based forwarding plane, Rivada’s Outernet will offer symmetric high-speed bandwidth and standardized Point-to-Point (P2P), point-to-multipoint (P2MP), and Multipoint-to-Multipoint (MP2MP) Metro Ethernet services.

This will allow Mobile Network Operators (MNOs) to tailor the topology of the satellite solution to mimic that of the target mobile network technology. Traditionally, all backhauled traffic has been downlinked to a terrestrial gateway, where it was then rerouted through land to the core network to be distributed (e.g., signaling traffic vs. user traffic). With Rivada’s Outernet, MNOs will be able to direct specific traffic straight to the relevant destination.

In collaboration with Cisco, Rivada is ready to converge the Outernet with traditional terrestrial networks. Cisco provides high-performance routing using the Cisco IOS^® XR-based Cisco Network Convergence System (NCS) 540, NCS 5500 and 5700 Series, and Cisco 8000 Series routers to build agile service networks with a rich SRv6/Ethernet VPN (EVPN) feature set, advanced QoS, robust security, and AI-enabled automation. Built with standardized APIs, the solution will be able to provide end-to-end network slicing and service assurance across nonterrestrial and terrestrial networks.

The figure below illustrates the different evolved Node Bs (eNodeBs) of a 4G network being serviced directly by the closest Serving Gateway (SGW), while the Management and Control (M&C) traffic is being directly to the Evolved Packet Core (EPC). In addition to this, some additional traffic may be directed to a central location (earth station or HQ) where value-added services are layered on top. With this approach, each one of the links can be dimensioned according to the traffic volume, QoS, and KPIs such as throughput, latency, availability, reliability, and jitter.

Mobile carrier backhaul with Rivada

Offshore oil and gas platforms

The volumes of data transmitted to and from offshore platforms via WANs are rapidly increasing due to factors like real-time monitoring, remote operations, video conferencing, data-intensive applications, and crew welfare. While past data rates were limited to a few Mbps, modern platforms now require hundreds of Mbps to several Gbps, with future projections reaching tens of Gbps. This growth is driven by the need to transfer vast amounts of sensor data, high-definition video, and large datasets like 3D seismic surveys. Traditionally, platforms have relied on

WAN transports like microwave point-to-point radio, often deployed in a daisy-chain topology where each platform relays the signal to the next, creating a single point of failure that can isolate entire sections of the network should one link fail. Other traditional methods include GEO satellite connections, which provide wide coverage but suffer from high latency and low transmission speeds. Consequently, WAN requirements have evolved to demand not only higher bandwidth and lower latency, but also symmetric bandwidth.

Connectivity to offshore oil platforms

While LEO satellite constellations offer significant advantages for offshore platforms, such as lower latency compared to GEO satellites, most LEO systems are based on the Type 1 and Type 2 topologies described earlier (gateway based) and designed with asymmetric bandwidth, providing significantly higher download speeds than upload speeds.

This asymmetry poses a challenge for platform operations, where bidirectional traffic is essential for real-time monitoring, remote control, and various data-intensive applications. Symmetric bandwidth, with equal upload and download capacity, becomes crucial for efficient handling of this bidirectional traffic, ensuring optimal performance for all applications, particularly those requiring substantial uplink, and preparing the network for emerging technologies.

This balanced capacity is essential for maximizing bandwidth utilization, simplifying network management, and fully supporting the diverse communication needs of offshore platforms. Rivada Space Networks addresses this critical requirement directly with its Outernet architecture, providing consistently symmetric high-speed bandwidth. This symmetric approach is especially beneficial for offshore operations, ensuring that the necessary uplink capacity is always available for critical control signals, sensor data transmissions, and other bidirectional applications, unlike asymmetric systems that can create bottlenecks and hinder performance.

In addition to this, Rivada’s Outernet provides the ability to build the network with several independent services (multiplexing) on the same user terminal, enabling the segmentation of the network according to the services deployed on the oil platform.

As detailed in Figure 10, the customer is able to deploy a private industrial 5G network onboard the offshore oil rig, hosting automation and machine-to-machine communication between separate functions within the rig, doing so in a multipoint-to-multipoint fashion (Ethernet LAN [E-LAN]) between the oil rig itself, the company headquarters and an AWS Cloud provider. Secondly, it runs an operations network between the company headquarters and “all” oil rigs associated with the company with a rooted multipoint (E-Tree) architecture, allowing only the headquarters and each rig to communicate independently. This network could be used to deliver command and control, safety, or general communication to the oil rigs. Finally, for crew welfare it delivers a point-to-point service (E-Line) to an internet breakout that facilitates communication outside of the private network.

Cisco's robust portfolio of networking solutions seamlessly complements Rivada's symmetric, high-speed LEO connectivity. Cisco Catalyst SD-WAN, for example, can intelligently route traffic over Rivada's Outernet, helping ensure optimal application performance and resilience. Cisco's industrial networking solutions, including ruggedized switches and routers, provide the reliable infrastructure needed on offshore platforms to manage the increased data flow.

Furthermore, Cisco's security solutions, such as firewalls and intrusion detection systems, secure the network from potential threats, a critical consideration for remote, data-intensive operations. By integrating Cisco's networking and security expertise with Rivada's symmetric LEO connectivity, offshore platforms can achieve a highly reliable, secure, and performant network that meets the demanding requirements of modern operations.

Conclusion

Satellite transport has historically been perceived as ill-suited for IP WAN connectivity, reserved for remote sites lacking terrestrial options or as a backup path providing temporary connectivity during a terrestrial circuit failure. Today’s LEO satellite internet providers are changing this perception due to their significantly lower latency, higher bandwidth, and greatly expanded coverage around the globe. Rivada Space Network’s Outernet will usher in the new generation of satellite providers by completely removing terrestrial ground station backhauls to the public internet, presenting customers with private, space-based Carrier Ethernet solutions where security and resiliency are baked into the network architecture.

Using Cisco's technology, Rivada is ready to converge the Outernet with traditional terrestrial networks, challenging the way satellite transport has been used in the past. Enterprise customers will take advantage of Rivada’s connectivity model to expand beyond the last mile into their global WAN core designs—using Cisco Catalyst SD-WAN for intelligent routing, service-level agreement protection, encryption, and observability. Mobile network operators will tailor the satellite solution to their specific needs, directing latency-sensitive traffic efficiently and bypassing traditional terrestrial gateway bottlenecks.

Combined with Cisco's high-performance routing and networking solutions, the integrated platform enables seamless convergence of satellite and terrestrial networks, offering advanced features like network slicing and automated service assurance. The Internet of Things will now find its counterpart with an Outernet of things, connecting remote sensors and collectors on offshore oil platforms and weather stations with applications in secure data centers and workloads in the cloud.

About Rivada Space Networks

Rivada Space Networks GmbH is deploying the first true “Outernet”: a global, low-latency, point-to-point connectivity network of LEO satellites. By connecting its satellites with lasers, Rivada will provide resellers and B2B customers with the ability to securely connect any two points on the globe with low latency and high bandwidth. The constellations, comprising 600 low-earth-orbit communications satellites, will represent a fundamental change in the availability of secure, global, end-to-end enterprise-grade connectivity for telecom, enterprise, maritime, energy, and government services markets.

Rivada Space Networks is a wholly owned subsidiary of Rivada Networks, Inc. www.rivadaspace.com.

Contact

Melanie Dickie
Chief Communications Officer
Rivada Space Networks GmbH
mdickie@rivadaspace.com

About Cisco

Cisco is the worldwide leader in technology that powers the Internet. Cisco inspires new possibilities by reimagining your applications, securing your data, transforming your infrastructure, and empowering your teams for a global and inclusive future.
To learn more please visit www.cisco.com

To learn more about the Cisco‘s Non-Terrestrial Networking Solution, visit the solution webpage.