End-to-end SD-WAN and transport-layer orchestration unifying LEO satellite, 4G/5G cellular, fiber, and microwave into a single deterministic IP fabric — with real-time telemetry, application-aware QoS, and sub-300ms failover. Fiber-class reliability anywhere on the planet.
The CLATA Hybrid Network Platform is an enterprise-grade SD-WAN and transport orchestration framework built on a Layer-3 overlay fabric with dynamic routing intelligence. It unifies heterogeneous WAN links — LEO satellite, 4G/5G cellular, fiber broadband, and licensed microwave — into a single managed IP transport with deterministic performance guarantees.
Each edge node (CPE, vessel gateway, vehicle aggregation unit, or vCPE) establishes encrypted DMVPN/IPsec tunnels over all active uplinks simultaneously. The centralized controller layer monitors real-time link telemetry every 500 ms and computes optimal per-application forwarding paths based on SLA thresholds for latency, jitter, packet loss, and throughput.
Performance is equal to carrier-grade MPLS while maintaining full flexibility for deployment in fixed enterprise sites, remote field operations, mobile maritime platforms, and cloud-native virtual environments.
┌─────────────────────────────────────┐
│ CLOUD CONTROLLER │
│ Policy Engine · Telemetry · NOC │
│ ZTP · Analytics · SLA Reporting │
└───────┬─────────────┬───────────────┘
│ Encrypted │ Encrypted
│ Control │ Control
▼ ▼
┌───────────┐ ┌───────────────────┐
│ HUB EDGE │ │ REMOTE EDGE CPE │
│ (DC/NOC) │ │ (Site/Vessel/Veh.)│
└─────┬─────┘ └──┬──┬──┬──┬──────┘
│ │ │ │ │
MPLS/ │ │ │ └─ 🛰️ LEO Satellite
Fiber │ │ └──── 📱 4G / 5G LTE
│ └─────── 🗼 Microwave PTP
└────────── 🌐 Fiber/ADSL
MULTI-LINK ENGINE:
├── Real-time bonding (active-active)
├── Adaptive FEC (packet loss recovery)
├── Per-flow path selection (SLA-based)
└── Session persistence (failover safe)
QoS POLICY ENGINE (L7):
├── Voice/Video → Priority Queue (EF)
├── SCADA/IoT → Guaranteed BW (AF41)
├── Business → Normal (AF21)
└── Best Effort → Default Queue (BE)
Active-active aggregation of heterogeneous WAN interfaces at the IP layer. Adaptive packet distribution algorithms compensate for latency variance between links (e.g., fiber + LEO satellite).
Dynamic path selection based on configurable SLA thresholds (<80 ms RTT, <0.5% packet loss). Automatic rerouting is completed in under 300 ms — no session drops, no VoIP call interruption.
Forward Error Correction implemented at the session level to mitigate satellite-induced packet loss (LEO orbital mechanics, weather events) and improve effective TCP throughput on degraded links.
Deep Packet Inspection classifies traffic at Layer 7. Voice, video conferencing, SCADA, and telemetry receive dedicated priority queuing and guaranteed bandwidth — ensuring mission-critical traffic is never starved by bulk transfers.
Edge nodes auto-register with the controller using secure TLS 1.3 token exchange. Configuration, policy, and firmware are pushed from the central controller — no on-site technical expertise required for deployment.
AES-256 + SHA-2 encryption on all tunnels. VRF-based segmentation isolates management, production, and guest networks at the routing layer. Optional DPI-based intrusion detection and SIEM integration.
LEO satellite constellations (including Starlink) introduce unique transport challenges that standard SD-WAN platforms are not designed to handle: variable latency (20–80 ms orbital oscillation), elevated jitter, and periodic coverage gaps during handover between orbital planes. CLATA's platform includes a purpose-built LEO optimization layer that compensates for these characteristics.
The platform applies TCP acceleration and window scaling optimized for 20–80 ms RTT variance. Latency-sensitive applications (VoIP, video) are routed to terrestrial paths when available; LEO handles bulk and best-effort traffic.
Dynamically adjusts MTU to account for encapsulation overhead on Starlink and multi-hop satellite links, maintaining efficient TCP window utilization and preventing fragmentation-induced performance degradation.
Integrated signal quality telemetry from satellite terminals (RSSI, SNR, throughput) triggers proactive rerouting to terrestrial backup links when rain fade or beam handover degradation is detected — before packet loss begins.
Simultaneous LEO + GEO + terrestrial operation. Routing decisions based entirely on real-time per-link telemetry, not static metrics — the controller selects the best path for each application class at every measurement interval.
| Parameter | Specification | Notes |
|---|---|---|
| MULTI-LINK TRANSPORT ENGINE | ||
| Aggregate Throughput | Scalable to multi-Gbps per node | Limited by sum of active WAN link capacity |
| Max WAN Interfaces | Up to 8 per edge node | Any mix: LEO, 4G/5G, fiber, microwave, VSAT |
| Bonding Mode | Active-Active (simultaneous use) | Adaptive per-packet or per-flow distribution |
| Link Utilization | >95% | Across mixed-latency links including LEO |
| Telemetry Interval | 500 ms per link | RTT, jitter, loss, throughput, RSSI |
| FAILOVER & REDUNDANCY | ||
| Failover Detection | <1 second | Continuous probe-based monitoring |
| Failover Completion | <300 ms (typical) | End-to-end including reroute convergence |
| Session Persistence | Full (no session drops) | TCP state sync across active tunnels |
| SLA Trigger Thresholds | Configurable per app-class | Default: RTT >80ms, Loss >0.5%, Jitter >30ms |
| SECURITY | ||
| Tunnel Encryption | AES-256-GCM | All WAN tunnels — no unencrypted traffic |
| Authentication | SHA-256 / SHA-384 HMAC | Per-packet integrity verification |
| Key Management | Dynamic rotation (configurable) | Automated revocation via controller |
| Network Segmentation | VRF per zone | Management / Production / Guest / IoT |
| Optional DPI | L7 IDS/IPS module | SIEM integration via REST API / syslog |
| QoS & TRAFFIC MANAGEMENT | ||
| Classification Depth | Layer 7 DPI | 3,000+ application signatures |
| Queue Types | Priority, WFQ, CBWFQ, WRED | Per-application policy |
| Marking / DSCP | Full DSCP remarking | EF, AF41, AF21, CS1 standard classes |
| FEC | Adaptive — triggered by loss threshold | Typical overhead: 5–20% |
| DEPLOYMENT & MANAGEMENT | ||
| Provisioning | Zero-Touch (TLS 1.3) | Auto-register → pull config → activate |
| Controller | Cloud or On-Premise | Private cloud deployment available |
| Monitoring API | RESTful API + NETCONF + SNMP | NMS and NOC integration |
| Telemetry Export | NetFlow v9 / IPFIX / sFlow | 5-second granularity per edge |
| Reporting | SLA compliance, uptime, jitter heatmaps | JSON/CSV export, white-label dashboards |
CLATA delivers multi-WAN SD-WAN bonding proven across remote BTS sites in East Africa. Starlink + cellular bonded into one resilient WAN delivers 200–360 Mbps with zero packet loss — replacing VSAT at a fraction of the cost.