Virtual Private Gateway
VPG High Availability and Operations Guide
This guide explains how to achieve high availability for a Virtual Private Gateway (VPG) and provides operational best practices. By following this guide, you will gain a deeper understanding of how to select a VPG type, optimize burst performance, ensure network redundancy, and manage maintenance impacts, enabling more stable operations.
Choosing a VPG Type
VPGs come in different types, each with varying maximum simultaneous session limits and available features. a detailed comparison of VPG types, refer to VPG Type and Capacity.
After creating a VPG it is not possible to change that VPG's type.
If your use case requires a VPG type different that the VPG you have already created, you must create a new VPG. This requires disconnecting all IoT SIM sessions from the existing VPG and re-establishing sessions with the new VPG. In this short interim period, your IoT SIM cards will not be able to utilize VPG services. If your system cannot tolerate such downtime, carefully consider your future needs when selecting a VPG type.
If the number of simultaneous IoT SIM sessions approaches the VPG’s session limit, you can create a new secondary VPG and configure additional IoT SIMs to use it. However, note the following limitations when using multiple VPGs:
- IoT SIMs connected to different VPGs cannot communicate with each other via Soracom Gate.
- Device subnets may differ between the VPGs.
- You may need to reconfigure any additional private network services being used to facilitate the new VPG.
Maximum Simultaneous Sessions
The maximum simultaneous session count refers to the number of IoT SIMs actively connected to the VPG at any given time. Even if many IoT SIMs are assigned to a VPG, only those with an active cellular session are counted. Offline IoT SIMs, as well as those in Suspended or Inactive statuses, do not contribute to the session count. For more information on SIM statuses and session statuses see Subscriber Status
Session limits are in place to maintain communication quality and performance. If a VPG exceeds its maximum session capacity, network performance may degrade significantly. If your VPG repeatedly exceeds this limit, Soracom may reach out to you to discuss possible solutions.
The number of active sessions for your VPG is shown in the VPG overview screen. For an example , see Type-F VPG Overview.
With certain device implementations, such as many devices being configured to simultaneously report at certain times, temporary spikes in simultaneous sessions may occur. If you anticipate activating multiple suspended or inactive IoT SIMs simultaneously, ensure that the total number of connected SIMs does not exceed the VPG’s maximum session capacity.
Ensuring Network Redundancy
Redundant Setup for Networking Services
Soracom Canal, Door, and Direct are provided using AWS managed services. AWS ensures high availability for connections established through each service. Additionally, for Door and Direct, availability can be further improved by customizing the connection method.
- Soracom Canal uses Amazon VPC features such as VPC Peering or AWS Transit Gateway connections. AWS ensures high availability for these connections.
- Soracom Door uses AWS Site-to-Site VPN. If a connection with enhanced availability, such as BGP utilization, is required, contact Soracom Support
- Soracom Direct is provided using AWS Direct Connect. If a site-to-site connection with enhanced availability, such as BGP utilization, is required, contact Soracom Support
Additionally, each service allows Virtual Private Gateways (VPGs) to connect to multiple different customer networks for purposes such as regional redundancy. In such cases, each connected customer network must have a unique IP address range. Network switching can be implemented on customer devices or achieved by combining the custom DNS feature with a customer-provided DNS server.
Rendezvous Points
For Global coverage VPGs, you must select a Rendezvous Point when creating a VPG. Rendezvous Points correspond to AWS regions and determines where connections to your infrastructure (via Soracom Canal, Door, or Direct) originate. To check supported AWS regions for Canal connections, refer to Supported AWS Regions for Soracom Canal Connection.
A VPG can only have one Rendezvous Point. If you need a VPG that operates across multiple AWS regions, you must create separate VPGs for each region.
For Japan coverage VPGs, the Rendezvous Point is fixed as Tokyo (Japan).
Maintenance Impacts
To maintain service quality, Soracom conducts scheduled and unscheduled maintenance. When designing and operating your system, Soracom recommends implementing redundancy and backup strategies to minimize potential disruptions due to maintenance activities.
During VPG maintenance, cellular sessions remain connected. However, brief packet loss or TCP reconnections may occur. To ensure data transmission reliability, consider implementing delivery confirmation mechanisms, retransmission processes, or automatic TCP reconnections.