Comment by arter45

5 hours ago

I'm just saying that if they use a traditional IP VPN over the Internet, traffic is of course encrypted, but the two endpoints terminating the VPN must have a public IP.

Of course, this is not necessary if they simply use UHF radio signals encoding bits with pulse modulation, or whatever.

Indeed, that's indeed what I was curious about (Internet vs other channels), since at least part of their tech stack in orbit is relatively straightforward (e.g. linux with preempt_rt).

2 comments

arter45

Reply
fc417fc802  5 hours ago

Why would you VPN here? If you did, why would you do so over the public internet? You can route IP packets over internal links, including via radio (that is the entire point of WiFi after all).

Although it occurs to me that "does your network stack employ either ethernet or IP (and what were the considerations)" might be an interesting question.

  • arter45  2 hours ago

    Let me dream about the one guy working remote for a satellite company and just jumping into a direct VPN with a satellite, won't you? :)

    All kidding aside, there are some protocols, like FTP or RTSP, which don't play well with NAT because they include IP addresses in the payload itself. Some solutions exist (so called ALG) but they are often fragile. If the satellite was using some of these protocols to talk to something on a public cloud platform (say, send images via FTP to an EC2 VM), satellites could have a public address to avoid NAT issues, and that point you could also use it as a management address (although maybe only as a backup path).

    It's a bit far fetched, but when it comes to satellites, you could say "sky is the limit" :)

    EDIT

    I admit public IP addresses are a bit unlikely (but... who knows!). However, this picture on their website (https://cdn.prod.website-files.com/64529e978a785fb5da715f99/...) clearly shows a Grafana dashboard.

    Ignoring for a moment the fact that Grafana could be self-hosted or in SaaS, Grafana is heavily used to collect logs and metrics from standard servers.

    Of course, maybe they built their own integrations to convert raw logs and metrics sent via plain pulse modulation to plain syslog and Prometheus metrics, but maybe it's just that they're using (probably private) IP addresses on board and they are simply streaming logs and metrics to the ground using standard TCP/UDP protocols.