With the adoption of Cloud services, the Internet with SD WAN is now viewed as a cost-effective, agile alternative to MPLS VPN. In today's world of cloud-based applications, the question on the mind of most IT teams surrounds whether or not MPLS is required vs using an Internet connection as the basis of your SD WAN underlay.
What are the use cases - how to compare SD WAN vs. MPLS?
SD WAN offers huge agility and flexibility by leveraging highly effective feature-sets which include:
Multiprotocol Label Switching (MPLS) is a technology used to route network traffic using a label-switched-path network model. An MPLS network works to increase speed and control the flow of data packets along pre-defined network paths using specialized hardware routers. SD-WAN on the other hand, uses a software defined approach, instead of hardware, as an overlay to connect multiple LANs. As a result, SD-WAN does not require specialised routers; instead, SD-WAN steers traffic via standard internet connections to perform optimally and align with business requirements. SD WAN offers application aware routing to route traffic across the network infrastructure. SD WAN providers can enable direct traffic between the end user in branch offices and cloud applications hosted in the enterprise data centre. Some customers choose SD WAN over private MPLS to keep internet traffic flowing across multiple locations due to its ability to leverage software defined security as well as additional network functions.
Pre-defined policies that reflect modern working patterns and environments make SD-WAN ideal for distributed networks that require intelligent traffic analysis to prioritise critical business application use.
SD-WAN can utilize MPLS as a networking method to provide a hybrid solution if required.
SD WAN vs MPLS Pros and Cons
Connections provided by physical MPLS circuits are over a private, dedicated network. As a result, customers are isolated from one another.
Traffic is steered over the public internet, which impacts privacy. However, a private layer overlay over any network traffic type can mitigate privacy issues.
MPLS traffic is not typically encrypted. However, MPLS traffic is based on labels, which act to isolate multiple customers.
To provide robust security, SD-WAN should add a security overlay to provide a secure connection, and all traffic flowing across the network should be encrypted during transit.
MPLS services require specialised routers to forward packets.
SD-WAN can run using any network hardware.
MPLS bandwidth is configuration dependent. Limit on how much capacity can be provisioned over any MPLS connection at any time.
Highly flexible in terms of bandwidth by combining multiple connections and using software to identify and utilise fastest connectivity.
QoS (Quality of Service) and QoE (Quality of Experience)
QoS is used to set minimum standards for network performance.
Extends QoS to include QoE to focus on user experience by applying intelligent analysis and traffic prioritisation.
Latency and Jitter SLAs
Reliability and performance are backed by end-to-end SLAs.
One key benefit of SD-WAN solutions are that they are highly configurable which enables more granular performance and traffic prioritisation options for routing traffic. This optimises the use of apps such as VOIP. SLAs are less likely to be needed as internet robustness and scalability improvements.
Cloud connectivity is complicated via backhauling traffic to a hub or data center.
It is easier than MPLS, with direct support for multiple cloud strategies, so it reduces latency.
Traffic steering policies
Limited, may require add-on appliances for control.
Dynamic capability and facilitates real-time traffic steering via policies (including optimising traffic via MPLS).
An MPLS network offers more granular control than an SD-WAN architecture; packets always follow the defined path.
In a SD WAN solution, depending on how traffic is routed, some packets could be lost.
Reporting is generally more static and focused on QoS.
Reporting is centralised and gives broad visibility into network performance and QoE.
Management and administration
Policy changes are performed on a per-router basis.
Upgrades, such as adding a new node, must be carried out by the same vendor.
Comparing MPLS Privacy with SD WAN Public Cloud Access
Privacy is an intrinsic element of the architecture of an MPLS solution. Privacy is achieved through the labelling of packets that segregates the traffic of multiple clients. In other words, one customer's traffic is isolated from another customer's traffic. However, essential to note is that MPLS data traffic is not usually encrypted by default. Private MPLS does not offer integrated security in dedicated network circuits.
Secure SD WAN offers offers integrated security such as traffic encryption as one of many SD WAN benefits. One of the key differences between dedicated MPLS circuits and SD-WAN is that SD WAN connections share data over the public internet - this has potential privacy implications. However, appliances can add a layer of privacy enhancement to an SD-WAN line. SD-WAN devices are also fully meshed; a single compromised device can potentially allow visibility to traffic across the entire organisation.
Privacy is more than encryption and can be enhanced using data security protection; MPLS and SD-WAN should integrate security solutions to enable security and enforce certain aspects of privacy. Security solutions include robust authentication, firewalls, endpoint detection and response (EDR) and Intrusion Detection (IDS); when used alongside MPLS or SD-WAN, integrated security solutions provide 360-degree threat mitigation and help enable privacy.
Comparing End to End MPLS QoS with local SD WAN QoS
Quality of Service (QoS) agreements are legal agreements under an SLA (Service Level Agreement). MPLS SLAs set the QoS minimum agreed-on thresholds for quality standards with baselines for expected:
High network speed and low latency
High-quality connections with minimal or no jitter or packet loss.
However, QoS does not guarantee a good user experience of apps over the public internet, and QoS is becoming less relevant as internet data traffic handling becomes more robust. Therefore, Software Defined Wide Area Networks extend QoS to include Quality of Experience (QoE). QoE focuses on the human experience of using apps across a distributed network and reflects the change in general working patterns, use of the public internet, and intelligent decision-making by the SD-WAN. Components of SD WANs enforce policies at the network edge to counteract the unpredictable and potential instability of the public internet. The ability of SD-WAN to steer and prioritise traffic towards more optimal paths is part of the reason that QoE is a better fit than QoS for SD-WAN implementations. MPLS operates similarly to most SD WAN solutions in terms of network connectivity over a large geographic distance. However, the advantage of MPLS connections over large distances is that Latency issues are easier to predict.
Latency and Jitter SLAs
The most common MPLS SLAs include latency and jitter within a commercial agreement with the MPLS provider:
Latency: latency times represent the round-trip ping time on a circuit, for example, 50ms per round-trip. Low latency SLAs can be provider dependent and, therefore, vary, so they may require negotiation.
Jitter: out-of-order packets can lead to jitter that impacts the user experiences of apps such as video and VOIP. A jitter SLA measures the delivery of packets in the correct order.
Almost all MPLS SLAs only provide monthly averages for latency and jitter, meaning the service provider cannot be held responsible for short periods of poor performance.
SD-WAN is better served by using internal SLAs as a guidepost for policies for configuration targets instead of a commercial agreement. Then, using SD-WAN reporting and statistics to adjust configurations, an enterprise can meet the required targets for network performance.
Large-scale MPLS deployments typically require the organization to enter a contract with a specific supplier that tends to tie them into a particular environment. This makes the addition of multiple cloud connections complicated and often costly. "Virtual routing services" can help to mitigate the costs of adding cloud support to an MPLS deployment. For example, a virtual router runs on top of an MPLS appliance to establish MPLS cloud connections.
Conversely, SD-WAN is cloud-native and designed to support multi-cloud environments.
SD-WAN solutions can control traffic using granular steering policies. These policies decide which WAN links to use and which paths are the most optimal. Steering policies ensure that enterprise traffic use fits business needs and keeps business apps working seamlessly. An example of an intelligent steering policy would be to route bandwidth-intensive and latency-sensitive critical apps, such as Voice over Internet Protocol (VoIP) and video conferencing, always using an MPLS connection.
SD-WAN reporting is a core component of the solution and is granular. Reporting is vital to visibility and network performance, providing the statistics and insights to optimise configuration and network performance. The reporting incorporated into an SD-WAN solution includes:
Generate reports showing application and WAN performance
Perform business analytics for bandwidth and performance forecasting
SLA enforcement: is the guaranteed bandwidth being honoured?
Monitoring report for QoE
MPLS vendors typically control service performance reports that include:
Router and Interface Reports
Management of SD-WAN and MPLS network connectivity
MPLS connections are managed by the telecom provider, which helps to minimise the need for internal teams to manage the MPLS solution. However, there is usually a need for in-house personnel to control routing updates and perform general maintenance.
SD-WAN solutions are configured centrally using a cloud-based central management console. Many SD-WAN solutions use a ZTP (zero trust provisioning) model. ZTP facilitates the use of pre-defined templates to make roll-out and upgrades easy. ZTP reduces human error and enables fast and automated policy roll-out: each SD-WAN device connects directly to a centralised controller that automatically updates the devices with new configurations.
Hosting and SD-WAN solutions management
SD-WAN service management depends on the type of SD-WAN deployed. Three options for SD-WAN determine the level of in-house management needed:
DIY: requires dedicated in-house skilled personnel to deploy, manage, and maintain the SD-WAN.
Managed: a specialist Managed Service Provider (MSP) implements and provides ongoing management and maintenance of the SD-WAN.
Co-managed: a hybrid option where a company uses an MSP for some aspects of the SD-WAN management but may use in-house personnel to manage policies and application routing.
Management of nodes
MPLS: the same provider that serviced existing locations must be used to add another network node; in other words, MPLS creates vendor tie-in. Extending beyond the MPLS backbone can take time and effort.
SD-WAN: SD WAN makes adding a new network node to a network is much easier as any provider can be used. Usually, an additional appliance from the SD-WAN provider will be needed to set up the new node.
Should you choose a hybrid of SD-WAN and MPLS?
A hybrid solution of SD-WAN and MPLS technology may provide an ideal ‘best of both worlds’ solution.
SD-WAN enables real-time application traffic steering over any link, such as broadband, LTE (Long Term Evolution) and MPLS. However, SD-WAN connections may provide a way to decouple from the physical underlay yet still take advantage of networking such as MPLS. This hybrid solution uses a mix of traditional MPLS technology, and the direct internet connectivity afforded by SD-WAN.
Typical hybrid scenarios run a single MPLS line alongside an SD-WAN connection per site. Each instance is monitored for packet loss, jitter, etc., using the inherent monitoring and analysis capabilities of SD-WAN; if one line fails, the other is used as a failover.
Also, the hybrid system can determine which line (MPLS or SD-WAN) is optimal for specific use cases and route the traffic through this best-fit line. For example, the MPLS line can be used for apps that require low latency, such as specialized business applications.
As companies often have multiple and complex use cases, environments, and working patterns, having the option to push traffic via the best possible connection makes business sense.
At first glance, both SD-WAN and MPLS links are reliable and can ensure high performance. However, some differences can determine the choice for the IT administrator looking at both options.
MPLS is a traditional, well-used technology that uses dedicated, private connections between sites. MPLS offers a predictable level of performance and privacy but can be costly to set up and manage, although costs are decreasing in some geographies.
Unlike MPLS, SD-WAN is a software-based technology that uses the public internet to connect remote networks. Therefore, it is typically less expensive than MPLS and is easier to set up and manage. However, the performance and security of an SD-WAN connection can vary based on the quality of the underlying internet connection.
When deciding between SD-WAN, MPLS, or a hybrid solution, IT buyers should consider factors such as cost, ease of management, reliability, built in security functionality, and the level of performance required for their specific use case and business needs. With the need to secure internet access to branch offices and a rising use of mobile networks, network connectivity needs will always be dynamic. It should be remembered that this is not necessarily a case of SD WAN replacing MPLS, as the SD WAN architecture does not exclude the usage of MPLS. In a SD WAN overlay network, traditional MPLS networks can be used as one of the multiple networking methods in a Software Defined Wide Area Network.
Visit the Netify SASE Cybersecurity and SD WAN marketplace.
Get the data points you need to help with your SASE Cybersecurity and SD WAN decision making process.