Four Questions For Life After MPLS

March 8, 2017

Anyone who’s purchased MPLS bandwidth has experienced the surreal. While at home you might spend $50 for a 50 Mbps Internet link, MPLS services can cost 10 times more for a fraction of the bandwidth.  SD-WANs promise to address the problem, of course, but even as an SD-WAN provider we can tell you that SD-WANs may not be right choice for everyone. So much depends on how you answer certain questions about your business, the resources available, and your networking requirements.  It’s why we put together a checklist (humbly called “The Ultimate Checklist”) for figuring out whether you should stick with MPLS or consider an SD-WAN.

Start by addressing the core questions to know if the Internet can play a role in part or entirely as your next backbone. The questions break down into four areas:

  • Availability – What level of network availability does your business require?
  • Capacity – How do capacity constraints impact your business?
  • Latency – How will your applications be impacted by the increased latency and loss incurred on the Internet?
  • Security – What do you need to secure the Internet access points at each of your offices?

Each of these four areas consists of dozens of sub-questions; we boiled them down to just 13. With security, for example, do you want to offload Internet traffic at the branch or backhaul traffic to the datacenter? If you’d like to eliminate the “trombone effect” and take advantage of the improved cloud and Internet performance that’s possible with SD-WANs, you’ll want Internet offload.

But with Internet offload you’ll have another consideration — remote office network security. MPLS services arose at a time when threats existed “out there” on the Internet and Internet traffic was the exception not the norm. So we created a secured Internet access point for the company, backhauled Internet-bound traffic from offices across the WAN to that Internet hub, and minimized the need for branch security.

Such an approach might have worked when threats were outside of company and Internet traffic was the exception. But Internet traffic is the norm and today’s threats are as likely to emanate from our offices as they are from the Internet. As such, many security professionals are looking to apply advanced security services, such as malware protection, and next generation firewall (NGFW), to the WAN as well as Internet connections.

WAN architectures give you a range of choices for addressing these security considerations. MPLS services effectively segment traffic at layer 2, but provide no additional network security. SD-WANs segment traffic at layer 3 and encrypt traffic,you’ll need a third-party vendor for advanced security service. Cloud-based SD-WANs go a step further and integrate the advanced security into the SD-WAN.  

Many different options and many different kinds of architectures to consider. We hope the “The Ultimate Checklist” helps.

Dave Greenfield

Dave Greenfield

Dave Greenfield is a veteran of IT industry. He’s spent more than 20 years as an award-winning journalist and independent technology consultant. Today, he serves as a secure networking evangelist for Cato Networks.