MPLS Alternatives: Can SD-WAN Replace MPLS?

July 12, 2018

The WAN is evolving and SD-WAN is all the rage. It promises to remove the constraints of legacy connectivity technologies, namely MPLS, and create a flexible, resilient, and secure network.

MPLS is a privately managed backbone with built-in Quality of Service (QoS). MPLS services deliver predictability — whatever contention exists for its backbone is managed by the MPLS provider.

Packet loss and latency statistics are more consistent and much lower than those of the public Internet. And to back up that point, MPLS services come with guarantees of availability (99.99% per year uptime), packet loss (.1% is typical), and latency on a route-by-route basis.

Just as important, MPLS services are mature services built for the enterprise. Aside from the SLAs, they come with integrated invoicing, end-to-end delivery, and management.  

 

Network Transformation Strategy

 

The Pitfalls of MPLS

But there’s a price for this kind of dedicated infrastructure. Committing to a dedicated capacity, maximum latency, and maximum time to repair makes MPLS services very expensive. As a result, capacity is constrained by available budgets and can be easily overwhelmed by the needs of the business.

MPLS services are also notorious for their lack of agility. Site deployments involve a slow and rigid process that can take weeks and sometimes months to complete. Change management is also a hassle, requiring careful coordination with the carrier to ensure service levels are met.

Addressing the challenges of MPLS

SD-WAN is looking to address the challenges of MPLS like cost, capacity, rigidity, and manageability.

The SD-WAN edge router can dynamically route traffic over multiple data services (MPLS, cable, xDSL, 4G/LTE) based on the type of traffic and the quality of the underlying service. SD-WAN edge solutions let organizations boost capacity available for production by adding inexpensive data services to an existing MPLS-based network.

In that context, SD-WAN can reduce the growth of MPLS spend. SD-WAN automates application traffic routing based on real-time monitoring of changing conditions, which means less error-prone manual configuration changes through command line interfaces.

Some SD-WAN solutions offer zero-touch provisioning, which allows the edge to configure its connection to the WAN using the available mix of services at each location. This means a site can be brought online quickly with a single or dual Internet service or even 4G/LTE. And, MPLS can be incorporated seamlessly when it becomes available at a later point.

 

Network Transformation Strategy

SD-WANs aren’t perfect

But SD-WAN edge architectures have several gaps. SD-WAN edge routers must rely on a predictable service, like MPLS, to carry latency-sensitive traffic. The router can move traffic to an alternate service if MPLS is unavailable, but this is not a recommended approach. SD-WAN routers still  need MPLS and have a limited impact on overall networking spend.

Also, the introduction of Internet breakouts increases the risk from Internet-borne threats. SD-WAN routers do not address these new security requirements. Organizations need to extend their security architectures to support SD-WAN projects using edge firewalls or cloud security services.  This only adds to adds to the costs and complexity of an SD-WAN deployment.

Finally, SD-WAN routers are not optimized for cloud resources and mobile users. Since they were built to solve a branch office problem, SD-WAN vendors had to stretch their architectures to the cloud as an afterthought. This involves complicated route configurations and time consuming deployments of SD-WAN routers near or at the cloud providers.

SaaS routing intelligence comes at the cost of deploying many SD-WAN routers near SaaS data centers in order to build a fabric with sufficient density to provide any real optimization benefits. Mobile users are simply out of scope for edge SD-WAN deployments and can’t benefit from the new network capabilities introduced by SD-WAN.

 

the Promise of SD-WAN as a Service

What is the solution?

Cato Networks delivers on the core promise of SD-WAN while extending it to address these key gaps. The Cato Cloud includes advanced SD-WAN edge capabilities including multi-transport support, last mile optimization, and policy-based routing.

The SLA-backed global backbone of points of presence (PoPs) at the core of the Cato Cloud service forms an affordable MPLS alternative and has the following benefits:

  • An enterprise-grade network security stack, built into the backbone, extends security everywhere without the need to deploy additional security products.
  • An agentless deployment model allows Cato to connect cloud resources as easily as physical locations, from the nearest PoP to the cloud provider.
  • Mobile users benefit from the power of the Cato Cloud using Cato’s mobile client.

With Cato’s tunnel overlay architecture connecting all resources to the service in the same way, organizations gain single-policy control and holistic visibility across their network — physical locations, cloud resources and mobile users.

MPLS

SD-WAN Edge

Cloud-based SD-WAN

SLA-backed Coverage

Global

Yes

N/A

Yes

Regional

Yes

N/A

Yes

Security

Encryption

No

Yes

Yes

Distributed Threat Protection

No

No

Yes

Management

Zero-Touch Provisioning

No

Yes

Yes

Policy-Based Routing

No

Yes

Yes

End-to-End Analytics

No Yes

Yes

End Points

Physical Locations

Yes

Yes

Yes

Hybrid Cloud

Limited

Yes

Yes

Public Cloud Apps

No

Yes

Yes

Mobile Users

No

No

Yes

Total Cost

High

Medium

Low

 

 

This article was originally posted in August 2017 and was since updated 

Dave Greenfield

Dave Greenfield

Dave Greenfield is a veteran of IT industry. He’s spent more than 20 years as an award-winning journalist and independent technology consultant. Today, he serves as a secure networking evangelist for Cato Networks.