SD-WAN vs Hybrid WAN

January 12, 2020

Most enterprise WANs have historically used MPLS, but with the proliferation of cloud resources and mobile users, organizations are realizing the need to facilitate more flexible connectivity. They are faced with many options when making this decision, but one of the first that must be considered is whether to go with a hybrid WAN or SD-WAN.

With a hybrid WAN, two different types of network services connect locations. Usually, one network service is MPLS while the other is typically an Internet connection. While some enterprises will have an active MPLS connection with an Internet/VPN connection for failover, hybrid WAN actively uses both connections.

Hybrid WAN – Pros and Cons

Pros of Hybrid WAN

Hybrid WAN configurations allow for easy increase in bandwidth by inserting Internet connections alongside an existing MPLS network. Offloading traffic from MPLS allows for reductions in monthly bandwidth costs and to turn up new installations faster by leveraging indigenous Internet access link. Regulatory constraints mandating MPLS can continue to be met.

Hybrid WAN takes advantage of the reliability, security, and SLA-backed performance of MPLS connections, yet limits the expense of these connections by augmenting connectivity with Internet connections that are cheaper and more versatile. In some cases, these Internet links can help improve performance for traffic that is not destined for the datacenter as it can reduce the number of hops that can occur when backhauling through the datacenter.

Cons of Hybrid WAN

The question is whether organizations can ever eliminate MPLS costs with Hybrid WANs. The public Internet is too erratic for global deployments requiring the continued use of costly, international MPLS connections. Companies are still left with having to wait months to provision new MPLS circuits. In addition, maintaining distinctly separate WAN connection transports adds an administrative burden and can create appliance sprawl. Finally, Hybrid WANs aren’t designed with Cloud and mobile communications in mind, requiring additional strategies for securing and integrating these connections into the enterprise.

SD-WAN – Pros and Cons

Pros of SD-WAN

By replacing an MPLS network with SD-WAN, there can be a significant cost saving while still maintaining the performance required for today’s applications. Unlike MPLS, with SD-WAN customers can easily add new circuits or increase the bandwidth of existing circuits with little impact on the network configuration. By utilizing multiple low-cost, high-bandwidth circuits, SD-WAN can meet the performance and reliability organizations require. Organizations can select transport types that provide the best value for each location and still connect seamlessly to the rest of the WAN. In addition, because SD-WAN is compatible with multiple transport types, provisioning of new or additional services is much faster than MPLS.

Cons of SD-WAN

Out of the gate, SD-WAN has several challenges that involve security, global locations, and mobile user connectivity. Because public Internet connections are used for SD-WAN, and there is no need to backhaul to the secured datacenter, the traffic is no longer secured. For connectivity to some global locations, routing and response times can be unpredictable. However, oftentimes locations that have difficulties getting reliable Internet have less than ideal MPLS connectivity. For many organizations, connectivity for mobile users and to the cloud is a driving force for change in the WAN infrastructure. But to have access to the cloud with SD-WAN, a separate cloud connection point is required, and mobile users are not addressed in a standard SD-WAN solution

Making the Choice

There are SD-WAN providers that have taken the best of both worlds by combining the advantages of SD-WAN while overcoming the challenges of a vanilla SD-WAN solution. That means the predictability and performance like MPLS while also offering an integrated firewall-as-a-service that makes firewall services available to all locations. In this case, the entire WAN is connected to a single, logical firewall with an application-aware security policy that allows for a unified security policy and a holistic view of the entire WAN. The other challenges such as cloud and mobile are also resolved with SD-WAN-as-a-service offerings.

When comparing hybrid WAN to SD-WAN, the decision for most organizations comes down to whether they feel MPLS can be replaced. With the dramatic improvement of Internet performance, unless there are specific locations that have poor Internet connectivity, an enterprise should feel confident that an SD-WAN solution can meet the demands while also providing cost and agility advantages over MPLS or hybrid WAN. If a business has a scenario where they feel MPLS is a must, then a hybrid WAN solution can be employed.

 

 

Dave Greenfield

Dave Greenfield

Dave Greenfield is a veteran of IT industry. He’s spent more than 20 years as an award-winning journalist and independent technology consultant. Today, he serves as a secure networking evangelist for Cato Networks.