Unless you were living under a rock, you probably heard about SD-WAN and its promise to transform enterprise networking as we know it. And, by enterprise networking we mean the use of MPLS at the core of enterprise networks. So, to SD-WAN or to MPLS? Here is what you need to consider.
MPLS Pros and Cons
If you are an MPLS customer, you are familiar with the benefits and challenges of the technology. MPLS is a premium networking service with guarantees around dedicated capacity, maximum latency and packet loss, and link availability. However, the service that comes with these guarantees is very costly, forcing enterprises to deploy just enough MPLS capacity in order to reduce their monthly spend. Furthermore, to ensure service levels, MPLS services must be deployed to the customer premises, which creates substantial lag time until a new office can be up and running on the service. To meet service levels, carriers prefer their MPLS networks very stable, so changes and adjustments also tend to be slow.
The MPLS architecture and its guarantees are now under pressure. As business applications migrate to the cloud, demand for Internet capacity increases. In the past, companies backhauled Internet traffic across their MPLS backbone to a secured, Internet portal. The cost of that backhaul, from both capacity and latency standpoint, was manageable when Internet usage was minimal. This is now no longer the case. In addition, MPLS service guarantees were offered between enterprise locations, not the enterprise and the Internet, where the customer’s carrier ultimately lost control of the traffic to other carriers.
SD-WAN Edge Appliances: Not Quite the Answer
This is where SD-WAN comes to play. SD-WAN creates a superset of MPLS by incorporating the MPLS service into a virtual overlay including additional services, such as cable, xDSL and 4G/LTE. These services offer a different set of attributes than MPLS: more capacity for less cost, faster deployment but often less predictability. By routing traffic across the overlay based on application requirements and underlying service quality, SD-WAN can bypass some of the challenges of MPLS. Routing becomes more flexible and backhauling of Internet traffic can be reduced. Services can be aggregated to maximize capacity. Branches can be deployed more quickly, initially on Internet services and with MPLS brought into the overlay as needed.
SD-WAN has several key challenges when compared with traditional MPLS architectures. Customers need to secure Internet traffic at the branch location or in the cloud to benefit from backhaul elimination. SD-WAN using edge technology alone cannot replace MPLS, unless the customer is willing to relinquish the end-to-end latency and packet loss guarantees that come with MPLS. Cloud resources and mobile users are unaffected by the SD-WAN edge capabilities, which are designed for physical locations.
Some of these issues may not be critical in all cases. For example, regional customers that have stable and high-quality Internet connectivity may not see packet loss or latency as inhibitors to move off MPLS. Another example will be a move to cloud-based apps that makes MPLS less critical to ensure application service levels. In both cases, SD-WAN can help support the transition from a hybrid WAN (MPLS+Internet) to Internet-only WAN.
Cloud-Based SD-WAN: A New Approach
Some SD-WAN vendors, like Cato Networks, expanded the scope of SD-WAN into a cloud-based, global SD-WAN service that includes SLA-backed backbone, built-in security, and extension of the overlay to cloud resources and mobile users. This architecture enables enterprises to augment and ultimately replace their MPLS architectures, address new security requirements, and support their needs outside branch locations.
Ultimately, customers need to make a decision. Continue with the current MPLS architecture or deploy one of the flavors of SD-WAN we discussed above to augment or eliminate MPLS. In the table below we summarize the considerations to make this decision. We will compare MPLS, Edge SD-WAN (using edge routers and central management), and Cloud-based SD-WAN (using a private backbone with built-in Next Generation Firewall).
| MPLS, Internet Backup | SD-WAN Edge (MPLS+Internet) | SD-WAN Edge (Dual Internet) | Cloud-based SD-WAN | |
SLA-backed Coverage |
||||
| Global | Yes | N/A | N/A | Yes |
| Regional | Yes | N/A | N/A | Yes |
Security |
||||
| Encryption | No | Yes | Yes | Yes |
| Integrated Threat Protection | No | No | No | Yes |
Management |
||||
| Zero-Touch Provisioning | No | Yes | Yes | Yes |
| Policy-Based Routing | No | Yes | Yes | Yes |
| End-to-End Analytics | No | Yes | Yes | Yes |
End Points |
||||
| Physical Locations | Yes | Yes | Yes | Yes |
| Hybrid Cloud | Limited | Yes (appliance) | Yes (appliance) | Yes (agentless) |
| Public Cloud Apps | No | Yes | Yes | Yes |
| Mobile Users | No | No | No | Yes |
Total Cost (services, hardware, software) |
High | Medium-High | Medium-High | Low-Medium |
To learn more about SD-WAN vs. MPLS, and the way Cato Networks can transform, streamline and simplify your network and security get in touch with one of our specialists.
Related articles: