MPLS Alternative

MPLS Alternative

The WAN is evolving and SD-WAN is all the rage. It promises to remove the constraints of legacy connectivity technologies, namely MPLS, and create a flexible, resilient, and secure network.

MPLS is a privately managed backbone with built-in Quality of Service (QoS). MPLS services deliver predictability — whatever contention exists for its backbone is managed by the MPLS provider.

Packet loss and latency statistics are more consistent and much lower than those of the public Internet. And to back up that point, MPLS services come with guarantees of availability (99.99% per year uptime), packet loss (.1% is typical), and latency on a route-by-route basis.

Just as important, MPLS services are mature services built for the enterprise. Aside from the SLAs, they come with integrated invoicing, end-to-end delivery, and management.

The Pitfalls of MPLS

But there’s a price for this kind of dedicated infrastructure. Committing to a dedicated capacity, maximum latency, and maximum time to repair makes MPLS services very expensive. As a result, capacity is constrained by available budgets and can be easily overwhelmed by the needs of the business.

MPLS services are also notorious for their lack of agility. Site deployments involve a slow and rigid process that can take weeks and sometimes months to complete. Change management is also a hassle, requiring careful coordination with the carrier to ensure service levels are met.

Addressing the challenges of MPLS

SD-WAN is looking to address the challenges of MPLS like cost, capacity, rigidity, and manageability.

The SD-WAN edge router can dynamically route traffic over multiple data services (MPLS, cable, xDSL, 4G/LTE) based on the type of traffic and the quality of the underlying service. SD-WAN edge solutions let organizations boost capacity available for production by adding inexpensive data services to an existing MPLS-based network.

In that context, SD-WAN can reduce the growth of MPLS spend. SD-WAN automates application traffic routing based on real-time monitoring of changing conditions, which means less error-prone manual configuration changes through command line interfaces.

Some SD-WAN solutions offer zero-touch provisioning, which allows the edge to configure its connection to the WAN using the available mix of services at each location. This means a site can be brought online quickly with a single or dual Internet service or even 4G/LTE. And, MPLS can be incorporated seamlessly when it becomes available at a later point.

SD-WANs aren’t perfect

But SD-WAN edge architectures have several gaps. SD-WAN edge routers must rely on a predictable service, like MPLS, to carry latency-sensitive traffic. The router can move traffic to an alternate service if MPLS is unavailable, but this is not a recommended approach. SD-WAN routers still need MPLS and have a limited impact on overall networking spend.

Also, the introduction of Internet breakouts increases the risk of Internet-borne threats. SD-WAN routers do not address these new security requirements. Organizations need to extend their security architectures to support SD-WAN projects using edge firewalls or cloud security services. This only adds to the costs and complexity of an SD-WAN deployment.

Finally, SD-WAN routers are not optimized for cloud resources and mobile users. Since they were built to solve a branch office problem, SD-WAN vendors had to stretch their architectures to the cloud as an afterthought. This involves complicated route configurations and time-consuming deployments of SD-WAN routers near or at the cloud providers.

SaaS routing intelligence comes at the cost of deploying many SD-WAN routers near SaaS data centers in order to build a fabric with sufficient density to provide any real optimization benefits. Mobile users are simply out of scope for edge SD-WAN deployments and can’t benefit from the new network capabilities introduced by SD-WAN.

What is the solution?

Cato Networks delivers on the core promise of SD-WAN while extending it to address these key gaps. The Cato Cloud includes advanced SD-WAN edge capabilities including multi-transport support, last mile optimization, and policy-based routing.

The SLA-backed global backbone of points of presence (PoPs) at the core of the Cato Cloud service forms an affordable MPLS alternative and has the following benefits:

  • An enterprise-grade network security stack, built into the backbone, extends security everywhere without the need to deploy additional security products.
  • An agentless deployment model allows Cato to connect cloud resources as easily as physical locations, from the nearest PoP to the cloud provider.
  • Mobile users benefit from the power of the Cato Cloud using Cato’s mobile client.

With Cato’s tunnel overlay architecture connecting all resources to the service, in the same way, organizations gain single-policy control and holistic visibility across their network — physical locations, cloud resources, and mobile users.

MPLS SD-WAN Edge Cloud-based SD-WAN

SLA-backed Coverage

Global Yes N/A Yes
Regional Yes N/A Yes

Security

Encryption No Yes Yes
Distributed Threat Protection No No Yes

Management

Zero-Touch Provisioning No Yes Yes
Policy-Based Routing No Yes Yes
End-to-End Analytics No Yes Yes

End Points

Physical Locations Yes Yes Yes
Hybrid Cloud Limited Yes Yes
Public Cloud Apps No Yes Yes
Mobile Users No No Yes

Total Cost

High

Medium

Low

SD-WAN FAQ

  • What is SD-WAN?

    Software-defined Wide Area Network (SD-WAN) devices sit in company locations and form an encrypted overlay between themselves across any underlying transport service including MPLS, LTE, and broadband Internet services.

  • What are the benefits of SD-WAN?

    Reduced Bandwidth Costs: MPLS bandwidth is expensive. On a “dollar per bit” basis, MPLS is significantly higher than public Internet bandwidth. Exactly how much more expensive will depend on a number of variables, not the least of which is location. However, the costs of MPLS aren’t just a result of significantly higher bandwidth charges. Provisioning an MPLS link often takes weeks or months, while a comparable SD-WAN deployment can often be completed in days. In business, time is money, and removing the WAN as a bottleneck can be a huge competitive advantage.
    Reliable Network Across the Unreliable Internet: The ability to connect locations with multiple data services running in active/active configurations. Sub-second network failover allows sessions to move to new transports in the event of downtime without disrupting the application.
    Secure Communications: Encrypted connectivity secures traffic in transit across any transport.
    Bandwidth on Demand: The capability to immediately scale bandwidth up or down, so you can ensure that critical applications receive the bandwidth they need when they need it.
    Immediate Site Activation: Bring up a new office in minutes, instead of weeks and months that it takes with MPLS. SD-WAN nodes configure themselves and can use 4G/LTE for instant deployment.

  • What are the key trends driving SD-WAN adoption?

    Enterprises built their networks using legacy carrier services, such a managed MPLS service. These services are expensive, require weeks to months to activate sits, and require waiting for the service provider to make even the simplest of changes.
    SD-WAN offers an escape from that bringing agility and cost efficiencies to IT networking. The SD-WAN connects locations with several Internet connections, aggregating them together with an encrypted overlay. Policies, application-aware routing, and dynamic link assessment in the overlay allow for the optimum use of the underlying Internet connections.
    Ultimately, SD-WAN delivers the right performance and uptime characteristics by taking advantage of the inexpensive public Internet with the security and availability needed by the enterprise.

  • What are the limitations of SD-WAN?

    Lack of a global backbone: SD-WAN appliances sit atop the underlying network infrastructure. This means the need for a performant and reliable network backbone is left unaddressed by SD-WAN appliances alone.
    Lack of advanced security features: SD-WAN appliances help address many modern networking use cases, but don’t help with security requirements. As a result, enterprises often need to manage a patchwork of security and networking appliances from different vendors (Like CASBs) to meet their needs. This in turn leads to increased network cost and complexity as each appliance must be sourced, provisioned, and managed by in-house IT or an MSP.
    No support for the mobile workforce: By design, SD-WAN appliances are built for site-to-site connectivity. Securely connecting mobile users is left unaddressed by SD-WAN appliances.