Should You Replace Your MPLS with SD-WAN?
October 04, 2018
Let’s address a common debate among IT leaders and network engineers when it comes to a more traditional WAN technology like Multiprotocol Label Switching (MPLS) over Software-Defined Wide Area Networking (SD-WAN). Should you replace your MPLS with SD-WAN?
Many IT leaders are excited about the benefits of SD-WAN such as cost reduction, agility/flexibility, ease of deployment, and the options to improve security. But as usual, SD-WAN as a MPLS killer is not cut-and-dry.
If you’re wondering if SD-WAN is right for your IT environment, hopefully we can help you out.
MPLS is a type of data-carrying technique for high-performance telecom networks. Whereas SD-WAN simplifies the management and operation of a WAN by separating networking hardware from its control mechanism.
With greatly expanding technology options, businesses today have hard decisions to make. Let’s look at this as a football analogy. Is a quarterback better than a defensive end on a football team? Can you win a game with one being better than the other? Choosing between SD-WAN and MPLS is much like that. Can my network perform better with one versus the other? If you have a quarterback, you get the flexibility of reading what the defense is giving you and calling an audible to change it. With SD-WAN, you get that flexibility. With MPLS you don’t. You run it, or you will do “up-downs”!
Set aside sports for a minute, the debate of which one is better comes down to the applications in your network and your needs. The comparison of MPLS vs SD-WAN focuses on four key areas:
- Packet loss and availability
- Quality of Service (QoS)
SD-WAN and MPLS Pros and Cons
Packet Loss and Availability
The biggest pro of MPLS is in delivery of data packets and providing a high QoS. MPLS excels at this while managing packet loss, which is valuable for those interested in real-time protocols such as Voice Over IP (VOIP), video conferencing, and virtual desktops. Even though MPLS networks are a shared infrastructure, they still provide highly reliable packet delivery.
Quality of Service
Packet delivery across the internet has had significant improvements due to SD-WAN. Before QoS can even be considered, networks must control packet loss issues. The main idea being that QoS prioritized packets are not effective if they are through the internet. A common approach that most customers use to avoid packet loss is to utilize two different links, broadband and cellular, from two unique internet providers. Here is where an advantage of SD-WAN comes into play. Redundancy and flexibility provides the customer with two unique access paths to the internet providing the same resiliency of MPLS at half the price.
Even though MPLS is run on a shared network, security with MPLS is fairly strong because of the way it is uniquely designed, yet another pro. Each MPLS network is created as a Closed User Group (CUG). In an MPLS solution, only the nodes in that network can read and access the data in that network. Conversely, the internet has no such mechanism to accomplish this, let alone the ability to secure data which opens up the possibility of breaches and security holes.
But here is where the cons of MPLS data surface. MPLS is typically not encrypted and requires additional steps from the user which can be a major issue. This requires staff with an understanding of Border Gateway Protocol (BGP), Open Shortest Path First (OSPF), etc. If you need that bit of extra security, SD-WAN not only leverages the internet for transporting data, but also provides an easy solution to secure data sent across the internet using secure Virtual Private Networks (VPN). Don’t get us wrong, internet configurations can be complex, but SD-WAN makes up for it by simplifying configurations through the use of tunneling, allowing faster processing than MPLS.
Use Case Comparison
Let’s take a look at a use case. Most offices have an internet connection and the IT team will need to configure all of the devices on the network. If the office IT team has MPLS, they would need to peer, or buy a larger router. In addition, they would need to deploy specific routing protocols. SD-WAN accomplishes device configuration much faster when compared to other options. SD-WAN allows the IT team to specify the configuration exactly to their needs, allowing flexibility, by creating a flexible VPN overlaid on the internet that has already addressed routing issues.
Why is this beneficial? Certain applications do not require a high level of security nor routing setup. With SD-WAN, IT can quickly setup a VPN to enable traffic segmentation at the edge versus sending all traffic to the cloud. If the solution requires a high level of security, IT can focus on customizing that setup on a case-by-case basis. Whereas, MPLS does not have any accommodations for security or flexibility.
Here is where internet drain comes into play. Most, if not all, service providers have created an MPLS firewall service so you as the customer cannot drain that unwanted internet traffic. Service providers will require all traffic destined to the internet at the edge to be treated as the same versus segmenting. This sends untrusted traffic straight to the internet and sending that trusted traffic, like Point-of-Sale (POS), Personally Identifiable Information (PII), etc. through a firewall for intrusion prevention and threat detection. However, most service providers will limit that, or even charge you for the bandwidth. Why? MPLS is sold by bandwidth, not by features. Why pay for the internet twice?
Applying to Your Use Case
As a general rule, internet traffic must be secured with protocols such as Secure Sockets Layer (SSL) and Internet Protocol Security (IPSec). Network gateways must be protected with firewalls. Without security, your data is vulnerable.
Now that we have the tech stuff out of the way, lets discuss the possibility of SD-WAN replacing MPLS. SD-WAN providers often claim that the technology will replace MPLS and extremists go as far as saying that one should completely forget about MPLS. Nothing is further from the truth! As long as guaranteed QoS is needed, there will be a need for reliable transport. MPLS, or any other transport, can accomplish this, but SD-WAN cannot with pure internet links.
There's a big difference. MPLS is a WAN technology where a user has full control over traffic engineering. SD-WAN, on the other hand, is an edge technology; all of the intelligence in SD-WAN lies in the edge and orchestration in the cloud which relies on the business user to define. To an SD-WAN edge device, the network is an agnostic cloud with a black box. Therefore, SD-WAN can make decisions based on settings and parameters at the edge. However, this leaves you with little control over what is in the cloud. Even SD-WAN vendors would tell you if mission critical applications are dependent on speed, you might need a MPLS link in parallel to the broadband link. This ensures QoS for real-time traffic like voice and video.
What this all really means is the internet is best-effort service and MPLS is guarantees specific performance by SLA. The internet needs more layers to perform at a level MPLS does, but MPLS lacks the flexibility to control which application needs priority, causing you to be all or nothing. SD-WAN removes the nothing from the equation. If you are like most who have come to grips with slight jitter, or delay, then think of SD-WAN like cell phones. They might be slow at times, but they are always on.
Let’s return to our sports analogy. Bottom line: MPLS is like a nose guard allowing you to run your play without flexibility and knowledge of the other players. SD-WAN is like a quarterback, bringing you the flexibility of reading what play the defense is calling and the ability to call an audible to change it. A defensive end does not replace the quarterback and vice versa, but the defensive end does give you options that, in some cases, could be better.
Quick Comparison Guide
|Hardware and network dependent
||Software-defined WAN with Virtual Network Functions (VNF)
|Lengthy provisioning of high cost, dedicated circuits
||Short provisioning times leverages Broadband
|Complex on-site provisioning
|Major purpose-built hardware investments
||Integrated multifunctional appliances
|Costly implementation and operation
||Up to ~50% cheaper total cost of ownership (TCO)
|Complex WAN management
||Unified WAN & appliance management
|Complicated enterprise security and no encryption
||Simple and tailored branch security (NGFW, VPN,SIEM services, Encryption)
|Murky visibility and control
||Clear transparency with visibility and control
|Strong network resiliency
||Agile resiliency (automated failover)
|High QoS and Packet Loss avoidance
||Conditional QoS (redundant links needed to prevent packet loss)
|Best for mission critical links between two locations
||Best for distributed enterprises with failover needs like Cellular