One of the questions we’re frequently asked by clients considering their WAN architecture is whether to use SD-WAN (Software-Defined WAN) rather than MPLS (Multiprotocol Label Switching)? The answer is: “it depends”.
SD-WAN can be more cost-efficient and more secure than MPLS, provide higher application performance, further network protection from vulnerabilities that MPLS cannot. It’s why interest in SD-WAN has grown over the past few years.
However, MPLS also has its advantages, particularly when an organisation has specific connectivity and security requirements. So, it’s important to consider your specific environment before deciding, as a switch to SD-WAN has significant business implications.
Organisations have typically connected remote branches and retail to the central data centre through a hub and spoke WAN model that relies on individual dedicated MPLS connections. As a result, all data, workflows, and transactions, including access to cloud services or the internet, require traffic to be backhauled to the data centre for processing and redistribution. This increases the total time it takes a data packet to travel full circle, creating latency, data packet loss.
SD-WAN uses software to integrate and manage security, policy, orchestration, connectivity, and other services between, remote branches, data centres and cloud instances. In other words, it decouples data and control. This means an organisation is less dependent on its service providers’ proprietary hardware, multiple links and the potentially high charges that come with them.
SD-WAN provides optimised, multi-point connectivity using distributed, private data traffic exchange and control points, giving users secure, local, direct access to the services they need – whether from the network or the cloud. This makes it ideal for organisations that have remote branches with limited staff, as they can easily upgrade by adding new links without changing the underlying infrastructure.
Organisations can also mix and match network links (dedicated lines or public networks) depending on content type or priority i.e. an SD-WAN can be integrated with MPLS as one of the SD-WAN connections.
MPLS provides a secured and managed link between branch offices and the data centre through the service provider’s internal backbone. Public internet connections do not natively provide that same level of protection. However, MPLS does not provide any sort of analysis of the data that it delivers; that responsibility still falls on the MPLS client. Even when traversing an MPLS connection, traffic still needs to be inspected for malware or other exploits.
Arguably the primary advantage of SD-WAN is security virtualisation as it is mainly based on the use of IP security, next-gen firewalls, VPN tunnels and micro segmentation of applications. This is all done through end-to-end encryption across the entire network, including the internet with all devices and endpoints being completely authenticated using a scalable key-exchange functionality and software-defined security.
A key advantage of MPLS is that it provides a more reliable fixed amount of bandwidth, making it ideally suited to applications that transmit defined volumes of data and require a high degree of reliability. However, going beneath this volume risks lower quality of service or even a loss of connection.
When it comes to avoiding packet loss and keeping an organisation’s most important traffic flowing, MPLS is a good choice as it consistently offers a high quality of service. While this may be an advantage for some, many organisations have highly unpredictable performance requirements. As a result, they may need to lease an MPLS connection that matches their maximum traffic load, and for much of the time, expensive bandwidth goes unused.
When multiple applications are running through the same connection tunnel, latency-sensitive traffic needs to be prioritised. This requires things such as application recognition, traffic shaping, load-balancing, and prioritisation between different connections that MPLS does not provide. In contrast, SD-WAN recognises applications and can adapt bandwidth and other services
accordingly. It can initiate multiple parallel connections and provide granular load balancing between them and can even failover to a new connection should there be a drop in available bandwidth. SD-WAN can also rate-limit less sensitive applications to ensure latency-sensitive applications receive all the room and muscle they require to perform.
What’s best for your needs?
There are many benefits of SD-WAN, from cost to agility and flexibility to ease of use and deployment as well as increased security. However, MPLS will always be in demand, particularly for the many organisations that have specific connectivity and security requirements. When deciding between the two, organisations need to weigh up the pros and cons and ask themselves which needs are paramount in their environment. However, many organisations successfully run MPLS alongside SD-WAN, leveraging the benefits of both technologies.
Get in touch
If you’re interested in carrying out a detailed comparison, we’d love to speak with you.
Call us on 01483 528200