For many organizations with corporate WANs built upon MPLS links, SD-WANs appear to be an attractive upgrade for the next stage of networks evolution. As with many IT decisions, the best choice for each company depends on that company’s particular bandwidth needs, security posture, cloud and mobile compatibility requirements, regulatory environment, industry, size and other factors.
That being said, the general pros and cons of continuing to rely solely on MPLS or augmenting those links with SD-WANs can provide informative guideposts for IT executives faced with the SD-WAN vs MPLS choice. Depending on how applicable the strengths and drawbacks of each technology are to a company’s unique situation, they can provide a compelling case for either staying the course, or a strong course correction.
The pros and cons of MPLS
MPLS links establish a private network service, entirely separate from the public Internet. This gives MPLS-based WANs some intrinsic security. As a private network, MPLS providers completely manage their own routing from end-to -end, ensuring efficient routing. Also, MPLS prioritizes traffic via class of service (CoS), which provides the high level of performance and reliability MPLS is known for.
MPLS provides dependable transport between remote locations in a WAN. The low latency, high packet delivery rates, and high uptime are guaranteed by SLAs. For some companies, paying up to increase the bandwidth on their existing MPLS transports may make sense.
For others, however, more bandwidth won’t solve their problems for several reasons. For starters, MPLS bandwidth is significantly more expensive than broadband and takes longer to setup (months in some cases). Thus, more bandwidth would just mean higher costs and more delays.
There are other problems with MPLS as well. Commonly, traffic originating from remote sites and destined for the Internet or cloud-based resources is backhauled over MPLS to one or a few centralized datacenters where that data exits the WAN and enters the Internet. Not only does this gobble up limited MPLS connectivity and create a central point of failure at the datacenter, but this also seriously degrades application performance when that central Internet access point is geographically far from the user while the server hosting on the other end may be very close by. This “trombone effect” of inefficient routing due to the backhauling of data will only get worse as organizations increasingly adopt SaaS, VoIP, and other bandwidth-hungry or latency-sensitive applications.
Of course, bypassing the backhaul for direct Internet access can fix the trombone effect, but at the cost of also bypassing the security stack in place at the centralized Internet access point. Even then, the reliability and performance of commercially available broadband won’t be enough for some business-critical applications.
Is it time to switch to SD-WAN?
SD-WAN solutions were developed to mitigate these problems with MPLS. By aggregating several separate WAN connections into one software-defined network (SDN), MPLS and less expensive broadband (e.g. xDSL, cable, 4G) can be combined at the network level, where application-aware routing and dynamic link assessment is used to automatically select the best connection for each application’s traffic.
Latency-tolerant and bandwidth-heavy applications like email delivery and security patch distribution can be sent over the public Internet, while those more sensitive to jitter like teleconferencing can be routed over MPLS. This way, expensive MPLS bandwidth is consumed only for the traffic which really needs it.
Aside from lowering MPLS bandwidth costs, SD-WAN solutions also simplify WAN management because they come with centralized and software-based network control and policy management. Instead of forcing network admins to manage an army of manually configured routers, they could instead utilize zero-touch provisioning and policy-based orchestration to consolidate management. Deployment of SD-WAN solutions to remote offices now only takes minutes, not months.
Despite these advantages over MPLS, the first generation of SD-WAN solutions still bind enterprises to it, because MPLS is still necessary for business applications which require performance levels the public Internet can’t consistently provide.
Another drawback: besides encrypting all traffic across the aggregated transports, SD-WAN appliances still lacked essential cybersecurity features like a firewall and URL filter, forcing organizations that adopted this first wave of SD-WANs to purchase, deploy, configure, integrate, and maintain those separate appliances themselves.
How cloud-based SD-WAN fits into the decision
Just because the public Internet can’t match the reliability and performance of MPLS doesn’t mean that a backbone forged deeper within the Internet can’t as well. This is the thinking that led to the latest SD-WAN solutions, which are based in the cloud. These solutions are built upon a global backbone which is backed by SLAs and woven from multiple Tier-1 carriers.
Since the SD-WAN’s backbone resides in the cloud, support for mobile users and cloud resources comes built-in. Not only is all the traffic encrypted, but an entire security stack is integrated into the backbone itself, enabling even more convenient and centralized network and security management.
For enterprises large and small whose business processes are very dependent on the cloud, these new cloud-based SD-WANs may be just the solution they’ve been waiting for to finally break free of MPLS. Even organizations that aren’t currently heavy cloud users should still consider them, given the trend of migrating more and more network infrastructure into the cloud, which shows no sign of relenting.