How to compare SD-WAN vs. MPLS?
What goes around comes around.
I started working for UUNET back in 1998, at the Cambridge Science Park. To be honest, I probably exaggerated my experience, but luck favours the bold, and I landed a job as a technical support engineer. (IP engineer for corporate Internet customers)
There is a point to this introduction. Back then, networking buzz was about IPSec VPN’s: the ability to send your corporate data traffic across the internet with encryption. Today, an IPSec VPN represents a relatively safe way to secure your data. Using various security methods, each end device was configured as a VPN, meaning that any unauthorised traffic was dropped.
This was followed by MPLS , a revolutionary WAN technology that did not require any additional security because the traffic was routed across a private infrastructure. Plus, QoS (quality of service) provided priority for our applications on bandwidth-restricted circuits.Today, the buzz is very much around SDN (Software Defined Networking)As a side note, MPLS is a traffic engineering technology which is used on both public IP and private backbones. The term "MPLS" has been adopted by IT managers as a productised name for private networking. In fact, the products should be called virtual routed private networks, or VPRn WAN services. (Not catchy, I’ll admit.) Today, the buzz is very much around SDN (software defined networking) or, to be more specific, SD-WAN.
SD-WAN is essentially version 2 of the internet VPN. At least, this is how the market has captured the product.
However, it is important to note that SDN or SD-WAN is a technology available to enhance all connectivity services, including both private and public networking. Just as MPLS became the term to define VPRn services, the same is happening to SD-WAN. The majority of IT teams will expect a service delivered over the internet.
Software-based WAN services are representative of the way in which capability is developed, not strictly an internet VPN service. Productised SDN or SD-WAN offers a much more capable and feature-rich WAN built on the premise of using Internet backbones for VPN connectivity.
Is MPLS becoming the Frame Relay and ATM, Internet VPN technology replaced back in the day.
The majority of Enterprise networking designs I’m involved with end up a hybrid of connectivity. In some cases, using MPLS makes sense. In others, using SD-WAN does, and when the requirements are very straightforward, a simple IPSec VPN is appropriate.
The reason for using SD-WAN is primarily cost reduction. A quick search will result in several articles predicting that “the days of MPLS are over” as IT professionals look to leverage on the benefits of software based on WAN technology.
Could this be true? Is MPLS finished?
I doubt it very much.
The reason why MPLS WAN is in decline is simply that the Internet is a much better-scaled network than it was five years ago. The very reason why MPLS came into vogue was that the platform was engineered to support data transfer between sites, including voice and video files and critical applications. The Internet today is vastly better engineered and is growing in terms of bandwidth and traffic performance.
Consider how you use technology today. We’re all connected via tablets, phones, and PCs that can access cloud services and corporate applications. They can connect to the internet with the touch of a button with reasonably predictable performance.
I was recently parked by a cell tower that provided 102Mbp/s download speeds. The latency and general performance were exceptional. The connection was via a £50 per month mobile data contract representing a fair amount of connectivity vs the cost of the service.
The prevalence of better internet, mobile 3G and 4G, and cloud applications are turning businesses away from MPLS networks.
Comparing SD-WAN features with MPLS?
The core value of SDN services surrounds the innovation around capability. The goal of SDN is to ultimately deliver hardware that is configured via a software-based central management server. The traditional approach of deploying features is via regular software updates; security and additional features would be added over time.
With SDN, developers are positioned to explicitly write a feature or capability as they would any application. The result, at a high level, is a much quicker, focused approach to WAN enhancements. As an example, the specific software could be written per your requirements.
I mentioned 'the goal of SDN'.
We're not quite there yet. Cisco iWAN and others offer a single device with some great components, including application acceleration, QoS, security, and statistics. The original concept for open source SD-WAN services surrounded the flexibility to allow developers access into the API's enabling bespoke capability. For this kind of approach, you would need to look at something like the Daylight Project:
However, the majority of IT teams will be looking at a productised SD-WAN offering.
In future network articles, I'll write specifically about aspects of technologies such as iWAN, but for this article, I wanted to cover high-level areas of interest.
QoS (Quality of Service)
- MPLS WAN offers end-to-end prioritisation of application traffic, typically over six settings.
- SD-WAN services provide more granular control of application traffic, but not end-to-end.
MPLS QoS is relatively simple to understand. The process is to mark traffic with a setting (i.e., DSCP) which is followed end-to-end.
See diagram below.
Above, you'll see traffic marked at the customer edge through to the provider edge and core provider device. This approach allows organisations to be confident in the performance of their applications even under congestion.
SD-WAN is somewhat different. At first glance, traffic prioritisation is achieved by analysis of applications to a much more detailed level vs. MPLS QoS. Using Cisco iWAN as an example, the software analyses traffic and gauges end-to-end path performance.
The ability to consider the end-to-end path is how SD-WAN achieves an experience comparable to MPLS. With this in mind, the analysis of your internet connectivity must be carefully considered during the procurement process.
SD-WAN covers ALL of your requirements from corporate office branch locations to remote users using Internet connectivity from wherever he / she is based.
SD-WAN functionality is available on multiple devices, including software-based clients. This aspect provides a standardised set of security policies via one vendor across all of your user and extranet profiles.
This is a huge benefit, as you get corporate resources with security and application performance enhancements. Couple these advantages with a lower cost of connectivity vs. MPLS, and you'll quickly understand why SD-WAN is growing in popularity.
Is the best of both worlds a Hybrid WAN approach?
I mentioned at the beginning of this article that a hybrid is often the end WAN architecture.
This is often the case simply because of core network connectivity between head office and branch sites with multiple employees; servers and resources benefit from a predictable MPLS-style of SLA approach.
Companies are often not quite ready to trust SD-WAN for use between main locations. I believe that this is quickly changing, where IP backbone connectivity is deployed by a single provider. Traffic will perform well and benefit from SD-WAN's granular local traffic prioritisation.
How the Global Enterprise faces particular challenges with SD-WAN deployment?
Further to my last comments, we've established that if your organisation is global, using MPLS offers an ideal way to support delay-sensitive, mission-critical applications on an international basis. For the most part, IT would look at large global carriers (think BT Global Services, AT&T, and Verizon) to deploy end-to-end connectivity on a single backbone. If certain locations could not be reached, an NNI (network to network interconnect) would be leveraged.
In more detail, how does global MPLS compare with SD-WAN?
If the deployed connectivity is via a single public IP backbone, my opinion is that the technology is comparable for office connections.
Where multiple IP backbones are used (i.e., the internet), caution should be exercised.
This is because the latency of your applications will be unpredictable. If traffic is traversing multiple hops via multiple ISP's, a business cannot guarantee how mission-critical and delay-sensitive services will perform.
Cloud Services are driving the take up of SD-WAN.
The majority of resources employees use today are on the cloud. They include video conferences, voice messages and calls, instant messaging, file storage and backup, and so on.
The cloud costs the same when considering the main reasons for using Software Defined WAN services.
With an SD-WAN solution, you're leveraging on the power of the Internet, including mobile 3G and 4G access, Internet leased lines, and broadband access to cloud resources. In other words, users can work from wherever they are with sophisticated software and be sure that their experience is secure and fast.
Offering a comparable experience, using MPLS networks, requires a connection with cloud providers or the creation of a private cloud. Remote users will need some form of gateway and a DM-VPN (to use Cisco products as an example again) to secure connectivity in the office. This approach does not provide flexibility.
SD-WAN vs. MPLS Security
Clearly, MPLS has an advantage in this respect: The technology is private and therefore does not require encryption, or so it would seem.
Some believe that most hackers are now more inclined to take data by breaching physically into a system rather than attempting to break into the network from a remote location.
While MPLS networks may be private, the data traveling through the cable is exposed. If a hacker gains access to the wire outside the building, he or she can access the data.
With encryption, the traffic is securely deployed end-to-end.
SD-WAN security is, again, more granular. The statistical analysis of IP traffic, ports, and source and destination traffic allows the device to become very sophisticated at only allowing the right traffic through.
The benefits of SD-WAN include cost, flexibility, and ease of deployment. These are the main benefits talked about, but actually, I believe there are more. I've mentioned granular statistics and security – these are also key benefits that all add to the growing popularity.
With all of these advantages, there will always be a place for private-based networking, including MPLS, VPLS, and Ethernet Point-to-Point or Multipoint services. Financial and government institutions would not trust the Internet for their global connectivity requirements. (This may change and is my opinion.)
Any organisation with customer sensitive data may be reluctant, even with the encryption and security available from vendors such as Cisco.
I opened this article with the statement, "Think of a connection, any connection and deploy."
It is far too early to suggest MPLS is finished. The Global Enterprise must still consider traffic performance on an end-to-end basis, and often Global Internet is comparable from a cost perspective to MPLS – after all, we're talking about circuits connected to similar networks.
I recommend all readers carefully document existing connectivity regarding locations, application performance, and user profile. Armed with this data, consider the future and the applications and services your business is looking to take advantage of which will require certain technology features.
The primary comparison appears to be cost and QoS related. However, there's more to SD-WAN, including ease of management (something we'll discuss in a future article), very detailed packet inspection for security, and statistics with client-based functionality available on phones, tablets, and almost any device.
We've created a further article on SD-WAN provider selection.
An article on layer 2 VPLS WAN services.
Below, coming soon.