Mushroom Networks Blog

Set your network on autopilot.

Best Practices for Managing MPLS Traffic and MPLS Security

Your edge router is similar to a critical intersection of local roads and ramps to high-ways, where your local traffic is managed and pass onto the WAN (Wide Area Network) side of the network. In most enterprise network architectures today, it is common to see a high-performance, yet expensive MPLS connectivity, as well as cost effective and high bandwidth broadband WAN connectivity. Today's edge routers have the responsibility to intelligently manage the inbound and outbound traffic. A critical part of this traffic management is the MPLS traffic management.

MPLS traffic uses layer2 labeling as opposed to layer3 IP routing (nice discussion about the differences here) and therefore can only be sent over the MPLS connection. Usually MPLS traffic will be limited to packets that are highly sensitive to latency and therefore needs to be transmitted through the expensive "reserved" road. MPLS is similar to a HOV lane, where you can expect to see less other traffic (cross-traffic), primarily because of the cost associated with carrying traffic over MPLS. So in our analogy, it is more like a toll-road HOV, than a normal HOV lane.

If your organization are also prone to these type of cost based frame-work, you need to intelligently manage and orchestrate your broadband WAN lines as well as your MPLS network. Most enterprises today are opting in for taking advantage of the orders of magnitude lower price points of business class broadband lines (such as Cable, DSL, ADSL and VDSL) and limit their MPLS costs. It is also becoming common to see enterprises migrate over to broadband based WAN architectures, provided that their edge router supports Broadband Bonding and advanced Virtual Network Functions (VNFs) that can elevate the broadband lines to high performance links. However, if keeping the MPLS link is unavoidable, then the MPLS traffic can be engineered to have strong redundancy and high up-time beyond what a single service provider can provide. At the core of this idea is the ability for the edge router to fail-over live MPLS traffic onto a broadband bonding WAN tunnel without loosing the session, as well as, keeping transparency to the MPLS transmitter and/or receiver. With this type of MPLS traffic management, a branch office can loose its MPLS link and still be able to send and receive MPLS traffic (albeit going over the broadband bonded overlay tunnel). This is done essentially via encapsulating the MPLS traffic within IP headers so that they can be routed intelligently to the MPLS site the MPLS traffic is destined to, and the headers can be stripped off at the receiving end prior to dropping the packets into the MPLS network at the receiving side, i.e. IP tunneling. Even though fairly simple design-wise, a seemless and correct implementation of this technology requires modern SD-WAN routers that can do the job without adding complexity to the network.

Another important component of managing the failover of the MPLS traffic is the security component. In most cases, since MPLS is over a private network, encryption can be a second thought or even intentionally avoided. Therefore it is important to have encryption option over the broadband bonded tunnels as when the MPLS traffic do failover, it can go through the encrypted tunnel.

Mushroom Networks is the provider of SD-WAN (Software Defined WAN) and NFV solutions capable of Broadband Bonding that enables self-healing WAN networks that route around network problems such as latency, jitter and packet loss.

https://www.mushroomnetworks.com

© 2004 - 2017 Mushroom Networks Inc. All rights reserved.

We respect your privacy. Within a few minutes you will receive an email from our team. You are one step closer to setting your network on autopilot...

Let's get started. Please call us at +1 (858) 452-1031, or fill the form: