MPLS VPN vs SD-WAN

MPLS has long been considered the top-of-the-line inter-connectivity between two network endpoints using a VPN (virtual private network). Large enterprises have been relying on these fast and secure networks for decades, and have also paid the premium price associated with maintaining their MPLS infrastructure. With the recent explosion of sophisticated (and much more cost-effective) broadband bonding solutions, more and more companies are exploring the option of either replacing their MPLS network outright, or augmenting it with a broadband bonding solution.

Let’s discuss what MPLS VPN is, how it does such a great job routing and forwarding traffic, and touch a bit on the costs associated and how they may be alleviated by incorporating an broadband bonding solution into the enterprise network.

How Does MPLS VPN Work?

MPLS (Multiprotocol Label Switching) is a mechanism for service providers to have the ability to route and forward packets faster within their backbone network, especially compared to the legacy Frame Relay or ATM type networks. When the MPLS backbone network is used to connect enterprise branch offices to each other, this is known as MPLS VPN.

At a high level, MPLS creates a tag (label) that gets attached to a packet and can be quickly read off of that packet on the next router. The router can then make next hop routing and forwarding decisions without investigating the network layer header, as long as the router supports MPLS. What that means is that the router can take advantage of the mapping that it had generated from MPLS labels to FECs (Forwarding Equivalence Classes) – a much quicker technique compared to investigating the network layer header and processing a routing protocol for each and every packet.

This scalability feature of MPLS becomes handy when the architecture is designed to manage the backbone of an MPLS VPN network for enterprise branch offices. In this case, the branch office appliance management can be separated from the provider side routers (also called provider edge routers) as well as the routing and forwarding between the provider edge routers to accomplish the branch-to-branch packet delivery.

The ability to scale the management of the MPLS VPN backbone is a tremendous plus for the service provider compared to the legacy method of connecting branches via ATM or Frame Relay. The service provider edge routers will use BGP (more accurately the Multiprotocol extension of BGP which uses VPN-IPv4 to create different routing tables for different VPNs) to share routing information between them. However, once the routes are updated, MPLS labels and FECs are used to speed up the forwarding to the next hop.

Within the MPLS framework, MPLS VPN also has some additional features where clients can inject packets into the provider edge from various endpoints and therefore can get different labels with different QoS treatment. Similarly, other information from the packets can be used to generate different MPLS labels and therefore different treatment within the MPLS VPN.

The most common implementation of MPLS VPN is the layer 3 VPN (also known as Virtual Private Router Network – VPRN) and is popular for creating and managing connectivity between enterprise branches when the MPLS VPN is managed by the service provider. Another common implementation is the layer 2 MPLS VPN, (also known as Virtual Private LAN Service – VPLS), where the functionality is similar to having a layer 2 switch in the cloud. These types of layer 2 MPLS VPNs are used for carrying real-time traffic such as VoIP and video.

One hot trend in the IT sector is the ability to boost bandwidth capabilities of branch offices by adding cost-effective broadband lines into an MPLS VPN network. This is especially important since the cost of MPLS networks – creating, upgrading, and maintaining them – continues to be a significant factor.

What Drives MPLS Costs?

Regardless of the market, MPLS pricing is generally based on the same general components, such as:

• Port Type – As mentioned above, MPLS networks can be provisioned over different underlying transport. But those different transport types often have different costs.
• Port Speed – This is what most people are referring to when they say ‘bandwidth’, and it refers to the size of the port and pipe at a given location.
• Local Loop – This is perhaps the most location-dependent aspect of the pricing for any given MPLS network, and the most variable. The local-loop charge is for the local connectivity between the MPLS switches for a given carrier, and the location(s) in question which require the service.

The cost of MPLS can vary widely based on carrier, discount levels, volume commitments, and other factors. For example, in the United States, the general rate for a DS-1/T-1 MPLS circuit will come with a list rate of anywhere from $750 to $1000 per month – that is $585 per Mbps, compared to $2-$10 for standard Broadband Internet lines. In other words MPLS is 100 times more expensive per Megabit delivered compared to other business class connectivity options.

Pricing models are also a major factor in overall MPLS pricing. Each carrier typically has their own pricing model, where they charge you more for prioritizing different sets of traffic depending on their CoS (Class of Service). The base rate might ignore the CoS completely and just forward all traffic in a “best-effort” attempt, while the higher tiered rates would allow for bandwidth allocations and prioritizations based on CoS values.

How Does Broadband Bonding / SD-WAN Fit In?

MPLS cost is one of the primary reasons why MPLS growth has flattened in recent years, even with the enormous growth in data usage and cloud connectivity needs of businesses, both small, medium and large. Projections suggest that MPLS revenue will start to decline (if it hasn’t started yet). The reason for this decline is the emergence of SD-WAN – the technology that can intelligently merge the best of both worlds from the quality of MPLS networks and the cost effectiveness of layer-3 bandwidth.

By combining these connectivity transports using SD-WAN (also referred to as broadband bonding or WAN virtualization), businesses can combine two or more Internet connectivity resources. So, rather than upgrading to a very expensive MPLS service, the business can add cost-effective broadband such as DSL, Cable, or even 4G LTE or 5G into their WAN resources to increase performance and reliability without the steep cost of MPLS.

With SD-WAN devices in the offices, businesses can either add cost-effective bandwidth, or in some cases, fully replace their MPLS networks with broadband bonding. Because of the agility built into some of the SD-WAN solutions, the application flows are intelligently managed and routed around network problems, therefore raising the quality of the WAN links beyond their standalone SLAs. As an example, a single WAN link may have three nines reliability, however, combining three such WAN links will raise the reliability to six nines – well beyond typical MPLS reliability.

As discussed earlier, MPLS does have some natural advantages over other network solutions. How practical and how important are these advantages of MPLS and how does SD-WAN compare in terms of performance and security? The practical comparison is critical, because we already know that an SD-WAN based solution, which relies on intelligently managing cost-effective broadband lines, has a significant price advantage over MPLS. So does the cost differential of MPLS justify the promised performance and security advantages?

It does not. Unlike MPLS, SD-WAN can react to changing transport conditions and therefore does not rely on any one of the transports to stay problem free. In the case of MPLS, if your MPLS transport has a problem, there is no other way to fix your network other than fixing the MPLS transport — not so with most SD-WAN solutions that support intelligent overlay tunnels, where you have a diversity of WAN transports. As a matter of fact, most WAN transport issues can be converted into scheduled non-urgent maintenance, as long as they are managed by a modern SD-WAN solution that support advanced overlay tunnels. Of course, since not all SD-WAN solutions are created equal, we recommend SD-WAN solutions that can offer advanced overlay tunnels with broadband bonding capabilities and application-based per packet steering.

OK, How About Security?

With SD-WAN, you are using the public Internet and security issues abound. However, looking at the section of the connection that is between endpoints (say two branches of a business), the overlay tunnel carrying the packets over that segment will be encrypted. Furthermore, SD-WAN allows users to inject already encrypted traffic into the overlay tunnels if they prefer to do so. So in essence, SD-WAN is 100% secure and MPLS has no specific security advantage over SD-WAN. Another thing to keep in mind is that if the packet flows need to communicate with servers in the public cloud, MPLS will gateway out to the public Internet anyways.

Putting It All Together

So, does this mean you need to rip out your MPLS services and install SD-WAN? Yes, but perhaps there is a way to implement this change in phases, whereby instead of upgrading MPLS to higher tier throughput and cost levels, you can bring in cheap bandwidth with SD-WAN and have a hybrid network where SD-WAN and MPLS co-exist. This is actually a fairly common use case of SD-WAN, i.e. an augmentation of MPLS, instead of full replacement.

Rob Stone, Mushroom Networks, Inc. 

Mushroom Networks is the provider of Broadband Bonding appliances that put your networks on auto-pilot. Application flows are intelligently routed around network problems such as latency, jitter and packet loss. Network problems are solved even before you can notice.

https://www.mushroomnetworks.com