SD-WAN vs MPLS: David and Goliath?
MPLS is considered the top of the line inter-connectivity between two network end-points. The idea behind the advantage of MPLS is that it traverses an infrastructure that is operated only by a single operator (usually the local ILEC) and therefore can provide superior security and performance. Is that an advantage over SD-WAN? Who wins the comparison of SD-WAN vs MPLS?
Can the underdog SD-WAN, or David, pull an upset by beating the legacy premium inter-connectivity of choice, namely, the Goliath MPLS?
Just to recap MPLS, Multi-Protocol Label Switching uses labels instead of IP addresses to transport packets from one switch to the next. Since the label look-up is faster and better optimized than IP address lookups, in principle, MPLS will be processed quicker and therefore will have lower latency. This requires the MPLS infrastructure to be managed by a single service provider, which is usually your local telco. In this setup, the end points do not need to communicate with any other IP network and therefore can rely on their in-house switches that talk MPLS and understands the MPLS labels. This not only enables faster processing, but also will be secure as the traffic can be isolated from any other client. Since MPLS transports are dedicated to a single corporate client, they do not have cross traffic from other clients and therefore can avoid congestion.
How practical and how important are these advantages of MPLS and how does SD-WAN compare in terms of performance and security?
The practical comparison is critical, because we already know that an SD-WAN based solution, which relies on intelligently managing cost effective broadband lines, has a significant price advantage over MPLS. So does the cost differential of MPLS justify the promised performance and security advantages?
Before we address this question, it is important to understand how SD-WAN works at a high level. SD-WAN is designed to work in environments that are somewhat independent of the underlying WAN transport, that is to say, the end-user has the option to leverage any type of WAN transport such as DSL, Cable, T1, 3G, 4G, LTE or upcoming 5G wireless. SD-WAN creates an overlay tunnel, similar to a VPN tunnel, where the various WAN transports can be utilized by intelligently steering packets over the WAN paths. The key aspect is for the SD-WAN to intelligently monitor and manage the data flows, so that the performance can be optimized on a per applications basis.
In modern SD-WAN routers the ability to understand and optimize application flows have reached quite astonishing levels, where network problems can be mitigated and worked around in real-time, therefore shielding the on-going application flows from the network problems. These problems include network brown-outs or WAN blackouts. Unlike MPLS, SD-WAN can react to changing transport conditions and therefore does not rely on any one of the transports to stay problem free. In the case of MPLS, if your MPLS transport has a problem, there is no other way to fix your network other than fixing the MPLS transport — not so with SD-WAN, where you have a diversity of WAN transports. As a matter of fact, most WAN transport issues can be converted into scheduled non-urgent maintenance, as long as they are managed by a modern SD-WAN solution. Of course, since not all SD-WAN solutions are created equal, we recommend SD-WAN solutions that can offer advanced overlay tunnels with broadband bonding capabilities and application-based steering.
OK, how about security?
With SD-WAN, you are using the public Internet and security issues abound. However, looking at the section of the connection that is between end-points (say two branches of a business), the overlay tunnel carrying the packets over that segment will be encrypted. Further more, SD-WAN allows users to inject already encrypted traffic into the overlay tunnels if they prefer to do so. So in essence, SD-WAN is 100% secure and MPLS has no specific security advantage over SD-WAN. Another thing to keep in mind is that if the packet flows need to communicate with servers in the public cloud, MPLS will gateway out to the public Internet anyways.
How about cost?
MPLS has a definite cost disadvantage, whereas SD-WAN can provide orders of magnitude higher bandwidth for a fraction of the cost. Especially with today’s hybrid cloud requirements where at least part of the MPLS traffic is required to go out to the public Internet, the cost of MPLS can get prohibitive and impractical very quickly.
So, does this mean you need to rip out your MPLS services and install SD-WAN? Yes, but perhaps there is a way to implement this change in phases, whereby instead of upgrading MPLS to higher tier throughput and cost levels, you can bring in cheap bandwidth with SD-WAN and have a hybrid network where SD-WAN and MPLS co-exist. This is actually a fairly common use case of SD-WAN, i.e. an augmentation of MPLS, instead of full replacement. However, we have a feeling you will move on to 100% SD-WAN soon after you experience the performance and value of SD-WAN in your network.
Cahit Akin, CEO, Mushroom Networks, Inc.
Mushroom Networks is the provider of Broadband Bonding appliances that put your networks on auto-pilot. Application flows are intelligently routed around network problems such as latency, jitter and packet loss. Network problems are solved even before you can notice.