There are a lot of opinions on the web when it comes to comparing and contrasting Software-Defined Wide Area Networks (SD-WAN) versus Multiprotocol Label Switching (MPLS) technologies. That all stems from the fact that often providers are pushed to choose one over the other and they’re looking to understand differences with pros and cons.
Many times the discussions on the topic are biased and influenced by vested interests. This report will aim to provide an objective view on SD-WAN vs MPLS and point out the different methods by which they achieve the end solution. Having that knowledge will empower consumers to make smarter decisions in their design choices.
What are the main differences between SD-WAN & MPLS
The virtualization of network functions makes SD-WAN different than MPLS in a nutshell. SD-WAN can run on top of other hardware devices that share different functionalities as MPLS is typically running on proprietary hardware.
SD-WAN solutions might be deployed on the public internet compared to MPLS which requires private lines to operate. In some scenarios, SD-WAN is intertwined with MPLS and they work in concert.
As MPLS is using labels attached to packets to make forwarding decisions, it is considered to be a layer 2.5 protocol. It resembles switching and routing at the same time in the way it works and for that reason, it doesn’t fit in a single layer perfectly.
That leads to the question most network architects are faced with: Should we go with SD-WAN rather than MPLS?
Especially when an MPLS solution is already in place, switching to an SD-WAN architecture will undoubtedly have business implications.
Just to outline the advantages of SD-WAN from the very beginning and why many companies are considering adopting the technology, it might be safe to say that SD-WAN could be less expensive which is the main driver, more secure and provide superior performance. In addition to these benefits, SD-WAN can offer better transparency and control over the whole network. The flexibility of managing an SD-WAN-enabled network is huge, to say the least as it’s controlled from a central portal, rather than configuring MPLS on every device separately.
Today’s applications demand flexible networks that can be reconfigured in a blink of an eye as business goals change all the time. MPLS networks tend to be very complex in the way they operate and have a quite rigid structure. Modifying metrics on one device will affect the whole network which may require reconfiguration of other nodes to maintain proper functioning. All that extra work coupled with the inability to recognize latency-sensitive applications intelligently, pushes network providers to upgrade to SD-WAN solutions.
It is worth to point out at this stage that not all SD-WAN solutions are made equal and some MPLS networks provide better security. MPLS is a secured tunnel going through a service provider’s network as opposed to SD-WAN which might be on the public internet and fail to incorporate integrated security. For that same reason, Digital Carbon has ensured that security is heavily integrated and the network functions are controlled from the central portal. Below is a high level view of how all that works.
Let’s review the main pros and cons of the two solutions and get more informed on why to choose one over the other.
The old model of many organizations was to link all remote branches to the central office with MPLS connections and backhaul all the traffic from the branches to the central network for forwarding. That method compared to modern SD-WAN solutions is very inefficient in terms of cost.
Software-Defined WAN decreases cost by utilizing distributed nodes that users can access and use services on the network directly.
Security Considerations between SD-WAN & MPLS
MPLS may provide private links compared to SD-WAN and that may lead us to think that the connections that are running through the service provider are protected. That may be true up to a point or in certain cases but in practice, most of the MPLS connections don’t provide any overlay security mechanism that inspects the actual traffic traversing the network. If this is to be achieved, an additional firewall with IDS/IPS functions should be installed in a strategic place on that network.
Compared to SD-WAN and its virtualized nature, many solutions are integrating traffic inspection, scanning for malware, and other exploits on every SD-WAN node.
Performance Improvements over MPLS
Costly MPLS private links may outperform SD-WAN in certain scenarios and may even be better suited to a few business cases but they definitely have their weaknesses. They do provide a fixed and guaranteed bandwidth which is quite reliable but most often than not a large portion of that network capacity is not used at all. This proves to be extremely inefficient as prices tend to be for renting the whole circuit.
Another issue to consider is that certain applications need constant monitoring of the latency and smart adjusting on the fly to accommodate that sensitive requirement. Most SD-WAN solutions offer flexible configuration of those parameters as applications’ needs change often. They can be set up to quickly adapt bandwidth and other services automatically so the network can function seamlessly.
MPLS Better than SD-WAN Scenarios
There are a few business cases where MPLS may be the preferred choice. Since MPLS connections tend to be private and physically secure, they are very attractive to applications that require a high degree of privacy and security. Another benefit is the predictable traffic on the circuit as they are used more privately and offer a more stable data stream. It can be considered as a first go-to, any day of the week where security and reliability are top priority and cost is not an issue. MPLS is still an option for any SD-WAN solution however which creates the opportunity to have the benefits of both worlds and not need to choose.
The Suitability of Secure SD-WAN
When SD-WAN is coupled with security features and deep traffic inspection, it wins in almost any scenario. Digital Carbon’s experience proves that SD-WAN solutions are more suitable to almost any business today as the applications have changed dramatically over the years. The level of granularity SD-WAN provides for the network is extremely beneficial to the needs of adaptability and network reconfigurations often required by today’s traffic demands.
Traditional SD-WAN solutions that don’t incorporate an added layer of security may only boast with the central point of control compared to MPLS but having security deeply embedded in the SD-WAN solution is bringing one of the most important features to the table which is also transparent and managed directly from the control plane.