How are MPLS networks delivering vs SD WAN? MPLS remains the only way to deliver end to end Quality of Service with built in privacy. However, SD WAN offers intelligent control of traffic with complete security and access to public cloud using the Internet.
In recent years, MPLS VPN services have started declining due to the rise of cloud computing and SD-WAN over the Internet. These fundamental shifts in user behaviour and technology advances have left many questioning the role MPLS in future network decisions. However, a closer look at both technologies reveals that both WAN services are not without their disadvantages.
Get advice from our research team over Zoom. 100% free one-on-one help and personalised SD WAN & SASE recommendations.
In this article, we explore why, despite these challenges, MPLS remains relevant for particular business needs today and likely will remain so into 2021 and beyond. In general, IT teams believe that MPLS technology is no longer relevant due to expense, slow processes and weak features when compared to SD WAN vendors. I agree with this opinion but readers should note that MPLS use cases still exist for specific requirements.
“Try the MPLS or SD WAN quick assessment and receive instant vendor recommendations.”
What is the use case for MPLS?
- Quality of Service (QoS) - the Enterprise can prioritise traffic and guarantee bandwidth on demand.
- MPLS traffic engineering - bandwidth allocations and network resources are allocated regardless of the best path routing protocols. These 'paths' allow service providers to ensure the best possible route across their core network exists based on factors such as core network bandwidth resulting in predictable latency.
- Security - private networks are inherently secure; each customer has their own VPN routing table with complete separation. MPLS network traffic is private and not shared across customers or with the public Internet.
- Private Cloud - certain sectors are still creating private cloud infrastructure with MPLS access circuits.
Is MPLS more secure vs. SD WAN?
SD WAN VPN, using encryption, ensures confidentiality and integrity across public internet connections. In many ways, SD WAN with SASE security is viewed as more secure because of ZTNA (Zero Trust Network Access) and NGFW (Next Generation Firewall). In short, SD WAN is able to analyse traffic flows and packets whereas MPLS customers are expected to trust the service provider to correctly manage their security policies. Although MPLS traffic are securely transported using private backbones, many IT teams now deploy MPLS with encryption to further secure their connectivity.
“SD WAN with SASE security is viewed as more secure because of ZTNA (Zero Trust Network Access) and NGFW (Next Generation Firewall).”
Is MPLS QoS a significant advantage and how does it compare to SD WAN?
MPLS network QoS operates by prioritising applications during times of peaks or spikes in traffic. MPLS provides an effective way to deliver QoS policies with guaranteed service levels, enabling a business to deploy new applications without sacrificing performance on existing ones or simply spending budget on increasing bandwidth.
Applications that require priority are entered into their relevant Class of Service which guarantees a level of performance which is outlined within the service provider SLA. MPLS guarantees the amount and type of bandwidth allocated to each application, which can be used to ensure specific level(s) of service for voice, video and mission-critical applications.
MPLS QoS is defined as:
- Best Effort.
- AF - Assured Forwarding (Mission Critical).
- EF - Expedited Forwarding (Delay Sensitive).
An MPLS SLA provides committed data rates to a specified percentage of line speed with guaranteed latency and jitter requirements. An example is EF which is primarily used for VoIP and video conferencing environments where packet loss may be unacceptable at other quality levels.
SD WAN does not offer an end to end guarantee of traffic but it does offer more granular control of application flows. If one of the applications suffers high latency or packet loss, SD WAN will use features to make the most of poor connectivity or auto failover to an alternative circuit. Leveraging more than one provider allows SD WAN to choose the best path based on response times and bandwidth. Although SD WAN QoS is only local (not end to end), the technology offers much more granular and feature rich control of applications.
What is the typical MPLS network SLA (Service Level Agreement)?
- Network uptime: 99.999% (24x365 coverage)
- Latency: 50ms to 100ms is typical
- Jitter: typically less than 20 ms or so, assuming fair queuing of packets by the network infrastructure and traffic shaping algorithms are tuned appropriately for specific applications
Why MPLS does not meet the demands of public cloud access?
Azure, AWS, and Google cloud public offer virtualised access anywhere in the world with any bandwidth you want without the need to provision costly MPLS circuits. While it is possible to use technologies such as Microsoft ExpressRoute to connect private circuits into the public cloud, SD WAN offers a much easier path to public cloud consumption via VPN. Software WAN services offers flexibility and agility; vendors provide access to public cloud via multiple ISPs, which are selected based on your location, app type and performance requirements.
SD WAN relies on the public internet, whereas MPLS offers layer 3 any to any topology or point to point/multipoint connectivity for LAN extension/data centre extension via private routing tables. The majority of Enterprise networks are based on hybrid architectures consisting of public and private technologies that offer redundancy, resiliency against packet loss, and performance optimisation.
Is MPLS expensive vs SD WAN?
MPLS is not inherently more expensive than SD-WAN in the UK but this does vary across countries - US MPLS is generally much more expensive vs. Internet. It really depends on the service provider and whether or not your business requires managed services.
If cost-saving is the intent, replacing MPLS with Broadband circuits or the lowest cost leased line based on your location will reduce the overall expenditure. For example, an organisation with satellite offices in remote areas can use SD WAN with local 4G or Broadband.
“SD WAN technology will then apply intelligence to improve traffic flows even if the underlying connection is poor.”
SD WAN technology will apply intelligence across low cost circuits to improve traffic flows even if the underlying connection is poor. Similarly, SD WAN can deliver by using multiple circuit types if high availability is a requirement, whereas MPLS is restricted to expensive primary and failover circuits. MPLS and SD WAN Internet can leverage highly resilient and diverse products such as BT RAO2. MPLS also has the disadvantage of being dependent on a single provider, making the network vulnerable to failures by that company; additionally, MPS traffic is not encrypted at all points which is almost a must-have feature in 2021.
As we have discussed in this article, MPLS has many properties which stand out and offer significant benefits. Software WAN over the Internet offers way more benefits across agility, management, security and traffic performance. With the adoption of public cloud and remote working, MPLS will meet a small percentage of business cases.
MPLS in 2021 offers:
a) Higher cost but the capability to prioritise network connectivity end to end with an SLA across latency and jitter.
b) Built-in privacy, but Enterprise IT teams are requesting encryption as they do not trust the provider to manage their security.
c) Single IP backbone to connect global sites end to end.
Glossary of terms
LSP - Label Switched Path.
FEC - Forwarding equivalence class.
MPLS network security - MPLS offers two security modes: Bypass mode where all packets are passed through the network without any modification. Tunnel mode, which applies a set of IP and Layer Two VPN based access control policies to restrict routing.
Packets are encapsulated with an additional identifier that identifies them as being processed by specific nodes in the MPLS backbone. This allows for inspecting each packet against predefined rules before passing it on to its destination or performing other processing actions.