One of the most important considerations on the mind of IT Managers is what to expect when moving from MPLS to SD WAN providers. In the main, there are two areas to consider, both requiring careful thought to ensure any SD WAN solution decisions are not detrimental to your business.
In this article, we’ll explain the differences between the two technologies, across the MPLS and SD WAN market, and how your decisions have the capability to create both positive and negative aspects when deciding on WAN architecture and service elements.
What are the top 5 considerations when moving aware from private MPLS to Internet SD WAN?
1. What are the differences between MPLS and SD WAN Internet underlay support?
One of the reasons for the early successful adoption of MPLS surrounded the service wrap which included dedicated NOC support to monitor and troubleshoot issues. The difference vs Internet VPN, or rather uplift, was often very noticeable in comparison to general Internet leased line support. In the main, the reasons why support was markedly different was fairly simple to understand. The NOC engineers not only understood the up/down nature of connectivity but also the detailed configuration behind individual managed MPLS customers.
In many cases, the staff became knowledgeable and aware of the companies architecture. And, the engineers understand the properties which make up layer 3 MPLS WAN connectivity between sites resulting in support of the overall WAN topology rather than individual circuits.
2. What are the differences between SD WAN vs MPLS Quality of Service?
Perhaps the most discussed feature of any MPLS VPN solution is QoS (Quality of Service). QoS provides end to end guarantees of traffic across WAN services as follows:
- EF (Expedited Forwarding), used for delay sensitive apps (e.g. VoIP)
- AF (Assured Forwarding), used for mission-critical applications
- Be (Best Effort), used for all other traffic (email)
One of the main considerations when moving from MPLS to Internet is the lack of end to end traffic guarantees.With end to end QoS in mind, how does your business ensure application performance? The answer is relative simple; it isn’t possible to guarantee traffic across SD WAN in the same way as MPLS. Instead, an SD WAN provider offers multiple mechanisms to deal with traffic remediation as required.
When SD WAN senses an issue, traffic can be routed using path selection technology to an alternative Ethernet circuit or via 4G/5G wireless / Broadband services. When an alternative link may not be available, certain vendors offer the ability to use multiple circuits bonded as 'one' for bandwidth agregation and resiliency - when a circuit fails or suffers packet loss, the other seamlessly takes over all traffic. In addition, as with traditional WAN routers, multiple WAN edge devices can be used in primary/failover configuration.
3. Should you use a single public IP backbone or multiple ISPs?
The way forward, within the procurement analysis phase, is to evaluate the various Internet providers vs your branch-office locations at the same time as deciding on a single or multi-ISP strategy. With single ISPs, your traffic will remain on the same backbone resulting in the best possible IP performance.
The other additional benefit is single support across all of your circuits which further ensures predictable operation of your WAN. On the flip side, there is the option to use any Internet connection as the basis of your SD WAN underlay. This strategy requires searching the market against each branch-office postcode to examine which connectivity providers best fit your location. Using multiple ISPs is one angle SD WAN vendors use to reduce costs compared to MPLS (see point 5 in this article) but there could be detrimental performance across both support, latency and jitter.
Within any solution, multiple points of contact is not an ideal outcome, especially if any problem is troubleshooted where the issue may not be obvious. This issue is lessened if your business opts to outsource WAN solution management to a managed SD WAN vendor. One of the benefits of using the SD WAN technology across public IP (or Internet if you prefer) is easy access to cloud applications including SaaS & IaaS providers. In respect to network performance, traffic must move from one network to another which has the potential to increase latency and jitter. Where the global Enterprise is concerned, using multiple ISPs could vastly increase network delay vs national counterparts.
4. How different is security across MPLS network services vs the Internet?
Internet is an inherently private technology requiring no encryption or authentication via VPN tunnels. In many ways, privacy is one of the reasons (alongside QoS) why adoption of MPLS occurred during the early 2000s. The fact MPLS links are private is actually viewed as a negative because most cloud services are inaccessible vs using Internet based SD WAN deployment. With Software-defined WAN, security (from a VPN perspective) is provided by SD WAN appliance or NFV encryption and authentication.
Whether your business views the Internet (with VPN tunnels) as a secure medium for traffic is something to initially discuss. We often witness Government and financial institutions discount any type of Internet VPN, rather, they adopt private circuits such as MPLS, VPLS and point to point / multipoint LAN extension.
The truth of the discussion is that encryption and authentication are pre-requisites of any Enterprise security policy which should encompass end to end traffic routing with next generation Firewall protection, UTM (Unified Threat Management), IPS (Intrusion Protection) and virus scanning. Secure SD WAN services are more than the VPN tunnel used to create connections between sites.
5. Can our business save money using Internet vs MPLS Internet connections?
The fundamental ROI (Return on Investment) when migrating from MPLS services to SD WAN products should be evaluated as the sum of all parts. SD WAN brings new features which undoubtedly make it easier for businesses to be more productive across their user access and applications. Implementation of as SD WAN service offers the option to avoid ‘network lock in’ where hardware and managed services are tied to the connectivity contract.
When IT teams are not locked to the MSP or hardware AND connectivity, the Enterprise is free to procure and benchmark as required within their branch-office estate. Whether SD WAN is cheaper vs MPLS also depends on regional pricing policies across Ethernet leased lines. As an example, Internet access in the US is much cheaper vs MPLS circuits but the difference between MPLS and public Internet prices in the UK is actually not too dissimilar.
With the UK, cost savings are often made by searching out the lowest cost ISP for each business location. As mentioned earlier, using a multi-ISP strategy could result in support issues (managing multiple relationships) or negative impact on latency and jitter as traffic moves from one ISP to another ISP (hop to hop).