Time to Reconsider Your MPLS Network?
MPLS has been widely deployed for decades because it’s a secure and reliable solution for site-to-site VPN connectivity between branch offices and data centers. Contrary to what other SD-WAN vendors are saying, we believe MPLS is still very viable, and will have a place in the WAN for years to come.
With that said, there are many good reasons to add other connectivity types, like broadband and wireless, to lower costs, gain greater agility, and connect to cloud/SaaS. While these other network options by themselves don’t offer the security and reliability of MPLS, when aggregated together through an SD-WAN, they instantly become part of a virtual pool of secure, reliable and agile bandwidth that can support users anywhere, and deliver applications everywhere. SD-WAN can steer traffic to a variety of cloud and SaaS services outside the traditional VPN, and will do it much faster and more cost-effectively than a private circuit.
MPLS in review
Cloud-delivered SD-WAN provides enterprise-grade, transport independent branch connectivity. It also offers a variety of new techniques to increase the agility and efficiency of the WAN. Let’s examine this further.
MPLS is a label switching technology that forwards packets at layer 2—typically within a service provider network—without resorting to layer 3 routing. As defined by IETF RFC 3031, MPLS adds a 4-byte label to an IP packet header upon ingress into the MPLS network; the label determines the fixed forwarding path of the traffic flow without requiring the intermediate hops to inspect the IP header’s addressing parameters; the MPLS network egress router again removes the label.
MPLS effectively builds “tunnels” across a routed IP network to efficiently forward packets that follow a fixed and predictable path.
Label switching evolved from older point-to-point connection-oriented technologies such as Frame Relay and ATM. MPLS preserved the forwarding efficiency of the older layer 2 technologies, while carrying traffic over a L3 routed IP network, and enhanced network flexibility by building virtual “leased circuits” that can be reconfigured without requiring physical, layer 2, or layer routing table changes to the network.
Label-switched “tunnels” provide separation between different customer traffic on a service provider network—a method of forming VPNs. It is also used to build VRFs (Virtual Routing and Forwarding) within a single customer’s private network. The IP packet content following the MPLS label can optionally be encrypted end-to-end without impeding the capability, or efficiency, of forwarding the packet—offering secure (encrypted) VPNs or VRFs.
MPLS has been deployed globally within service provider and private networks because of its security and reliability. It provides a configuration-controlled method for service providers to share its physical infrastructure resources securely among multiple customers’ VPNs — with separation only, or with separation and encryption.
Originally evolving to replace Frame Relay and ATM circuits, MPLS architecture is well-suited to hauling traffic efficiently over a pre-determined path between a branch office and an aggregation site, typically a hub site (in a hub-and-spoke network), or a data center.
However, MPLS architecture is not well suited for the flexibility needed when traffic flows to a frequently-changing variety of “off-network” (e.g. off the MPLS VPN) destinations, like cloud, SaaS, and branch-to-branch traffic. As Internet, cloud, and SaaS destinations become increasingly common, the reliability and security of MPLS must be carefully considered against its rigidity and inflexibility.
MPLS is not known for its ease of deployment and cost-efficiency. When enterprises need to expand bandwidth, MPLS is limited by a strictly governed-as-procured SLA link. This can be a barrier for a growing business that needs to expand quickly and cost-effectively. Also, MPLS does not support the agility required by mobile (e.g. traveling kiosks), or temporary sites (e.g. a conference booth, or construction site).
SD-WAN overcomes MPLS limitations, by aggregating other forms of low-cost bandwidth (e.g. broadband and wireless), and delivering them within an agile solution. While these networks don’t inherently provide enterprise-class reliability and security, SD-WAN adds these capabilities using a number of technologies and techniques.
Mosaic SoftWave SD-WAN is independent of the underlying transports, and uses a multitude of technologies, icluding:
- Per-packet forwarding
- Dynamic Multi-path OptimizationTM
- Continuous monitoring
- Application steering with sub-second protection against brown-outs and blackouts
- On-demand remediation
- Packet replication
- Dynamic jitter buffering
Cloud-delivered SD-WAN optimizes the delivery of traffic directly and efficiently to cloud/SaaS sites using software defined encrypted tunnels. Traffic is dynamically steered, and leverages cloud-based CPE and gateways. Rest assured, there is not need to rip and replace your existing MPLS solution. SD-WAN can run in parallel, providing optimized paths for traffic flows not destined for traditional data center, or as an overlay on the legacy network, introducing application steering flexibility.