SD-WAN is the latest buzz word in networking and wide area networks. Established firewall and router vendors are rushing to re-brand their IPSec VPN capabilities as SD-WAN, with a number of extra new features thrown in. Newer entrants are establishing themselves as the solution to avoid expensive and costly traditional MPLS networks.
Who’s right?
Is SD-WAN the next best thing in Wide Area Networking?
Does MPLS still have a role to play for multi-site organisations?
Our Verdict
- MPLS is not dead yet and still has a place and can even form part of hybrid SD-WAN/MPLS solutions. Giganet still continue to receive demand for these.
- MPLS has typically been thought of as expensive. Giganet’s MPLS offering is very cost effective compared to the competition. You will be surprised!
- MPLS is perfect for UK-based multi-site organisations requiring the best, fully-managed connectivity, managed QoS and higher SLAs than SD-WAN could ever provide.
- SD-WAN offers organisations that span the globe a more cost-effective way of linking sites together, as international MPLS solutions have been typically very expensive.
- SD-WAN is also ideal for organisations that don’t require much inter-site communication, as most services are hosted in the cloud, but who may have some applications still needing the odd occasional transit.
- SD-WAN offers you choice, and flexibility and doesn’t lock you into an ISP. You disaggregate the networking devices from the connectivity, whereas with MPLS everything is provided as a managed service.
- MPLS offers the best solution for rigid SLAs and QoS, as it leverages private/dedicated connectivity, with private links also available into large cloud providers such as Amazon, Microsoft or Google.
Ultimately, the conversation with a network specialist will help you to identify which is right for your organisation, now and into the future.
SD-WAN
SD-WAN is an acronym for Software Defined Networking, in a Wide Area Network. It takes what typically has been a feature of many firewalls, (IPSec site-to-site VPNs), and adds a number of features and automation to improve the reliability, monitoring, performance and capabilities.
As an example, SD-WAN hardware can support two or more Internet connections from different Internet providers (ISPs). The SD-WAN network device can monitor the performance of the various Internet connections and make intelligent choices as to which circuit is used for what type of data in real-time, automatically. For instance, VoIP traffic is latency and packet-loss sensitive, so the SD-WAN device can prioritise this traffic over all other types, as well as route this via a circuit that exhibits the lowest packet loss and latency to its remote destination. If the primary Internet circuit were to fail, then the traffic would automatically re-route via the alternate Internet circuit. This is whilst the SD-WAN device could be sending data destined to your Amazon AWS cloud over another Internet circuit which features slightly higher latency, but load balances the traffic.
Features of SD-WAN
- Resiliency
- SD-WAN networking devices can support one, two or more Internet uplinks and automatically failover Internet & WAN connectivity in the event of outages affecting one or more circuits.
- Quality of Service
- SD-WAN networking devices can be configured with rules that prioritise certain applications and traffic over others, for example, VoIP over E-mail and Web traffic, video conferencing over backup, and Salesforce over YouTube.
- Security
- SD-WAN features dynamic IPSec VPN tunnels as traditional site-to-site VPNs have always used. Pre-shared keys, proposals and other complex security configurations are usually automatically managed.
- Application optimisation
- Some SD-WAN networking devices can cache data, which is especially important for those sites with very poor and slow connectivity. The effectiveness of this however remains questionable given today’s requirement for live/instant communications.
- Deployment Options
- SD-WAN can be deployed across multiple ISPs connectivity circuits, and circuit options such as ADSL/4G/FTTP/Leased lines, on-premise or within public/private cloud.
- Administration and monitoring
- Many SD-WAN solutions feature live dashboards where the SD-WAN solution can be configured, monitored and troubleshooted, without the need for logging into any CLIs.
MPLS
MPLS is an ISP fully managed private Wide Area Networking solution. MPLS is an acronym for Multiprotocol Label Switching and actually is just one protocol that is used to construct a private WAN for the customer over the ISP’s core network.
MPLS differs to SD-WAN in that the ISP chooses the networking devices at the customer’s sites, and fully manages these. All Internet circuits have to also be provided by the same ISP, but these could be using different underlying carrier networks, or technologies such as leased lines, FTTC and 4G. Typically with an MPLS, Internet breakout is central via the organisation’s centrally-based firewalls (either at their HQ, or could be colocated in the ISP core network).
So with MPLS, you don’t get much choice over the ISP or networking devices, but what you lack in that regard, you then get high SLAs, full management, single point of contact and QoS guarantees in spade.
Features of MPLS
- Fully Managed
- MPLS is a fully managed solution. The ISP takes full responsibility for the entire WAN solution; the networking devices, the data circuit(s), the core ISP network, the QoS policies, the monitoring and the configuration.
- Quality of Service
- As the ISP is solely responsible for the various data circuits, they are the ones best placed to ensure that traffic can be prioritised end-to-end from the customer’s site to the core network. With third-party internet circuits, the quality of those internet circuits cannot be guaranteed usually, especially if you are using different ISPs at each site.
- Scalable
- MPLS networks are inherently scalable, as their construction is hub and spoke, and private layer three traffic is routed between the sites. The MPLS can grow to 100s and 1000s of sites without needing to consider upgrading the customer site networking devices.
- High SLAs and single point of contact
- Due to the solution being fully managed by one ISP, the ISP can offer high SLAs and guarantees, with faster response times. The ISP can offer this as they are fully managing the entire solution, including the hardware, various data circuits, and core network.
- Deployment options
- Giganet connects to over a dozen carriers, over various different technologies, such as ADSL/FTTC/G.Fast/FTTP/Leased lines/4G – all privately interconnected to our core network. Other MPLS providers may not have this choice, and this is what has helped sway people to SD-WAN solutions.
Hybrid SD-WAN MPLS Network
Giganet is particularly excited over hybrid SD-WAN MPLS solutions, and we have recently deployed a number of these for customers who:
- Are mainly UK-based, and require a fully managed WAN that offers the MPLS features.
- Have international sites that need to be part of the WAN, but can’t justify or need the guarantees of extending the MPLS internationally.
- Require to link up to cloud infrastructure providers, such as AWS/Azure, but don’t require the ExpressRoute/Direct Connect.
With these solutions, typically an SD-WAN device (or two spanning multiple data centres in HA mode) are installed within the ISP’s core network, and from this resilient location, the SD-WAN networking can take place to the remote site locations.
Giganet has experience working with Cisco Meraki’s MX security appliances in this regard.
Conclusion
SD-WAN takes the old traditional IPSec site-to-site VPNs but makes them fit for purpose in the 21st century. Auto VPN configuration, auto-failover, intelligent packet routing, easy configuration and monitoring, and ISP independence. MPLS offers a fully managed alternative which can offer similar benefits, but these are provided against higher SLAs, and from a single provider to assist with ‘blame game scenarios’.
By speaking to a provider like Giganet, we are able to learn about your current set-up, and requirements, and then produce a range of options for you to consider with an ultimate recommendation.