As a CISO or a Network Architecture or Network Security Head, one of the most common question that crosses your mind when you are considering a WAN architecture is “Should I decide in favor of SD-WAN or MPLS? The decision to bet on SD-WAN has significant considerations for the organization, so yes, the question is quite pertinent.
Compared to MPLS, SD-WAN can be less expensive, more secure, and provide higher performance. MPLS can have steep bandwidth costs, while SD-WAN protects your network from vulnerabilities that MPLS cannot. The short answer is that SD-WAN offers better visibility, availability, enhanced performance, and more freedom of action. This is the reason why interest of CISO is rising in the recent years.
Another important area influencing the rise in interest is flexibility. MPLS connections tend to be rigid, fixed connections that can’t easily adapt to the sort of interconnectivity between branch offices that today’s dynamic networks require. They also don’t provide support for things like application recognition or sophisticated bandwidth management for latency-sensitive applications.
Sounds good, isn’t it? But the challenge is that most SD WAN solutions don’t provide the same level of security as MPLS, which is essentially a secured tunnel running through a Service Provider’s secured network. While it is recognized that there are a number of considerations to take into account in selecting an SD-WAN solution, to truly provide a more effective strategy over MPLS, SD-WAN must include integrated security, and both security and network functions need to be managed through a single integrated management platform. Now let us consider and discuss if and when your organization should make the switch from MPLS to SD-WAN in the first place.
Advantages of SD-WAN Over MPLS
Some of the key advantages of SD-WAN can be found by examining three key areas of difference: COST, SECURITY & PERFORMANCE.
SD-WAN Can Be More Cost Effective
In the past, many organizations connected remote branches and retail locations to the central data center through a hub and spoke WAN model that relied on individual MPLS connections. As a result, all data, workflows, and transactions, including access to cloud services or the internet, required traffic to be backhauled to the data center for processing and redistribution. Compared to an SD-WAN solution, this is extremely cost-inefficient.
SD-WAN reduces costs by providing optimized, multi-point connectivity using distributed, private data traffic exchange and control points to give your users secure, local access to the services they need – whether from the network or the cloud – while securing direct access to cloud and internet resources.
Secure SD-WAN Offers Better Protection
A seeming security advantage of MPLS is that it provides a secured and managed link between branch offices and the data center through the service provider’s internal backbone. Public internet connections do not provide that same level of protection. But this comparison is deceptive. MPLS does not provide any sort of analysis of the data that it delivers. That is still the responsibility of the MPLS client. Even when moving on an MPLS connection, traffic still needs to be inspected for malware or other exploits, which requires deploying a firewall and any additional security functions at one end of the connection or the other at a minimum.
To be fair, many SD-WAN solutions, however, have the same issue. Other than some basic security functionality, most SD-WAN solutions still require security to be added as an overlay solution. And for those organizations that try to add security to their complex SD-WAN connections as an afterthought, the challenge is often more than they bargained for.
SD-WAN Delivers Greater Performance
From a performance perspective, MPLS provides a reliable, fixed level of bandwidth. While that may seem like an advantage, today’s traffic has performance requirements that can be highly unpredictable. As a result, organizations need to lease an MPLS connection for their worst-case traffic load scenario, which means that a lot of the time, expensive bandwidth is being unused, and at other times—due to the continuously expanding volume of data being generated by modern networks and devices—the MPLS connection may be constraining connectivity. Of course, some MPLS connections provide a sliding scale of connectivity, but even then, it is limited due to its inability to understand that nature of the traffic it is handling and dynamically make adjustments accordingly.
Adding to the challenge, while all traffic needs bandwidth to function, some applications—such as voice and video—have latency requirements that need to be continuously monitored. When multiple applications are running through the same connection tunnel, latency-sensitive traffic needs to be prioritized, which requires such things as application recognition, traffic shaping, load-balancing, and prioritization between different connections that MPLS simply doesn’t provide.
SD-WAN recognizes applications and can adapt bandwidth and other services accordingly. It can initiate multiple parallel connections and then provide granular load balancing between them, and even fail over to a new connection should there be a drop in available bandwidth, as well as rate-limitless sensitive applications to ensure that latency-sensitive applications receive all the room they require.
Secure SD-WAN Wins Over MPLS in Almost All Scenario
SD-WAN provides a greater amount of flexibility, more granular traffic control, integrated security, and the ability to leverage multiple connection strategies—MPLS, public internet, IPsec, SSL, etc.—using the same SD-WAN deployment. The benefits of an SD WAN solution outweigh MPLS alone. This is because today’s traffic, comprised of advanced web applications and complex workflows, require a more flexible and dynamic connectivity environment than traditionally static MPLS connections are able to provide.
A Secure SD-WAN solution, not only provides a layer of management and flexible connectivity options for remote offices that MPLS does not provide, it also provides deep and deeply integrated security that reduces management overhead and extends visibility and control from the central IT management console or SOC solution out to the very edges of the distributed WAN.
At Axon Networks we believe we can play a critical role in managed network connectivity for your organization, provided you are ready to leverage all of this to your advantage in many more ways than one.
Stay safe & healthy.
Regards,
Atul Ojha
Co-founder
Axon Networks
Comments