There’s a common debate among IT managers and network engineers: When should you select SD-WAN over more traditional MPLS?

The fundamental concept behind MPLS is that of labeling packets. In a traditional routed IP network, each router makes an independent forwarding decision for each packet based solely on the packet’s network-layer header. Thus, every time a packet arrives at a router, the router has to “think through” where to send the packet next.

With MPLS, the first time the packet enters a network, it’s assigned to a specific forwarding equivalence class (FEC), indicated by appending a short bit sequence (the label) to the packet. This gives the MPLS network the ability to handle packets with particular characteristics (such as coming from particular ports or carrying traffic of particular application types) in a consistent fashion. Packets carrying real-time traffic, such as voice or video, can easily be mapped to low-latency routes across the network, something that’s challenging to achieve with conventional routing.

While the list of available features for MPLS is constantly growing, SD-WAN offers benefits in specific situations. In this article, we highlight the key differences between MPLS and SD-WAN, and why we feel SD-WAN may make a more durable investment.

SD-WAN vs MPLS

Packet delivery and availability

The popularity of MPLS deployments in corporate WAN infrastructure comes from the value the technology provides almost from its inception. Service providers can use MPLS to improve quality of service (QoS) by defining network paths that meet pre-set service level agreements (SLAs) on traffic latency, jitter, packet loss and downtime. Because MPLS allows for defining separate lanes of traffic and different service levels across the same network, it’s become the technology of choice for businesses looking to simplify management of QoS, Virtual Private LAN Services (VPLS), and VPNs, or extend Ethernet across a wide geographical area.

The SD-WAN advantage: As adoption of cloud services and Software-as-a-Service delivery models grows, traditional MPLS networks, which transmit all traffic from the branch to a centralized data center, can’t offer low latency/high performance access to external applications and services. SD‐WAN eliminates the backhaul penalties of traditional MPLS networks and leverages the Internet to provide secure, high‐
performance connections from the branch to cloud. With SD‐WAN, remote users will likely see significant improvements in their experience when using cloud or SaaS‐based applications.

Security

Despite it being shared infrastructure, MPLS is generally considered secure. However, in our opinion, it’s not without risk; MPLS traffic is not encrypted by default. MPLS networks offer many security features, however, their traditional VPN solutions are not without challenges. A pre‐shared key is used to authenticate VPN IPSec devices. That can be easy to deploy, but managing a large number of pre‐shared keys across multiple devices does not scale and is less secure. Public Key Infrastructure (PKI)‐based authentication meets the scaling requirements for IPSec; however, it is complex to deploy as it requires set up and management of another system, called Certificate Authority (CA).

The SD-WAN advantage: SD‐WAN uses standards-based encryption, such as AES, to provide secure connectivity over any type of transport, thus forming a secure cloud network. Before a new SD‐WAN device can participate in the secure cloud network, it needs to be first authenticated to the SD‐WAN management plane. Once authenticated and authorized, the SD‐WAN device downloads its assigned policy and is granted access to the secure cloud network. Based on the policy, sensitive traffic can have separate encryption keys to isolate itself from the rest of the traffic.

Connectivity

Connectivity and ease of use has always been a strength of MPLS. Opening a new office? Just call your provider and they’ll set everything up from line delivery to parameter configuration. Because MPLS is carrier-dependent, you may be waiting weeks for connection and configuration work to be completed.

The SD-WAN advantage: SD-WAN allows for rapid deployment of WAN services (such as bandwidth and firewall) to distributed branch operations without the need to send IT personnel on‐site. Bandwidth can be easily added (with additional circuits) or reduced as business requirements evolve.

Cost

Because the cost of managing MPLS increases disproportionately with the number of branches and services you need supported, what was once a great choice for your growing business can be an anchor to the next phase of your growth. This point alone is a show stopper for many small to mid-size businesses.

SD-WAN advantage: For budget control, SD-WAN gives you the flexibility to purchase additional lines as you need them, for a fraction of the cost of MPLS. You can move fast and get connections up and running quickly—whereas MPLS will take weeks to months to be set up and delivered. The majority of distributed organizations already have MPLS deployed to the branch offices. Organizations should be able to seamlessly deploy SD‐WAN solutions (Internet circuits) without changing the existing MPLS network. Those organizations can, over time, migrate traffic toward cost‐effective Internet bandwidth.

What’s been your experience with SD-WAN and MPLS? What is your preference?