EXECUTIVE SUMMARY:
When considering WAN architecture, CISOs commonly wonder about whether to choose SD-WAN over MPLS. It’s a tough choice to weigh and the outcome will profoundly affect a given enterprise for years to come. If you have already deployed Multiprotocol Label Switching (MPLS), does your organization really need to make the switch to Software-defined Wide Area Networks (SD-WAN)?
In comparing MPLS to SD-WAN, the latter can be less expensive, more secure and can offer better performance. In short, SD-WAN presents a level of network protection that isn’t available through MPLS. SD-WAN is also associated with lower bandwidth costs, enhanced visibility, improved availability and outstanding performance.
Further, SD-WAN is more flexible than MPLS. In general, MPLS connections are rigid, and cannot always be adapted quickly to branch office interconnectivity changes and dynamic bandwidth demands, for example. MPLS also fails to provide support for application recognition or sophisticated bandwidth management that’s required to optimize performance of latency-sensitive software and applications.
But, is SD-WAN really the winner here?
The majority of SD-WAN solutions do not provide the same degree of native security as MPLS. Therefore, IT management has to integrate security into SD-WAN designs before deployment.
MPLS vs. SD-WAN: Core distinctions
Several elements differentiate MPLS from SD-WAN. To cover the basics, MPLS functions as a dedicated circuit, while SD-WAN is a virtual overlay and decoupled from physical links. When it comes to packet loss prevention, MPLS has a slight advantage, yet the average cost of transferring megabits is higher. The virtualized overlay nature of SD-WAN allows it to leverage connection types like LTE, MPLS and broadband.
Let’s dive into these distinctions and others
1. Costs. Previously, organizations used to connect remote branch locations to a central data center via a hub and spoke WAN model that utilized unique MPLS connections. In turn, all data, workflows and transactions required the backhauling of traffic to the data center, which processed and redistributed data as necessary. This design is no longer the most cost-efficient.
SD-WAN offers optimized, multi-point connectivity via private data traffic exchange and control points; presenting users with secure, local access to needed services while simultaneously securing access to the cloud and to resources. This is much more cost-efficient.
2. Security protection. At the outset, it seems as though a security advantage of MPLS is its secured and managed link between branch offices and the data center via the service provider’s infrastructure. Other types of internet connections cannot natively offer that same degree of protection.
However, this comparison is tricky. For the data that it delivers, MPLS does not offer any kind of native analysis. Security analysis can either take place at the client level or by using multifunction firewalls deployed at least on one side of the connection. Best practice requires traffic to be inspected and appropriately blocked when traversing MPLS connections. All traffic requires continued inspection for malware or other exploits, necessitating the deployment of a network firewall, IPS, web server protection and possibly additional security components.
To be fair, many SD-WAN solutions have the same issue. Bolting SD-WAN security onto appliances as an afterthought can be challenging. Online resources, such as Check Point’s SD-WAN Buyer’s Guide, can provide guidance.
3. Performance. In comparing performance, MPLS offers a reliable, fixed level of bandwidth. However, given modern workloads, performance, and access requirements, MPLS commonly forces organizations to lease an MPLS connection for worst-case, high water-mark scenario levels of traffic. In turn, on the average day within an organization, a lot of expensive MPLS bandwidth goes unused. Review and analyze your WAN bill link utilization report to unpack that further. Notably, some MPLS connections provide sliding scales of connectivity, but this poses issues in its own right due to its limitations in understanding the traffic needs and making automatic adjustments.
SD-WAN can recognize application dynamic demands and re-scale bandwidth and other related services according to needs. It can also initiate multiple parallel connects and then offer granular load balancing between them. Other advantages include SD-WAN’s ability to fail over to a new connection in the event of a bandwidth drop or provider failure.
SD-WAN is the new champion over MPLS
The benefits of SD-WAN are easy to recognize over what old school MPLS offers. We’re seeing this on account of the fact that today’s traffic -which consists of advanced web applications, complex large file transfer workflows and high-bandwidth video streaming- requires a more flexible and dynamic connectivity environment than most MPLS connections can offer.
Nonetheless, typical carrier provided SD-WAN solutions are often lacking on the security side. A secure SD-WAN solution yields more options and flexibility than MPLS can provide, and once an appropriate level of security controls are integrated, the organization can scale business easily, reap significant cost savings, extend visibility, and enhance control. To ensure that you’re able to make the most out of your SD-WAN solution, click here.
For more CyberTalk.org insights into SD-WAN, see this article. Lastly, to receive cutting-edge cyber security news, insights, best practices and analyses in your inbox each week, sign up for the CyberTalk.org newsletter.
