| technology | networking - David Chapman
SDN vs SD-WAN vs MPLS: Which is Right for You?
You are looking for solutions that help your company grow. Or at least you want to offset some possible growing pains. If you have branches spread out in different areas, you already feel this. Choosing how to connect your employees, safely and effectively, can be a difficult task.
When deciding on which technologies to use, you want to balance performance, reliability, and cost. In this blog article, we take a look at some solutions that can help.
What is SDN?
Traditional networking gear has the control and data plane on the same unit. You make network configuration changes on each physical network appliance. Those changes control the data plane or forwarding logic within that appliance. The SDN model is to decouple the control plane from the data plane, allowing for more centralized management. It also opens up other options for managing the network such as doing it programmatically.
Some of the common use cases are environments that rapidly expand and contract. Many times developers need to spin up test environments with networking and using SDN allows them to safely do so without provisioning by the networking team. Large Data Centers or hosting providers make use of SDN but you do not have to be a large multi-tenant organization to get benefit from it.
What are the Pros of SDN?
One of the main pros for SDN is management time & resources. It is typically centrally managed so less time is used pushing configurations throughout your network topology. Doing so can greatly help increase reliability and availability. Most people that have had to set up new VLANs have been bit by missing setting up a vlan on a port or switch and all is fine until that vlan on that port needs to be used.
SDN can help greatly with security as it is managed from a central location. It is typically implemented as an overlay so the underlying traditional networking gear typically has no insight into the high level SDN traffic.
The user experience is another huge pro for SDN. Developers may be able to set up networks and sandboxes by themselves without the need for the network team to assist. This is because all of the work by the network team has been setup ahead of time to facilitate the dynamic nature of SDN.
What are the Cons of SDN?
SDN is a new way of thinking. Some of your more seasoned staff may not be familiar with it or understand the need and easily dismiss it. It does require an investment in appliances and gear that support SDN. This can cause a huge capital expenditure that may be hard to justify if you do not absolutely need SDN.
What is SD-WAN?
SD-WAN is an extension or application of SDN but as it applies to the edge and connecting sites. It has a suite of tools more catered towards the edge such as firewall capabilities.
Discuss: General information about what SD-WAN is.
General use cases for SD-WAN are similar to more traditional solutions like MPLS. You typically have many edge or branch sites that need some connectivity. Where SD-WAN shines is allowing usage of any medium and fully meshing those as necessary.
When transitioning to SD-WAN, many organizations tend to outsource the implementation of it to more experienced firms but then train their internal staff to support and continue deployments to new sites.
What are the Pros of SD-WAN?
Cost is always a factor and over the long term cost savings can be a major pro of SD-WAN. It can save money over time as you do not need to have expensive MPLS lines which rack up expensive monthly costs. Security is a huge pro. Typically SD-WAN is an overlay and encrypted, no matter the medium. For example, typically sending SD-WAN over MPLS, the SD-WAN overlay will be encrypted, even though MPLS does not offer encryption.
While many times SD-WAN is implemented over the Internet and there are no guarantees of performance, SD-WAN does allow you to route traffic in the manner that makes most sense to your business. If you do have MPLS links, you can prioritize certain traffic to traverse them easily giving them the most performance while lower priority traffic can be sent over Internet VPN links.
Over time, SD-WAN can also save a lot of management time & resources setting up fully meshed sites compared to bringing up tunnels or links at each site and ensuring full routing capabilities between them.
What are the Cons of SD-WAN?
SD-WAN is an emerging technology so it is not fully fleshed out from a support perspective like MPLS. This may cause pain points from a management time & resources perspective when required to get it running initially. This is, however, usually just a learning curve issue at the beginning.
If you are replacing an existing topology, cost can be a huge con as you will have to replace your edge routers with SD-WAN capable equipment which can be a huge Capital Expenditure. It may price people out of the solution, until a major business need justifies it.
What is MPLS?
MPLS stands for Multiprotocol Label Switching. It is a mouthful but it’s the current legacy way of transporting packets over a WAN. The multiprotocol aspect of it refers to the fact that routers that are not traditional IP forwarding routers can participate such as ATM routers. The Label Switching defines how it determines routes. Instead of using prefixes to do route table lookups, labels that determine next hop paths are attached to the packet.
Many carriers that have not adopted SD-WAN yet typically provision circuits for MPLS use. Other times clients may request them due to some legacy needs or comfort with MPLS. Some sort of edge router is configured that supports MPLS and connects to the MPLS carrier's topology.
MPLS does not provide security but it does provide privacy. Your MPLS links are isolated to your environment. Security is typically provided with encryption which does not happen over MPLS.
Many organizations outsource the MPLS network to a carrier. They may purchase and manage the on promise or Customer Premise Equipment (CPE) but many times the carrier can provide this. Typical business use cases are organizations with many branches that simply want to connect those branches to a hub for use of business critical applications.
What are the Pros of MPLS?
Reliability and availability are typically the huge pros for MPLS. It is a very polished technology with a great support infrastructure. Companies know how to keep high uptimes and SLAs on it. They have been doing this for quite some time. While they may terminate to a single point at the edge, a carrier's MPLS network is usually highly available through transit. These circuits typically carry pretty strict SLAs to guarantee the high availability requirements for an organization.
What are the Cons of MPLS?
Cost can be a huge con for MPLS. MPLS circuits are typically much more expensive as they are dedicated with guaranteed SLAs. Security on them is limited to privacy but the data is not necessarily encrypted like it is on SD-WAN or VPN tunnels.
Unlike SD-WAN that can make intelligent routing decisions based on circuit costs and SLAs, most routing over MPLS is a binary decision based on a route table at layer 3. This is contrasted with possibly up to layer 7 routing decisions SD-WAN could make. This can lead to more expensive MPLS links due to inability to make those intelligent routing decisions with fine grained precision.
So Which One is Right for You?
Each business has its unique data transfer needs and budgetary constraints. It is not a one solution that fits all organizations. You may find that some parts of the business stay with a traditional MPLS network while other parts adapt or consume SDN and/or SD-WAN. Typically budgetary considerations are the main driver. If there is enough of a need for one technology versus another, the justification can sometimes override the budget issues if there is a high enough risk to revenue generation.
Legacy organizations that use MPLS, are familiar with MPLS and have no need for change may decide to stick with it. On the other hand they may have new business use cases that drive for SDN and SD-WAN such as a focus on cloud deployments and connecting multiple sites easily to the cloud deployments.
This is contrasted with new organizations that tend to be cloud deployments or Hybrid Cloud (private on prem clouds with public clouds). Those situations have tended to push for SDN and SD-WAN from the beginning.
Some organizations may find that using SD-WAN over Internet links between sites that are very geographically distant is not working. This may warrant some locations/links requiring MPLS, whereas VPN tunnels/SD-WAN connections from one major city to another performs adequately.
There are many variables that go into this type of decision. It is extremely important to have the right stakeholders and engineers involved in the discussions to gather the requirements and help determine a path. This is down to whether internal staff will try to implement or whether an outsourced specialty firm helps stand up the topology.
Big questions like regulatory compliance can help drive some of these. SDN and SD-WAN can more easily allow you to meet and monitor the security needs of the environment.