Migration on My Mind: Does SD-WAN Truly Address All The Shortcomings of...

Migration on My Mind: Does SD-WAN Truly Address All The Shortcomings of MPLS?


Many organizations with corporate WANs built around MPLS links are looking for WAN solutions which are a better fit for their network and security needs. While many are on the fence as they weigh the pros and cons of MPLS vs SD-WAN, others are being forced by business and technical realities to seriously consider migrating to an SD-WAN. For them the big question is: Does SD-WAN address all the shortcomings of MPLS? If not, are these companies just setting themselves up for other problems down the road?

Before we dive into that question, let’s back up and discuss the context for this problem, especially what shortcomings MPLS has for today’s WANs.

Why organizations use MPLS to begin with

By providing enterprises with high uptime, low latency, and low packet loss data transport between their scattered locations, MPLS links became the foundation of many corporate WANs.

For a long time, MPLS was a great fit for these WANs. The physical point-to-point links between the remote locations and the central HQ were a natural fit for the network usage patterns of the day: high internal resource use, but low outbound traffic. Back then, many business-critical resources such as file servers and ERP systems were hosted on the corporate WAN itself. At the same time, the bandwidth requirements for these applications remained relatively modest.

A crucial point to keep in mind here is that all cloud- and Internet-bound traffic originating from the remote locations couldn’t reach the public Internet directly. Instead, it was sent over the MPLS links to the central datacenter, which served as a centralized, secured gateway to the Internet. All response traffic had to make the same trip in reverse.

This is still true of MPLS WANs today.

Why businesses need to move beyond MPLS

This need to backhaul Internet-bound traffic over MPLS leads to one of the main pain points of MPLS: congestion and high monthly bandwidth costs. Since all the WAN’s Internet traffic is pushed across MPLS, all the bandwidth available on those links becomes consumed, creating WAN congestion and raising costs.

And with the bandwidth needs of enterprise applications growing, MPLS congestion is becoming more common. Since MPLS bandwidth is significantly more expensive than broadband, the costs of attempting to fix this problem by buying more MPLS bandwidth are too high to be practical.

SD-WAN to the rescue

Software Defined WANs (SD-WANs) lessened the pain associated with costly MPLS bandwidth by augmenting MPLS links with other connections, most notably inexpensive broadband. SD-WANs pool together all these transports into a virtualized and encrypted software-defined network (SDN) which automatically (and transparently to the users and applications) routes each application’s traffic over the most suitable connection.

The end goal of SD-WANs is to reserve expensive and limited MPLS bandwidth for the latency- and packet loss-sensitive applications which truly need it, like remote desktops and VoIP. Everything else gets sent encrypted over the much cheaper public Internet.

Why some are still hesitant to switch to SD-WAN

Despite the proven ability of SD-WANs to reduce network operating costs by reducing the use of MPLS transport, the first-generation SD-WANs couldn’t eliminate the need for MPLS entirely. Latency and packet loss rates present on the public Internet are too high for some business-critical applications. For those, costly MPLS is still needed.

Also, SD-WANs can’t support cloud-based workflows, unless an SD-WAN appliance is installed in the cloud at or near the cloud service provider’s facility. This is not always practical – or even possible. Remember that lack of cloud support was one of the major problems with MPLS. SD-WANs based on appliances installed at the network edge still don’t solve that problem.

This is why some organizations resort to investing in security appliances at branch offices, so they can access the Internet and their cloud resources safely. That solution, however, comes with its own problems: namely the cost and effort required to purchase, install, configure, manage, and update the next generation firewalls, unified threat management (UTM) boxes, and other appliances needed for each remote location which needs direct Internet access.

These are the key reasons why some enterprises haven’t already migrated to SD-WAN. Cloud-based SD-WAN, also called SD-WAN as a Service (SDWaaS), however, finally fixes the shortcomings of MPLS and should make the MPLS vs SD-WAN choice crystal clear.

How SDWaaS impacts the decision

Cloud-based SD-WANs are enabled by an SLA-backed global backbone built upon multiple Tier 1 IP transit providers. This backbone delivers the high uptime, low latency, and low packet loss performance of MPLS, but at a fraction of the price as SDWaaS is deployed in the cloud. The global backbone at the heart of cloud-based SD-WAN integrates a full network security stack integrated, eliminating the need for security appliances for remote locations.

And because it’s deployed as a cloud service, SDWaaS has inherent cloud support and thus none of the congestion or trombone effect problems associated with backhauling traffic to a central datacenter. Furthermore, SDWaaS providers have multiple points of presence (PoPs) strategically placed near major cloud infrastructure. Not only is SDWaaS deployed in the cloud, it is designed for the cloud.

For today’s WAN requirements, that’s a major development.