Hybrid WAN – a mix of MPLS private WAN circuits with ordinary broadband links like DSL, Fibre, and 4G-LTE for remote office access— is fast gaining momentum as the popular choice among enterprise organisations. The perceived benefits are that it gives businesses more network uptime while potentially cutting the costs of traditional, MPLS-driven WANs.
Internet Solutions has long been working with enterprises to develop and validate a variety of SD-WAN business models, taking into consideration the emerging grey space between existing MPLS VPN and the new SD-WAN technologies, and their respective yet inter-linked service offerings. On closer inspection, there are different use cases for implementation of Hybrid WAN for different business environments.
Q. There’s a lot of hype about SD-WAN replacing MPLS VPN. Is it true that SD-WAN is the next MPLS VPN?
Greg Hatfield (GH): No, SD-WAN isn’t a replacement for MPLS VPN. It’s important to understand that both technologies co-exist in a Hybrid Wide Area Network (WAN) model. SD-WAN is a feature-rich solution that uses Internet backbone and broadband connections to provide VPN-like connectivity.
This means that secure access to corporate networks can be established over the public Internet from wherever a user is based. For sites that don’t require complex MPLS VPN setup and investment, like project sites, remote brokerages, small or home offices, SMEs, etc., SD-WAN is not only a viable, but attractive solution. If Internet is available in the location, you don’t need additional infrastructure, you can deploy SD-WAN quickly and cost effectively. SD-WAN is best suited for applications that are not latency sensitive.
It warrants stating that both technologies could run concurrently at the same location – an example of a true hybrid model. For instance, MPLS VPN can be in place to guarantee business application performance that is latency sensitive and critical for applications such as SAP and Oracle, but your Guest WiFi or other less critical services could run over SD-WAN.
Gopal Govinder (GG): MPLS VPN is a secure, high performance, high capacity, dedicated connectivity service that guarantees ultra-low latency. There are use cases within various industries that demand extremely high network performance as every millisecond counts in the user experience and the transactional capability of the business. Good examples of this include financial services, healthcare, mining, online advertising, retail, manufacturing and mega-enterprise verticals, amongst others.
While there will always be a need for high priority MPLS VPN, employing a Hybrid WAN approach enables clients with the flexibility of choosing between different connection types depending on their needs, budget and IT architecture. For instance, headquarters may require MPLS VPN due to the growing demands and priority of their corporate traffic, but a branch office may only need a fast deployment SD-WAN solution that still allows secure access to certain corporate applications over the Internet. In a case like this, a branch could be connected very quickly. The decision to use MPLS VPN or SD-WAN or a blended approach depends on the type of application experience you wish to provide to your users and customers.
The MPLS VPN and SD-WAN journey can be likened to that of the Cloud journey over the past 10 years or so. At first, companies required private cloud – either on-premise or hosted. Then they evolved to a hybrid model (shared) to take advantage of the best of both worlds and we are now seeing high adoption of Public Cloud (automated). We’ve seen the same with MPLS VPN and are entering into the era of hybrid models. With software-defined core networks, service providers are able to offer automated services that are consumption based and fully elastic to scale as an when you need them, with the benefits of ultra-low latency and guaranteed service levels.
Q. What are the benefits of SD-WAN and MPLS SDN?
GH: SD-WAN is centrally configured, so it simplifies operations because you do things in one place.
It also ensures security standards are upheld, gives consistent performance and prioritises applications at busy times like month end, so it’s flexible. There are other obvious benefits like quick deployment and standardised branch configurations.
GG: MPLS VPN benefits are multiple but the ultimate measure of success is the user experience. Importantly it enables multiple mission-critical applications to be given priority. It provides seamless additions of new locations and users and highly reliable connections between any points on the network. MPLS is often seen where high-performance connectivity is required and where the service is backed by a comprehensive Service Level Agreement (SLA). MPLS allows for multiple metrics to be measured, including metrics within specific classes of service, which could easily be related back to specific measurable in an SLA.
Also known as a mesh network topology, any-to-any connectivity allows any site on the network to connect to any other site on the network. This improves aspects like voice and video traffic between sites. Arguably the greatest benefit of MPLS is the way network traffic can be managed using a combination of Class of Service (CoS) and Quality of Service (QoS).
MPLS is easily scalable. Starting with the most basic environment, MPLS allows you to increase the complexity of your network as your business requirements grow. It is ideal for an environment where sites may be running multiple links and load sharing, or where a passive backup link is only active when the primary link fails.
Q. If there are so many benefits to the services, why is there a perception that MPLS VPN is on the decline?
GG: We’re going through an evolution phase and MPLS can be regarded as a more complex service to set up and maintain for customers. Service providers provide clients with managed services to build and operate the service and maintain high performance levels. MPLS VPN is still current and relevant, it just serves a different business need.
One reason it’s perceived to be on the decline is that the Internet is a much better-scaled network today than it was 10 years ago. It’s much better engineered and is growing in bandwidth and traffic performance, which makes SD-WAN seem to be the more logical choice as users take advantage of available Internet but can still access secure corporate applications. The questions to ask are “what is my business need?” and “which solution would be fit for purpose to deliver my innovation requirements in a shorter time to market?”.
Q. So, is SD-WAN a simpler WAN solution?
GH: Your overall WAN requirements don’t simplify just because you’re using SD-WAN – they remain very complex and incredibly intricate, requiring specific skills to manage them. You will still have multiple applications and sites, compatibility issues, user and security issues, firewalls, etc., that impact the network. The overall complexity is no different. You’re just managing a portion of the network in a different way. SD-WAN is by no means a silver bullet that solves all problems, it addresses certain business needs in a new way.
GG: Managed WAN, whether SD-WAN or MPLS VPN services are managed by the ISP which simplifies much of the configuration complexities through automation. They remove the intricacies of design, management and maintenance, so either solution is vastly simplified for clients. The tradeoff for simplicity is always going to be faster execution of business transactions for performance.
Q. A major premise for SD-WAN is cost. Is this a real driver of uptake?
GH: The perceived cost saving is valid, but only in certain cases. SD-WAN is provided through more cost-effective hardware than a sophisticated router. If you were only running SD-WAN, your total hardware cost would be lower. But, if you were running a Hybrid WAN setup, you would still require the MPLS VPN equipment to do what it needs to do. So, no, it doesn’t necessarily reduce overall hardware costs. Why it’s more cost efficient, predominantly, is that it runs over the Internet and doesn’t require dedicated links. Uptake will depend entirely on the type of service clients need for their business.
GG: Taking a hybrid approach will go a long way in reducing WAN telecom costs. Whether MPLS VPN or SD-WAN, our software defined network automation and orchestration is deployed to enhance the network architecture, so the business can move valuable network staff and resources to more strategic and transformative projects, a saving in operating expenditure (opex) costs.
Q. What do you think will happen in this landscape in the coming years?
GG: There will always be a place for private-based networking, including MPLS VPN, VPLS and ethernet point-to-point or multipoint services. Some organisations, including finance, retail, global enterprises and government institutions are not yet ready to trust the Internet for their greater connectivity requirements – which means there’s still a strong case for MPLS VPN. Key business imperatives are factors like standardised configurations and faster WAN deployments. Augmenting the user experience improves the performance of important business applications. MPLS VPN is not a legacy technology but will only require digital transformation and agility in the support systems, and tools preceded by tweaked commercial models.
GH: What we don’t see changing in coming years is the fact that enterprises will need specialist help to run a complex WAN – the outsource model will persist. A migration, or evolution from one core technology to another can take anything up to 10 years in South Africa. We’ve seen this before with the migration from private networks to VPNs, and with cloud from private to hybrid and more recently public cloud. I don’t expect SD-WAN’s adoption to buck the trend in principle – it will take several years to enjoy mass adoption. In that time MPLS services will evolve to offer elasticity, self-service, and many other similar features to SD-WAN. My prediction is that ultimately the client won’t even know what the underlying technology is that is being used – they will buy a service level from a service provider and leave the detail to them.