Software-Defined Wide Area Networks (SD-WANs) promise to address many of the shortcomings of private Multiprotocol Label Switching (MPLS) services.
Although they have the potential to significantly reduce a business's bandwidth costs, SD-WANs come with their own set of limitations, including mobility and security concerns.
Here are the pros and cons of each:
As anyone who has acquired MPLS bandwidth for their company will happily tell you, bandwidth cost remains the single biggest limitation for MPLS subscriptions.
The great per-megabit price structure that most MPLS services necessitate is firmly out of kilter with today's consumer preference for bandwidth-heavy, multimedia-driven content.
MPLS services are also notoriously rigid to set up, often requiring an initial provisioning period that can take up to have a year, depending on who the service provider is. Simply upgrading bandwidth can take weeks.
Both are extremely long compared to waiting times for regular internet services, which can be both provisioned and upgraded in days or hours at most.
Benefits of MPLS
As managed services, MPLS subscriptions are supported by Service Level Agreements (SLAs) that govern acceptable standards of performance, such as latency, time to repair, uptime, and more. The services also typically enjoy very high uptimes - around 99.99% a year.
Although internet performance has exponentially improved over the past fifteen years (packet loss rates have dropped by an average of 88%, according to one estimate), problems remain in the path performance consistency. In a survey of 700 IT, security, and networking executives, 43% said that latency was their top WAN (wide area network) concern.
MPLS providers, however,
In a bid to overcome the limitations of standard WAN performance without adversely impacting the bottom line, many tech executives are turning to SD-WANs.
SD-WANs: what it promises
Providers of SD-WAN make the case that their services allow IT departments to supplement and sometimes, entirely replace MPLS by using Internet-based services.
Through data services like xDSL, 4G, private services (such as MPLS circuits), SD-WAN nodes form an encrypted overlay.
As traffic comes into the network,
One common example is to direct email replication and additional latency-tolerant, bandwidth-heavy applications across the Internet, while voice and video – sensitive to the extreme changes of jitter and packet loss found on the Internet - may be routed across a private network, such as an MPLS service.
The benefits over MPLS
While it may be possible to enjoy similar benefits with IP
It is also much easier for enterprises to take advantage of dormant connection with SD-WANs. Leveraging secondary connections with MPLS means thinking through various
By comparison, employing these connections in SD-WANs is trivially simple.
Only small policy configurations are necessary to distribute traffic across connections and in
Internet services lack the availability of MPLS, but that can be addressed with good WAN engineering. Dual-homing locations with two completely separate wiring plants give offices uptime almost equivalent to MPLS. And while true dual-homing was difficult to achieve as even different providers of the same technology invariably shared common wiring ducts and other infrastructures, the spread of alternative access technologies has solved that problem. Different technologies, such as xDSL and 4G from various suppliers, rarely (if ever) share infrastructure.
The possibilities for the new WAN
Changing over to a virtual overlay from a physical WAN is a vital first move towards creating a WAN that meets modern enterprise requirements.
But SD-WAN solutions don’t quite cut it. Aside from failing to address current security, mobility, and cloud obstacles, SD-WANs lock the enterprise into MPLS. The day-to-day fluctuations that Internet connections experience in terms of packet loss rates and latency are too great for delivering consistent performance to latency - and loss-sensitive mission-critical applications. Enterprises remain reliant on MPLS services for these applications.
SD-WANs haven't adapted
When the first MPLS-based infrastructures were built, WAN meant the same thing as site-to-site connectivity. Applications were in data centres and sites were under control.
But due to mobility and the cloud, now the network perimeter is no longer relevant as a concept. Almost 50% of all businesses still require that mobile users connect to a device at a particular location to access public cloud resources. IT managers cannot compromise on security, performance, and control when offering these resources to mobile users.
The majority of SD-WANs, however, cannot adequately address the unique security concerns of mobile workers and the cloud.
For mobile users, there isn’t a dedicated client for teleworkers to securely connect to an SD-WAN from.
Most can’t locate SD-WAN nodes in or even close to the data centre, in the cloud.
Enterprises are therefore forced to miss out on the benefits of SD-WAN - user traffic might have to be unencrypted and policy configurations and management remain fragmented across multiple environments.
SD-WANs also lack the necessary tools to deal with cyber security risks, such as local Internet access. Essential cyber security features, such as firewalling and malware protection, are not considered to be a part of the SD-WAN. When these features need to be installed separately, the SD-WAN's apparent savings over MPLS reduce considerably.
Even though SD-WANs could be a good first step towards a more efficiently used and managed WAN, businesses adopting them need to be ready to find solutions for their security and deployment limitations for office, mobile, and cloud users.