Have you considered deploying SD-WAN? If so, should this replace or incorporate your MPLS-based networking solution? What about SASE? For that matter, what is SASE?
These are the types of questions IT teams are facing right now, as their networking and data requirements grow and change. Many have moved – or are in the process of moving – applications and data to the cloud. Others are opting for a hybrid approach which combines public and private cloud with on-premise solutions.
At the same time, many businesses are grappling with the thorny issue of how to securely and efficiently connect a remote, semi-remote or mobile workforce, alongside multiple branch offices. The networking solution they choose has a significant impact in all these areas.
With that in mind, this article will look at the main networking contenders, MPLS and SD-WAN. It will discuss the benefits and pitfalls of each and explain why they are far from mutually-exclusive technologies. We’ll also look at SASE, which has been described as the future of networking.
MPLS – what it is and why it works
Multiprotocol Label Switching (MPLS) in recent years has been the most reliable and secure solution for corporate networking. Businesses use it to connect the Local Area Networks (LAN) that make up their Wide Area Networks (WAN). MPLS allows branch offices to connect to applications or data that are stored in a central location.
MPLS is a hardware-based networking solution. Data packets are moved along predefined network paths using specialised routers.
MPLS is also a virtual private network, separated from the public internet. That makes it very secure. It can attach labels to packets of data, giving real time traffic – like voice and video – the fastest path through the network, while treating less critical data – email, say – as a lesser priority.
For years, MPLS has been the go-to solution for corporate networking. It is tried and trusted, and its performance, scalability and intelligent use of bandwidth have helped create better user experiences.
So why are many businesses switching to SD-WAN? It’s all about the new age of agility.
SD-WAN – what it is and why it’s networking for right now
In contrast to MPLS, Software Defined Wide Area Network (SD-WAN) technology is a software-based networking solution. In short, it separates the software and hardware layers to give users far more control over their network traffic.
Unlike traditional MPLS architecture, SD-WAN architecture is used to connect headquarters, branch offices, data centres and the devices of users working from home to the internet and private/public cloud applications, and doesn’t necessarily require MPLS.
There are many benefits of SD-WAN but they tend to coalesce around visibility and flexibility. SD-WAN can make use of the best transport method at any particular time, whether that’s MPLS, broadband or 5G. For example, it can automatically route high priority data – such as video calls – along the best available paths, reducing latency and the possibility of calls freezing or stuttering.
In addition, SD-WAN’s software-first approach makes it easy to manage, and in the best cases from a single pane of glass. Traffic can be prioritised according to need at any given time. By choosing the best path for data in any circumstances, SD-WAN can improve performance while reducing networking costs.
SD-WAN really comes into its own when businesses utilise the public or private cloud, or hybrid cloud/on-premise solutions. Edge users connecting to data and applications in the cloud, anytime and from anywhere, can expect more secure, reliable network connections using SD-WAN.
When to choose one over the other
As we’ve seen, SD-WAN tends to be a better bet for modern working practices, like remote working and cloud computing. It is the most flexible option and its ability to recognise applications allows it to route traffic in the most effective and efficient way. It scales more easily than MPLS and doesn’t waste bandwidth in the way that MPLS sometimes can.
However, there are some circumstances in which MPLS can still be the preferred option. It is a dedicated connection, so data that requires the combination of optimum privacy and performance might still be best routed this way. In addition, MPLS data always follows predefined paths, so packet loss is highly unlikely.
But as we’ve said, SD-WAN is a flexible solution and this isn’t an either/or scenario. SD-WAN can utilise an MPLS pathway for certain types of critical data, while taking other paths for less sensitive information. SD-WAN gives users greater visibility and control, allowing businesses to leverage the best connectivity for the task in hand.
A question of security
Today’s internet traffic is complex, which makes the flexibility and control of SD-WAN the best option in most cases. But what about security?
Security is a key consideration, whichever networking environment you choose. MPLS traffic is inherently secure as it is labelled and travels along a dedicated and predefined network.
SD-WAN makes use of multiple connectivity technologies and strategies, which can include public internet and MPLS connections where appropriate. However, many SD-WAN solutions are not as security focused as they arguably should be, with key considerations at the design and deployment stage missed. For example, SD-WAN does not inherently include Next-Generation Firewalling or traffic encryption to cloud applications, so IT Teams often have to find additional solutions to address those challenges, adding a further degree of complexity. The most complete SD-WAN solutions are security-led and provide integrated security at the heart of the deployment, known as Secure SD-WAN.
With security and networking now converged, Secure SD-WAN addresses the evolving security challenges as businesses access cloud applications over the internet and via devices which are inherently insecure, such as IoT devices. Organisations looking to switch to SD-WAN should ensure their preferred solution incorporates security right at the centre.
Where does SASE come into all this?
We’ve looked at MPLS and SD-WAN, so what about SASE?
SASE stands for ‘Secure Access Service Edge’ and is the next evolution of networking security. Gartner predicts that by 2024, “at least 40% of enterprises will have explicit strategies to adopt SASE,” up from just 1% in 2018.
Put simply, SASE identifies users and devices, applies relevant security policies, and provides a secure connection to cloud data and applications for users who meet its trust criteria.
Essentially, SASE is a security protocol for the cloud-first and remote working era. It’s not a competitor to SD-WAN, rather an evolution of it. SASE is akin to a combination of SD-WAN and a virtual private network (VPN).
SASE will become crucial as more of our critical data and applications are housed in the cloud and accessed from anywhere and is a good foundation for SASE. That’s one more reason to start considering SD-WAN for your evolving networking requirements.
Introducing SD-WAN from Vaioni
With the need for security, performance and efficiency in mind, Vaioni has introduced one of the most comprehensive SD-WAN solutions on the market.
Our SD-WAN products satisfy modern demands for high availability, flexibility and visibility, ensuring optimum performance and a better user experience. At the same time, our partnership with Fortinet means security is baked into Vaioni’s SD-WAN solutions, using a Zero Trust Network Access (ZTNA) approach.
Our fully managed solutions mean customers get a sophisticated, high-performance networking solution the easy way. Not only do we manage the SD-WAN, we also manage the connectivity and core network it runs through – including MPLS – ensuring you have a single provider for all your networking and connectivity needs.
For more information on SD-WAN from Vaioni, please our SD-WAN pages or get in touch.