What are the differences between SD-WAN and MPLS?
Multiprotocol label switching (MPLS) is a common method for constructing the connections between local area networks (LANs) that make up wide area networks (WANs). Using specialized routers, MPLS sends packets along predetermined network paths, improving upon the typical way the Internet works. These predetermined network paths can be used as the connective tissue that comprises a WAN. However, they take quite a bit of time to set up, can be expensive, and require a contracted service from an Internet service provider (ISP) or telecommunications company.
A software-defined WAN (SD-WAN) is a large network that connects LANs using a range of connectivity options, including the public Internet. SD-WANs do not require static, predefined MPLS routes. Using the public Internet, along with a range of other connectivity methods, helps make this style of networking cheaper to implement than other networking methods. Many corporate WANs have been shifted to SD-WAN in an effort to cut costs and gain more optionality.
The SD-WAN model does not exclude the usage of MPLS — MPLS can be one of the networking methods used in an SD-WAN — but overall SD-WANs are often more flexible and cost-effective by comparison.
SD-WAN vs. MPLS: A real-world analogy
To understand the differences between software-defined connections and MPLS connections, consider the difference between a railroad service and a passenger bus line. Railroads have specialized routes set up via train tracks, and only trains that belong to the railroad can use the tracks. Conversely, a bus line travels across a massive network of roads that also serve many other vehicles. Buses operated by the line do not have to take the same route to their destination every time; they can route around areas of heavy traffic or add more stops as needed.
Like railroad tracks, MPLS connections are dedicated only to the users of those connections. They are more direct and more reliable than the public Internet. However, they require the purchasing of expensive hardware (similar to the laying of railroad tracks), and their routes cannot change very easily. Meanwhile, SD-WANs are built on existing paths (the public Internet) and can easily increase their routes and the number of users served, like the bus line.
What are some SD-WAN benefits compared to MPLS?
- SD-WAN has no inherent bandwidth limits. Because MPLS connections are more or less set in stone (unless they are reconfigured), there is a hard limit for how much capacity can be provisioned over an MPLS connection at once. SD-WAN connections can add capacity as required by combining multiple connections and leveraging the fastest connectivity available.
- SD-WAN is ISP-agnostic. MPLS locks organizations into using local ISPs at WAN-connected sites because MPLS connections have to be configured in physical routers in the adjacent network. SD-WAN connections run over the public Internet; any ISP can support an SD-WAN connection (although most organizations purchase managed SD-WAN services from a single vendor).
- SD-WAN routing is more flexible. SD-WAN can take advantage of multiple connectivity options including broadband Internet connections, private lines, and 5G. It can direct traffic and failover between all available connectivity options. MPLS services typically require dedicated private line connections from the service provider.
- SD-WAN integrates more easily with the cloud. Connecting to the cloud via MPLS is a specialized service offered by some MPLS service providers for some cloud providers. With MPLS, connecting with the cloud requires constructing a direct route to that cloud provider's infrastructure. Multiple types of paths are available via SD-WAN.
SD-WAN can more easily integrate security capabilities directly into the network.
- SD-WAN can more easily integrate security capabilities directly into the network. Next-generation firewalls (NGFWs), encryption, and other security measures can be natively integrated instead of added on. The secure access service edge (SASE) model is built on the integration of SD-WAN with next-generation security capabilities. MPLS-based corporate WANs, by contrast, do not natively encrypt traffic without the separate use of a virtual private network (VPN) server.
What are some SD-WAN drawbacks compared to MPLS?
- MPLS offers more granular control over where packets go. Typically, data packets on the Internet take different routes depending on how routers on the path are forwarding packets at that time — but MPLS routes are only updated manually. MPLS packets never deviate from the defined route since they always are forwarded between the same routers and networks. Depending on the routing method used, network traffic on an SD-WAN likely will not always take the same route, and some packets may be lost in transit, as is the case with most Internet traffic.
- MPLS is sometimes more reliable. MPLS traffic is usually given a higher priority over service provider backbone networks relative to Internet traffic. MPLS services often include quality-of-service (QoS) guarantees. SD-WAN leverages best effort Internet services and may experience occasional packet loss, depending on how it is configured. However, most SD-WAN services compensate for this by intelligently steering traffic away from lossy or slow connections.
SD-WAN vs. MPLS use cases
Both SD-WAN and MPLS are often used to support branch networking, when an organization needs to provide connectivity from multiple offices to the corporate WAN.
SD-WAN use cases:
- Simplified management: Policies can be centrally determined and pushed out to all locations. When an organization uses a managed SD-WAN service, IT teams only have to work with one vendor.
- Easier scalability: SD-WAN requires less provisioning and less manual work for extending connectivity to additional locations, compared to MPLS networks. SD-WAN also has far fewer bandwidth constraints.
- Cloud application performance enhancement: Smart routing and the ability to send traffic over the public Internet results in faster connections to cloud-based applications.
- Zero Trust security: SD-WAN allows for the direct integration of advanced security measures. Depending on how they are implemented, such security measures can help organizations avoid the castle-and-moat security model, in which entities connected to the internal corporate network are automatically trusted.
MPLS use cases:
- QoS guarantees: MPLS carriers have contractual agreements to maintain a certain level of service. This consistency may serve the needs of some enterprises.
- Private WAN usage: MPLS networks are completely private in the sense that no one else uses the same connections, which can be desirable for organizations that wish to avoid using the public Internet. However, MPLS is not natively encrypted, so it is not "private" in the sense that a VPN is private.
- Cost-prohibitive to move from legacy: MPLS is often used simply because it is the incumbent technology, and replacing it would interrupt business processes or cost too much. In such cases, networks can still be modernized through partnering with vendors like Cloudflare, which offers interconnect services to give legacy networks reliable connectivity with the cloud and the public Internet.
SD-WAN vs. network-as-a-service (NaaS)
Network-as-a-service (NaaS) is a cloud service model in which organizations rent networking services from a cloud provider instead of setting up their own networks. Users connect to their applications directly through a virtual network, and they do so via any Internet connection. SD-WANs still require hardware setup; NaaS only requires Internet connectivity.
Network modernization for SD-WAN and MPLS
Many organizations undergo a process of network modernization in order to better support flexible working arrangements and cloud computing, along with avoiding traffic backhauling and other performance degradations associated with legacy networking. In network modernization, parts of the network are offloaded to the cloud or the public Internet, helping avoid the costs associated with MPLS or SD-WAN.
Organizations that want to augment or move away from entrenched networking infrastructure can start by finding a trusted partner that supports the use of a SASE model (in which networking is flexible and security is natively integrated). Cloudflare helps organizations securely connect their data centers, branch offices, and cloud services. Discover Cloudflare's network services.