Home > Insights > Articles


SD-WAN vs MPLS: Why SD-WAN is the right choice in 2021

John McVicker


Since the early days of networking, the notion of segmenting and prioritising network and application traffic to ensure that the most important traffic is given priority over less important traffic, has been the nirvana for most network administrators.

With the roll-out and commercialisation of MPLS (Multi Protocol Label Switching) in the early 1990s, many network and application administrators were finally given the tools to prioritise traffic, control performance and have a more control over the transport and bandwidth costs to distant office sites.

However, what may at first deliver the prioritised traffic that many had demanded, came at a cost that some consider uneconomic – the perennial debate – why deploy MPLS architecture when the costs of bandwidth are so cheap (and falling)?

Given that MPLS effectively provides a secure tunnel through a provider network, it is clear to see that the security improvements offered by MPLS provided enough reason why many network administrators went with this option.

But as the technology industry evolved to “software-define” everything, it was inevitable that we would have a software defined network architecture which has given rise, to SD-WAN services, which offers better visibility, enhanced application performance, and higher availability.

So what are the advantages of SD-WAN vs MPLS?


1.    Enhanced security


When one reflects on the key security proposition offered by MPLS – secure and managed nature of the link through the service provider’s backbone – it is worth noting that MPLS does not provide any analysis of the data that it delivers, that remains the responsibility of the MPLS client. Even when traversing a particular network, that MPLS traffic has to be inspected for malware or analysed for security defects, which means a firewall is needed and likely additional end-point security.

Whilst it is fair that SD-WAN services may appear to suffer from the same security issues that MPLS had, many providers are now deploying integrated next-generation firewall functionality (much of which is also software-defined also) so that all links are automatically dynamically meshed with VPN capabilities to secure data in transit and also combined deep inspection, at the packed level, of all traffic types.

This functionality not only embeds security at the core of the network but also provides a comprehensive and manageable analysis of the network traffic and enables application security at the core of the service, from the outset – something MPLS was never truly able to do.


2.    Better value for money


Networking topology for many organisations that used MPLS, relied upon connecting remote branches and retail locations, to a centralised location or Datacentre using a hub and spoke WAN model that was heavily reliant on multiple individual MPLS connections. As a result, all traffic (including access to cloud services or internet traffic) had to be routed back to a central location or Datacentre, for processing and redistribution out to these other “offnet” locations.

SD-WAN addresses these issues of multiple single point-to-point links by providing multi-point connectivity that uses distributed private data exchange and control points that provides users with a secure and local access to the services that they need, whilst securing access to the Internet or other cloud resources.

It is this meshed and virtualised networking infrastructure that both reduces the costs of deploying and maintaining the network, whilst also providing a more cost-effective way to secure user and network traffic. This reduces network, security and administrative overheads costs and make the SD-WAN a more economic and better value proposition compared to MPLS architectures in many cases.


3.    Improved application and network performance


In the “old world”, MPLS provided a fixed level of bandwidth to a given location as a means to guarantee or provide predictability to network or application performance. However, the traffic profiles of today’s applications and traffic have performance requirements that are difficult to easily predict. It is this unpredictability that means those organisations that continue to use MPLS connections, are always buying and operating links that are planned for a worst-case traffic scenario, meaning that much of this network remains unused during normal operational circumstances. However, at times of peak data and application demand, the MPLS connection will “max out” and constrain connectivity between the sites – so effectively delivering the complete opposite of what it was originally intended to do!

Adding to this issue of network capacity at peak times, not all application traffic is the same. Video and Voice traffic have latency requirements that need to be continually monitored, whilst web and email traffic do not. Where there are multiple different applications using the same connection tunnel or link, it is this latency-sensitive traffic that needs to be prioritised. To deliver on this need to deliver application-specific network performance, the network will need to recognise the traffic that is particular to a given application, provide the ability to shape traffic and balance traffic loads, and prioritise traffic between locations – none of which MPLS is easily able to do.

An SD-WAN infrastructure recognises the applications at work across the network and adapts bandwidth to fit their characteristics and performance requirements. It can initiate several different parallel connections simultaneously and provides load balancing to ensure correct traffic flows between them. For more sensitive applications an SD-WAN can provide simple fail-over to new links to ensure performance and ensure that latency-sensitive applications like voice and video receive the network support that they require.

It is this inherent ability to support applications, analyse their network requirements, and deliver the underlying network performance that they need in order to function appropriately that make an SD-WAN infrastructure the natural choice for multi-application and multi-site environments.

It is clear that for the majority of corporate environment and corporate applications, that SD-WAN infrastructure is the natural evolution of MPLS technology for 3 simple yet important reasons :

1. Security

2. Value for money

3. Performance

However, as much as the technology of MPLS has not morphed and is delivered by an SD-WAN infrastructure, MPLS is still the architecture of choice in instances where the data is highly sensitive and requires a high degree of security and integrity e.g. credit card transaction processing data, equities transaction processing, banking transaction data.

In many ways it is fair to say that SD-WAN is the new MPLS, but it is not always the case that the new technology offers the silver bullet across all application and networking stacks – sometimes the older ways are still the best and most appropriate ways.

Want to know more about Best and how we can support your need, you can contact us here or download our whitepaper below. 

New call-to-action