MPLS WAN v SD-WAN - The Difference Between Them Explained

As both an SD-WAN provider AND an MPLS WAN provider, we're well-placed to explain the differences between these two options.

Centralised Control

A key feature of SD-WANs is that they allow large organisations to centralise control of their wide area networks (WANs).

For example, an IT manager at a retailer can control a wide area network that links the firm's 200 shops, its warehouse, a few regional offices and the firm's head office.

The IT Manager can potentially prioritise traffic from a given application across all sites, instantly. No-one in those 200+ locations (except the IT manager) needs to do anything.

Deep Packet Inspection

MPLS networks don't tend to inspect the contents of packets. Instead, they just look at standard information like the source address, the port number and the destination address. SD-WANs often inspect packets contents to figure out what to do. They divert some traffic down the highest quality routes, relegate other traffic to slower or less reliable routes, and drop some traffic entirely.

This allows SD-WANs to be more nuanced than MPLS networks in how they treat traffic. For example, an SD-WAN may be able to allow certain VoIP phone calls (e.g. to/from the firm's IP telephony supplier) but bar others (e.g. Skype calls). An SD-WAN may be able to allow general web traffic, but block access to certain problematic types of website. It may allow certain types of traffic to pass but throttle bandwidth usage. 

The Role Of Network Providers

Most MPLS networks are managed by network providers. Most SD-WANs are managed by the end-customer.

With MPLS networks, the provider of the router is probably providing connectivity. With SD-WANs, the firm that provided the SD-WAN devices may not be providing connectivity.

If an organisation with an SD-WAN wants to change connectivity supplier, they can - in theory - just order new connections, plug them into their existing SD-WAN equipment, cancel the old connections and unplug the old network connections. They are able to run a single WAN over connections provided by several different connectivity suppliers. There's no requirement to use the same leased line provider or broadband supplier at every location.

Connection Bonding

Most MPLS and SD-WAN routers can support several different physical connections simultaneously. However, SD-WANs are more likely to be set up to take full advantage of the connections available - i.e. to use whatever connections happen to be available, often simultaneously. In practice, MPLS tends to be used primarily on dedicated circuits, such as those with an ISP's core network. It tends not to be used on contended circuits (e.g. standard broadband), except when those connections are set up as the backup option to a dedicated circuit. In many cases, the backup connection will be passive, i.e. unused except when the primary circuit goes down making use of the backup circuit necessary.

SD-WANs, in contrast, tend to make far more use of contended circuits.

Much of what the SD-WAN does is really just a clever way to reduce the downsides of shifting traffic from dedicated circuits to cheaper contended circuits - by cherry-picking which traffic is diverted to the cheaper connections, and aggregating bandwidth from multiple cheap connections to compensate for the lower maximum upload speeds offered by asymmetrical broadband connections.

Integrated Network Traffic Shaping/Blocking (Sometimes)

SD-WANs use deep packet inspection to support intelligent traffic routing. Sometimes, this technology is also used to enhance IT security in ways that MPLS networks cannot do.

For example, some SD-WAN devices can block traffic to web sites known to host malware and block traffic flows associated with particular file-sharing applications that the network administrator doesn't want to allow.

To put it another way, some SD-WAN hardware performs tasks typically undertaken by next-generation firewalls.

In some cases, SD-WANs encrypt traffic flowing over the WAN links. Generally, MPLS WANs do not use encryption.

Internet-Related Performance Issues

SD-WANs tend to be provisioned over the public Internet; MPLS networks tend not to be. As the public Internet is a 'best efforts' network, its performance isn't always great. Often, the levels of packet loss, latency and jitter are fine for most traffic, but suboptimal for delay-intolerant packet-loss-intolerant real-time applications such as VoIP, video conferencing and remote desktop sessions. This is because Internet peering and transit links can become congested, and suboptimal routes may be taken. MPLS network providers can typically provide Service Level Agreements (SLAs), with guarantees relating to packet loss and latency. SD-WAN providers who do not provide connectivity but just a software-defined network overlay aren't in a position to make such guarantees, as they have no control over the underlying connectivity.

Hardware Cost

Currently, SD-WAN hardware tends to be more expensive than the equivalent MPLS hardware. So, if you deploy a Software-Defined WAN, expect the routers to cost more than if you'd opted for an MPLS WAN.

If you have two sites, this may not be a worry. If you have 20 sites, these differences in hardware costs could be considerable.

Speed Of Failover To a Backup/Secondary Connection

In theory, both MPLS and SD-WANs can switch over from a primary connection to a backup connection in less time than it takes to blink an eye. In practice, many MPLS WANs do not have MPLS implemented end-to-end. Instead, it is just implemented in the ISP's core network. So when a local link goes down - connecting the customer's site to the MPLS provider's core network - there can be anything from a few seconds of downtime to a few minutes. With SD-WANs, downtime may be shorter, as most SD-WANs tend to implement something that's functionally equivalent to MPLS Fast Reroute.

Technology Maturity

MPLS is a widely deployed, mature technology option. SD-WAN is newer... or at least it is a new repackaging (and aggregation) of several mature technologies.

As a consequence, there is more variance in what SD-WANs can do, in comparison to MPLS WANs, as some SD-WAN providers are pure-play SD-WAN vendors. Other are long-standing networking equipment manufacturers that have recently added next-generation-firewall deep-packet-inspection into their offering. Other SD-WAN hardware manufacturers are firewall manufacturers heading in the opposite direction. Each vendor's legacy affects how it implements SD-WAN.

As a mature technology, MPLS tends not to be proactively mentioned by many MPLS providers. SD-WAN, on the other hand, tends to be actively marketed. It tends to be positioned as a new vastly-cheaper superior rival to tired MPLS.

This arguably leads to mis-selling by omission of relevant facts. For example, some SD-WAN providers highlight that you could use 4G/5G connections with your SD-WAN - but fail to mention that this isn't usually practical as mobile network reception in office server rooms is usually poor, mobile data speeds vary widely, and data transfer costs are usually ruinously high.

SD-WANs are often painted as being extremely cheap in comparison to MPLS. Headline-grabbing cost-saving claims tend to be based on an assumption that cheap contended asymmetric broadband is an adequate substitute for uncontended symmetric leased line circuits. This may not be the case, not least because the broadband options available to relevant sites may be limited to FTTC or ADSL.

Such cost comparisons also ignore that leased line costs (including MPLS WAN circuit costs) have fallen substantially over the past few years. 

Find out whether an MPLS Network or an SD-WAN would be right for YOUR organisation

As an MPLS network provider and an SD-WAN provider, we're able to help UK firms get the right WAN technology - whatever that may be.

To find out more, call us on 020 7847 4510.