MPLS Upgrade for the Modern Enterprise

Guest Writer
image 4 Min read

If you are about to renew your MPLS contract, or if you need to upgrade your capacity—STOP! Don’t commit to another year of MPLS until you’ve had time to consider if it’s the right technology to carry your business forward. Modern enterprises now have alternatives to MPLS that are more flexible and just as reliable for building a WAN.

Not only is MPLS expensive and inflexible but it’s also poorly suited for meeting the needs of organizations that embrace cloud computing, SaaS applications, and a mobile/remote workforce. If it’s been a while since you’ve shopped around for network connectivity, you need to know that you can switch your dedicated and expensive MPLS network to a cloud-based network and still sustain the service levels your business needs, maintain security, cut costs, and improve overall agility and flexibility.

MPLS Can’t Adapt to Changing Traffic Patterns, and Other Drawbacks

Every enterprise has a need for secure, high-performance, and reliable networking. For decades now, organizations have built their WANs using MPLS circuits to connect branch offices back to the corporate home office. Until recently, MPLS circuits were not only the logical choice but the only choice for high-performance branch connectivity.

The advent of cloud computing and high adoption rates for SaaS applications are real disruptors for WANs built on an MPLS-based hub-and-spoke architecture. MPLS is optimized for point-to-point connectivity only. Workers in branch offices have no direct means of reaching the Internet for cloud or SaaS applications. Their traffic can only be backhauled to headquarters over the MPLS lines and then sent out to the cloud.

This “hair pinning” of traffic just adds latency and creates performance issues. It certainly fails to meet today’s needs when a large percentage of traffic is cloud bound. Consider that Microsoft 365 is the world’s most widely used cloud service – 56% of organizations around the world use it – but 365 isn’t designed to work over a legacy MPLS WAN.

There are other shortcomings of MPLS for modern enterprises. For example, security can be an issue. An MPLS network doesn’t offer built-in data protection, and if incorrectly implemented, it can open the network to vulnerabilities. Cost can be an issue too, especially when compared to alternatives that use the Internet as a transport mechanism. In that comparison, MPLS has a much higher per-megabit price. What’s more, MPLS offers no mechanism to support individual users who work remotely or who must be highly mobile.

For enterprises with a global or multi-national footprint, it can take a long time – perhaps as long as half a year – to deploy MPLS in different countries. There is no single global provider of MPLS, and so an enterprise must work through a broker or accept that it must manage numerous service providers. But perhaps the biggest drawback is a lack of control over the network. The service provider(s) has an outsized role in managing the network.

Is SD-WAN the Alternative to an MPLS Upgrade?

For several years now, pundits have touted SD-WAN as an alternative – or at least a complement – to MPLS. Certainly, SD-WAN has been looking to address the challenges of MPLS, like cost, capacity, rigidity, and manageability.

An SD-WAN edge can dynamically route traffic over multiple data services (cable, xDSL, 4G/LTE, and even MPLS) based on the type of traffic and the quality of the underlying service. An enterprise can easily increase capacity available for production by adding inexpensive data services to an existing MPLS-based network. Zero-touch provisioning allows the edge to configure its connection to the WAN using the available mix of services at each location. This means that new sites can be brought on quickly with a single or dual Internet service or 4G/LTE.

SD-WAN offers many desirable features, but on its own, it’s not a full-fledged replacement for MPLS. In many cases, and especially for branch offices, an MPLS circuit is still needed to carry latency-sensitive traffic. Also, SD-WAN routers don’t address security needs. Enterprises need to extend their security architectures using edge firewalls or cloud security services, which adds to the cost and complexity of an SD-WAN deployment.

Moreover, SD-WAN solutions weren’t designed with cloud resources and mobile users in mind. Vendors have since come up with ways – albeit inelegant – to route traffic to the cloud, but mobile users are left in the lurch with SD-WAN.

SASE Extends SD-WAN as a Real Alternative to MPLS

SASE addresses the shortcomings of pure SD-WAN to offer a genuine alternative to MPLS-based networking. SD-WAN is actually just one part its offering. SD-WAN appliances deliver important networking functionality while SASE goes further by converging SD-WAN with other network and security services to create a holistic WAN connectivity and security fabric.

SASE provides an SLA-backed global backbone of points of presence (PoPs) that form an affordable alternative to MPLS-based networking. This single, global network connects and secures all enterprise edges – sites, cloud resources, and mobile/remote users – without compromising on the cost savings, agility, or reach of the Internet or the predictability, reliability, and performance of MPLS. This SASE solution also builds security into the underlying cloud-native architecture to eliminate the need for a patchwork of security appliances.

SASE is a truly transformational approach to the WAN. By combining SD-WAN and other networking functionality with advanced security features, SASE can legitimately address most WAN network and security requirements at scale, and certainly, be a legitimate replacement for an MPLS-based network.

Originally published in




There’s more to see

slider item

What is SASE? Your 2021 Definitive guide

Gershon Tchemakin 08.11.21

Pronounced ‘sassy’, SASE (Secure Access Service Edge), is a terminology first proposed by Gartner. While there are many definitions of SASE, it can be simply said to be a network architecture that combines the capabilities of SD-WAN with network security functions and delivers it as a service delivered via the cloud. What is SASE used […]

Read more
slider item

SASE vs. Zero Trust: Your Definitive Guide

Gershon Tchemakin 31.10.21

In a world of quickly-expanding cloud traffic, SASE has emerged as the clear choice for ensuring a proactive security posture and consistent protection against emerging cloud-native threats. SASE also gains popularity for converging security and speed – a potent combination which helps realize the potential of the cloud. Read more in our guide “How to […]

Read more
slider item

Solution Brief: Secure Access Service Edge (SASE)

Admin Globaldots 13.04.21

Increase performance, cut network TCO. Step into the world of enterprise network and security as a cloud-based service. Discover how fast & easy you can upgrade your SD-WAN or MPLS into a hardware-free, growth-ready, and cost-effective solution. This solution brief includes top features, capabilities, and benefits. Fill out the form to get your copy.

Read more

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.
Contact us
figure figure figure figure figure