images
figures
Blog

MPLS Upgrade for the Modern Enterprise

Admin Globaldots
30.03.2021
image 4 Min read
SD-WAN and SASE

If you are about to renew your MPLS contract, or if you need to upgrade your capacity—STOP! Don’t commit to another year of MPLS until you’ve had time to consider if it’s the right technology to carry your business forward. Modern enterprises now have alternatives to MPLS that are more flexible and just as reliable for building a WAN.

Not only is MPLS expensive and inflexible but it’s also poorly suited for meeting the needs of organizations that embrace cloud computing, SaaS applications, and a mobile/remote workforce. If it’s been a while since you’ve shopped around for network connectivity, you need to know that you can switch your dedicated and expensive MPLS network to a cloud-based network and still sustain the service levels your business needs, maintain security, cut costs, and improve overall agility and flexibility.

MPLS Can’t Adapt to Changing Traffic Patterns, and Other Drawbacks

Every enterprise has a need for secure, high-performance, and reliable networking. For decades now, organizations have built their WANs using MPLS circuits to connect branch offices back to the corporate home office. Until recently, MPLS circuits were not only the logical choice but the only choice for high-performance branch connectivity.

The advent of cloud computing and high adoption rates for SaaS applications are real disruptors for WANs built on an MPLS-based hub-and-spoke architecture. MPLS is optimized for point-to-point connectivity only. Workers in branch offices have no direct means of reaching the Internet for cloud or SaaS applications. Their traffic can only be backhauled to headquarters over the MPLS lines and then sent out to the cloud.

This “hair pinning” of traffic just adds latency and creates performance issues. It certainly fails to meet today’s needs when a large percentage of traffic is cloud bound. Consider that Microsoft 365 is the world’s most widely used cloud service – 56% of organizations around the world use it – but 365 isn’t designed to work over a legacy MPLS WAN.

There are other shortcomings of MPLS for modern enterprises. For example, security can be an issue. An MPLS network doesn’t offer built-in data protection, and if incorrectly implemented, it can open the network to vulnerabilities. Cost can be an issue too, especially when compared to alternatives that use the Internet as a transport mechanism. In that comparison, MPLS has a much higher per-megabit price. What’s more, MPLS offers no mechanism to support individual users who work remotely or who must be highly mobile.

For enterprises with a global or multi-national footprint, it can take a long time – perhaps as long as half a year – to deploy MPLS in different countries. There is no single global provider of MPLS, and so an enterprise must work through a broker or accept that it must manage numerous service providers. But perhaps the biggest drawback is a lack of control over the network. The service provider(s) has an outsized role in managing the network.

Is SD-WAN the Alternative to an MPLS Upgrade?

For several years now, pundits have touted SD-WAN as an alternative – or at least a complement – to MPLS. Certainly, SD-WAN has been looking to address the challenges of MPLS, like cost, capacity, rigidity, and manageability.

An SD-WAN edge can dynamically route traffic over multiple data services (cable, xDSL, 4G/LTE, and even MPLS) based on the type of traffic and the quality of the underlying service. An enterprise can easily increase capacity available for production by adding inexpensive data services to an existing MPLS-based network. Zero-touch provisioning allows the edge to configure its connection to the WAN using the available mix of services at each location. This means that new sites can be brought on quickly with a single or dual Internet service or 4G/LTE.

SD-WAN offers many desirable features, but on its own, it’s not a full-fledged replacement for MPLS. In many cases, and especially for branch offices, an MPLS circuit is still needed to carry latency-sensitive traffic. Also, SD-WAN routers don’t address security needs. Enterprises need to extend their security architectures using edge firewalls or cloud security services, which adds to the cost and complexity of an SD-WAN deployment.

Moreover, SD-WAN solutions weren’t designed with cloud resources and mobile users in mind. Vendors have since come up with ways – albeit inelegant – to route traffic to the cloud, but mobile users are left in the lurch with SD-WAN.

SASE Extends SD-WAN as a Real Alternative to MPLS

SASE addresses the shortcomings of pure SD-WAN to offer a genuine alternative to MPLS-based networking. SD-WAN is actually just one part its offering. SD-WAN appliances deliver important networking functionality while SASE goes further by converging SD-WAN with other network and security services to create a holistic WAN connectivity and security fabric.

SASE provides an SLA-backed global backbone of points of presence (PoPs) that form an affordable alternative to MPLS-based networking. This single, global network connects and secures all enterprise edges – sites, cloud resources, and mobile/remote users – without compromising on the cost savings, agility, or reach of the Internet or the predictability, reliability, and performance of MPLS. This SASE solution also builds security into the underlying cloud-native architecture to eliminate the need for a patchwork of security appliances.

SASE is a truly transformational approach to the WAN. By combining SD-WAN and other networking functionality with advanced security features, SASE can legitimately address most WAN network and security requirements at scale, and certainly, be a legitimate replacement for an MPLS-based network.

Originally published in https://www.catonetworks.com/blog/mpls-upgrade-for-the-

modern-enterprise/

Comments

0 comments

There’s more to see

slider item
SD-WAN and SASE
SD-WAN or SASE: The Power is in the Platform
Admin Globaldots

The Secure Access Service Edge (SASE) is a comprehensive platform that blends SD-WAN with security and remote access many other capabilities to meet whatever challenges you face today and, tomorrow.

Read more
slider item
SD-WAN and SASE
Why Remote Workforce and Legacy Security Architectures Don’t Mix
Admin Globaldots

With users working remotely, IT organizations still need the same level of security controls and visibility. But delivering those capabilities can’t be done by compromising application performance.

Read more
slider item
Supply-Chain Data Protection
RCE in Cdnjs and What It Means to You
Dror Arie 19.07.21

Last week, a researcher named RyotaK shared a clever supply chain vulnerability in Cloudflare’s highly popular hosted module called cdnjs, which runs on around 12% of all sites on the web. The module helps developers consume other popular packages and integrate them safely into their sites.  The vulnerability was in the cdnjs library update server […]

Read more

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.
Contact us
figure figure figure figure figure

Don’t Fortify. Amplify – Your Cloud Security Stack, Redefined.