In today’s increasingly competitive marketplace, network managers are under pressure to achieve cost savings in every corner of their network platform. Depending on the provider, pure MPLS can become cost prohibitive, especially if most of the traffic is destined for a cloud based service over the public Internet.

The alternative is SD-WAN, however increased latency, security & stability concerns of the public Internet and lack of solid SLA’s may not make SD-WAN quite the self-proclaimed magic bullet. There is a third option, Hybrid SD-WAN.

What is Hybrid SD-WAN? Hybrid SD-WAN incorporates both MPLS and SD-WAN technologies into a seamless WAN service that can offer increased bandwidth, low latency, reduced cost, whilst maintaining stability, security and SLA’s.

An Introduction to Hybrid SD-WAN

The premise of Hybrid SD-WAN is simple. Each branch site has both ‘Traditional MPLS’ and ‘Direct to Internet SD-WAN’ connectivity. Traffic can be selectively sent over each of these connection types and use SD-WAN’s traffic management ability to direct the traffic accordingly.

Business traffic that is intended to go to the local data centre takes the MPLS path. Internet destined traffic such as Web traffic and Internet based cloud services will take the ‘Direct to Internet’ path.

Let’s now discuss both MPLS and ‘direct-to-internet’ SD-WAN, then dive a little deeper into the Hybrid SD-WAN model.

MPLS Overview

What is MPLS?

Multi-Protocol Label Switching (MPLS), is a technology used by managed WAN service providers to speed up routing decisions and securely connect customer sites together over a shared WAN infrastructure. MPLS enables the provider to host multiple different companies on their platform and keep all their traffic isolated from each other. For example:

  • Customer A’s MPLS connected sites will all be able to communicate with each other.
  • Customer B’s MPLS connected sites will all be able to communicate with each other.
  • Customer A & B MPLS connected sites are logically separated and will not be able to communicate with each other.

How does MPLS work?

MPLS assigns a ‘label’ to every packet to speed up routing decisions on large scale networks.

Within the MPLS suite is a powerful function called ‘MPLS VPN’ that allows the creation of a private network per customer.

Each customer is assigned a dedicated Virtual Private Network (VPN) which has a dedicated Virtual Routing & Forwarding table (VRF) that stores the routes of every site.

  • Site #1, #2, #3 for customer A are placed in customer A’s VRF and can only communicate with each other
  • Site #1, #2, #3 for customer B are placed in customer B’s VRF and can only communicate with each other
  • Site #1, #2, #3 for customer A & B will not be able to communicate with each other.

Benefits of MPLS

  • Offers bullet-proof stability on a tried and tested technology.
  • Your service provider can usually offer stringent 99.999 SLA’s. We do!
  • Delay sensitive traffic such as Voice and Video can be prioritised by MPLS using Quality Of Service functionality.
  • The ability to have ‘On-Net’ services so your traffic does not need to leave your WAN providers platform.
  • You do not have multiple WAN service Providers to deal with.

Drawbacks of MPLS

Is MPLS dead?

MPLS is here to stay. There will always be a requirement for a secure and stable managed WAN technology that can deliver low latency services between sites.

However it’s not all plain sailing for MPLS. As high bandwidth ‘direct-to-internet’ connectivity has become increasingly cheaper, many companies have decided to run their WAN services over the public Internet.

Is MPLS secure?

Although MPLS does not encrypt traffic, it is a secure transport method for WAN services. MPLS can be used to create a completely isolated and private network, whilst running on a shared network infrastructure. MPLS have potential security vulnerabilities, but these would be due to misconfiguration rather than being prone to attack.

Is MPLS More Expensive Than SD-WAN?

It depends. A fully managed MPLS service is normally considered more expensive than a standard ‘direct to Internet’ SD-WAN solution. However, this is a bit of a grey area as MPLS prices are falling, plus some SD-WAN solutions are becoming more and more over engineered and require more engineering support and software licences to enable particular features.

At Securus, we find that a like for like full MPLS solution vs a solely ‘Direct to internet’ SD-WAN solution has an uplift of about 10 – 20% on the MPLS.

SD-WAN Overview (Direct-To-Internet)

What is SD-WAN?

A Software Defined Wide Area Network (SD-WAN) is a software driven networking solution that has the ability to use cheaper ‘Direct to Internet’ Broadband, LTE, 4G and 5G WAN connectivity.

How Does SD-WAN Work?

SD-WAN has the ability to connect local branch sites, head offices, and hosted data centres together using cheaper ‘direct to internet’ WAN connectivity. These connections are fully encrypted and traffic can be load balanced and prioritised over multiple lines at each site as required.

A centralised policy driven traffic management system is used to orchestrate traffic to ensure efficient use of the bandwidth available. SD-Wan also has the ability to monitor both the load and delay of each WAN circuit, and select specific traffic to traverse accordingly.

For example, should one (or more) of a branch sites ‘direct to internet’ WAN circuits currently offer lower latency than the others, then this line will be automatically used for latency sensitive services such as VoIP or Citrix.

Alternatively, should one (or more) of a branch sites ‘direct to internet’ WAN circuits offer higher available bandwidth, then services that have higher bandwidth requirement such as streaming video and bulk downloads will re-route accordingly.

Benefits of SD-WAN

  • It’s a flexible solution due to it’s ability to use different network link types such as broadband, point-to-point fibre, 4G and 5G
  • Reduces cost by using cheaper ‘direct-to-internet’ lines rather than more expensive MPLS connectivity
  • Detects outages in real-time and automatically re-routes traffic to the remaining data paths to reduce system downtime.
  • Centralises and simplifies the management of WAN services and traffic path selection.
  • The ability to define traffic polices to dictate which services will use which WAN lines.

Hybrid SD-WAN Overview

What is Hybrid SD-WAN

Hybrid SD-WAN is a design model that uses a combination of both traditional MPLS and Direct-to-Internet connectivity. In its simplest from, each geo-separate site would have one MPLS line and one Direct-to-Internet line.

Although each sites local router can choose the path for each traffic type, a Hybrid SD-WAN solution using both MPLS and Direct-to-Internet is recommended for its enhanced traffic policy enforcement.

How Does Hybrid SD-WAN Work?

Hybrid WAN is a design methodology where both MPLS and ‘direct-to-internet’ WAN connectivity is used to provide a diverse and seamless WAN service.

The overall concept of Hybrid WAN is not entirely new, with early deployments relying on routing protocols to direct traffic based on source/destination.

However, Securus use SD-WAN technology in our overall Hybrid WAN design for a full Hybrid SD-WAN solution. This allows each link (be it MPLS or ‘direct-to-internet’) to be closely monitored in real-time for it’s current usage, latency, packet-loss and errors. If a line fails or experiences latency or packet loss, the remaining lines can take over the load.

Intra-site traffic, and traffic destined for on-net services hosted by the MPLS provider use the MPLS line. Traffic destined for the public internet, and web hosted services uses the Direct-to-Internet line.

This design model is more efficient. Latency sensitive applications or services that require an SLA for compliance can utilise the MPLS platform rather than traverse the Public Internet. Internet performance is also enhanced as web traffic uses a direct-to-internet line.

Benefits of Hybrid SD-WAN

  • Latency sensitive applications can use the MPLS line
  • Services that require an SLA for compliance can use the MPLS line
  • Internet access and web hosted services use the Direct-to-Internet line for reduces delay
  • SD-WAN can be employed to manage the traffic flows for both MPLS and Direct-to-Internet and choose the most optimal path for that traffic
  • Reduces the reliance on a single WAN provider
  • Reduces the reliance on a single WAN technology
  • Low latency traffic can use the MPLS link that has enhanced performance SLA’s
  • Sensitive on-net traffic can use the more secure MPLS line
  • Bulk download traffic can use the cheaper Higher Bandwidth SD-WAN link
  • In the event of either a total site SD-WAN failure or MPLS failure service can continue.

The Two Hybrid SD-WAN Designs We Recommend

Hybrid SD-WAN Solution For Small Busuinesses

For business with a small number of sites who require a simple to manage yet resilient solution, using a single MPLS line with a single direct-to-internet line is recommended. This solution would also incorporate SD-WAN technology to ensure greater granularity of the traffic flows.

  • Should the Internet line fail, the Internet traffic can traverse the MPLS line until service is fully restored.
  • To ensure MPLS traffic in unaffected during this time, we have Quality of Service (QOS) enabled on the routers MPLS facing interface to protect the MPLS traffic.
  • Should the reverse happen, and the MPLS line fail then both Internet and MPLS destined traffic would use the Direct-to-Internet line.  The MPLS traffic would be backhauled to the MPLS platform using an IPSec VPN.

Hybrid SD-WAN Solution For Medium/Large Businesses

For larger businesses who require additional bandwidth and increased resilience, using a single (or dual) MPLS line with dual direct-to-internet lines is recommended. This solution would also incorporate SD-WAN technology to ensure greater granularity of the traffic flows.

  • Should one of the two Internet lines fail, service will be un-impacted.
  • Should both Internet lines fail, the Internet traffic will reroute and traverse the MPLS line until service is restored.
  • To ensure MPLS traffic in unaffected during this time, we have Quality of Service (QOS) enabled on the routers MPLS facing interface to protect the MPLS traffic.
  • Should the MPLS line fail then both Internet and MPLS destined traffic would use the Direct-to-Internet line.  The MPLS traffic would be backhauled to the MPLS platform using an IPSec VPN.

Conclusion

A properly designed and implemented Hybrid SD-WAN solution incorporates both traditional MPLS and ‘direct-to-internet’ SD-WAN technology. This solution increases available bandwidth, service resilience, agility, maintains SLA’s, reduces latency and lowers cost.

If your business uses diverse number of services, then Hybrid SD-WAN is an excellent fit. The lower latency and point-to-point privacy of MPLS, coupled with ‘direct-to-internet’ SD-WAN for cost effective high speed Internet access and Internet based cloud services is a perfect match.

Your Next Step

Please get in touch to discuss your Hybrid SD-WAN networking requirements with us in more detail. We offer a completely free consultation with one of our WAN experts to fully go over your precise needs.

Further Reading

You may enjoy some of our other technology articles:

What is Hybrid SD-WAN

What is Hybrid SD-WAN?

In today’s increasingly competitive marketplace, network managers are under pressure to achieve cost savings in every corner of their network platform. Depending on the provider,…
Read More

SD-WAN

SD-WAN Overview More and more customers are coming to us asking about SD-WAN and seeking our help to both understand it better, and assess if…
Read More

Leave a Reply

Your email address will not be published. Required fields are marked *