What is MPLS and SD-WAN? Comparison and Features in 10 mins
An emerging buzzword, SD-WAN (Software-defined networking in a wide area network) is a software-defined wide area network. Refer to Wikipedia to sort it out below: The main concept is to apply the technology of sd wan network (SDN) to managing wide area networks (WANs). Software-defined networking technology uses virtualization technology to simplify the management and maintenance of data centers; Extending this concept and applying related technologies to waning networks can simplify the control of wide-area networks for enterprise users. With this technology, companies can also build high-performance wide-area networks with low-cost network access. As a result, companies can partially or completely replace expensive private wide area network technologies, such as MPLS.
SD-WAN has the following features
■ A variety of physical line connections combined into a logical network: for example: mpls vpn services, LTE, Internet, etc.
■ Dynamically select lines between multiple connections to achieve load balancing or resource resiliency applications: for example, use general Internet lines to meet enterprises' bandwidth increase, instantaneous explosion or backup.
■ Service, application and traffic priority control: Enterprise information services are better than general Internet access.
■ Support VPN, firewall, gateway, WAN and other services.
Why do we need SD-WAN, let's first look at the current customer need SD-WAN, it will probably be divided into four categories:
■ Multiple lines need to be integrated
There are many kinds of current lines, such as private lines, global mpls vpn, ADSL, FTTB, VPN, etc., hoping to pass
The SD-WAN appliance organizes the lines into a single logical WAN, while the actual lines are routed
According to the service, application or custom policy, line backup and line diversion are achieved.
Elasticity such as bandwidth control
■ Dynamic line provisioning, considering Active/Standby or Active/Active architecture
When there are multiple lines such as mpls vpn, Internet lines or VPNs at the same time as the headquarters and equinoxes, in addition to the entire line, you can define dynamic elastic strategies to save investment costs on the online roads of enterprises.
■ Line quality enhancement, the use of non-dedicated line lines, strengthen line detection and backup switching
Changing the traditional customer concept, SD-WAN devices have active inspection such as telecom-grade line detection and route detection to ensure smooth line service. Whether it is a private line or the Internet, it can improve the high availability of enterprise lines. The original dedicated line is a closed network communication, and the Communication Security must still be maintained by the Internet line
VPN encryption via mpls ensures secure tunnel encryption.
Network architecture and product features
■ WAN Smoothing automatically detects network quality to determine smoothness
■ Bandwidth Bonding integrates a variety of lines
■ Hot Failover real-time toggle non-stop line
■ Dedicated VPN ensures secure data transmission
■ Through cloud management, enterprises can control the network status of each location at any time
Use Cases
■ Use multiple optical generation lines (non-fixed IP) to perform mpls connectivity bandwidth binding, greatly reducing the company's line costs, increasing the use of bandwidth, so that video conferencing can be carried out stably and smoothly.
■ Video conferencing is load balanced through the VPN for packet layer and shunted over all lines, so even if one of the lines is disconnected, the video conferencing can continue.
What is MPLS?
MPLS, Multi-Protocol Label Switching, Multiprotocol Label Switching. This is an efficient and reliable network transmission sd wan solutions. In simple terms, it's labeling a stream of data, a bit like a chicken feather letter, telling all the devices along the way: "Who am I and where I'm going?" MPLS leased line is a kind of WAN service dedicated line based on MPLS technology.
MPLS technology, which began with Cisco's Introduction of Tag/Label Switching in 1996, has dominated the enterprise web market for more than 20 years without any major improvements. Compared with the Internet, the advantage of secure remote access solution line is that it is relatively stable and reliable, and security also has a certain guarantee.
However, with the development of the times, its shortcomings are becoming more and more obvious, and it has been complained about by users.
For a long time, whether it is a dedicated line or a VPN service, the price offered by the operator is very expensive. For example, the price of a intelligent network solution 10M MPLS-VPN of a provincial telecom is 80,000 yuan / month For a large group enterprise user, there are more branches and offices, and the annual cost of renting a private line may be as high as thousands or even hundreds of millions of yuan.
Long deployment cycle
After applying for the installation of the special line, the operator has to go through the process internally, and it also needs to manually go to the door for terminal installation and configuration. The entire installation period is very long, generally one week to one month. For the increasingly fast-paced cybersecurity solutions, this time period is also intolerable.
Troubleshooting is difficult
The private line network belongs to the "black box network", for enterprise users, when the private line has a problem, it is difficult to quickly determine the cause. Enterprise IT engineers can only troubleshoot data center backup, switches, routers, and other devices inside the enterprise. If you don't find the cause of the problem, turn to the operator.
For operators, troubleshooting is also very tangled. Often in the end of the investigation, found that there is no problem with themselves, the problem is still on the user side. This time, it has delayed a lot of time and affected the normal operation of the company's business.
Tight maintenance manpower
For corporate headquarters, there are generally dedicated IT engineers for maintenance. However, for branches or offices, due to cost considerations, there is generally no dedicated IT engineer. As a result, it brings difficulties to the maintenance of MPLS dedicated lines, and the cost of changing directions also increases.
All in all, the MPLS line is data center backup and recovery solutions expensive and difficult to use, "the world is bitter MPLS for a long time"!
The shining debut of SD-WAN
First, security is an important consideration for SD-WAN
In recent years, SD-WAN has become popular due to its price, elasticity, and ease of deployment due to the advantages of MPLS (Multi-Protocol Label Switching) traffic distribution technology. Centralized visibility and manageability, as well as a significant increase in the overall performance of WAN links, have made employees more productive. However, if end users in branch offices are allowed to connect directly to the public network or use cloud services, security issues are highlighted, creating the risk and complexity of implementing SD-WAN.
In late 2018, a survey of 250 companies in Europe and the United States led by the Business Management Association (web link) showed that institutions that deployed SD-WAN in their branches were more likely to be at risk of data breaches (about no deployment). 1.3 times the institution of SD-WAN).
Because these institutions rely solely on the security functions of the SD-WAN device itself to defend, and do not cooperate with other security mechanisms.
A typical SD-WAN typically provides security features such as a dynamic packet-filtering firewall, network segmentation, and site-to-site tunneling. However, no further security features are provided, such as wall generation, intrusion detection, data leakage prevention, and UTM. It's also important to note that general SD-WAN is difficult to easily integrate with an enterprise's original security infrastructure. Today's business users are beginning to realize the importance of security.
In a recent joint survey by IDG and Masergy, an SD-WAN provider, 81 percent of respondents said that security was the most critical factor to consider when purchasing an SD-WAN product. Professional SD-WAN providers (referred to as network equipment vendors) understand this very well and have partnered with specialized security vendors, such as firewalls or cloud security vendors, to provide integrated security capabilities
Project sharing
■ The center side uses Peplink to provide a large water pipe VPN outside the two-line binding, not to mention
■ Each store base initially adopts 4G connection to increase the elasticity of deployment, and can use bandwidth binding in the future
■ The use of general Internet circuit to save MPLS line costs.
■ Through cloud management and setting, you can control the network status of each stronghold at any time
■ Save the cost of administration.
Like my work? Don't forget to support and clap, let me know that you are with me on the road of creation. Keep this enthusiasm together!
- Author
- More