MPLS: Multi-protocol Label Switching
Reliable and efficient, but is it time to consider newer techniques?
MPLS is a widely deployed, reliable and secure technology for building a fixed-path VPN over an IP network between a set of branch offices and data centers. Modern networks, however, increasingly demand not only the agility to steer traffic to a variety of cloud-based and SaaS sites outside the traditional VPN, but also much quicker and more cost-effective deployment capability.
MPLS Technology: A Brief Review
Cloud-Delivered SD-WAN technologies provide transport independent business-class traffic service, as well as a plethora of new techniques to increase the dexterity and traffic efficiency of your network. Is it time to give these a closer look?
MPLS is a label switching technology that forwards packets at layer 2—typically within a service provider network—without resorting to layer 3 routing. As defined by IETF RFC 3031, MPLS adds a 4-byte label to an IP packet header upon ingress into the MPLS network; the label determines the fixed forwarding path of the traffic flow without requiring the intermediate hops to inspect the IP header’s addressing parameters; the MPLS network egress router again removes the label.
MPLS effectively builds “tunnels” across a routed IP network to efficiently forward packets that follow a fixed and predictable path.
Label switching evolved from older point-to-point connection-oriented technologies such as Frame Relay and ATM. MPLS preserved the forwarding efficiency of the older layer 2 technologies (while carrying traffic over a L3 routed IP network), and enhanced network flexibility by building virtual “leased circuits” that can be reconfigured without requiring physical, layer 2, or layer routing table changes to the network.
Label-switched “tunnels” provide separation between different customers’ traffic on a service provider network—a method of forming VPNs. It is also used to build VRFs (Virtual Routing and Forwarding) within a single customer’s private network. The IP packet content following the MPLS label can optionally be encrypted end-to-end without impeding the capability, or efficiency, of forwarding the packet—offering secure (or encrypted) VPNs or VRFs.
MPLS Deployment: An Assessment
MPLS technology is widely deployed globally in service provider and private networks due to its proven reliability, efficiency, and security. It offers a configuration-controlled method for a service provider to share its physical infrastructure resources securely among many different customers’ VPNs—either with separation only, or with separation and encryption
Originally evolving to replace leased lines, Frame Relay and ATM circuits, MPLS architecture is particularly well-suited to hauling traffic efficiently over a pre-determined path between a branch office and an aggregation site, typically either a hub site (in a hub-and-spoke network), or a data center.
However, MPLS architecture struggles with the dexterity and agility required by traffic flowing to a frequently-changing variety of “off-network” (that is, off the MPLS VPN) destinations such as cloud-based or SaaS sites, or branch-to-branch traffic. As cloud-based, Internet-based and SaaS destinations become increasingly common, the efficiency and security of MPLS must be weighed up carefully against its rigidity and inflexibility.
MPLS is also an expensive service, and often requires significant lead time to plan, procure, and install. In some lesser-populated geographies, MPLS service may not be available at all. There is additionally the need for businesses to add bandwidth as they grow, and the limited, strictly governed-as-procured SLA of a “thin-pipe” MPLS link stymies a growing business’s dexterity to expand quickly and cost-effectively, requiring either a new physical link or a renegotiated and re-priced SLA.
MPLS service also does not provide the deployment agility demanded by mobile (e.g. traveling kiosk in the back of a truck), or temporary sites (e.g. a conference booth, or a construction site).
Cloud-Delivered SD-WAN Technology
To overcome the drawbacks of MPLS, customers resort to “over-the-top” broadband connections that can be provisioned instantaneously (cellular LTE) or cost-efficiently in a short period of time (wired broadband connections). Until recently these were considered “best-effort” connections and therefore not truly suitable for business-class traffic—used as a stop-gap method, or relegated to carrying only low-priority traffic.
SD-WAN architecture has changed this equation with a variety of technologies that offer business-class traffic service independent of the underlying transport. These include VeloCloud innovations such as per-packet forwarding techniques, Dynamic Multi-path OptimizationTM, continuous monitoring, application steering with sub-second protection against brown-outs and blackouts, on-demand remediation, packet replication and dynamic jitter buffering.
Generic broadband connections are available in almost all geographies, much more flexible in the range of bandwidth capacities they offer, and far better priced than MPLS. With an SD-WAN’s transport-independent architecture, carrier-class service equaling or surpassing that of MPLS’s SLA and resiliency can be achieved on broadband connections.
A Cloud-Delivered SD-WAN additionally optimizes the delivery of traffic directly and efficiently to other cloud-based destinations by building software-defined encrypted tunnels when and where needed, dynamically steering traffic, and leveraging cloud-based CPE and gateways. This traffic may never hit a data center or an aggregation site on your traditional MPLS VPN.
These choices do not demand an instant switchover from an existing MPLS network. The newer methods can run in parallel (to provide optimized paths for traffic flows not destined for traditional data center destinations), or as an overlay on the legacy network, introducing application steering flexibility over an older infrastructure.