As the adoption of Software-Defined Wide Area Network (SD-WAN) matures, moving from the “peak of inflated expectations” to the “slope of enlightenment,” a question that continues to stir the minds of many technologists is whether SD-WAN is replacing Multiprotocol Label Switching (MPLS). If posed to a distinguished engineer, they might vehemently disagree at a technical level, comparing differences from an OSI layer and packet/protocol formats perspective. However, when viewed from a business and qualitative standpoint, the scales might tip more towards agreeing that SD-WAN is indeed replacing MPLS, or in some use cases they are both used in network design.
Meeting Customer Expectations
These products are not necessarily mutually exclusive. Even though SD-WAN is an overlay technology, customer expectations still need to be met to deliver the appropriate application experience, ensure the network fabric’s availability, and maintain a network solution’s resiliency. In today’s hardware/software network stacks SD-WAN capabilities are built into almost every piece of new hardware, or more accurately the software running on that router/switch. The goal for most mature network solutions that are running production traffic, which runs daily operations, the goal should be to build towards 5x 9’s (99.999%) availability. It would be extremely difficult to do this without leveraging the SD-WAN capabilities at the network edge. The WAN circuit you may be using; be it Wavelength, E-Line, VPLS/MPLS, DIA or Broadband, any not have much of an effect on the hardware/software stack you’re using to run the network from a technical standpoint.
SD-WAN’s key attributes make it a formidable contender to become the new network fabric: Keep in mind that when thinking about SD-WAN, similar to MPLS, there are two offerings. Carrier based, integrated to their WAN. This is more of the Gateway type of setup, Velo and Juniper (SSR based) are two good examples of this. This offering typically leverages a carriers MPLS core so its really more of a blended solution that allows you more flexibility on the last mile. The second offering is a straight hardware based setup, think Meraki, Mist, or Fortinet minus the Carrier core gateway POP’s. We will be focused on the second offering as this is where a company can save money and take back control of their network from the Carriers.
Connectivity: While the endpoints that send and receive network traffic haven’t changed much, the traffic pattern mix has indeed evolved over the years, with a majority of traffic now flowing to and from cloud endpoints with a strong focus on security. In the typical hub-spoke topology that enterprises have long deployed, the hub is now shifting from an enterprise-owned site to a cloud hub, either an outsourced data center or a virtual private cloud in a public cloud like AWS/Azure/IBM/GCP. SD-WAN orchestrates the IT + Application intent and translates it into a unified, seamless, secure network fabric across these endpoints. Whether deploying a full mesh or hub-spoke topology for network fabric, SD-WAN can orchestrate the application experience across these topologies. Basically, SD-WAN can shape your network traffic at Layer 7 on the OSI model versus Layer 3 where MPLS plays.
Network Resiliency and High Availability: For many years, network resiliency has been measured at the link, node, and network level. To deliver an exceptional application experience, IT has turned to third-party tools to measure application performance. With distributed systems and computing becoming the norm, resiliency is now addressed in two ways. One focuses on application resiliency, providing the necessary infrastructure redundancy like Dual-CPE (dual spoke), dual SD-WAN GW/hubs, multiple WAN links with application QoE (Quality of Experience) to provide application resiliency within milliseconds of any network component failure. Another focus is on utilizing web-scale micro-services-based software for the SD-WAN controller, where constant upgrades/downgrades, workload moves across availability zones, and scaling the number of endpoints up and down are the norm, all without impacting the application experience. I’m not suggesting that MPLS will become obsolete, but we are starting to see SD-WAN as the foundation for most network fabrics since it connects applications to the network layer in a more integrated manner than MPLS did. SD-WAN integrates a good amount of automation making the service more resilient and productive. Moreover, SD-WAN can be deployed with or without an MPLS underlayer, enabling Line of Business to achieve an Application SLA without having an end-to-end MPLS network fabric run by and managed by a single Carrier.
Embracing Zero Trust
Even though SD-WAN is an overlay technology, customer expectations still need to be met to deliver the appropriate application experience, ensure the network fabric’s availability, and maintain the solution’s resiliency. Moreover, the shift from MPLS to SD-WAN is closely aligned with the adoption of Zero Trust security principles. Zero Trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access. This principle is particularly relevant in the context of SD-WAN, as the move to a more distributed network environment, coupled with the increasing use of cloud-based services, has blurred the traditional network perimeter. This means that the old model of securing the network—establishing a strong perimeter with Firewalls, and trusting everything inside it—no longer works. Defense in depth is the name of the game, starting at the edge with SD-WAN today. With SD-WAN and Zero Trust, organizations can enforce security at the user and the application level, using identity, endpoint health, and location as key attributes. This ensures a more granular level of control and security, which is particularly important in a world where cyber threats are increasingly sophisticated and potentially damaging and where the network perimeter is ever expanding.
SD-WAN: The New Network Fabric
SD-WAN’s key attributes make it a formidable contender to become the new network fabric. Whether in terms of connectivity or network resiliency and high availability, SD-WAN offers a wealth of advantages that position it well in a landscape increasingly defined by cloud-based operations and demanding security standards.
This perspective is intended to build confidence that SD-WAN, when aligned with the principles of Zero Trust, and is the network fabric of the future. It connects applications to the network layer in a more integrated manner than MPLS did and can be deployed with or without an MPLS underlayer. This enables service providers and Lines of Business to achieve Application SLA without having an carrier run end-to-end MPLS network fabric. The future of networking, it seems, is not just about the shift from MPLS to SD-WAN, but also about the convergence of SD-WAN and Zero Trust principles.
In conclusion, as we venture further into the digital age, the landscape of networking is undeniably shifting. The traditional methods and models, while still relevant in certain scenarios, are gradually being complemented or replaced by more advanced, flexible, and secure alternatives. SD-WAN stands out as one of these key technologies, offering a robust networking solution that can cater to the complex demands of modern businesses. Its ability to deliver high network performance, granular control over traffic, and seamless integration with cloud platforms makes it an excellent contender for the future of networking. Moreover, the integration of SD-WAN with Zero Trust security principles offers a novel approach to network security that is more in tune with the realities of our interconnected, cloud-centric world. By applying a ‘never trust, always verify’ stance and implementing security controls at the user and application level, organizations can establish a more resilient defense against increasingly sophisticated cyber threats. While MPLS continues to play a role in networking, it’s clear that SD-WAN, with its versatile and security-focused capabilities, is rapidly emerging as a preferred choice for many. Its ability to interoperate with or without an MPLS underlay provides businesses the flexibility and control to shape their network fabric in alignment with their specific needs. The future of networking appears to be one of convergence—where technologies like SD-WAN and principles such as Zero Trust merge to create an environment that is secure, efficient, and responsive to the ever-evolving demands of digital businesses. As such, the conversation is no longer about whether SD-WAN is replacing MPLS, but rather, how SD-WAN, MPLS, and Zero Trust can be leveraged collectively