The more I read about these topics online the less sense it makes to me
VPN can connect 2 or more remote sites together so a user at one site can access resources at another site
MPLS has a link between multiple sites were unless the underlying network doesn’t go down then all those sites are connected, all these sites are part of a private network and access the internet through a breakout firewall/router at one of the sites
SD Wan you can prioritise certain traffic over other data and you can load balance this over multiple internet lines, (I cant understand are multiple sites connected to each other like MPLS and is there an ISP element I’m missing)
VPN runs over the internet, I can connect sites across different ISP’s, allow mobile users access to internal resources etc. This also means delivery of my traffic is at the mercy if numerous parties I dont have direct relationships with. MPLS covers that issue, I get a contract for end to end delivery between my sites. I might end up paying significantly more for that and I still need an internet connection. SDWAN then bridges the gap between the two, bulk traffic over the cheaper internet traffic, latency sensitive traffic over the MPLS network. Or do away with MPLS altogether and get the majority of the performance from multiple cheaper connections.
Fully meshing IPsec VPNs doesn’t traditionally scale well in terms of configuration and labor, and GRE tunnels over IPsecis a bit elaborate and uncommon, along with the other disadvantages of tunneling.
MPLS can function in different topologies, but connecting branch sites back to headquarters and then making them access the public network only through headquarters is a common topology. MPLS is the successor to Frame Relay which is the successor to X.25. The main thing about MPLS is that a provider builds and maintains the tunnels and charges top dollar for the value-add, even though MPLS. It made more sense when such services were cheaper than transit to the public Internet, but today MPLS usually just means you’re likely paying a lot of money for a legacy telco-type service that’s used by organizations who don’t know better or aren’t sufficiently sophisticated to run their own tunnels.
“SD WAN” is the name that’s been adopted for unconventional networking techniques that were effectively impossible with traditional discrete routers and routing protocols of the past, but it’s almost always proprietary on some level. Aggregating network uplinks with wildly different characteristics, transparently failing over, load-balancing, and prioritizing between them are the main functions of SD-WAN in practice.
An result similar to SD-WAN should be achievable with mostly-open DMVPN, QoS, BGP, and additional configuration, but it’s quite a bit of engineering.