Hello everyone, sorry for the lengthy post but I can’t find a clear answer of google and I need help on MPLS and SDWAN, I’ll type what I think I understood and leave my question in the end. (Please note that I don’t have a background in networking, I took an interest in it and currently I’m working towards my ccna exam, all this is self-study from youtube and other courses)
What I understood:
MPLS offers reliable and secure communication as it uses dedicated circuit lines between sites and branches. However it suffers from issues like the need for backhauling where a site has to go through the main data centre to reach the internet or another site (unless a dedicated line is bought between these 2 sites but that can be expensive)
It is my understanding that by default MPLS connections don’t have Internet access and a separate internet subscription must be bought.
SDWAN eliminates these issues as it offers site to site communication directly without backhauling using VPN tunnels? And each site can have direct internet access.
My questions:
First: am I correct or did I misunderstand something?
Second: MPLS is called layer 2.5 as it combines both circuit and packet switching. I understood circuit switching (the dedicated lines between sites) but I’m having issues with understanding the packet switching part.
Layer 2.5 means that it sits between the datalink and network layers of the OSI model. It does not refer to circuit or packet switching. MPLS is a packet switching technology just like pretty much anything besides the old TDM/SONET lines. Its simply pushing a LABLE on existing PACKETS and using the label to forward traffic through the network instead of destination IP address or destination MAC address.
MPLS is a switching technology, SDWAN is a control technology. They are different things, both in general, they are used to network locations together, generally multipelxed over physical connections. SDWAN is just that the WAN configuration is controlled by software, it can use a multitude of underlying technologies, including MPLS, to achieve it’s goals.
You can exit MPLS anywhere to go to the Internet. If you are purchasing MPLS service from a telco, you are most likely correct, but that is the service as designed, not the technology, that is making that necessary. MPLS is not a hub and spoke, natively, but again, services purchased may be built that way, depending on their expected customers’ needs. SDWAN can be built the same way, for the same reason. Itis a design question, not a technology one.
The packet switching in MPLS is because the network uses some other routing protocol to determine routes for IPs. These are then turned into labels, and distributed to neighboring routers, usually using LDP. So the network is actually switching the packets, by using the inbound label and interface as an index to forward to the outbound interface and label, saving a lot of time in the routing lookup, and separating the routing calculations from the forwarding, which is much more easily done in hardware, and can be done very, very fast.
MPLS is a technology to take your data from point A to point B. SD-WAN is an automated way to manage all the paths that you have in place to take your data from point A to point B.
For some locations, I have 2 MPLS circuits managed by SD-WAN. For other locations, I have MPLS+Internet, both of them managed also by SD-WAN.
To keep it simple, MPLS is like the road and SD-WAN would be the Transit Police (managing who can go through that road and when).
From your perspective (the customer), MPLS is a VPN that’s managed by someone else. It can have Internet access as part of that VPN. It can have backhaul as part of that VPN. It can have class of service as part of that VPN. It can have path protection as part of that VPN.
It doesn’t have to have any of those things, though. That’s up to you and your provider.
For you as a customer, you don’t have to know the specifics of how a provider-delivered VPN (L2 or L3) service is built. MPLS is one common way they’re built, but it’s not the only way.
That said, never assume that a connection is secure unless you are the one providing the encryption keys on hardware that only you control. If your traffic is sensitive, you need to encrypt it…even over provider-managed VPNs.
Let’s start with what SDWAN isn’t, which is magic. SDWAN is just a virtual overlay that can make different/multiple circuits easier to administrate. A SDWAN circuit between two sites with a single connection at both sites is as reliable as whichever connection is shakier.
MPLS isn’t necessarily more stable than IP routing; it just so happens that the Internet connects lots of things indirectly, but since MPLS is a separate language from what the Internet speaks (BGP, mostly), it happens to ride over more direct, private connections that are maintained by engineers to meet SLA commitments. I have personally worked on some completely terrible, unreliable, poorly-maintained MPLS networks. XO/Verizon, I am looking at YOU.
Hi everyone, I really really appreciate you all putting in the time to answer me, like someone said, I have to deepen my knowledge before diving straight in these topics.
Unfortunately I had to jump in directly cause my company does SDWAN solutions and they want me to present to customers to why they should deal with us.
(I work with them in IT support and they want me to fully know about SDWAN in a week :') )
Again, thank you all for the support
They solve different problems. CCNA, afaik, doesn’t cover either, and CCNP only barely acknowledges MPLS.
Your description of MPLS is pretty good for a top-down, high level perspective. But I think you misunderstand what SD-WAN is. SD-WAN does not replace MPLS. It sits on top of whatever your circuits are and improves them by creating additional tunnels.
For your second question, the answer circles back to my first point. Understanding layer 2 and 3 on a fundamental level is key to understanding MPLS, which is what the CCNA covers - and is deepened by the CCNP. You’re probably not going to get a few paragraphs that really give you the insight you’re lacking to understand MPLS, and I know that sounds brutal, but it’s true. You need to firm up that fundamental knowledge, you’re basically jumping into calculus after just doing a handful of algebra problems - you might understand pieces of it, but you’re going to constantly run into problems where you don’t have contextual knowledge to help you understand and solve.
MPLS uses BGP and then overlays it with labeling. This allows it to use switching instead of routing per say. That’s the quickest and easiest way to explain it.
MPLS /can/ be more cost effective to build a WAN because you only need a point-to-point link from your site to your provider’s nearest POP. They then backhaul your traffic along with their other customers.
It’s entirely up to you what your MPLS provider deliver. At the end of the day internet traffic is just IP traffic. They might not want public addressing internally on their network, so they might want you to put a firewall in the DC, or they might want to deliver internet access in a separate VRF and deliver on a physically separate interface to anything else.
In the UK, distance is not a massive problem and I’m personally not a fan of MPLS for building a WAN in a small geographic location, where you have longevity on locations and resilient power. I say that because with MPLS you are effectively renting the full cost of a CPE, including vendor maintenance (eg Smartnet) for the duration of your contract, you are covering the same costs of PE and core routers by your provider, their backhaul circuit costs and you are paying service management costs on top of that. In those scenarios, they don’t necessarily work out that cheap vs a straight fibre based L2 circuit that you can plug into a L3 switch that you already have at each end. Of course, that answer is massively dictated by the size of the WAN and what it’s delivering.
if you are doing hosted MPLS you can have the provider add a default route to the public internet (then you don’t have to backhaul traffic to one of the sites) .
fwiw we use mpls with sd-wan.
we have 4 main sites connected via mpls, full mesh (each site can talk to each other site). we also have some big internet circuits at each site and broadband. we use sd-wan to aggregate those circuits. each site has a full mesh overlay of ipsec tunnels to each other site using all 3 circuits at each site for redundancy. we have policies in place to route our voip traffic only over the mpls tunnels unless certain slas are violated (loss,latency, jitter) then it will fail over to the next best circuit.
honestly our hosted mpls circuits are way better than any of our big internet DIAs in terms of latency and jitter. SDwan just adds a layer on top to give us more automatic redundancy and controll over traffic flow.
Silver Peak (now Aruba) has nice FREE training on their SDWAN platform. Highly recommend checking it out to better understand a great SDWAN platform and usage if you’re into learning by doing.
As a made up marketing term it can mean whatever the vendor wants to sell you.
Normally, it refers to a centrally managed cluster routers, where the central management instructs the individual routers which VPN tunnels to build with which other individual routers. Some will also have firewall rules configured centrally as well, and the central manager pushes the appropriate filter rules to the routers.
That’s it, everything else is marketing fluff to make it look like something new, even though Checkpoint has been doing exactly this since 1995.
I’m seeing a very lot of wrong answers here. Here is the answers which you are looking for.
MPLS - it’s an older technology that uses very expensive connections from a service provider, and requires routers with a lot of complex CLI configuration to make it work.
SD-WAN - new and very cool technology that is much cheaper, that allows businesses the flexibility to use a wide range of connection options, without being tied to long commitment contacts from the providers. Does not require routers with complex CLI configurations, just requires SD-WAN boxes that automatically work with minimum configuration needed
I’d really like a pinned post explaining that MPLS and L2/L3VPN are not the same thing.
It’s getting up there with people using classful nomenclature for irritation value.
The best thing you can do to your customers is tell them “SD-WAN? Forget that term, it’s meaningless. Here’s how our platform centrally manages your border routers to automatically configure your site to site VPNs and ACLs”
I love it when this happens. You have to compare MPLS enabled applications to your product, but you don’t know what “MPLS enabled applications” means. The thing about steep learning curves is that you learn so much so quickly.
From an abstract point of view, SD-WAN pushes network intelligence into the endpoints. Conversely, MPLS pushes network intelligence into the infrastructure. SD-WAN endpoints don’t care about the underlying intermediate networking components. There could be a wire between two nodes or there could be serveral ASNs between two nodes. SD-WAN nodes don’t care about the stuff in the middle, they just want to talk to each other, form relationships, and sniff transit packets.
MPLS wants multiple relationships across multiple roles. It wants IGP, an MPLS control plane, multiservice PEs, and MP-BGP enable service route signaling. MPLS is far more complex than flat IP networking to enable multiple services to converge on a single SP backbone. MPLS requires network engineering and operations expertise.
SD-WAN wants IP connectivity to a remote node. SD-WAN is far more complex than flat IP networking to enable multiple services to converge on flexible WAN topologies. SD-WAN relies on the expertise of software developers to classify inflight packets into specific services. It relies on operational expertise within enterprise to determine the classification schemes so that the SD-WAN nodes can differentiate each packet’s service and transmission behavior.
SD-WAN is great for getting multiple services out of a commercial IP transit service while providing lots of reporting functionality. MPLS is the method by which facilities based service providers forward transit traffic through their WAN.
SD-WAN is great for converging POS systems and public WIFI onto a Comcast internet service at a Starbucks. MPLS services are great for access between multiple campuses over arbitrary distances.
