MPLS is a label switching technology that forwards packets at layer 2 - typically within a service provider network without resorting to layer 3 routing. As defined by IETF RFC 3031, MPLS adds a 4-byte label to an IP packet header upon ingress into the MPLS network; the label determines the fixed forwarding path of the traffic flow without requiring the intermediate hops to inspect the IP header’s addressing parameters; the MPLS network egress router again removes the label.
MPLS effectively builds “tunnels” across a routed IP network to efficiently forward packets that follow a fixed and predictable path.
Label switching evolved from older point-to-point connection-oriented technologies such as Frame Relay and ATM. MPLS preserved the forwarding efficiency of the older layer 2 technologies (while carrying traffic over a L3 routed IP network), and enhanced network flexibility by building virtual “leased circuits” that can be reconfigured without requiring physical, layer 2, or layer routing table changes to the network.
Label-switched “tunnels” provide separation between different customers’ traffic on a service provider network—a method of forming VPNs. It is also used to build VRFs (Virtual Routing and Forwarding) within a single customer’s private network. The IP packet content following the MPLS label can optionally be encrypted end-to-end without impeding the capability, or efficiency, of forwarding the packet—offering secure (or encrypted) VPNs or VRFs.
Originally evolving to replace leased lines, Frame Relay and ATM circuits, MPLS architecture is particularly well-suited to hauling traffic efficiently over a pre-determined path between a branch office and an aggregation site, typically either a hub site (in a hub-and-spoke network), or a data center.
However, MPLS architecture struggles with the dexterity and agility required by traffic flowing to a frequently-changing variety of “off-network” (that is, off the MPLS VPN) destinations such as cloud-based or SaaS sites, or branch-to-branch traffic. As cloud-based, Internet-based and SaaS destinations become increasingly common, the efficiency and security of MPLS must be weighed up carefully against its rigidity and inflexibility.
MPLS is also an expensive service, and often requires significant lead time to plan, procure, and install. In some lesser-populated geographies, MPLS service may not be available at all. There is additionally the need for businesses to add bandwidth as they grow, and the limited, strictly governed-as-procured SLA of a “thin-pipe” MPLS link stymies a growing business’s dexterity to expand quickly and cost-effectively, requiring either a new physical link or a renegotiated and re-priced SLA.
MPLS service also does not provide the deployment agility demanded by mobile (e.g. traveling kiosk in the back of a truck), or temporary sites (e.g. a conference booth, or a construction site).
SD-WAN architecture has changed this equation with a variety of technologies that offer business-class traffic service independent of the underlying transport. These include innovations such as per-packet forwarding techniques, Multi-path Optimization, continuous monitoring, application steering with sub-second protection against brown-outs and blackouts, on-demand remediation, packet replication and dynamic jitter buffering.
Generic broadband connections are available in almost all geographies, much more flexible in the range of bandwidth capacities they offer, and far better priced than MPLS. With an SD-WAN’s transport-independent architecture, carrier-class service equaling or surpassing that of MPLS’s SLA and resiliency can be achieved on broadband connections.
A Cloud-delivered SD-WAN additionally optimizes the delivery of traffic directly and efficiently to other cloud-based destinations by building software-defined encrypted tunnels when and where needed, dynamically steering traffic, and leveraging cloud-based CPE and gateways. This traffic may never hit a data center or an aggregation site on your traditional MPLS VPN.
These choices do not demand an instant switchover from an existing MPLS network. The newer methods can run in parallel (to provide optimized paths for traffic flows not destined for traditional data center destinations), or as an overlay on the legacy network, introducing application steering flexibility over an older infrastructure.