Many people have asked how to optimize WAN Virtualization. A common questions centers on deciding between a solution centered around either Multiprotocol Label Switching (MPLS) or SD-WAN. Here are a few major differences between the two technologies that will help decide which system is better for certain applications.


You're interested in upgrading the connectivity of your multiple offices. At the time you were using a standard IPsec VPN and a business level broadband connection. One office would soon be upgrading to managed fiber and that PRI would be discontinued at the main headquarters. You had previously used VoIP across these VPN connections without having too many issues.

Price quotes for MPLS were at the level you know would never be approved; along the lines of $5,300 per month. In a predicament, you ask fellow IT admins for their experiences and advice on alternatives to MPLS that would fit your budget and be effective in terms of reliability and continuity.

The comparison of MPLS vs SD-WAN focuses on four key area: packet loss and availability, Quality of Service (QOS), security, and connectivity.

Packet Loss and Availability

The biggest advantage of MPLS is its capabilities to deliver packets and provide a high QOS. MPLS excels at managing packet loss which is valuable for those interested in real-time protocols such as VoIP, video conferencing, and virtual desktops. The high packet availability of MPLS allows these real-time systems to work without loss of quality or degradation of signal.

Even though MPLS networks are a shared infrastructure, they still provide highly reliable packet delivery. MPLS places special labels on each packet that isolates them from other traffic on the network, so even shared systems will not cause interference. This can be extremely useful when there are many customers on a shared network. High traffic times will result in lost packets, packet collisions, and overall degradation of signal. While this technology does help reduce packet loss, it is still operated on a shared network which means there will be competition for bandwidth at times. This congestion can result in the loss of packets.

MPLS networks can see anywhere between 0.1% and 1% packets dropped at any time. Compared this to the internet which can experience 1% or more loss depending on a huge variety of conditions. Service Level Agreements (SLA) will specify the percentage of allowable lost packets from the MPLS provider. Unmanaged networks will not have an SLA and therefore have no guarantees on packet availability.

MPLS providers, not only guarantee a certain level of availability, they will offer QOS buckets so that your most vital data is prioritized over general traffic and has less of a chance of being disrupted. Other internet solutions do not provide any guarantees for packet delivery or QOS, thus are less reliable in terms of having an SLA guarantee.

SD-WAN Capabilities

Packet delivery across the internet has seen significant improvements due to SD-WAN. Before QOS can even be considered, networks must control packet loss issues. The main idea being that QOS prioritized packets are not effective if they are lost in delivery.

A common procedure that most customers use to avoid packet loss is to utilize two different links from two unique internet providers. This redundancy is useful overall and allows them to maintain around 99.99% availability and provides the customer with two unique access paths to the internet. While two providers increases availability, it is useful to measure packet loss individually across each provider. If there is a noticeable issue with any particular provider, steps can then be taken to simply and reduce traffic across that link. Forward Error Correction (FEC) is an excellent tool that can help address problems if there are packet loss issues across both providers simultaneously.

FEC is like a form of RAID but used for network packets. As packets are sent out, parity packets are mixed into the data. These parity packets can be compared at their destination and help identify when and where lost data packet occurred. Any lost packets can be identified and resent which improves the overall quality of the connection. These techniques allow QOS to be applied to the most critical packets with FEC providing reliability so that all packets are delivered even across a WAN connection.

SD-WAN Pulls Ahead in Security

Even though MPLS is run on a shared network, security with MPLS is considered to be fairly high because of the way it uniquely labels each packet. In an MPLS solution, only the nodes that specifically look for certain tags can read the packets along the network. Conversely, the internet has no similar mechanism to secure data which opens up the possibility of breaches and security holes. As a general rule, Internet traffic must be secured with protocols such as IPSec and network gateways must be protected with firewalls.

Recent news has uncovered several stories related to MPLS that have been publicized with the recent discovery of providers sharing data with the government. This brings up the question of how secure your data really is, as certain entities will always have access to it regardless of how well you protect it with MPLS. MPLS data is typically not encrypted and would require additional steps from the user if they want that bit of extra security.

SD-WAN is an easy solution to secure data sent across the internet through the use of VPNs. Since recent stories show that the government has access to MPLS data from providers, it makes VPN use almost obligatory. MPLS does not have any additional security features, but VPN security should be sufficient for most applications.


Enterprise level site-to-site connectivity is where MPLS shines largely due to the simplicity of the technology. Those interested in opening a new office with MPLS simply need to call the provider and they're set. The provider handles everything from line delivery, configuring parameters, and more. This simple call allows IT teams to focus on other tasks, while MPLS providers handle all the work associated with network setup. The customer simply receives a secure and ready to use enterprise connection. Internet applications differ in that all configuration and deployment rests on the IT team. Depending on the application, internet setup can be a huge project on its own.

Internet configurations are slightly more complex, but SD-WAN helps simplify the process and can be much faster than MPLS. Most offices will already have an internet connection, if not, calling a provider for a new line isn't too difficult or time consuming. The IT team will now need to configure all network devices, but this process is faster with SD-WAN than compared to other options.

Returning to security, with SD-WAN the IT team can also specify the configuration exactly to meet their needs. This customization is beneficial where certain applications, that do not require a high level of security, can be more quickly setup. If the solution requires a high level of security, IT can focus on customizing that setup on a case by case basis. Whereas MPLS does not have any accommodations for security. SD-WAN implies security and existing VPN infrastructure can be used to communicate with remote sites or devices. This process can be automated or controlled manually depending on the network.

MPLS Limitations

MPLS is advantageous when it comes to packet loss, QOS, security, and connectivity, but not much else beyond that. The internet provides global availability and usually costs less in terms of bandwidth. Recent averages across the country show that Internet access costs around ten times less than MPLS. This difference increases for high speed connections and bandwidth requirements. Internet connections are also very quick to setup, while MPLS can take months before they're usable from the first phone call to being ready to use in the office.

Regardless of whether MPLS or SD-WAN is the best solution, always be sure to utilize asymmetric internet connections. This will simplify overall use and make QOS setup easier. Reliability can be boosted through the use of two separate lines from two different providers. If real-time protocols are required, be sure to account for that so your solution will be able to avoid or at least handle packet loss. Built in VPN encryption services are also beneficial. Combining the above factors will allow for a more simplified deployment and overall increase the likelihood of a successful project.

See also

Created by: admin, Last modification: Tue 28 of Mar, 2017 (23:53 UTC)
Please update this page with new information, just login and click on the "Edit" or "Discussion" tab. Get a free login here: Register Thanks! - Find us on Google+