SD-WAN, an innovation that disrupted MPLS providers and forced them to adopt new connection to technologies. The early pioneers of SD-WAN VeloCloud, Versa and SilverPeak envisioned a technology that would one day revolutionize communications architecture and create a cheaper connectivity option. MPLS (multi-protocol label switching) was once the go-to connectivity technology to maximize SLA’s and availability, however, as bandwidth has become cheaper, it really makes little sense to have MPLS any longer. Companies are waking up to that reality everyday. I have a few clients that are spending thousands of dollars a month just for one location, those companies have long realized that MPLS is not worth the value any more, especially since they can increase security and create their own SLA’s with multiple cheap bandwidth connectivity. Yes, you can have, for instance, a 300 Mbps connection and a 100 Mbps backup or load-balanced connection with the same security that MPLS offers, but at a fraction of the cost. But that is just one aspect to SD-WAN, other benefits include path parity, rule-based routing, layer 4-7 firewall and so many more features. Can you get all these features with MPLS, no. Imagine having 2 MPLS connections per site, ouch, I would hate to approve that monthly bill.
Connectivity today is more important than ever and I do not mean for streaming music. SaaS applications are more robust than ever before and advancing every month, meaning more companies are choosing SaaS and cloud services. With those additional cloud resources means companies need more bandwidth, much more bandwidth than MPLS can offer per megabit. That is where SD-WAN is beneficial, cloud providers such as Azure and AWS have SD-WAN appliances you can deploy in your instance. SaaS providers such as Salesforce have SilverPeak and VeloCloud SD-WAN appliances at its edge. Meaning if your organization has SilverPeak or VeloCloud appliances at each site, the connection to SalesForce will be optimized for efficiency and security. Some cloud VoIP providers are now putting appliances at their edge, thus giving companies flexibility and the option to terminate MPLS. The key to SD-WAN connectivity is having an appliance at each of your sites. This is for all those CFO’s that spend all day crunching numbers, your sites that have MPLS, for example, Headquarters (VA), Manufacturing (AL), Call Center (TX) and Sales (OK), need more bandwidth for replication, SaaS applications and phone quality. Let’s assume each site has two (2) 50 Mbps MPLS connections, each. Since you cannot bond and load-balance MPLS connections through a router, we have to separate the two connections. Total cost: $30,000 dollars monthly! (very conservative value). This calculation was made using $300 per megabit, which the average cost per MPLS megabit is $300-$600 dollars. With SD-WAN that same bandwidth can be increased 100% for a total of 100 Mbps connection per site, costing a mere $2,800 dollars monthly, well below the cost of MPLS. Let’s go a step further and create disparate connections to service providers, totaling 200 Mbps at each site for a grand total of $5,600 dollars monthly. The calculation for synchronous Internet access was based on $3.00-$7.00 per megabit. You have just saved a ton of money, created your own dependable SLA, increased/introduced security and optimized your SaaS productivity, in lamens terms, you have begun increasing your companies bottom line. Notice in the calculation above, I gave MPLS pricing more benefit by using the lowest average cost and used the highest average cost for synchronous Internet connection, just to highlight the significant costs associated with MPLS while using the lower cost model.
When I managed the IT department for a global company, I was actively trying to find ways to reduce our MPLS bill and become less reliant on MPLS. At the time, we needed MPLS for cloud-hosted VoIP, compliance and maximum up-time. At our headquarters in New York, I engineered a connectivity plan where all VoIP traffic and company-premise resources communicated via MPLS; web traffic, SaaS and Cloud infrastructure traffic went over IPsec. It worked, however, it took a lot of configuring to build the routes, rules and interfaces in a Cisco 2811 router. After we proved the solution at our headquarters, we began rolling it out to other sites. I refer to this as a hybrid-SD-WAN due to the fact we still had to rely on MPLS -we were able to cut our MPLS bandwidth during the next contract negotiation- and central management of routing endpoints did not exist.
I have only touched the surface of what SD-WAN is capable of. For instance, path conditioning is the ability of two (WAN0 and WAN1) of the same packets egressing with a “checksum” value, the destination SD-WAN appliance checks to ensure the packet is in sequential order (WAN0), if not, it will pull the packet from the other egressed packet (WAN1) that was generated at the source SD-WAN appliance.
- Increase or maintain a stable up-time for mission critical application located on-premise.
- Create secure connections -FYI: MPLS is not secure, it does not use encryption. The assumption is, the MPLS core is secure, however, MPLS VPN does use encryption, the same encryption algorithm as SD-WAN.
- Lower your CAPEX and OPEX by as much as 90% (above, we lowered it 93% to aggregate connections; with additional bandwidth, we were able to still save 82%)
- Full visibility and control of your WAN.
- Ability to fully provision a WAN circuit in less 30 minutes (MPLS takes 60-90 days)*
- Architect traffic for trusted sites (Office 365 and Salesforce) to go directly to the Internet instead of traversing through the Company WAN path.
- Create templates for zero-touch configurations and reduce time to value.
- Dynamically optimize application delivery.
- Future-proof your connectivity options.
Above, I stated you can provision your own WAN circuit in 30 minutes. You may be asking, how is this possible! Almost all SD-WAN appliances support a USB modem or have an integrated SIM card module. You can use this method until your primary circuit is provisioned from your ISP. If you are worried about exceeding your cell carriers data limits. You can easily create rules for your 4G interface to restrict content (streaming) or websites (Facebook).
Software defined technologies are inherently designed with the highest resiliency, so is SD-WAN, many products on the market offer two ways of managing your edge appliances. You can either deploy and configure an on-premise controller or utilize the SD-WAN manufacturers cloud management platform. I always emphasize the latter, because why manage another virtual appliance and maintain your own upgrades. Now, there are some use-cases where clients have to maintain an ultra-high security posture, in that case the management plane and data plane would reside in the data center on an appliance. But if your company is not tied to the CIA, NSA or DoD, you will not compromise security if you put your management plane in the cloud.
If you are looking for a way to adopt SD-WAN, but still have MPLS, you can adopt it and have a smooth transition away from MPLS. Today, MPLS uses ethernet hand-offs, you can purchase an SD-WAN appliance have WAN0 as the MPLS uplink and a cheap, but reliable business-class synchronous ISP connection for WAN1. Your SD-WAN appliance would essentially become your CPE (customer premises equipment) and will handle routing for both the MPLS and ISP connection. Once your contract is up and you are ready to terminate MPLS, just reconfigure WAN0 for the “primary” ISP static IP address via WAN1. Pretty simple, huh. Alternatively, if you have a CSU/DSU card (true T1) then you will need to have your MPLS router and SD-WAN appliance separate. If you are hesitant in doing such a critical transition, please do not hesitate to contact us.
Jonathan and his family own Premier Broadband & Consulting, LLC. a managed services company specializing in servers, storage, networking, cybersecurity, and services. He has been designing and securing networks for almost two decades. Holds a VCP-NV and VeloCloud and SilverPeak certifications, along with being a Dell Certified Network Professional. He designed ultra-secure and highly-reliable network environment for the DoD and other components. Is always actively looking to help clients reduce their operating and capital on ISP expenditures.
Comments are closed