MPLS is a widely deployed, reliable, and secure technology for building a fixed-path VPN over an IP network between a set of branch offices and data centers. Modern networks, however, increasingly demand not only the agility to steer traffic to a variety of cloud-based and SaaS sites outside the traditional VPN, but also much quicker and more cost-effective deployment capability.
MPLS is a label switching technology that forwards packets at Layer 2—typically within a service provider network—without resorting to Layer 3 routing. As defined by IETF RFC 3031, MPLS adds a 4-byte label to an IP packet header upon ingress into the MPLS network; the label determines the fixed forwarding path of the traffic flow without requiring the intermediate hops to inspect the IP header’s addressing parameters; the MPLS network egress router again removes the label.
MPLS effectively builds “tunnels” across a routed IP network to efficiently forward packets that follow a fixed and predictable path. Label switching evolved from older point-to-point connection-oriented technologies such as Frame Relay and ATM. MPLS preserved the forwarding efficiency of the older L2 technologies (while carrying traffic over a L3 routed IP network), and enhanced network flexibility by building virtual “leased circuits” that can be reconfigured without requiring physical, L2, or layer routing table changes to the network.
Label-switched “tunnels” provide separation between different customers’ traffic on a service provider network—a method of forming VPNs. It is also used to build VRFs (Virtual Routing and Forwarding) within a single customer’s private network. The IP packet content following the MPLS label can optionally be encrypted end-to-end without impeding the capability, or efficiency, of forwarding the packet—offering secure (or encrypted) VPNs or VRFs.
To overcome the drawbacks of MPLS, customers resort to “over-the-top” broadband connections that can be provisioned instantaneously (cellular LTE) or cost-efficiently in a short period of time (wired broadband connections). Until recently these were considered “best-effort” connections and therefore not truly suitable for business-class traffic—used as a stop-gap method, or relegated to carrying only low-priority traffic.
Generic broadband connections are available in almost all geographies. They offer a more flexible range of bandwidth capacities and are far better priced than MPLS. With an SD-WAN’s transport-independent architecture, your broadband connections can provide carrier-class service equaling or surpassing the SLA and resiliency of MPLS.
NSX SD-WAN by VeloCloud provides bandwidth expansion as well as direct access to enterprise and cloud applications, and data. It also enables virtual services insertion in the cloud and on premises — while dramatically improving operational automation. NSX SD-WAN by VeloCloud includes a distributed network of gateways, a cloud-based orchestrator and a branch platform, NSX SD-WAN Edge.