WANs are becoming more and more complex. Trends like the mobile workforce and BYOD (bring your own device) coupled with the ubiquity of cloud services have changed WAN topology significantly in the 2010s. Multiprotocol Label Switching, or MPLS, which was the cornerstone of the WAN in the past, has become a bit too inflexible and expensive to keep up. As a result, enterprises have been searching for an alternative to MPLS for some time.
Two of the front runners in the race to replace MPLS have been Internet-based VPNs (Virtual Private Networks) and SD-WAN. Both approaches offer some cost savings when compared to MPLS, but have important differences when compared to one another. VPN has proven useful in some small-scale deployments and for one-off connections, but has also shown itself to be difficult to scale and complex to manage. SD-WAN can simplify management and increase flexibility, but it is important to select the right type of SD-WAN for your use case to avoid “gotchas” that limit the benefits of SD-WAN adoption.
Here, we’ll explore the pros and cons of Internet-based VPN, compare it to SD-WAN, and provide some tips on identifying the right SD-WAN solution from the available options.
Internet-based VPN: Pros and Cons
The upside of Internet-based VPN when compared to MPLS is simple: VPN allows you to use cheaper public Internet bandwidth to securely connect remote WAN locations. This has led to Internet-based VPN finding a bit of a niche enabling small-scale site-to-site connections. When only one or two sites, or a few remote workers need to connect to a main office, VPN can make financial sense.
However, Internet-based VPN is not without its downsides. First, performance is often noticeably worse than MPLS services. This can impact latency sensitive services like VoIP (Voice over IP) calls. Similarly, since these VPNs depend on the public Internet, reliability is a challenge. There are generally no SLAs with the public Internet.
However, where VPN may struggle the most is scalability. Configuring VPN connections is complex and can lead to appliance sprawl. Each site that requires an appliance must have that appliance sourced, provisioned, and maintained. Doing so across a large WAN can become difficult to manage and lead to oversights in configuration (which can become a security concern). Further, VPN appliances themselves have limited amounts of capacity, meaning that they can create bottlenecks when traffic increases.
Approaches to SD-WAN
With Internet-based VPN we have a solution that offers enterprises an MPLS replacement that is more affordable, but comes with scalability, performance, and reliability challenges. With SD-WAN, we have 2 more alternatives:
- Appliance-based SD-WAN is SD-WAN deployed using on-prem appliances. This type of SD-WAN provided the network overlay functionality that SD-WAN technology has become known for. This type of SD-WAN enables cost savings by allowing for different transport methods (5G, cable, DIA, etc) to be used and can offer more flexibility and agility than legacy WAN technologies like VPN or MPLS.
- Cloud–based SD-WAN provides the overlay functionality you’d expect from SD-WAN while also providing a private backbone that is backed by an enterprise-grade SLA and includes built-in security and WAN optimization features.
While both appliance-based and cloud-based solutions offer advantages, it’s clear that cloud-based SD-WAN is a more holistic solution. Premium cloud-based providers not only provide a 99.999% uptime SLA, but they also offer security features in the underlying network infrastructure. For example, as opposed to buying separate IPS (Intrusion Protection System) appliances, you get IPS baked into the WAN infrastructure. Further, support for mobile users is made simple with easy to use mobile clients and performance with many cloud services is optimized thanks to a shared datacenter footprint between cloud-based SD-WAN service providers and cloud services giants like Azure and AWS.
Cloud-based SD-WAN connects modern WANs reliably, affordably, and at scale
Of course, there isn’t a single all-encompassing all answer to the SD-WAN vs VPN question. If you need to do a single connection between two physical locations, VPN may be the simplest way to do so. However, if you need a scalable, reliable, or global solution, cloud-based SD-WAN is likely a better fit for you.
The downsides of Internet-based VPN limit its usefulness at scale. Depending on appliances that require significant maintenance and complex configurations can create bottlenecks. Further, dependence upon the public-Internet inherently leads to challenges with reliability and performance. SD-WAN in general provides enterprises with benefits in the form of agility and affordability, but it is cloud-based SD-WAN that is truly a game changer. With the cloud-native approach to SD-WAN, enterprises now have a reliable, high-performance, and affordable MPLS replacement that can scale globally. As a result, many enterprises are choosing cloud-based SD-WAN for their WANs today, and we can expect that trend to continue for some time.