Skip to main content

SASE

MPLS to Internet Connectivity: French Enterprises Making the Switch

In recent years, a growing number of enterprises have been making a significant shift in their networking infrastructure. They are moving away from MPLS (Multiprotocol Label Switching) connectivity and opting for internet connectivity instead as a transport network also called underlay and replace the MPLS function of connecting sites with a virtual network based on SD-WAN technology also referred to as overlay.

The primary driver of this change has been cost savings, as internet connectivity is notably more budget-friendly compared to the traditional MPLS services. However, as enterprises consider making this transition, there are several key considerations and consequences they need to bear in mind.

One of the most compelling reasons behind the transition from MPLS to internet connectivity is cost. MPLS has long been the go-to choice for enterprises due to its reliability and security features. However, these advantages come at a premium, often making it too costly for many businesses to implement extensively. Internet connectivity, on the other hand, provides a more affordable alternative, making it an attractive option for companies looking to reduce their networking expenses.

While cost is a significant motivator, it’s essential for enterprises to consider the trade-off between reliability and savings. MPLS is renowned for its reliability and predictability, as it provides dedicated, private connections that are not as susceptible to congestion or performance issues. In contrast, internet connectivity is a shared medium, which can lead to variability in performance and reliability.

Another crucial aspect to keep in mind is security. MPLS provides a more secure network due to its private nature..

The role of SD-WAN

Mitigating the caveat above is the role of the SD-WAN overlay.

Since Internet connectivity comes in all shapes and forms (and costs) one of the key advantages of SD-WAN is the ability to use the right kind and number of Internet access depending on budget and site criticality. For example, a highly critical side can use multiples SLA bound Internet links whilst a less critical site could only use one or two regular internet accesses.

Another key advantage is the ability to use the best performing link (Internet or MPLS) in real time for a given type of application. One link for example could be better for Office 365 traffic whilst the other one could be right for IaaS (Infrastructure-as-a-Service) connectivity. All this is done in real-time considering the availability of each link. The main advantage of this approach is to move away from “Active-Backup” setup where a link is almost never used and instead have an “Active-Active” setup.

In this configuration, the availability on the Internet links is crucial since they are now business critical assets. In other words, if the Internet connections does not work, a company won’t be able to do any business. This is where security features such as DDoS are very important.

In a world where more and more services are consumed from the cloud in the form of IaaS or SaaS, one could argue the usefulness of investing in an overlay network that aims to connect sites together. This view, even if possible in the very long term, has to be mitigated.

First and foremost, the SD-WAN that we take as a given today is not the SD-WAN that was available to us 5 years ago. For example, some features like On-Ramp access or Observability capabilities were not available back then. it will be exciting to see what will be the new features that will be part of SD-WAN 5 years from now.

Second, even if managing the Overlay is one critical role of the SD-WAN application, it is not the only one. For instance, even without Overlay the SD-WAN application can still be used to split traffic across several Internet links depending on their performance.

Lastly, for medium sites, the SD-WAN device is often used for network segregation, separating several VLANs or delivering local security features live firewall or IDS/IPS.

By utilising software-defined principles, SD-WAN provides organisations with increased flexibility, agility, and cost savings, making it a compelling alternative to traditional MPLS networks.

And with the increasing adoption of cloud services and multi-cloud environments, SD-WAN offers optimised connectivity to cloud platforms by dynamically routing traffic to the most suitable path, improving performance and minimising latency.

“Enterprises should also consider providers that embed sustainability into their services – for example through being able to transform existing MPLS devices into SD-WAN devices. This can help save a considerable amount of carbon emissions, given that most emissions occur during the manufacture and shipping of devices.”

Impact on Internet Security

With the SD-WAN transformation, one of the key benefits is that every site is now equipped with an Internet connection. This connectivity can be used in two ways:

  • As a Transport: in this case the Internet links are used to create the overlay network replacing the legacy MPLS
  • As a Destination: since there is local route to the Internet, there is no more need to back all the Internet traffic to a central hub, it can be sent to the destination directly.

 

This second use cases brings a key security challenge, since all the sites have now an Internet access, they need to have a string Internet Security posture. For a company with hundreds or thousands of sites, deploying a security device at each location would not be a financially sound option. This is way in the recent years the Security Service Edge (SSE) providers have seen such an increase in their activities.

Instead of applying security rules locally, all Internet-as-a-destination traffic is sent to the SSE (Security Service Edge) cloud where security rules such as Web Filtering, Threat Management, Firewall and more are enforced in the cloud. This approach has multiple benefits, the main one being that all sides are protected by a consistent security policy that can even be used by roaming users working from anywhere.

This combination of SD-WAN and SSE is what is called SASE (Secure Access Service Edge) also defined as the convergence network and security as a service capability.

Choosing the Right Provider

As businesses consider the transition to internet connectivity, it’s vital not to solely focus on cost. There are numerous internet service providers, each with their own strengths and weaknesses.

When talking about SASE, there are two main approaches:

  1. Single vendors: using one technology provider for both SD-WAN and SSE
  2. Best of breed: using one technology provider for SD-WAN and another one for SSE

 

The second approach has the benefit of being able to choose the right technology that address a specific need without the “rigidity” that comes with using a single technology. From there, it will be the provider responsible to present the customer with a unified SASE portal.

Choosing the right provider is a strategic decision that requires careful consideration. Enterprises should aim for a holistic approach and choose a provider that offers a “single pane of glass” solution. This means selecting a provider that offers a digital fabric spreading across a comprehensive set of services and features, rather than selecting the lowest-priced provider for each individual feature. This can simplify network and security management and reduce operational complexity, helping enterprises save both time and resources.

In addition, it’s important that enterprises ensure that their provider offers extensive coverage in the geographic areas where their business operates. A global or national provider with a robust network infrastructure can provide consistent and reliable connectivity across different regions.

Flexibility is Key for French Enterprises

While this shift is happening globally, French companies, in particular, have distinct characteristics in their approach to technological trends. French enterprises tend to be cautious adopters, preferring to closely observe the market to ensure that a technology brings value and cost efficiency before embracing it. This prudent approach can serve them well in assessing the benefits of moving from MPLS to internet connectivity.

French companies often emphasise flexibility and may desire the option of both MPLS and internet connectivity to meet their specific needs. By offering both MPLS and internet connectivity solutions, companies can have the best of both worlds and adapt their networking infrastructure according to their changing requirements as technology evolves.

For French companies, a cautious yet flexible approach is preferred, and Communications Technology (commtech) providers can help meet these unique needs by offering both SD-WAN and SSE services. For mid-sized companies, a managed or co-managed approach will give even more value by taking away the pain of managing the day-to-day activities whilst keeping control of rules and policies.

 

Find out more about our enterprise internet solutions here.

The post MPLS to Internet Connectivity: French Enterprises Making the Switch appeared first on Tata Communications New World.