Current State of Wide Area Networking – MPLS VPN vs IP VPN

Over my 14+ years in telecom, we’ve seen a few shifts in wide area networking – private lines to frame relay, frame relay to MPLS, and now we’re seeing another shift from MPLS (Multiprotocol Label Switching) to IP VPN. Why do these shifts occur? Pricing, availability, and changes in technology. For instance – frame relay was a big jump from private lines for the industry because it meant that logical networking(think PVCs, CIR) through a large shared network instead of dedicating chunks of bandwidth to specific customers(private lines) would free up space for more potential customers. Due to this fact, telcos could provide a reduced cost for frame relay vs private lines.

Today’s MPLS to IP VPN shift isn’t as pervasive as previous ones because there is still a huge place in the market for MPLS. It still remains to the right choice for many organizations today based on some key characteristics. Which one is right for you? Let’s take a look at the criteria and help you decide –

1. Price – IP VPN gets a huge checkmark here. Let’s take the example of a customer who has a 10 site AT&T MPLS network in 10 states with bandwidth needs of 10M at each site and 50M at the host. 7 of those locations may be in urban areas and have access to metro Ethernet for a loop. The other 2 remotes may be more rural and have to bond 7 T1s together. I’ve seen 7xT1 MPLS pricing in fairly rural areas upwards of $3k to $5k/month. Companies HAVE to swallow those 2 expensive costs because they HAVE to connect back to Telco Carrier X’s MPLS network. There is no flexibility there. If that customer decided to move to an IP VPN using 2 or 3 internet providers throughout the network instead of 1, they could probably find smaller regional carriers who could provide that 10M for literally 1/5 the cost of that MPLS price.
2. QoS – MPLS gets the checkmark here. Most telco carriers allow somewhere between 4 and 6 queues to prioritize traffic on. At the point where a customer’s MPLS network gets congested due to lack of bandwidth, the applications that are more time sensitive(voice, video, maybe ERP) take priority over less time sensitive applications(email, web browsing, etc.). QoS can be implemented on an IP VPN, but the only data traffic that can be controlled is outgoing. You can’t control incoming data streams if you have an internet circuit. Also, the outgoing data that you can prioritize at a LAN level goes through the public internet which doesn’t honor QoS taggings (unlike MPLS)
3. Meshed Networking – MPLS gets the checkmark here. With an IP VPN, secure tunnels must be built to and from all the locations that need to send data traffic. This routing can get quite complex if your company has many locations that need to send data traffic to many other locations. MPLS is by nature fully meshed and the intricacies of setting up routing tables isn’t handled by the customer.
4. Flexibility – IP VPN gets another huge checkmark here. Unlike MPLS, multiple carriers can be utilized to create your IP VPN. Location 1 may have a Comcast metro Ethernet internet connection while location 2 may have an AT&T internet circuit and location 3 may have a 123.Net fixed wireless connection. Also, internet circuits are more functional since internet bandwidth can be used for web browsing, email, e-commerce and other applications in addition to being used for site to site data traffic. With MPLS, all 3 locations must have the same carrier and MPLS bandwidth is used only for site to site data traffic.
5. Security/Speed – Checkmark for MPLS. MPLS connections are completely secure and firewalls don’t need to be deployed and managed. IP VPNs use public internet service that are susceptible to hacking and other malicious threats. From a speed standpoint, a 10M of MPLS will be a bit faster than a 10M of internet as it relates to data traffic between 2 sites for 2 reasons. First, the encryption needed to send data packets through an IP VPN takes space on a data packet that could otherwise be devoted to more data. MPLS traffic doesn’t need to be encrypted and therefore dedicates the entire packet payload to your data. Second, data sent on an MPLS network will typically take less network hops to its destination because traffic is more controlled by the carrier and stays on their network the entire time.
6. Ease of management – Checkmark for MPLS. QoS is easier to manage and is available end to end. Firewalls aren’t required for security, and dealing with 1 carrier for network issues vs a multitude of internet carriers that comprise one big IP VPN can be challenging.

In summary, we feel that IP VPN is more cost effective and more flexible, but MPLS gives a more consistent experience and is easier to manage. Another approach is to go with a combined approach that allows both internet and MPLS on the same circuit. Some of the benefits from both approaches can be had. Note: – we don’t discuss VPLS or Metro Ethernet at length here for the sake of brevity. These services may also be solutions to evaluate depending on your criteria.

This entry was posted in Blog. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *