The Difference between IPSEC, SDWAN and MPLS

06 Nov, 2018

As Wide Area Networking (WAN) technology has evolved, businesses now have a variety of options to choose from when considering how to integrate their business sites into a single network. Today, most businesses consider IP Security Protocol (IPSEC), Software Defined Wide Area Network (SDWAN) and Multiprotocol Label Switching (MPLS) as viable solutions for inter-site network connectivity. But how do you choose the networking technology that is right for your business?

Working out the difference between IPSEC, SDWAN and MPLS can be difficult if you don’t know what to look for. Below details that definition, advantages and disadvantages of each service. This can help determine the difference between services and work out the best option for your business. 

IPSEC

IPSEC runs encrypted tunnels over Internet connections with basic failover capabilities and load-sharing. This is configured on a per-device basis.

Advantages

  • ISP Agnostic
  • Very Cheap
  • Scalable in star topology (head office with many branch offices)
  • Basic ability to load-share across connections or failover from one connection to another
  • Fast activation of new connections

Disadvantages 

  • Scalability is difficult. Any-to-Any (full-mesh) configuration requires DMVPN, GetVPN or lots of manually configured tunnels (½(n-1)*n tunnels).
  • Variable performance: Only as good as the connection being used at the time.
  • High attack surface area, every IPSEC router is directly Internet connected.
  • QoS only at ingress & egress of the network.
  • Can be difficult to diagnose issues with multiple parties

In summary, IPSEC is cheap and cheerful for the user. However, it only works as good as the person managing it. This capability works well for centralized companies where price and flexibility are more important than reliability or security.

SDWAN

SDWAN runs through encrypted tunnels over internet connections with advanced traffic management, intelligent monitoring and centralized configuration.

Advantages

  • ISP Agnostic
  • Easy, scalable any-to-any (full mesh) configuration
  • Ability to intelligently bond connections. For example, an NBN and 4G service can be bonded together.
  • Fast activation of new connections

Disadvantages

  • Variable performance. Best case: as fast as all your connections totalled together and as reliable as your best connection. Worst case: as fast and reliable as your worst connection.
  • High attack surface area, every SDWAN router is directly Internet connected.
  • QoS only at ingress & egress of the network.
  • Can be extremely difficult to diagnose issues with multiple parties in use at one time.

Essentially SDWAN is IPSEC on steroids. This easily centralized management, intelligent network monitoring and load balancing can provide very high performance for comparatively low prices.

Paired with quality connections, SDWAN can provide strong performance when working well; but the intelligent, multipath networking can be extremely difficult to troubleshoot.

The accessibility/ease of SDWAN can be its own downfall. SDWAN hides the complexity of the underlying technologies, but cannot eliminate problems caused by them. Furthermore, while implementing SDWAN is relatively easy, it is susceptible to poor network design as a result of systems administrators working in the networking space, which is typically not a core competency of theirs.

Like IPSEC, SDWAN works well for centralized companies where price and flexibility are more important than reliability or security.

MPLS

MPLS is a service provider operating on a private network with dedicated connections, bandwidth and standard network routing capabilities.

Advantages

  • Easy, scalable any-to-any (full mesh) configuration
  • Guaranteed performance
  • Low attack surface area, generally only your corporate firewall is directly Internet connected.
  • QoS policies can guarantee priority at every step in the network.
  • Easy diagnosis of issues with one end-to-end provider
  • Basic load-sharing and failover capabilities
  • Can be certified to ISO or PCI-DSS Standards

Disadvantages

  • Locked in with one ISP
  • Typically more expensive than other technologies
  • Relatively slow activation of new connections

In summary, MPLS networks offer a higher level of security and reliability than their over-the-Internet counterparts. The highest levels of performance, reliability and security can be achieved by running SDWAN or IPSEC over MPLS Infrastructure. These advantages don’t come for free, and more often than not, MPLS will cost more than the other technologies, however, cost may be may be warranted if the network is critical to your business operations. 

Summary

The key questions to ask yourself are as follows:

  • How much do I depend on my network?
  • What would happen if my network was to go offline?
  • What applications am I using and how does the network affect their performance? Also, what is the impact on my business as a result of poor application performance?
  • What data am I storing within my network and what would happen if it was lost or stolen?

If you have basic requirements and need a cheap solution, IPSEC is for you. If you have some more advanced requirements and would like more visibility and control of your network, SDWAN will be a suitable option. However, if you need the best performance, reliability and security, MPLS networks offer the strongest capabilities in all three areas.