Discover the differences between VPN and MPLS and which would be best for your business.
In no small part due to legislation such as GDPR, there is an increasing emphasis on keeping data secure at every stage. Whether it’s storage, processing or transmission, keeping information safe is imperative.
But this requirement can sometimes seem to be at odds with the modern trend towards more flexible working and the use of mobile devices, which means keeping data secure in transit to and from a range of devices and locations.
Once you start looking into this area you’ll find that there are two competing technologies; VPN and MPLS. But exactly what are these? What’s the difference between them? Which is the best choice for your business?
Virtual private networks
The virtual private network (VPN) has been around for a while. A VPN is basically a network within a network, or to be more precise a virtual network within a physical network. When implemented over the internet it’s generally known as VPN. Although VPNs can be created using various type of encryption, such as IPSec, SSL and TSL, IPSEC is the most widely used between network devices.
In practice, this means that any data travelling over a VPN is not visible to the physical network surrounding it. The VPN creates a tunnel within the network through which data travels in a strongly encrypted form. The underlying network sees the VPN as just another stream of traffic, without having any access to what’s inside it.
At a technical level, what’s going on is that the link layer protocols of the virtual network are being tunnelled through the transport network beneath. For the non-technical, it’s best to think of it as two pipes, one within the other, the outer pipe representing your internet connection and the inner one being the VPN connection.
There is an alternative to using a VPN which is growing in popularity and that is Multi-Protocol Label Switching (MPLS). So, what is MPLS and why it is so popular?
MPLS is a technology for carrying data between network nodes. It means that it’s possible to create direct virtual links between different nodes wherever they’re located. The technology also is able to encapsulate packets using a variety of different network protocols.
There are a number of advantages to MPLS. It’s very scalable and can, therefore, cope with almost any size of network. It’s also independent of protocol and data carrying mechanism, so it will work regardless as to the underlying network topology.
It works by assigning labels to data packets. The contents of the label then determine where the packet will be sent, without the underlying network ever having to know what the packet actually contains. In practice, this means that an MPLS user is able to create end-to-end circuits using any protocol and any type of network medium. The big advantage of this is that it eliminates dependence on any specific Data Link Layer technology such as Ethernet, frame relay, ATM, etc.
In practice, this means that an MPLS user is able to create end-to-end circuits using any protocol and any type of network medium.
In order to work, it does, however, need routing equipment that is capable of reading the packets and switching them accordingly. This is known as a ‘label switch router’. This can work over an ISP network but you need to ensure that your service provider has suitable equipment in place. MPLS is, therefore, more likely to be used over dedicated, leased line circuits where you can have control over the equipment used.
Advantages of VPN
Using VPN offers a number of advantages to network users looking for a secure connection. Firstly, it’s cheap. It uses a standard internet connection so there’s no need for special circuits or equipment. Also, you often won’t need any extra software; Windows, for example, has built-in VPN capability. This makes it an attractive option for businesses looking to control their telecoms costs.
It’s also a highly configurable option. Admins have full control of a VPN tunnel between locations; they can perform configuration changes while it’s active, allowing them to overcome any network issues or fix problems. Provided that they have full access to routers and firewalls, it’s possible to monitor the state of the connection and take any remedial action needed to keep it running smoothly.
Using VPN also makes it possible to have a backup via another internet circuit, should your primary connection fail. This makes it a good choice for mission-critical systems. The backup line can be configured to come in automatically after a pre-set time interval, so you can keep communications going while waiting for your ISP to fix a fault, allowing you to keep working.
SD-WAN has taken the VPN concept to a new level, giving users the ability to combine multiple WAN technologies to achieve a higher level of resiliency and efficiency. For example, you could have the business application routed across the Ethernet WAN and at the same time make use of the broadband backup for non-business traffic (social, streaming, etc). With a centralised orchestration approach, SD-WAN simplifies management and reporting. Service can be enhanced with additional features such as traffic optimization and security.
It is, of course, also possible to configure a VPN connection for users on the move. Whether working from home, travelling to different sites around the country or even travelling overseas, users can still connect securely to the company network.
The characteristics of a VPN are largely dependent on those of your routers and firewall. As new features roll out with the latest operating system and firmware updates, it’s possible to upgrade the network’s capability.
Advantages of MPLS
One of the biggest advantages is in the control it offers. This manifests itself in a number of different ways. Because MPLS works in conjunction with internet protocol (IP) and its routing techniques, it offers greater control over issues such as the quality of service (QoS).
In order for QoS to work properly, you need control of all the equipment and paths that your data packets run through. If you’re using VPN you lose control over this once the packets leave your network and you’re reliant on your ISP, and QoS data in your packets will usually be ignored.
The same applies to prioritising services. On your own network, you can give priority to different classes of traffic – VoIP for example – in order to maintain a quality service. On VPN you cannot do this, but with MPLS you can, regardless as to how far apart your locations are.
This makes for more reliable use of applications such as VoIP and video conferencing. An MPLS network will outperform VPN in these circumstances and offer dependable and consistent performance.
One of the reasons this works as it does is because MPLS comes with SLAs that the public internet cannot guarantee. Technically this is possible with traffic engineering techniques to determine where and how data is transmitted. IP networks find the shortest route for data between two points. MPLS users can define their own routing rules so that, for example, packets will look for the route offering the best quality rather than the shortest path.
MPLS also helps you to avoid bottlenecks and loss of speed. In a VPN setup, you’re relying on the internet which can have major variations in performance. Because of contention, for example, you may get lower speeds at times of peak demand and you generally won’t get any kind of performance guarantee. Similarly, your security on a VPN is down to the configuration of your equipment at either end; get it wrong and your data is potentially exposed to the web. An MPLS gets around these problems by giving you end-to-end control of all aspects of the connection.
With MPLS you will also at significantly less risk from distributed denial of service (DDoS) attacks. Using an Internet-based VPN, you are at the mercy of attacks that seek to disrupt or slow down the connection. At best these will create traffic bottlenecks. At worst they may bring down your connection completely.
Finally, MPLS has the advantage that it’s completely invisible to the end user. The connections are secure without them having to go through the extra step of connecting to a VPN.
If you need a high-quality wide area network offering the best possible performance, then MPLS is the way forward. It is, however, a relatively costly option as you are using dedicated connections between your sites.
If you want a cheaper option, or you need to provide secure connectivity for mobile workers, then a VPN is an attractive alternative. It can be improved by using technology such as fallback circuits to ensure continued connectivity between locations in the event of problems.