

Advantages of MPLS VPN Network over Point to Point Leased Lines for WAN Connectivity

Rajesh K May 2, 2010Bandwidth

In this article, we discuss about two important forms of Wide Area Network Connectivity – MPLS VPN
Network and Point to Point Leased Lines. We also see how or why MPLS VPN networks have
started to gain more popularity for private wide area network connectivity for medium and large
organizations having multiple branches.

When you have multiple branches across a state or a country, you would definitely be wanting to
connect all these branches together to facilitate data transfer/ access between them in order to
accelerate the speed of business transactions. There are various options to be considered for
creating such Wide Area Networks (WAN) like,

Point to Point Leased Lines

MPLS VPN Network Connectivity
Internet Leased Lines with Site-to-Site VPN (Virtual Private Network)
Broadband / VPN over Broadband
Dial-up/ CDMA/ 3G Connectivity /4G Connectivity for small branches
Satellite (VSAT) Connectivity for remote locations

Of these, let us focus on the first two modes of connectivity in this article – Point to Point Leased
Lines and MPLS VPN Network connections.
 Point to Point Leased Lines for WAN Connectivity – Architecture

Multi-Label-Protocol-Switching (MPLS) Network Architecture

As shown in the first diagram, a point to point Leased Line is formed by connecting every site to every
other site using leased lines provided by the service provider network (Or in very large organizations,
their own network). This is a private network and is used primarily for site-to-site communications. So
for an organization having branches in five locations, four links need to connect each location to all
other locations to complete the leased line network. For ‘n’ locations, the number of links required in
each location would be ‘n-1’.
An MPLS Network is formed by connecting each location with a single link (as shown in the second
diagram) to a service provider MPLS network. An MPLS network stands for Multi-Protocol Label
Switching and any packet coming to the Label edge routers (from individual locations – source, to the
service provider MPLS network) are encapsulated with an MPLS label which is used to identify it and
route it through the MPLS network. This label is discarded when the packet comes out of the MPLS
network back to individual locations – destination.

In both the above cases, a wide variety of physical hardware is used to carry the information including
fiber, copper circuits, wireless connectivity, satellite connectivity etc. The MPLS core service provider
network also use high-capacity MPLS routers in addition to the MPLS edge routers which send and
receive data from the routers located in the individual locations.

Let us now look at the Factors which have enabled MPLS VPN Networks to become more favorable for
organizations that want to inter-connect their various branches when compared to Point to Point
Leased Lines.

Traffic Engineering: Since the MPLS packets are being added at the MPLS Edge routers, it is possible
to set the path that the traffic will have to take through the network. More specifically, each class of
traffic (like data, voice, video etc) can be set individual performance characteristics.

Quality of Service: Since MPLS network enables traffic engineering, it is possible to send (for example)
– data traffic over a lower priority path and real-time delay sensitive voice/ video packets over a high
priority/ lesser used/ shorter path. This enables network convergence (The Wide Area Network
becomes more suitable for introduction of new services like voice, video, multi-cast traffic, hosting
etc).

Network Redundancy: An MPLS core network is generally designed and built to overcome individual
hardware (router) faults or line disconnection. In such cases, the data is re-routed through the next
optimum path with a fail-over time of 50 ms or lesser. Even the last mile connections can be backed
up using CDMA wireless back up etc, depending upon the options with the service provider.
Easy and Cost effective Expansion: For organizations that are having a lot of branches or expanding
with new branches, MPLS network would be very cost-effective as each branch needs one MPLS link
while each branch would need n-1 links for point to point Leased Lines (n being the total number of
branches). MPLS makes it easy for instantaneous addition and deletion of sites.

Protocol Independent forwarding: MPLS networks can carry any type of packets – be it IP, frame
relay or ATM using the same infrastructure. This is because, what ever type of packets comes in, MPLS
labels would be attached to it for transmitting them over the MPLS network and these labels are
protocol independent.

Connection oriented network: MPLS is a connection-oriented network unlike connection less

networks like IP. So, it is more reliable.

Service Level Agreement (SLA): Service Providers generally provide an SLA – Service Level Agreement
for MPLS networks with a guarantee of very minimum downtime during the contract period (usually
one year or its multiples). This is possible because an MPLS network can be pro-actively monitored
and maintained. It is possible to analyze the circuit performance continuously and provide immediate
fault rectification and support.

Bandwidth Allocation: MPLS networks allow for dynamic bandwidth allocation and hence can be
used to provide bandwidth on demand (for a specific period etc) to customers. Further, rate limiting
and other bandwidth management parameters allow a certain bandwidth to be dedicated for mission
critical applications.

Security: Service providers take full responsibility for the security of information that is sent over an
MPLS network. Service providers also create IP tunnels throughout the network without the need for
any encryption from user-end.

International MPLS: There are options with service providers to connect individual locations across
different countries using MPLS by sharing and inter-connecting their respective MPLS networks.
Lesser Hops: With an MPLS network, there are lesser number of hops between the various network
points resulting in improved response times and application performance.

IP VPN over Internet vs MPLS, there’s a price for everything in this world, and Internet based IP VPNs are no exception.
While IP VPNs over Internet are a cheaper alternative to any MPLS network, it doesn’t necessarily mean they’re for everyone, as
customer requirements always vary. In this posting, I will explain both the Internet IP VPN advantages and disadvantages.
Let’s take a look at a few IP VPN over Internet advantages over most MPLS circuits:

Cheaper rates.

Internet service providers provide a simple NxT1, Ethernet or Cable connection to the Internet, using the highest possible speed

with. The price for internet connectivity is considerably cheaper than almost any WAN MPLS service, making it extremely

attractive for companies seeking to cut telecom costs.

Fully configurable.

WAN engineers have total control over the VPN tunnel created between sites. They are able to perform on-the-fly configuration

changes to compensate for any network problems or help rectify any problem that might arise. With full access to the VPN,

terminating equipment like routers and firewalls, engineers have the ability to see the condition of the internet circuit and take any

action(s) deemed necessary…provided they have the staff resources and skills.

VPN backup included.

For mission-critical sites, backup via another internet circuit is possible if your primary connection fails. Time response for the

backup line to come online is configurable by the network engineer, and there is no need to wait for the ISP to fix a line so your

company can continue working.

Two-in-one.

When configuring the site-to-site VPN, engineers can also configure remote VPN access for users traveling around the country or

world, a feature most companies would have to pay additional money for to receive from their service providers.

Upgradable features.

Perhaps one of the strongest advantages is the fact that your site-to-site VPN characteristics are strictly dependant on those that

your VPN routers/firewall support. This means that as new features are introduced with the newer router operating systems (i.e.,

Cisco IOS), they will be available to your engineers to implement. For example, QoS pre-classification was a feature Cisco

introduced in its IOS that fixed a number of QoS features for different services running over VPN tunnels. Dynamic Multiple VPN
(DMVPN) was another great feature allowing scalable IPsec VPN tunnels between multiple sites. DMVPN allows every endpoint

to dynamically build a VPN tunnel with any of its other peers, providing a low-cost mesh VPN solution.
If the brief list of the above of Internet IP VPN advantages seems overwhelming , you have read a few of its disadvantages.
Here is a list of a few disadvantages of Internet IP VPNs over almost all WAN MPLS circuits:

Limited QoS.

In order to have a fully functional QoS model, you need to have control of all equipment and paths that your VPN packets run

through. In the IP VPN over Internet model, QoS is effective in each site’s LAN, up until the LAN interface of the routers. From

there on, packets enter the ISP’s network, and your ISP will clearly state that there is no QoS for such connections. Everything is

based on a “best effort” delivery mechanism and you can’t argue about that. Any QoS parameters inserted in your WAN packets are,

in most cases, ignored by the ISP. Using an SD-WAN with multiple internet connects can bring performance almost identical to

MPLS, except to China.

No Class of Service Prioritization.

It’s the internet, sorry. Though some technologies that utilize multiple internet access circuits at each location can compensate for

this surprisingly well.

Higher Packet Loss and Latency.

If you use interactive applications, video, voice domestically or are connecting to locations more than 3,000 miles away, the MPLS

network will outperform the IP VPN over Internet hands down. That is, unless you have multiple internet circuits using the right

technology, like SD-WAN.

Undependable voice and video. If you use voice or video over your network, the MPLS network will outperform the IP VPN,

hands down with dependable and consistent performance. Again, this is not the case with SD-WAN and Voice, as it used to be.

Possible bottlenecks and low speeds. In an Internet IP VPN scenario, your company connects to the Internet, which has quite a

variation of performance. If there is heavy traffic on the Internet, chances are you might experience lower speeds during peak-hour

times. Again, there is no guarantee of the performance.

VPN and router/firewall security. You are exposed directly to the Internet. This means that the security of your VPN and

terminating equipment (routers and/or firewalls) are your responsibility. If your engineers do not take the necessary measures to

secure the equipment correctly, this can lead to the exposure of your company to the Internet. This is not a topic to be taken lightly,

as the damage can be devastating. It is extremely important to understand the risk involved and to have the required technical

expertise to ensure the job is performed correctly. Under ideal circumstances, where the equipment is correctly configured, there is

no need to worry—you’re safe.

 Denial of service attacks. With a direct Internet connection, you are exposed to any denial of service (DoS) attack. All attempts

can be successfully repelled; however, keep in mind that the traffic will have to reach your router/firewall first. This means that the

heaviest damage that can be produced by a DoS attack—for a correctly configured endpoint—is to create a bottleneck on your

connection and greatly reduce speeds for the duration of the attack.

Management of many different ISP bills. SD-WAN-Experts has carrier aggregaters that will manage and single-bill all your

internet circuits worldwide.

If you want a rock-solid WAN with almost no packet loss and the lowest possible latency and quality, consider an MPLS
network. If your budget does not permit the cost of an MPLS network, speak to SD-WAN-Experts to learn about how we can
utilize multiple Internet access circuits to provide the quality of service and redundancy that you would expect from an MPLS
network, at a much lower cost.
Some other related reading:

 Hybrid networks using IP-Sec VPN and MPLS

 IP-Sec VPN local loop access to MPLS networks

 WANs using IP-Sec VPN over Internet vs MPLS

 How Does SD-WAN Work?

 Enterprise WANs without MPLS.