While the Internet offers a relatively inexpensive way to connect your various business locations and foster communications with employees, partners and even customers, it is also inherently insecure. For that reason, companies have for years been using virtual private networks (VPNs) to essentially carve a secure tunnel through the Internet.
While VPNs based on IPSec dominated the landscape early on, today customers have a choice between VPNs based on IPSec or MPLS. This post will try to shed light on why, for many business use cases, the MPLS version is a better option.
Public vs. private network
For starters, IPSec VPNs run across the public Internet. Traffic needs to be encrypted at each end of the connection, typically either on routers, a VPN appliance or a device that performs multiple security functions, such as firewall and VPN. One reason the appliances were developed is that encryption takes a performance toll on routers, one that must be considered when configuring the network.
MPLS VPNs, on the other hand, run across a single carrier's private MPLS network, not the public Internet. That gives it an added dose of security right out of the gate. Carriers will also separate each customer's traffic from all others, effectively giving each a private network. What's more, carriers can apply quality of service (QoS) policies to each traffic flow, so customers can prioritize some types of traffic over others to ensure good performance for the applications that need it most, such as voice and video.
MPLS VPNs also provide for fully meshed network connectivity. From a single connection to a carrier, each site in effect gets a direct connection to every other site without going through the public Internet. This is a boon for any company that has multiple locations that need secure communications with each other.
IPSec VPNs, by contrast, connect one site to one other. If you've got a series of branch offices or perhaps retail connections that only need to connect to headquarters or a central data center, and not to each other, that may work fine. But in situations where the remote locations do need secure connections to one another, an MPLS VPN will be the way to go.
Ease of management
IPSec VPNs can also be a chore to manage, especially in larger installations with numerous sites. The way encryption works on IPSec VPN tunnels is through a series of keys that essentially lock and unlock the tunnel at each end. In a configuration with lots of individual tunnels, distributing and managing the keys can become a complex issue.
No such key management is required with MPLS VPNs because all the encryption is handled by the carrier, within its own network. All the customer needs is a single connection to the carrier from a plain vanilla router.
Sign up for CIO Asia eNewsletters.