Case Study: Transitioning from MPLS to SD-WAN

Technical Case Study: Transitioning from MPLS with VPNs to SD-WAN
for a Global Retail Enterprise

Overview

A global retail enterprise with over 10,000 employees and 200 sites across multiple continents relied on an MPLS (Multiprotocol Label Switching) network integrated with IPSec VPNs for secure site-to-site connectivity. As the company grew, it faced challenges related to cost, scalability, cloud integration, and consistent performance. These challenges prompted the company to transition to a more modern, flexible, and scalable SD-WAN (Software-Defined Wide Area Networking) solution.

Background

• Industry: Retail
• Number of Employees: 10,000+
• Number of Sites: 200+
• Geographical Coverage: North America, Europe, Asia, and Australia
• Current Solution: MPLS with IPSec VPNs for secure connectivity between sites
• Challenges: High costs, limited scalability, poor cloud integration, inconsistent global performance

Technical Challenges with MPLS and VPNs

The enterprise faced several technical issues with its MPLS and VPN setup:

1. High Operational Costs: The combination of MPLS circuits and IPSec VPN tunnels was expensive to maintain, especially as the number of sites grew.
2. Limited Scalability: Adding new sites required provisioning new MPLS circuits and configuring IPSec VPNs, a time-consuming and costly process.
3. Cloud Integration Issues: The MPLS network was not optimized for cloud traffic, and routing cloud-bound traffic through centralized VPN hubs added latency.
4. Inconsistent Performance: The performance of the MPLS and VPN setup varied across regions, with some sites experiencing higher latency and lower throughput, particularly in remote areas.

Goals of the Transition

• Reduce Operational Costs: Lower the expenses associated with maintaining MPLS circuits and IPSec VPNs while improving network performance.
• Improve Scalability: Implement a solution that allows for rapid, cost-effective expansion to new sites without the need for extensive configuration.
• Enhance Cloud Integration: Provide direct, secure access to cloud services without the need to backhaul traffic through centralized VPN hubs.
• Ensure Consistent Global Performance: Deliver consistent, high-performance connectivity across all sites, regardless of geographic location.

The Transition to SD-WAN

The company opted to transition from its MPLS and VPN setup to a fully integrated SD-WAN solution, driven by the need for enhanced flexibility, reduced costs, and improved network performance.

Key Technical Steps in the Transition:

1. Assessment and Planning:

   • Network Assessment: A detailed analysis of the MPLS network, IPSec VPN configuration, traffic patterns, and application usage was conducted. The assessment identified key performance bottlenecks and security requirements.
   • Vendor Selection: The company selected an SD-WAN vendor with robust security features, including built-in IPSec VPN support, seamless cloud integration, and global reach.

2. Design and Architecture:

   • Custom SD-WAN Design: The SD-WAN architecture was designed to replace MPLS circuits and IPSec VPNs with direct internet access and encrypted tunnels managed by the SD-WAN solution. This design provided flexibility in routing, optimized paths to cloud services, and simplified management.
   • Hybrid Deployment: During the transition, a hybrid deployment was used. Critical sites continued using MPLS with SD-WAN as an overlay, while other sites moved directly to SD-WAN. This approach ensured minimal disruption.

3. Implementation:

   • Pilot Testing: Pilot deployments were carried out at select sites to evaluate the performance of the SD-WAN solution, particularly its ability to maintain secure, high-performance connections without the MPLS backbone.
   • Full Deployment: Following successful pilot tests, the SD-WAN solution was rolled out across all sites. MPLS circuits were decommissioned in phases, and IPSec VPNs were replaced with SD-WAN’s integrated security features.

4. Security Integration:

   • Built-in Security: The SD-WAN solution’s integrated security features, including IPSec encryption, firewall capabilities, and intrusion prevention, were configured to match the security posture of the previous MPLS and VPN setup.
   • Direct Cloud Access: The new architecture allowed for direct, secure access to cloud services from each site, bypassing the need to route traffic through centralized VPN hubs, thus reducing latency and improving performance.

5. Optimization and Monitoring:

   • Continuous Monitoring: The SD-WAN network was continuously monitored using real-time analytics to track performance, security events, and traffic patterns. The monitoring system provided insights that helped optimize the network over time.
   • Ongoing Optimization: The SD-WAN configuration was periodically reviewed and adjusted to ensure that it continued to meet the evolving needs of the business, particularly as new sites were added.

Results and Benefits

• Cost Reduction: The transition to SD-WAN resulted in a 50% reduction in network-related costs by eliminating MPLS circuits and reducing the complexity of managing multiple IPSec VPNs.
• Improved Scalability: New sites could be brought online in a matter of hours, not weeks, significantly speeding up the company’s global expansion efforts.
• Enhanced Cloud Performance: By enabling direct cloud access at each site, the company reduced latency by 30% on average, improving the performance of critical cloud-based applications.
• Consistent Global Performance: The company achieved consistent, high-performance connectivity across all sites, with the SD-WAN solution dynamically routing traffic based on real-time conditions to ensure the best possible user experience.

Conclusion

The transition from MPLS with IPSec VPNs to a fully integrated SD-WAN solution enabled the global retail enterprise to overcome the limitations of its legacy network infrastructure. By adopting SD-WAN, the company not only reduced costs but also gained the flexibility, scalability, and security needed to support its continued growth and digital transformation initiatives. The new SD-WAN architecture positioned the company to quickly adapt to future technological advancements and market demands, ensuring long-term success.