Solved

What is MPLS and will it work for me?

Posted on 2010-08-18
17
544 Views
Last Modified: 2012-05-10
Our company has a satellite office that we use to connect to a Windows Terminal Server that belongs on our Domain.  We have less than 50 users on this particular network.  However, we typically only have 5 users logged on to the terminal server at any one time.  As of right now, we are connected via VPN using two Sonicwall NSA 3500 firewalls on a 5 Mbps T1 Bond.  The use of MPLS was suggested, but I have heard it is extremely expensive, and I am curious if the investment would be justifiable.  Furthermore, I am skeptical that MPLS would speed up RDP and Active Directory traffic.  We do not transfer large files between the network, nor do we have any unique services that would be flooding the VPN pipe.  

We are considering to setup SQL replication in order to have a backup server at the satellite office.  Would/should MPLS drastically affect the bandwidth between the two locations, or is MPLS more or less used on massive networks that have routers being pushed to maximum processing?

Again, our network has less than 50 users, and I hardly find this justifiable.

Many thanks in advance!
0
Comment
Question by:MrMintanet
  • 6
  • 5
  • 3
  • +2
17 Comments
 
LVL 33

Accepted Solution

by:
digitap earned 500 total points
ID: 33469079
MPLS is just another way of saying dedicated point-to-point.  Your traffic is the only traffic on the connection so there's no need to wrap the traffic in a VPN.  You would select an available interface at either end of the sonicwall, give them their own IP network over the MPLS and route traffic through the sonicwalls.  It's usually more reliable and consistent than other connections, but I'm guessing that your bonded T-1 soultion is fairly stable.  You can pick different synchronous speeds for MPLS, but that's just what the provider has to offer.  In the end, it's usually fairly expensive, but since you have a 5MB bonded T-1 solution, it's worth checking into because T-1 aren't cheap either.
0
 
LVL 8

Author Comment

by:MrMintanet
ID: 33469630
Would MPLS improve RDP traffic?  It seems like it would have little to no affect on it.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33469654
No.  It won't improve it.  Depending on what traffic exactly you have traversing your VPN, if you are having trouble with RDP traffic (or VoIP) then it might be time to use Bandwidth Management and create some guarantees for some of those more important types of traffic.  Otherwise, you're better off sticking with what you've got, unless MPLS gets you more bandwidth for equal or less money.
0
 
LVL 8

Author Comment

by:MrMintanet
ID: 33469735
We are using bandwidth management, actually.  I had forgotten to mention that.  We dedicate 80% guaranteed bandwidth for VPN traffic.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33469788
You can designate specific protocol if VPN traffic is too broad.  Sounds like you've got the right solution.  If that's still not cutting it, then increasing bandwidth is the next option.
0
 
LVL 6

Expert Comment

by:ChiefoftheChiss
ID: 33470331
Your MPLS provider can be asked if they can read tags on traffic to give it a higher QoS priority. We do this for VoIP traffic and it does help.

If you aren't saturating your bandwidth though this doesn't really matter.
0
 
LVL 6

Expert Comment

by:ChiefoftheChiss
ID: 33470361
Back to your question though MPLS isn't magic that makes things go faster, 1Mbps is still practically speaking 1Mbps. They might be able to squeeze some magic out of it but it will probably not revolutionize your life.
We went with it due to having 6 different sites with lots of users and the desire to use 1 provider.

You would be better off seeking out a local cable (or DSL) company and routing Internet only traffic over it and then configuring your routes to use separate gateways for each use. (or ditching those T1's completely and getting some of the serious bandwidth provided by DSL or cable these days, if management is addicted to T1's fine, keep em - you are probably on contract anyway. But if it's available in your area, consider switching to like a 100/20 or something.)
0
 
LVL 33

Expert Comment

by:digitap
ID: 33470380
DSL?  I'd have to disagree.  If you mean DSL with PPPoE authentication, that's bad mojo.  Cable would be the best way to go in regards to a business internet connection.  It is blazing speed compared to T-1 which is synchronous.  You can get faster upload speeds than T-1 and even high download speeds...however, I've never known cable to be as reliable as T-1 or MPLS.
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 8

Author Comment

by:MrMintanet
ID: 33475552
Our managed Cisco router works nicely with our bonded T1s.  I have no idea why DSL is being suggested.  Kind of a horrible idea, honestly.
0
 
LVL 15

Expert Comment

by:Nayyar HH (CCIE RS)
ID: 33486397
The performance benefits from deploying MPLS technology is mainly seen in the service providers core, not really by the users hanging of the SP MPLS core. Although you could argue there are.

The technology could benefit you if you have multiple remote sites and a central hosting location. In this scenario you'd have all sites connected to a SP MPLS core via a single/multiple VPNs, QoS can only be purchase from the SP in order to prioritize and guarantee bandwidth to certain applications. You can also purchase Internet access over your VPN from the SP, enabling all sites to share Internet Connectivity.

Media type is usually dependant on what the SP can present/support.

HTH
0
 
LVL 29

Expert Comment

by:pwindell
ID: 33487780
One thing that wasn't mentioned.
T1 is a speed designation,..not a line technology.  So a T1 can be done over more than one type of Line Technology as long as it is Synchonous (same speed both direction) and runs at 1.54mbps.
T1 also does not mean Internet.   You can buy a T1 connection to the Internet,...or,...you can buy a T1 that is a private dedicated Point-to-Point between two private locations, just like you get with MPLS.  In fact, an MPLS can be a T1 if the MPLS runs are 1.54mbps synchonously.   Two faculities I rebuilt last winter have the two sites connected via an MPLS cloud and also use the same MPLS cloud to get to the Internet (the MPLS provider has the Edge Firewall at the network edge). So it looks like this:
[site1]----<MPLS Cloud>----[site2]
                              |
                              |
             [MPLS Provider's Firewal]
                              |
                              |
                     <internet>
Site1 has a "T1" (1.54mpbs) to the Internet, but has only a half T1 to the SIte2
Site2 has a half T1 to anywhere because speed is limited to the slowest link in the path.
As far as teh QoS mention abut half way through the thread,...you don't want that to be set for "VPN".   That doesn't even really make sense.  The QoS needs to be happening inside the Tunnel,..not on the outside.  The QoS needs to favor the protocols that cannot recover from errors,...like VoIP and any UDP traffic.  Connection oriented traffic (anything TCP base) can recover  from errors and can survive at a slower speed as long as the slower speed doesn't cause it to take too long to be "usuable".
 
0
 
LVL 6

Expert Comment

by:ChiefoftheChiss
ID: 33487900
Hence why I put the DSL in ()'s and listed 2nd. I'm a huge fan of cable myself, but it's not everywhere. Also recommended both solutions as a backup pipe, even though I didn't say the words Load balancing or fail-over, but the bandwidth is cheap and still knocks the socks off  bonded T1s (whoo-hoo.. cough cough) or not.



-
May god keep the pppoe DSL from hurting all of us...
0
 
LVL 29

Expert Comment

by:pwindell
ID: 33488223
Other issues with DSL or Cable besides the asynchonous speed (slow upload side) is the undependable way that the Public IP Segment is handled.  The Providers of those go through all kinds of headstands and cartwheels to try to provide multiple Public IP#s,...and none of the methods work that well,..then if you toss in PPPoE on top of that you might as well shoot yourself in the head, and some Cable connections also use PPPoE.  In fact DSL and Cable connections are not that different technologically,...the main difference is just the bandwidth capacity of the physical cable and that is how the Cable companies win out on the speed.

So as far as I am concerned DSL and Cable are both Homer-User Line Technologies and should never be considered anything else regaurdless of what the Provider's Marketing Departments call their "services" when they get up every morning and ask themselves, "How can we fool 'em today?".

The other commercial/industrial Line Technologies provide the Public IP Segment in a regular natural way.  They terminate the Line with a real router.  The provider side of the router has one of the providers IP segments (usually a /30 mask) that you don't need to know of, or even care about,...on your side of the Router is your entire Public Subnet and what you do with it is completely up to your own disgression without doing anything special or needing anyone to do anything for you.
0
 
LVL 8

Author Comment

by:MrMintanet
ID: 33512147
Cable is also far from secure.  We are way off topic now.  Thanks for the help.  But, I'm afraid MPLS is still a mystery to me.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33512234
If you are just looking for a simple definition then here:

http://en.wikipedia.org/wiki/Multiprotocol_Label_Switching


However; practically, an MPLS connection would be as if you plugged a network cable into your switch and had a huge spool of network cable connected to a truck.  Then, drove that truck to the remote site however far away.  Then, plugged that other end of the cable into a switch at the remote end.  This would be a dedicated Point to Point connection.  Basically, you pay an ISP to "drive their truck" from one point to another.

A VPN connection is similar to this, but it's more of a piggyback system.  You are using the Internet to get from end to another utilizing a secure VPN as the vehicle.
0
 
LVL 8

Author Closing Comment

by:MrMintanet
ID: 33833716
Thanks!
0
 
LVL 33

Expert Comment

by:digitap
ID: 33891192
thx for the pts!
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now