Connect with us

Hi, what are you looking for?


Network Security

Extra Bandwidth for Low-Cost MPLS

The “Top Tech Trends” report from Gartner two years ago predicted that worldwide IP traffic would quadruple by 2015, with the number of people online reaching nearly 3 billion and data volumes increasing to 8 zettabytes. Every day we perceive how this groundswell of network usage is fueled by business digitalization, new media formats and the use of devices with new capabilities.

The “Top Tech Trends” report from Gartner two years ago predicted that worldwide IP traffic would quadruple by 2015, with the number of people online reaching nearly 3 billion and data volumes increasing to 8 zettabytes. Every day we perceive how this groundswell of network usage is fueled by business digitalization, new media formats and the use of devices with new capabilities. As the calendar milestone approaches, disruptive technologies such as smart objects and cloud development also gather momentum and convince us that the numbers can only get bigger.

Not surprisingly, bandwidth resources and reliable connections have become a basic requirement for businesses dispersed across national or global networks. Ten years ago it was relatively simple to manage broadband connections and share data with branch sites, but the situation has changed radically. Dramatic escalation in bandwidth needs and evolving business processes oblige us to take a closer look at the wealth of technologies available to us. Our awareness of the shifting nature of the IT landscape has also grown, and we understand that our strategies have to be as forward-thinking as possible.

Network: Multiprotocol Label SwitchingWhen it comes to inter-connecting corporate sites, several connectivity methods can be combined and adapted to address varying business challenges. Nowadays, Multiprotocol Label Switching (MPLS) is the preferred routing protocol for high-capacity WANs because of the inherent advantage associated with the protocol: speed. However, the downside of incorporating MPLS is its cost, which is extremely high when compared to the alternative of broadband connections. Despite the financial load, when faced with a trade-off between high cost continuity and the uncertainty of utilizing broadband connections as the foundation of their Virtual Private Networks, decision-makers will not hesitate to opt outright for MPLS.

VPN functionality, a key element of firewall technology, has also developed in parallel with market changes. Vast volumes of traffic demand more reliability and larger tunnels for encrypted exchanges. Businesses use VPNs for extranet, intranet and site-to-site communication. In the past, the number of VPN tunnels managed by a firewall was limited; today, next generation firewalls are able to support a larger number of VPN tunnels with improved capabilities and ease of management for these secure connections.  

The network security and connectivity equation is further complicated by BYOD explosion, the elasticity of virtual datacenters and the increasing number of new applications used in business. The only constant in the puzzle remains the operational need for any business activity: fast, secure and continuous connectivity. Rethinking the combinations and roles of MPLS and broadband connections allows us to cope with the different challenges and save costs without sacrificing performance.

First of all, to lower operational costs, it can be wise to consider the ability to combine one or more broadband connections in support of MPLS using Mutli-Link technology. Incorporating the use of multiple broadband connections, increases your overall aggregated bandwidth and is more economical than adding further MPLS capacity. You can use flexible firewall intelligence to assign specific traffic to the most suitable link, keeping MPLS for critical traffic and off-loading less sensitive internet traffic to broadband. Mission critical applications can be steered to MPLS, or VPN links that provide high priority with low latency while all other applications are channeled to the links that have available bandwidth or provide best effort. In this scenario, QoS based firewall policies allow you to orchestrate which applications take priority over others. Order processing or CRM will receive preferential treatment and less legitimate applications like peer-to-peer protocols, or internet browsing, will be prevented from consuming precious bandwidth.

Again, adapted firewall VPN technology will ensure network efficiency at a fraction of the cost of MPLS acquisition, with failover support to eliminate the pains of packet loss and minimize the impact on the user. Pooling links implies that the routing will be able to select different VPN links based on traffic volumes and network conditions. When you deploy QoS-based preferred link selection, traffic can be directed to different links based on link conditions. If a link fails, traffic is automatically and seamlessly directed to another link via load balancing functionality. The outcome: a significantly optimized performance/cost ratio. In this scenario, maximum capacity is ensured for all traffic and even when a link fails the flow of data is not interrupted.

Ultimately, as IT landscapes evolve we should look at large-geo distribution from a network point of view and refrain from adopting a site-by-site perspective. Global, flexible link management will give you greater control over your WAN performance with significant cost savings.

Advertisement. Scroll to continue reading.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...