Mark Dulling, Senior Solutions Architect, MLL Telecom
Much is made in the marketplace about the logical layer 2/3 delivery of connectivity to customer sites. However, especially in the UK market, from the perspective of a service provider, the logical delivery makes little or no difference. The underlying networks that carry the traffic between sites and The internet are exactly the same, regardless of their logical (layer 3) delivery.
So Direct Internet Access (DIA) is not quite so direct after all. The traffic is on the same provider network as all the MPLS traffic is delivered over: the same sets of cables in the ground, the same exchanges, the same back haul circuits, the same PoPs, the same NNIs, and, in most cases, to the same Internet peering. In the UK, Internet access is highly likely to be happening in either London or Manchester or in some cases, in one of the smaller regional exchanges. These locations are also where it is most sensible for service providers to host centralised firewalls.
Let’s start by exploding a few common myths that can and do serve to confuse the market:
MPLS is more expensive
This is perhaps the most incorrect statement of all when it comes to the UK WAN market. The underlying network costs are identical because it’s the same network. Moreover, the CPE devices to manage MPLS connections are typically lower-end and most cost-effective, This is especially true if an organisation wishes to provide enhanced security options such as Unified Threat Management.
In addition, peering charges for Internet peering do still exist, as do charges for public IP addresses, so in truth, if you are not considering sites in other countries then MPLS should, in fact, be more cost-effective. In the UK market, fewer and fewer providers are attempting to charge a premium for MPLS services.
MPLS is old hat
The traditional benefits of MPLS still hold true today. MPLS is more secure than an Internet-based network because it is delivered as an entirely private network, therefore ingress points for threat actors to target are also far fewer. It offers greater overall traffic control by allowing and honouring QoS class of service markings. This also means that traffic management can be employed from the end-user device all the way through to the application server or the cloud ingress point.
It should be recognised that I am referring to the underlay only here. Services such as SD-WAN or Zero trust networking can be overlayed on any underlay network that has the appropriate access, to bring their traffic management capabilities as well. The two parts don’t even necessarily have to be supplied by the same provider, though it can be sub-optimal to deal with multiple vendors of course. The point is that the underlay and overlay are completely independent.
It’s either MPLS or Direct Internet Access
This should no longer be true of any modern UK service provider. Agile UK providers should be able to provide both on the same connectivity and choose the best option on a per-application basis. An example of where an organisation might truly see benefit from using DIA connectivity would be a Zero Trust model. In sites where there are very small numbers of users, on known devices, this might be used to remove the cost of SD-WAN devices from the network as a whole. Even then some devices such as IoT or legacy hardware on-site hardware might be an issue. In fact, the whole point of modern networking is selecting the best options to deliver optimal performance and end-user experience when accessing data and applications, regardless of the end user’s present location. It’s about connecting people, not premises.
Elements of truth
However, there are caveats. This is what makes some of the messaging and claims surrounding DIA so powerful. It is up to the purchaser to evaluate how true these are for their organisation. For example, it is true that international connectivity delivered as MPLS is significantly more expensive, and in other territories service providers can charge significantly more for MPLS because of the distances they must cover. This particularly applies in the US where many of the hardware vendors are based. But does this apply to your organisation at all? Even if it does, it should not dictate an all-or-nothing approach. The most appropriate underlay solution should be selected on a per-site basis.
The idea of selecting the most cost-effective connectivity per site is also a valid argument. However, where this would typically show the most benefit – and savings would probably be somewhat limited – is in organisations that are first and foremost set up to easily manage multiple suppliers, from both a procurement and a support perspective. Secondly, one would normally expect to see this in organisations that are going to supply and manage their own overlay services, so typically this would have the most significant benefit in the SME market. However, both of these aspects are typically sub-optimal/undesirable for public sector or enterprise organisations. If a larger organisation were to take this path, it could be a dangerous one.
For example, two separate service providers can take the same wholesale product, from the same carrier and have them delivered to NNIs in the same data centres. The issue is that, regardless of whether it is broadband or Ethernet, each of these providers set their own traffic shaping and capacity management policies. As such, one supplier can decide that they wish to set their system up so that there is little or no contention of the NNI at any time, whereas the other can decide to cram as much as they can onto it.
Usually, the good providers have policies that enable the network to be built and managed in a way that ensures customers will rarely see any adverse traffic conditions, especially in ‘business grade’ services. There tends to be much greater equity between the products of these suppliers. However, this is not going to hold true if a customer simply selects the cheapest connectivity without checking, nor will it be guaranteed in life even if it is true at the time of purchase.
In summary, buyer beware. The “cheaper” model can easily turn into the “got what you paid for” model – especially in a world where bandwidth usage is expanding all the time. Traffic very rarely goes directly to The Internet unless an organisation has set itself up as a service provider and peers directly themselves. All traffic will travel through PoPs/exchanges to carriers and service providers who peer with each other.