Exploring network redundancy across MPLS, SD-WAN, and SASE

July 10, 2024
To achieve network availability, redundancy is important: it ensures that the business can continue operating smoothly even during an outage.

Businesses today thrive on the constant availability of their IT infrastructure. Any disruption in network connectivity can grind productivity to a halt, interrupt customer or partner interactions, and ultimately impact their bottom line. As even a minute of unexpected IT downtime can cost over $14K depending on the company’s size and industry vertical, the stakes are high.

Network outages are not always avoidable, but ensuring resiliency and rapid recovery is typically the burden of the company. To achieve network availability, redundancy is important: it ensures that the business can continue operating smoothly even during an outage.

Why Does Network Redundancy Matter?

  • Network redundancy enhances overall reliability by eliminating single points of failure with backup connectivity to maintain seamless service availability during outages.
  • It minimizes downtime, ensuring business continuity during service disruption.
  • Redundancy improves employee productivity by preventing network issues from hindering access to resources.
  • Businesses with an online presence will maintain a smooth customer experience even during maintenance and planned downtime.
  • It can bolster security by providing alternative paths for affected network traffic, allowing continued operations during disruptions caused by security incidents.

While redundancy is essential for building resilient enterprise networks regardless of the networking solution, there are multiple ways to achieve this. Here is how popular enterprise solutions like SASE, MPLS, and SD-WAN address redundancy:

MPLS Redundancy: Reliable Backbone, Vulnerable Last Mile

MPLS carriers typically have redundant paths built into their network infrastructure. If there is an issue, such as a hardware failure or a cable cut, the traffic automatically reroutes to a backup path within the carrier's network. Carriers often route their MPLS circuits through geographically diverse paths to protect against regional outages. This redundancy is the reason behind MPLS's reputation for fast, reliable connectivity, especially as all redundant paths aim to deliver the same level of performance.

However, redundancy in last-mile connectivity, which delivers connectivity from the service provider to the organization's premises, is another story. MPLS last-mile redundancy is often active-passive. If the active link fails, traffic is rerouted to the backup link. However, this failover process can take time, causing disruptions in latency-sensitive, real-time applications like video conferencing, telemedicine, and VoIP.

Additionally, MPLS is expensive, and for many organizations, redundancy is simply not an option. Those who can afford redundant connections are still vulnerable to carrier outages since both MPLS connections rely on the same carrier’s infrastructure anyway. Unless organizations engage with more than one MPLS carrier (dual-homing connections), which can be both costly and complex, they will always be susceptible to carrier outages.

SD-WAN Redundancy: Multi-link Redundancy, Single Point of Failure

In contrast to MPLS, SD-WAN (Software-Defined Wide Area Network) offers a more flexible approach to redundancy. While MPLS excels at core network reliability, SD-WAN tackles redundancy through multi-path connectivity. SD-WAN utilizes different, simultaneous connection types, including MPLS, Ethernet, broadband internet, and 5G. If one connection fails, SD-WAN seamlessly reroutes traffic over alternate paths, thus minimizing downtime.

In addition, SD-WAN offers both active-active and active-passive options for redundancy. Active-active allows for more seamless failover. However, SD-WAN redundancy often relies on internet connectivity, which can be unreliable and lead to an unexpected reduction in performance compared to a dedicated MPLS circuit. Integrating multiple connections from diverse providers also requires careful security consideration as ensuring consistent security policies across all connections is challenging. Finally, the on-premises SD-WAN appliance itself can become a single point of failure, disrupting connectivity across all connections.

SASE Redundancy: Multi-layered Resiliency, Cloud-based Architecture

SASE essentially combines SD-WAN with comprehensive security functions in a single, cloud-based solution. SASE’s cloud-based architecture overcomes many of the limitations of MPLS and standalone SD-WAN. A SASE cloud is ideally composed of a global network of PoPs (points of presence), each connected via multiple top-tier carriers.

If a carrier’s service experiences an outage, the PoPs automatically failover to another carrier. If a PoP experiences an outage, its traffic automatically reroutes to another nearby PoP. Each PoP offers similar functions and security policies are enforced centrally, which ensures consistency even during a failover.

However, the SASE architecture must be carefully designed to achieve multi-layered resiliency against different types of failures. Each PoP within the SASE cloud must also have redundant compute nodes for processing network traffic. While a cloud-native SASE architecture does not rely entirely on any on-premises device, many organizations have grown comfortable with their infrastructure hardware.

In this scenario, a SASE edge device must be deployed as redundant hardware to ensure resiliency. In the unlikely event of a complete SASE cloud outage, the edge devices can be designed to provide direct connectivity over the public Internet. 

Network outages can have varying degrees of impact on different organizations. Depending on the size, critical nature of their services and operations, and their industry verticals, organizations must choose the right type of networking technology and architecture to meet their redundancy needs while also keeping in mind their budget, current infrastructure, and security and compliance requirements.

About the Author

Demetris Booth

Demetris Booth is Product Marketing Director for Cato Networks in Asia Pacific. Demetris leads the strategic engagements around Cato’s cloud-native approach to Secure Access Service Edge (SASE). He is a strong advocate and champion of network and security convergence, promoting SASE as the pathway to better business and technical outcomes. Prior to Cato, he held various leadership roles with Sophos, Cisco, Juniper Networks and Citrix Systems. As a 20+ year technology industry veteran, he brings a diverse, global perspective, having lived and worked in North America, Europe, and Asia.