What Is MPLS?

Multiprotocol Label Switching, or MPLS, is a networking technology that routes traffic using the shortest path based on “labels,” rather than network addresses, to handle forwarding over private wide area networks.

Organizations often use this technology when they have multiple remote branch offices across the country or around the world that need access to a data center or applications at the organization’s headquarters.

However, once an organization moves its applications to the cloud, the traditional MPLS hub-and-spoke model becomes inefficient and costly because:

• It requires routing the traffic through the organization’s headquarters and out to the cloud instead of connecting to the cloud directly.

• As companies add more applications, services and mobile devices to their networks, the demand for bandwidth continually increases.

To make cloud traffic more efficient, many organizations are exploring how to supplement MPLS with other types of connections, such as:

• MPLS offloading: By using a direct-to-internet connection, an organization can offload the traffic that was bound for the web in the first place. This way, the MPLS circuit only carries the traffic intended for headquarters. The question is how to address security for branch internet connections. An organization might have to add a full stack of security products at the branch, which introduces complexity; or it might forward internet traffic through a proxy, which doesn’t provide the same level of security or inspect non-web traffic.

• MPLS replacement with direct-to-internet: An organization might completely replace an MPLS circuit with an internet connection at a branch office. Although a direct connection is more efficient for access to the cloud, it creates challenges in regard to how to set up networking with the same connectivity and reliability as the MPLS environment as well as questions about how to implement security.

• MPLS offloading or replacement with SD-WAN: A software-defined wide area network allows an organization to increase its flexibility and optimize branch networking decisions based on the application, networking and bandwidth requirements.

Cloud-Delivered Security: A Comprehensive Approach to Securing Branch Offices

Today, many organizations are redesigning their wide area networks to enable their branch offices and mobile users to directly connect to the cloud via cloud-delivered security infrastructure or secure access service edge, or SASE. This enables organizations to provide users with secure access to all applications, gain full visibility and inspection of traffic across all ports and protocols, and increase the available bandwidth regardless of the MPLS strategy the organization is using.

Some of the benefits of cloud-delivered security infrastructure include:

• Simplified networking as organizations can leverage the cloud for security and networking without having to backhaul traffic to headquarters.

• Increased speed and agility through rapid branch deployments.

• Reduced costs with a cloud-delivered architecture, so IT teams no longer have to physically go to each branch location to install and maintain security appliances or mitigate issues. Organizations can also eliminate expenses such as shipping IT equipment to remote sites.

• Consistent security when organizations can consistently apply and enforce their security policies across all branch locations and headquarters. 

• A seamless user experience wherever an organization operates.      

For more information on cloud-delivered branch security, visit us online.

More Resources

• Video: Cloud Connected Branch
• Brief: Secure the Cloud: Cloud-Connected Branch
• Webinar: Secure Your Branch