I’m just the helpdesk IT monkey at a small local office of a mid-sized company.
My office has about 30 people. We’re a small branch office from a larger main office that has about 500 people. We have an MPLS circuit, 50 mbps, that goes to the main office.
Everyone hates our internet because it’s slow as shit. If someone is using the video conference machine then the internet basically become unusable (their solution was to limit the VC to 1 mbps - which is not even HD). Transferring files to the main office is slow as shit, we have to schedule our backup service to run overnight. Everything is very slow.
What advantage does MPLS have over just getting Comcast Business Gig service and using a VPN tunnel back to the main office? I’m too afraid to ask our network guy because I don’t want to sound like a dummy. Isn’t MPLS extremely expensive, aren’t they paying like $20k/month for this? I sorta kinda asked about it and he said something about traffic going through our firewall and web filter… but Comcast Business Gig service is $500/month, they’d save $20k/month not having the MPLS. Wouldn’t getting a new firewall and content filtering thing at our local office pay for itself literally the first month?
I know random internet strangers don’t work at my company and don’t know our specific circumstances, but lots of businesses still use MPLS. I don’t understand why MPLS still exists as internet service is so much faster and cheaper. Is it just inertia - They set this up 20 years ago or whatever and they’re still using it just because?
The funny part about this - Almost everyone has already figured out that the guest wifi network (Comcast 600 mbps) is way faster than the regular network so about half of the office exclusively connects to the guest Wifi and VPNs in anyway.
I’m betting their price is closer to $2500-$4000 a month.
MPLS is better if the organization uses mission critical services that just can’t take a risk for latency, down time or maintenance.
The other issue is personnel. Can your enterprise manage the MPLS. May be a small answer, put if no one cares about the cost they’ll just keep MPLS because it’s always been there.
The other reason is regulation. You didn’t mention the industry, so MPLS may be the contract/compliance side of keeping it there.
For starters, ask the networking guy!! At some point he didn’t know either. If you’re a Helpdesk monkey and not in network why should he assume you know this?
The internet has no SLA. A L2L VPN connection might work or it might not. With an MPLS connection you have a single provider that is responsible for it end-to-end with a contractually guaranteed SLA.
Do you want to take your chances and save a bit of money by relying on the internet or do you want contractual guarantees?
Separate failure domains. All of our remote offices have one MPLS connection and one (generally Comcast) cable Internet connection. If both are regular public Internet connections (even separate providers) and a large BGP route leak or such happens on the Internet (definitely not unprecedented) we’re largely unaffected.
Also it’s highly unlikely it’s 20K a month. We pay over around 700-800 a month for 30/30 service in a (relative to large cities) podunk market.
Could be a variety of reasons. Our company used to have MPLS across all of our offices mostly because it was a managed service that we didn’t need to configure/touch. Eventually we ditched all of that and put in 2 dedicated internet fiber circuits at each office. This gave us redundancy and higher speed across the board for 50% less than what we were paying. The SD-WAN takes care of routing traffic over the best uplink.
However, what may work really well for my company may not work for yours. All depends on what the business is using for apps/services.
Depending on how you are setup, it overall better for traffic efficiency and more secure than popping vpn tunnels back to home. It’s basically a carrier provided vlan with routing for specific things already in place. It definitely not cheaper. Your issue is the speed, which is just a matter of getting a faster connection.
First off I would not consider it more secure. You are trusting the ISP that they separated the traffic correctly. I have seen more then one ISP putting multiple companies on same connection. Never trust it and still run VPN over the MPLS circuits.
Also with more things going cloud or SAAS, I think MPLS is dieing out and not needed any more. A few years back we dropped all ours and went to fiber internet and use VPN back to HQ. Our Telcom bill dropped by 30% and we have double the connection now. It does add overhead to manage all those contracts but worth it. We use SDWAN and have multiple connections at each site. It determines which ISP is better and routes traffic over it. AT&T, CenturyLink offers best efforts fiber for super cheap. No SLAs but when you have 1g fiber from a few different ISPs cheaper then you can buy a 100mbps MPLS circuit is crazy.
If you have a 50 mbps MPLS circuit and are experiencing a noticeable decline in throughput from one video conference unit, something is not working correctly.
you could also be running VoIP out of central office and need to prioritize voice traffic which is simply not possible to guarantee over internet link. A remote office with 16 users may not sound like a lot, but ordering 16 voice POTS lines for that office, and managing the #s is not free, and can be done more efficiently via MPLS. I agree that its old school thought-wise, but its proven, and works. While you might get away with 95% of the time with no voice quality issues when using internet, there’s no guarantee.
Not asking because you’re afraid you sound like a dummy?
Professional cluelessness is one of the wisest and most professional things you can do. Just walk over to o e of the people you know (or drop them a call) and ask exactly what you asked here.
Your thinking looks like a very valid argument and the worst that happen is that the network admin will laugh at you for being a dummy.
You then learned a few things:
your network Admin isn’t half as good as they think they are (good people can explain at various levels; explaining to „beginners“ being one of the hardest things)
your network Admin is not a professional, a professional would explain or admit they don’t know
your network admin, most likely, is an asshole. In a few years you’ll be his boss because you actually talk to people and tackle topics you don’t know yet with a open ear
Best case:
You’ll gain a mew friend and, possibly, have a foot in the door if you ever want to get into network stuff.
We use an mpls with our parent company (located in Europe, we’re in the US). It helps us isolate imaging, services, and a couple of internal applications, from the rest of our day to day traffic.
It saves on internal bandwidth and helps us isolate things and make comms a bit more secure. Secure in network segmentation and port connectivity.
MPLS is a scam usually offered as a “secure” way to connect multiple branches when it can face the same challenges as any other VLAN related option to segregate network traffic. (Including things like VLAN “leaking” and provider error that can cause your traffic to “accidentally” be routed to other customers on the MPLS network.)
For a company with several (I’d say at least 10 geographically separate endpoints) it may be an option because routing internal traffic vs outbound traffic can get cumbersome for a single individual, but if you want to secure your traffic, you’ll still want to encrypt it in transit, just like any other data. . . which means you’re using a VPN anyway.
If your company has only a few geographically separate endpoints, setting up multiple VPNs isn’t that big of a deal, and is probably far more cost effective.
You could buy a Fortigate for $1,000 (One time payment because its hardware.), set up your rules and other configurations and that’s it. $20k a month is a rip off lol.
We use MPLS (that we can control) for business critical or secure internal traffic between sites instead of VPN over the internet (that we can’t control). Else we have several upstream carriers and the MPLS carriers are just another DIA in the routing list.
MPLS in use: company with branches in 3 states , 700 PC users , 3000+ other staff (factory workers…) works fine, upload/download 30 Mbps for office work its enough