Network Transformation Strategy

How to Migrate From MPLS to SD-WAN

The benefits of SD-WAN are well known, but the transition from MPLS is often unclear. What specific steps
should you consider when migrating from a traditional MPLS network to SD-WAN? $1,999,999.900
This plan should help. It identifies the issues and options you’ll need to consider when evolving your network.
Gathered are insights from SD-WAN adopters, industry best practices, and our own experiences helping AC +/- % ÷
hundreds of enterprises transform their networks.
7 8 9 ×
The plan is divided into five phases:

4 5 6 -

1 Migrate locations from MPLS to SD-WAN

1 2 3 +

0 . =
2 Reevaluate your branch security strategy
Data Traffic

3 Connect the cloud to the SD-WAN

MPLS

4 Optimize the mobile experience

5 Determine the right SD-WAN management model

T h e Fu t u r e o f S D -WA N . To d a y.
How to Migrate From MPLS to SD-WAN Migration 1
1 Migrate locations from MPLS to SD-WAN
Reducing MPLS bandwidth costs and improving agility are often the initial objectives of network transformation initiatives.
Shifting to Internet-based SD-WAN addresses those challenges. To ease that transition, follow these five steps.

Step 1 Step 2 Step 3 Step 4 Step 5

Categorize Your
Locations
Start your MPLS migration by grouping
locations by their requirements for
availability, packet loss, and cost.
Select the Right
Last Mile
With sites categorized, map their
requirements onto last-mile and middle-
mile service characteristics. Matching
the service quality of MPLS circuits is
possible, but requires understanding
where problems occur on the Internet
and how to address them using the
magic of multipathing.
Decide on Your
Middle Mile
Whereas the last mile faces challenges
of availability and packet loss, the sheer
length of the middle mile makes latency
and predictability the major issues. For
those who want to avoid carrier lockin,
there are two middle mile choices — the
unpredictable public Internet and SLA-
backed, global managed backbones.
Engineer End- Procure Your
to-End Network Services
Architecture With last and middle mile services
identified, you’re able to determine
Combine middle and last miles to deliver
whether to keep procurement in-house
MPLS-like quality with Internet-like price
or outsource to a last-mile aggregator
and agility. In dealing with hundreds
who will manage the full procurement
of customers, Cato Networks has
process using specific partnering
found that MPLS connections can be
providers or ISPs around the globe.
effectively replaced by a combination
of DIA and broadband services in the
last mile and a private backbone in the Outsource
middle mile.

80 100 DIA
40 120

0 140

SPEED Braodband Inhouse

T h e Fu t u r e o f S D -WA N . To d a y.
How to Migrate From MPLS to SD-WAN Migration 2
2 Transform Branch Security
It’s true that SD-WAN can be adopted without changing a company’s security architecture. But it’s also true
that security operations can be made more effective and efficient when reevaluated in the context of a WAN
transformation initiative.

Step 1 Step 2

Understand the Decide on Your

Problems of Centralizing
Security with SD-WAN
Branch office users require Internet and cloud
access — that’s a given. Where you inspect
branch traffic and enforce security policies is the
question. Centralizing security made security
operations more manageable and scalable but
adds latency in a cloud- and Internet-centric
organizations
Approach to Branch
Security
The current best practice is to eliminate backhaul
and provide direct Internet breakout at branch
locations. Security becomes a necessity, either by
distributing network security appliances across
branch offices or by moving network security into
the cloud.

T h e Fu t u r e o f S D -WA N . To d a y.
How to Migrate From MPLS to SD-WAN Migration 3
3 Connect the Cloud to the SD-WAN
With enterprise resources and applications moving to the cloud, connecting cloud datacenters (IaaS) or cloud
applications (SaaS) to the SD-WAN is only a matter of time. Significant differences separate how easily and
effectively SD-WAN architectures integrate with the cloud.

Step 1 Step 2

Identify the Value of Evaluate the Suitability

Connecting the Cloud to
SD-WAN
By connecting cloud resources to SD-WAN,
organizations can reduce the latency and packet
loss users experience when accessing the cloud
and, in general, improve the user experience.
Bringing cloud traffic onto the SD-WAN also
increases IT visibility into enterprise traffic
patterns and extends security policies to public
cloud applications, such as Dropbox.
of SD-WAN Solutions for
Connecting to the Cloud
Key considerations when evaluating SD-WAN
suitability for connecting to the cloud involve
deployment difficulty, routing and network
optimization, and securing cloud resources.

T h e Fu t u r e o f S D -WA N . To d a y.
How to Migrate From MPLS to SD-WAN Migration 4
4 Optimize the Mobile Experience
As organizations rethink their WAN, they have the opportunity to
easily address another pain point facing networking teams — mobile
access. Mobile performance is undermined in part by backhauling
traffic; security risks are introduced by giving mobile users unrestricted
network access.

To address these problems, look for SD-WAN solutions where mobile

users can connect to any SD-WAN node in order to access the
enterprise network. And with mobile traffic on SD-WAN, IT gains a
“single pane of glass” into all enterprise traffic plus the ability to define a
single set of security policies for all users regardless of location.

T h e Fu t u r e o f S D -WA N . To d a y.
How to Migrate From MPLS to SD-WAN Migration 5
5 Determine the Right SD-WAN Management Model
Having identified the scope and considerations of WAN transformation, you’re in a position to evaluate SD-WAN
options. There are two ways of implementing SD-WAN, appliances or services. There are four ways of managing
SD-WAN solutions — do-it-yourself (DIY), fully managed, self-service and co-managed. The approaches differ in
the degree of responsibility enterprises and service providers assume for continuous monitoring, infrastructure
maintenance, and change management. The four management models are:

Do-it-yourself (DIY) Fully managed services Self-service Co-managed services

Has long been the approach enterprises chose
when purchasing and deploying appliances
themselves. The enterprise assumes the
responsibility for the ongoing monitoring of the
SD-WAN, any SD-WAN changes, and maintaining
the underlying infrastructure, such as the SD-WAN
appliances, routers, or data centers.
The traditional management approach for
infrastructure services where the provider is fully
responsible for all aspects of this service. For
example, with a fully managed MPLS service,
providers monitors the customer’s MPLS
implementation (continuous monitoring), maintain
the underlying MPLS switches and connecting
capacity (infrastructure maintenance), and fulfill
any MAC requests (change management).
Is very similar to how enterprises manage their
instances in cloud datacenter services such as
Amazon AWS. With self-service, enterprises
fully control their SD-WAN, making any MACs
themselves. Both the enterprise and the provider
continuously monitor the enterprise’s SD-
WAN instance. The provider, though, is solely
responsible for managing the infrastructure shared
among its customers.
Split the responsibility for managing the network
between the enterprise and the service provider. The
enterprise can make MACs for SD-WAN services
but generally not security-related changes, such as
updating security policies or other non-connectivity
aspects of the service. The enterprise is also forced
to pay a premium, as the provider must handle
continuous monitoring. The provider is once again
responsible for infrastructure maintenance.

T h e Fu t u r e o f S D -WA N . To d a y.
How to Migrate From MPLS to SD-WAN Migration 6
The Cato Approach
Cato Cloud is a self-service (or fully managed) SD-WAN service. Not only does it
connect all enterprise network elements — branch locations, the mobile workforce,
physical and cloud datacenters, and cloud applications — to a global, encrypted, and
optimized SD-WAN in the cloud, but it also protects them. The Cato Cloud network
is a globally managed backbone that provides affordable, SLA-backed connectivity.
With all WAN and Internet traffic consolidated in the cloud, Cato can protect the
complete enterprise with a full set of optional security services — including NGFW,
SWG, IPS, and more — all backed by Cato’s security team, which proactively hunts
and identifies threats on customer networks.

To learn more visit our website at

www.CatoNetworks.com

or contact us for a short and enlightening demo

Contact us

T h e Fu t u r e o f S D -WA N . To d a y.
How to Migrate From MPLS to SD-WAN Migration 7