Home » WAN Technologies: MPLS, SD-WAN, DMVPN, GETVPN, Internet WAN และ WAN Optimization
WAN Technologies: MPLS, SD-WAN, DMVPN, GETVPN, Internet WAN และ WAN Optimization
WAN Technologies: MPLS, SD-WAN, DMVPN, GETVPN, Internet WAN และ WAN Optimization
WAN Technologies เชื่อมต่อ branch offices, data centers และ cloud เข้าด้วยกัน MPLS เป็น carrier-managed WAN ที่ reliable, SD-WAN ใช้ software-defined approach ที่ยืดหยุ่นและประหยัด, DMVPN สร้าง dynamic VPN tunnels, GETVPN ให้ group encryption สำหรับ MPLS, Internet WAN ใช้ broadband แทน MPLS และ WAN Optimization เร่งความเร็ว application ข้าม WAN
WAN costs เป็น ค่าใช้จ่ายใหญ่ที่สุดของ IT networking: MPLS circuit ราคา 5-10x ของ broadband internet ที่ bandwidth เท่ากัน SD-WAN disrupted WAN market ด้วยการใช้ cheap internet + overlay → ลด WAN cost 50-70% พร้อมเพิ่ม bandwidth Gartner reports ว่า 60%+ ของ new WAN deployments เป็น SD-WAN (2024) แต่ MPLS ยังใช้สำหรับ mission-critical applications ที่ต้องการ guaranteed SLA
WAN Technology Comparison
| Technology |
Transport |
Cost |
SLA |
Best For |
| MPLS |
Carrier-managed (L2/L3 VPN) |
High ($500-5,000/site/mo) |
Guaranteed (99.99%) |
Mission-critical, voice/video, compliance |
| SD-WAN |
Internet + MPLS (overlay) |
Medium ($200-1,000) |
Best-effort + SLA steering |
Cost reduction, cloud access, agility |
| DMVPN |
Internet (IPsec tunnels) |
Low (internet cost) |
Best-effort |
Branch-to-branch VPN, spoke-to-spoke |
| GETVPN |
MPLS (group encryption) |
MPLS cost + GETVPN |
MPLS SLA maintained |
Encrypt MPLS without tunnel overhead |
| Internet VPN |
Internet (site-to-site IPsec) |
Low |
Best-effort |
Simple branch connectivity, backup |
MPLS
| Feature |
รายละเอียด |
| คืออะไร |
Multi-Protocol Label Switching: carrier provides L3 VPN (or L2) between customer sites |
| Labels |
Packets forwarded based on labels (not IP lookup) → fast switching, traffic engineering |
| L3 VPN |
Each customer gets VRF → isolated routing → carrier manages routing between sites |
| QoS |
Carrier provides QoS classes: real-time (voice), interactive (video), bulk (data) |
| SLA |
Guaranteed: latency (< 50ms), jitter (< 5ms), packet loss (< 0.1%), uptime (99.99%) |
| Disadvantage |
Expensive, long provisioning (weeks-months), inflexible (change = carrier involvement) |
SD-WAN
| Feature |
รายละเอียด |
| คืออะไร |
Software-defined WAN: overlay network ที่ abstract transport (MPLS, internet, LTE) → intelligent path selection |
| Path Selection |
Monitor link quality (latency, jitter, loss) → steer apps to best path real-time |
| Direct Internet Access |
Branch traffic ไป cloud/SaaS ตรง (ไม่ต้อง backhaul ผ่าน DC) → better performance |
| Zero-Touch |
Ship appliance to branch → auto-provision via cloud controller → deploy in minutes |
| Vendors |
Cisco Viptela/Meraki, VMware VeloCloud, Fortinet, Palo Alto Prisma SD-WAN, Aruba/HPE |
| SASE |
SD-WAN + cloud security (CASB, SWG, ZTNA, FWaaS) = Secure Access Service Edge |
DMVPN (Dynamic Multipoint VPN)
| Feature |
รายละเอียด |
| คืออะไร |
Dynamic VPN tunnels: hub-and-spoke base + dynamic spoke-to-spoke tunnels on demand |
| Components |
mGRE (multipoint GRE) + NHRP (Next Hop Resolution Protocol) + IPsec + routing protocol |
| Phase 1 |
Hub-and-spoke only — all traffic through hub |
| Phase 2 |
Spoke-to-spoke tunnels → direct traffic between spokes (NHRP redirect) |
| Phase 3 |
Spoke-to-spoke with NHRP shortcuts → most efficient (hub sends NHRP shortcut) |
| Advantage |
Scalable (add spokes without reconfiguring hub), dynamic spoke-to-spoke, uses internet |
| Disadvantage |
Complex config, spoke needs public IP (or NAT-T), no built-in path selection (vs SD-WAN) |
GETVPN (Group Encrypted Transport VPN)
| Feature |
รายละเอียด |
| คืออะไร |
Encrypt MPLS traffic without tunnels — preserve original IP header → maintain QoS and routing |
| Key Server |
Distribute encryption keys to all group members → all members can decrypt each other’s traffic |
| No Tunnel |
ไม่ใช้ tunnel (ต่างจาก IPsec/DMVPN) → no tunnel overhead, preserve MPLS QoS markings |
| Any-to-Any |
ทุก member encrypt/decrypt → full mesh communication โดยไม่ต้อง P2P tunnels |
| Use Case |
Organizations ที่ต้อง encrypt MPLS (compliance) แต่ต้องการ keep MPLS benefits (QoS, multicast) |
| Limitation |
Only works on private WAN (MPLS) — ไม่เหมาะกับ internet (needs routable addresses) |
WAN Optimization
| Technique |
How |
Benefit |
| Data Deduplication |
Cache repeated data patterns → send reference instead of actual data |
60-90% bandwidth reduction for repeated transfers |
| Compression |
Compress data before sending → decompress at destination |
30-50% bandwidth savings |
| TCP Optimization |
Local ACK, window scaling, selective ACK → overcome WAN latency effects on TCP |
2-10x throughput improvement for TCP apps |
| Protocol Optimization |
Optimize chatty protocols (CIFS/SMB, HTTP, MAPI) → reduce round trips |
5-50x faster file transfers, email sync |
| Caching |
Cache frequently accessed content locally → serve from local cache |
Reduce WAN traffic, faster access |
| Vendors |
Riverbed SteelHead, Cisco WAAS, Silver Peak (now HPE Aruba) |
Deployed at branch + DC (symmetric) |
ทิ้งท้าย: WAN = Connectivity is Everything
WAN Technologies MPLS: carrier-managed, guaranteed SLA, expensive — mission-critical, voice/video SD-WAN: intelligent overlay, path selection, DIA, zero-touch, SASE integration — cost-effective, agile DMVPN: dynamic VPN (hub-spoke + spoke-spoke), mGRE + NHRP + IPsec — scalable internet VPN GETVPN: group encryption for MPLS (no tunnels), preserve QoS/routing — compliance on MPLS WAN Optimization: dedup, compression, TCP/protocol optimization, caching — 2-10x faster apps Trend: MPLS → SD-WAN migration (hybrid first) → SASE (SD-WAN + cloud security) Key: SD-WAN is the future but MPLS isn’t dead — hybrid (SD-WAN + MPLS) is most common deployment today
อ่านเพิ่มเติมเกี่ยวกับ Campus Network Design Three-Tier SD-Access และ Network Performance Latency Jitter Throughput ที่ siamlancard.com หรือจาก icafeforex.com และ siam2r.com
