Most of the companies have multiple branches. And almost all of them connect to each other over WAN (Wide Area Network). Each branch needs Internet connectivity as well. So, what kind of connectivity architecture do companies adopt? Which architecture is better – MPLS WAN Connectivity and Centralized Internet Access (or) De-centralized Internet Access at each branch, while still connecting to other branches using MPLS Links (or) Virtual Private Networks using just Internet Leased Lines at all branches? We will find out, in this article.
A number of companies still have Point to Point Leased Lines to connect to other branches but we are not considering that architecture here as MPLS connectivity is clearly a better (and a more cost effective) option these days.
MPLS WAN Connectivity and Centralized Internet Access

The main advantage of this architecture is the centralization of the Internet Access Policies and the Security Policies – They can be applied from one location in the head office, which gives more control to the head office over what is/ can be accessed over the entire network. This is also a cost effective option, as the Internet at the head office is shared between the multiple branches and since companies pay in full for the capacity ordered (2 Mbps for example), the under utilization of available bandwidth at any point of time can be minimized.
The main disadvantage is that the speed of Internet access at the branches can be quite slow (especially during peak access times). Since the same circuit is carrying both Internet traffic as well as real time traffic like voice and video, data traffic (Internet) might slow down the real time traffic, especially if end to end QoS parameters are not configured.
MPLS WAN Connectivity and De-centralized Internet Access (Internet connectivity at every branch)

The main advantage of this architecture is, if planned well, can give the best performance for real time traffic, data traffic and Internet traffic. The users in the branches would no longer experience slow Internet access. This architecture also enables to maintain a good performance without increasing the costs too much by having broadband connections at smaller branches for Internet access instead of Internet leased lines, as broadband connections are much cheaper. This method is very effective especially if all the branches are within a single country.
The disadvantages could be the higher costs and more chances of not utilizing the bandwidth capacity paid for in each branch (for Internet Leased Lines). The costs for global MPLS connectivity is very high, and hence it is difficult to implement for companies with multiple branches across the globe.
Virtual Private Networks using Internet Leased Lines at all the branches

The obvious advantage of this architecture is the cost reduction as one network can do the tasks of inter-branch secure communications as well as giving Internet access, at each branch. This is architecture is especially useful for globally spread enterprises. This architecture also allows remote access of the network by workers on the field and those working from home as IPSec/ SSL VPN’s can be set up between the branches and roaming employees with proper network access credentials. The cost of Internet Leased Lines are coming down rapidly. Redundancy can be established by having multiple Internet Leased Line connections from different ISP’s and most of them give SLA – Service Level Agreements which ensures that the network is up for maximum possible time.
The main disadvantage is the performance – especially for real time applications like voice and video – The Internet is an unpredictable network and there will always be packet losses. Apart from that, there is no way of establishing End to End Quality of Service (QoS) parameters as the Internet is a public network and the connections pass through a number of Routers in between. Another disadvantage is using one connection for all the applications – if there is a lot of data traffic, the voice/video traffic gets delayed!