Post

WAN Architectures

Posted
By Ntwork_Beginner
3 min read
WAN Architectures

WAN Architectures: A Creative Deep-Dive for Learning and Revision

Wide Area Networks (WANs) are the digital highways that connect offices, data centers, and campuses across cities, countries, or even continents. While the internet itself is a WAN, enterprises often require private and secure connections to maintain control, performance, and security. In this blog, we’ll explore WAN architectures creatively, breaking them down into digestible sections so you can learn, revise, or teach with ease.

1. Private WAN Technologies: Keeping It Exclusive

Private WANs allow organizations to connect remote sites without exposing traffic to the public internet. Let’s explore the main technologies used.

A. Leased Lines: The Classic Dedicated Route

A leased line is a dedicated physical connection between two sites, providing fixed bandwidth reserved exclusively for your traffic.

Pros and Cons:

  • ✅ Truly private and consistent
  • ❌ Expensive, especially for large site meshes
  • ❌ Often lower bandwidth than modern alternatives

Topologies:

  • Hub-and-Spoke (Star): Cost-effective for multiple branches
  • Full Mesh: Expensive; requires N(N−1)/2 lines for N sites

Connection Types: Traditionally serial (T1/E1), but fiber-optic Ethernet leased lines are increasingly common.

B. Multiprotocol Label Switching (MPLS): The Smart Layer 2.5

MPLS uses labels instead of destination IPs to route packets, earning the nickname Layer 2.5.

How it Works:

  • Shared infrastructure segregates multiple customers using VPN labels.
  • Traffic moves efficiently without the routers needing to inspect IP headers constantly.

Router Roles:

  • Customer Edge (CE): On-premises router, unaware of MPLS, sends normal IP packets.
  • Provider Edge (PE): Adds/removes labels at the ISP edge.
  • Provider (P): Core ISP routers that forward labeled packets efficiently.

MPLS VPN Types:

  • L2VPN: ISP network acts like a giant switch; CE routers communicate directly.
  • L3VPN: PE routers participate in routing and form neighbor relationships with CE routers.

2. Internet Connection Technologies: The Public Highway

The internet, a network of networks, is the most common way to connect remote sites. While public, it’s versatile and cost-effective.

Common Internet Connection Types:

  • DSL (Digital Subscriber Line): Runs over standard phone lines; cost-saving.
  • Cable Internet: Uses CATV lines; shares line with TV via a splitter.
  • Fiber-optic Ethernet: High-speed light-based signals; requires an ONT.
  • Wireless 3G/4G/5G: Cellular access for mobile or backup connections.

Enterprise Redundancy Designs:

  • Single-homed: One ISP connection – vulnerable to ISP failure.
  • Dual-homed: Two connections to the same ISP – still limited.
  • Multi-homed: Connections to multiple ISPs – higher resilience.
  • Dual Multi-homed: Two connections per ISP – maximum redundancy.

3. Internet VPNs: Securing the Public Path

Because the internet is public, VPNs create secure, private pathways for enterprise traffic.

A. Site-to-Site VPNs (IPsec)

  • Use Case: Permanent connection between two sites.
  • Protocol: IPsec provides encryption and encapsulation.
  • Mechanism: Original packet encrypted inside an outer IP packet to the remote router.

B. Remote Access VPNs (TLS/SSL)

  • Use Case: On-demand access for single devices.
  • Protocol: TLS (formerly SSL), same as HTTPS.
  • Client Software: Examples include Cisco AnyConnect.

4. Advanced VPN Architectures: Going Beyond Basics

GRE over IPsec

  • IPsec natively only supports unicast.
  • To run multicast traffic (like OSPF/EIGRP), a GRE tunnel is created first and then encrypted with IPsec.

DMVPN (Dynamic Multipoint VPN)

  • Building dozens of IPsec tunnels manually is cumbersome.
  • DMVPN allows routers to automatically discover each other and form a full mesh using a simple hub-and-spoke setup.

Key Comparison: Private WAN vs MPLS vs Internet VPN

FeatureLeased LineMPLSInternet VPN
PrivacyPhysical (Dedicated)Logical (VPN Labels)Logical (Encryption)
CostHighMediumLow
RedundancyLow (Single line)High (Shared fabric)Variable (Homing)

Summary: The WAN Landscape in a Nutshell

  • Private WANs like Leased Lines and MPLS provide predictable, secure connectivity.
  • Internet-based connections are flexible and cost-effective but require VPNs for security.
  • Advanced architectures like GRE over IPsec and DMVPN combine the best of both worlds for scalable, secure enterprise networks.

Whether you’re revising for an exam or planning a network design, understanding these architectures ensures you know how data truly flows across distances. WANs aren’t just about cables and protocols—they’re about connecting people, places, and possibilities.

Pro Tip: Use diagrams wherever possible—visualizing hub-and-spoke, full mesh, MPLS labels, and VPN tunnels makes these concepts stick faster.

🙌 Connect With Me

GitHub LinkedIn YouTube Gmail

CCNA
WAN Architectures CCNA
This post is licensed under CC BY 4.0 by the author.