WAN....it's not the internet!! (sometimes) // FREE CCNA // EP 8

TL;DR

WAN links connect LANs across geography so branches can reach centralized services in headquarters or the data center.

Briefing Cornell Notes

Briefing

WAN connectivity is the practical problem of how geographically separated offices—corporate headquarters, branch locations, and even “coffee shop” sites—reach shared systems in the data center without relying on a simple “just run a cable” approach. The core takeaway is that enterprises typically avoid sending all branch traffic over the public internet by using carrier-managed WAN services that keep traffic private, predictable, and—when needed—prioritized for applications like VoIP.

Inside the enterprise, LANs handle local traffic within the corporate office or data center, while WANs handle the long-distance links between those separate sites. This matters because many centralized services live in the data center or headquarters: phone systems (including Cisco Unified Communications Manager), email, databases, websites, payroll, and point-of-sale systems at remote locations. Branch phones need dial tone and voicemail; branch stores need to reach corporate systems for transactions. That centralized design creates a dependency on reliable WAN transport.

Historically, companies connected sites using leased lines—dedicated circuits such as T1 (about 1.54 Mbps) and T3 (about 43 Mbps), with European equivalents like E1/E3. Leased lines were private because they carried only the customer’s traffic, but scaling to many branches became expensive and operationally messy. Older WAN technologies like Frame Relay and ATM also served as alternatives, but they’re largely legacy now.

A major modern workhorse is MPLS (Multi-Protocol Label Switching). With MPLS, an enterprise orders an MPLS circuit from a carrier at each site, and the carrier routes traffic across its network using labels. The result is a “private” WAN experience even though the underlying infrastructure is shared: the carrier creates virtual circuits so one customer’s traffic stays logically separated from others. MPLS is often described as an “MPLS VPN,” but it doesn’t necessarily rely on encryption; separation comes from label switching and virtual circuits. At the network level, the customer edge (CE) router connects to the provider edge (PE) router, and routing happens with packets (layer 3), not Ethernet frames.

MPLS remains common, but it’s increasingly challenged by SD-WAN, which uses standard internet connections and software controls to improve performance and reliability. The shift is driven by changing traffic patterns: more applications now run in public cloud platforms like AWS and Azure, reducing the need for every branch to backhaul to a data center.

Metro Ethernet (Metro E) is another WAN option, typically used between major sites within the same metro area. It can provide very high throughput (often 1 Gbps or 10 Gbps) using fiber and is frequently delivered as layer 2 connectivity. Metro E comes in variants such as E-Line (point-to-point), E-Tree (hub-and-spoke), and E-LAN (multi-point), with service-level agreements that can include compensation if the provider misses uptime targets. However, Metro E is usually too costly for many branch-to-data-center links.

For smaller branches, a common lower-cost approach is site-to-site VPN over public internet. VPNs encrypt traffic so it can traverse the “big bad wild internet” safely, but performance can suffer and—crucially—traffic prioritization (QoS) may be harder than with MPLS. In practice, enterprises weigh cost against reliability, latency, and the ability to prioritize time-sensitive traffic like VoIP.

The episode closes by applying these concepts to CCNA-style scenarios: replacing expensive point-to-point WAN links often means moving to dedicated internet access at branches (and using QoS for voice), and understanding what makes VPNs “true” in real deployments (typically handled by network devices, not requiring client software). The overall message: WAN design is less about picking a single technology and more about matching transport choices to application needs, geography, and budget.

Cornell Notes

WAN design is about connecting geographically separated sites (headquarters, branches, data centers) so they can reach centralized services like phone systems, email, databases, and POS systems. Enterprises often avoid the public internet for everything by using carrier services that keep traffic private and predictable. MPLS uses label switching and virtual circuits to create logical separation over a shared carrier network, often supporting QoS for voice and other latency-sensitive traffic. Metro Ethernet provides high-speed layer 2 connectivity—usually best for major sites within the same metro—while site-to-site VPN over public internet is cheaper for branches but can be less reliable and harder to prioritize. SD-WAN is gaining ground by improving internet-based connectivity and aligning with cloud-first traffic patterns.

Why do enterprises need WAN connectivity beyond simply using the internet or a single cable between sites?

Centralized services typically live in the data center or headquarters, so branch offices must reach them reliably. The transcript’s examples include Cisco Unified Communications Manager for phone systems, plus email, databases, websites, payroll, and point-of-sale systems. That dependency makes WAN transport critical for dial tone, voicemail, transaction processing, and other business functions.

What makes MPLS “private” even though it runs on a carrier’s shared infrastructure?

MPLS relies on label switching. The enterprise traffic is tagged with labels, and the carrier uses those labels to steer traffic through the provider network on logically separated paths. Carriers create virtual circuits so one customer’s traffic is separated from others. The separation is virtual/private without necessarily requiring encryption, which is why MPLS is often described as an “MPLS VPN.”

How do CE and PE routers fit into MPLS connectivity?

The CE (customer edge) router sits at the edge of the enterprise LAN and connects to the carrier. The PE (provider edge) router sits at the edge of the carrier’s MPLS network. Traffic then moves through the provider’s MPLS cloud, with routing occurring at layer 3 (packets), not at layer 2 (frames).

When is Metro Ethernet a good fit, and what are its common circuit types?

Metro Ethernet is usually best for connecting major sites within the same metropolitan area because it uses provider fiber runs under the city and can be expensive. The transcript notes typical speeds around 1 Gbps or 10 Gbps and often uses redundancy (two connections). Circuit types include E-Line (point-to-point), E-Tree (hub-and-spoke), and E-LAN (multi-point). Metro E is often delivered as layer 2 connectivity between switches.

Why do many branches end up using site-to-site VPN over public internet instead of MPLS or Metro E?

Cost and scale. Public internet VPNs are significantly cheaper than dedicated private circuits. The tradeoff is performance and reliability: public internet paths can be slower and less consistent, and enterprises may struggle to prioritize time-sensitive traffic. VPNs also require encryption so traffic can’t be read by others on the public internet.

What’s driving the shift from MPLS toward SD-WAN?

SD-WAN uses standard internet connections but adds software controls to improve performance and reliability. The transcript also points to changing traffic patterns: more applications now run in public cloud platforms like AWS and Azure, so branches don’t always need to backhaul to the data center as much. SD-WAN can optimize the branch-to-cloud path instead.

Review Questions

In an MPLS deployment, what role do labels and virtual circuits play in keeping customer traffic separated?
Compare the likely tradeoffs between Metro Ethernet and site-to-site VPN for branch offices in terms of cost, performance, and where the connectivity is most economical.
In a hub-and-spoke WAN that uses point-to-point links, what changes would typically reduce annual WAN and voice costs while still supporting VoIP requirements?

Key Points

1
WAN links connect LANs across geography so branches can reach centralized services in headquarters or the data center.
2
Leased lines (e.g., T1/T3) provide dedicated private connectivity but become expensive and operationally difficult at scale.
3
MPLS uses label switching and carrier-created virtual circuits to deliver logically private WAN connectivity over shared infrastructure.
4
Metro Ethernet is typically a high-speed layer 2 option best for major sites within a metro area, with circuit types like E-Line, E-Tree, and E-LAN.
5
Site-to-site VPN over public internet is cheaper for branches because it uses the internet, but it relies on encryption and can suffer from inconsistent performance and weaker QoS control.
6
SD-WAN is increasingly attractive because it improves internet-based connectivity and aligns with cloud-first traffic patterns (e.g., AWS and Azure).

Highlights

MPLS can feel “private” because label switching steers traffic through logically separated virtual circuits, even though the carrier network is shared.

Metro Ethernet is often delivered as layer 2 connectivity and is most economical for connecting major sites within the same metropolitan area.

VPNs encrypt branch-to-site traffic so it can traverse the public internet safely, but they may struggle with reliability and traffic prioritization compared with MPLS.

SD-WAN’s momentum is tied to both cost/performance improvements over public internet and the rise of cloud applications that reduce data-center backhaul needs.

Topics

WAN vs LAN
MPLS Label Switching
Metro Ethernet
Site-to-Site VPN
SD-WAN
QoS for VoIP

Mentioned

WAN
LAN
OSI
MPLS
VPN
CE
PE
QoS
SD-WAN
VoIP
PSTN
EVC
E-Line
E-Tree
E-LAN
E1
E3
T1
T3
AWS
Azure