Agility Blog

WAN Connectivity Options for Secure Networks

Written by Mike Terry | Oct 2, 2019 8:21:28 PM

As a network administrator wide area networks (WAN) can be a confusing and a challenging problem to take on. Understanding the various methods, protocols and costs involved in setting up a WAN isn't easy. In fact many newer administrators immediately think Internet. Although that is one transport method that can be used for connectivity, the reality is there are several more secure methods that are easier to manage then Internet and VPN boxes at every location.

Lets explore the different options and why you might choose them.

Ethernet private line

If your branch offices are in a relatively densely populated cities or towns, then you may be able to get Metro Ethernet (privately router fiber). But as the name implies, the service is limited to specific geographic regions, its not going to be readily available in some obscure small town in Wyoming. If your remote site falls outside of one of the metro areas you're going to have to look at a different WAN connectivity option. Metro Ethernet is scalable up to hundreds of remote sites. The carriers basically have taken areas where they have tons of lit fiber and lease out a strand to customers who want to connect locations using the carriers private network backbone. Metro Ethernet also is tremendously easy to manage as the carrier's hand-off looks and acts just like a standard Ethernet link on your LAN. MOE scales from 10mb to 10gb and its relatively in expensive. It functions like point to point connectivity but all sites can also talk to each other. If your WAN fits in the geographical map of metro ethernet its the Cadillac of connectivity options for WAN.

MPLS (multi protocol label switching)

MPLS is a WAN solution that routes packets intelligently through the service provider network using an MPLS header that uniquely identifies each customer and each location. MPLS allows you to forgo complex WAN routing and quality of service (QoS) policies and instead places that burden on the service provider. The carrier takes care of all the routing using their own IP backbone and edge devices and allows the customer to select QoS (quality of service) templates to prioritize voice, video or whatever you may need. Most of the time MPLS is sold with bundled and often managed routers which are shipped to the location pre-configured so they are pretty much plug n play. MPLS is a great option for most WANs because its private, you do not need to deploy any additional equipment at the remote sites, it widely available and allows administrators to control access to Internet from a single firewall-ed location making the network very secure. Typically its deployed as a fully meshed WAN topology. 'Full mesh' means that every site is connected to every other site. Essentially, this turns any remote office, in addition to the main site, into a possible bridge to communicate with any other office. MPLS is easy to manage and typically offers tech support in the carrier NOC (network operating center). MPLS can handle thousands of locations. If you have a geographically dispersed network MPLS is the way to go.

Internet via SD WAN otherwise known as VPN

Some organizations may choose to leverage lower cost Internet connectivity and create a secure overlay using some form of VPN appliance such as a firewall, SD WAN or router. Internet is widely available everywhere and is typically cheaper than private connectivity because its a best effort service with no security or QoS built in. You may have some locations that qualify for fiber while others can only get broadband (DSL, cable,etc). Internet allows for various forms of access but has no inherent connectivity except to the world wide web so a firewall or SD WAN device is deployed to create an encrypted tunnel across the Internet to other VPN devices on your network. MPLS replaced VPN some time ago as the preferred method for WAN connectivity due to the complexity of managing multiple devices in different geographic locations. SD WAN was developed so end points at remote locations can only talk to a cloud controller meaning the brains are in the cloud and every site can be managed through a web portal rather than configuring remote boxes. Its cool because you can get dual connections from redundant carriers but by the time you make those fiber connections and pay for the SD WAN to be managed you back to the cost of MPLS. So its has its place but its not the catch all replacement for traditional WAN solutions.

Some carrier options are very easy to implement and the service provider may do all the work for you. Unfortunately, service providers come up with all kinds of marketing names for the various types of WAN services, making it confusing.

Here is how to evaluate what you are really getting...

In general, when evaluating the options you want to know:

  • Cost - easy enough to figure out.
  • Performance - the speed of the connection that you will get between your locations.
  • Reliability - the 'service level agreement (SLA), which is the guarantee of uptime that the carrier promises. Broadband circuits DO NOT offer an SLA (service level agreement).
  • Resiliency - how your WAN reacts to outages or problems in the network.
  • Management - most carriers provide a managed WAN option, where they are responsible for the management and configuration of the WAN.

Most carriers provide a managed WAN option as well as an Unmanaged option. In the case of unmanaged a highly skilled IT network team would be needed to manage and configure the WAN. All of these WAN connectivity solutions deployed correctly can simplify an otherwise daunting task of connecting multiple sites together on the company network.

If you want to learn more click the button below for access to video explanations of each technology.