WAN Technologies Overview

1. What Is a WAN and Why Does It Matter?

A Wide Area Network (WAN) connects geographically separated networks — branch offices, data centres, cloud providers, and remote workers — across distances that range from a few kilometres to intercontinental spans. Unlike a LAN, which an organisation owns and operates entirely, a WAN typically involves service provider infrastructure: leased circuits, shared provider backbones, or internet-based overlays.

Choosing the right WAN technology is one of the most consequential network design decisions an organisation makes. The wrong choice leads to either overspending (paying for premium MPLS when broadband internet with VPN would suffice) or underdelivering (using best-effort broadband for latency-sensitive voice and video). The key evaluation axes are cost, bandwidth, latency, reliability, security, and scalability.

Related pages: WAN Overview | MPLS Deep Dive | SD-WAN Overview | DMVPN | GRE Tunnels | IPsec VPN | IPsec Basics | Site-to-Site vs Remote Access VPN | QoS Overview | Routers | GRE Tunnel Lab | Site-to-Site IPsec VPN Lab

2. WAN Fundamentals — Key Concepts

2.1 Circuit-Switched vs Packet-Switched

WAN technologies historically fall into two categories based on how data is transported across the provider network.

2.2 CPE, CE, and PE Routers

Three device roles define the boundary between the customer and the service provider in a WAN. The CE router peers with the PE router using routing protocols such as OSPF, EIGRP, BGP, or static routes. See also: Routers.

Customer Site                  Provider Network               Customer Site
[LAN Switches]                                               [LAN Switches]
│                                                              │
[CE Router]──────[PE Router]──[Provider Core]──[PE Router]──[CE Router]
Customer Edge     Provider Edge                  Provider Edge  Customer Edge
(customer owns)   (provider owns)                (provider owns)(customer owns)
CPE (Customer Premises Equipment):
→ Any device on the customer side of the WAN demarcation point
→ Includes CE routers, switches, firewalls at the customer location
→ Owned/managed by the customer (or co-managed with provider)
CE (Customer Edge) Router:
→ The customer's router that connects to the provider's PE router
→ Runs routing protocols with the PE (OSPF, BGP, static routes)
→ Does NOT know the internal structure of the MPLS provider network
PE (Provider Edge) Router:
→ The provider's router at the edge of the MPLS/provider network
→ Maintains VRF (Virtual Routing and Forwarding) tables per customer
→ Applies MPLS labels; connects to CE and to provider core (P routers)

2.3 WAN Serial Interfaces and Common Physical Standards

  Common WAN interface types on Cisco routers:

  Serial interfaces (for leased lines / frame relay / legacy WAN):
  → Serial0/0/0 — supports T1, E1, T3, E3 speeds
  → Clock rate configured on the DCE end (provider or simulated in lab)
  → Encapsulations: PPP, HDLC (Cisco default), Frame Relay

  Modern WAN interface types:
  → GigabitEthernet — Metro Ethernet handoff
  → Dialer/Virtual interfaces — DSL (PPPoE), VPN tunnels
  → Cellular interfaces — 4G/LTE backup WAN

  Lab simulation:
  Router(config)# interface Serial0/0/0
  Router(config-if)# ip address 10.0.0.1 255.255.255.252
  Router(config-if)# clock rate 2000000   (DCE side only — sets line speed)
  Router(config-if)# encapsulation ppp    (or hdlc / frame-relay)
  Router(config-if)# no shutdown

3. Leased Lines — Dedicated Point-to-Point Circuits

A leased line (also called a dedicated circuit or private line) is a permanently established, dedicated point-to-point connection between two sites, provided by a telecommunications carrier. The full bandwidth of the circuit is exclusively available to the customer at all times — it is never shared with other customers.

[Site A — CE Router] ────────────────────────────── [Site B — CE Router]
│               Dedicated physical circuit              │
│               (T1, E1, T3, E3, OC-x)                 │
[LAN Switches]        Provider owns the                [LAN Switches]
physical infrastructure;
customer leases the circuit.
Common leased line speeds:
T1  = 1.544 Mbps  (24 DS0 channels × 64 Kbps)  — North America
E1  = 2.048 Mbps  (32 DS0 channels × 64 Kbps)  — Europe / rest of world
T3  = 44.736 Mbps (28 T1 channels)
E3  = 34.368 Mbps (16 E1 channels)
OC-3= 155.52 Mbps, OC-12 = 622 Mbps, OC-48 = 2.4 Gbps (SONET/SDH)

Leased Line Characteristics

4. MPLS — Multiprotocol Label Switching

MPLS (Multiprotocol Label Switching) is a high-performance packet-forwarding technology used by service providers to build scalable, QoS-capable private WANs for enterprise customers. Instead of routing packets based on IP destination address at every hop (which is CPU-intensive), MPLS routers forward packets based on short fixed-length labels — making forwarding decisions extremely fast.

From the customer's perspective, an MPLS WAN behaves like a private Layer 3 network: all branch sites are connected as if they share a single routing domain, with the provider's network acting as a transparent cloud. Customers do not see or manage the MPLS label infrastructure — that is entirely within the provider's domain.

[Branch A — CE]──[PE-A]──────────────────────────[PE-B]──[Branch B — CE]
│     MPLS Provider Backbone    │
│    (P routers — label-based)  │
[PE-C]──────────────────────────[PE-D]
│                               │
[Branch C — CE]              [HQ Data Centre — CE]
Label switching process:
1. CE router sends IP packet to PE router (normal routing)
2. Ingress PE adds an MPLS label (a 20-bit value) to the packet
based on the destination VRF/prefix
3. P (Provider) core routers forward the packet using ONLY the label
— no IP routing table lookup performed in the core
4. Egress PE removes the label (label popping) and delivers the
original IP packet to the destination CE router
VPN isolation: Each customer's traffic is kept separate using
MP-BGP and VRF (Virtual Routing and Forwarding) tables on PE routers.

MPLS Key Characteristics

See full detail: MPLS Deep Dive

5. Metro Ethernet — Carrier Ethernet WAN

Metro Ethernet (Metropolitan Area Ethernet) extends standard Ethernet technology beyond the LAN into the WAN, across a metropolitan or regional area using a carrier's fibre infrastructure. From the customer's perspective, the WAN connection looks and behaves like an Ethernet interface — familiar, simple, and interoperable with existing LAN equipment.

The Metro Ethernet Forum (MEF) defines standardised service types. The two most common for enterprise WAN use are:

[Site A]──GigE──[Provider Edge]──Carrier Fibre──[Provider Edge]──GigE──[Site B]
│                                                      │
UNI (User-Network Interface)                          UNI
(where customer Ethernet meets                (same standard interface)
provider network)
Metro Ethernet E-LAN (multipoint):
[Site A]──┐
[Site B]──┼──[Provider Metro Ethernet Network]──┬──[Site C]
[Site D]──┘   (VPLS or Carrier Ethernet bridge) └──[HQ]
All sites appear on the same Ethernet broadcast domain.
Any site can communicate with any other at Layer 2.

Metro Ethernet Characteristics

6. DSL — Digital Subscriber Line

DSL (Digital Subscriber Line) delivers broadband internet access over the existing copper telephone (PSTN) infrastructure. DSL uses frequencies above the voice band on the copper pair, allowing voice and data to share the same physical line simultaneously.

DSL Variants

DSL Architecture — PPPoE

Most DSL deployments use PPPoE (PPP over Ethernet) to carry the DSL connection from the customer's router to the ISP's BRAS (Broadband Remote Access Server). PPPoE allows authentication (username/password) and IP address assignment over the Ethernet-like DSL connection.

[PC/LAN]──[DSL Router/Modem]──(copper PSTN loop)──[DSLAM at exchange]──[BRAS]──I…
│                                       │
CPE (customer)                    Provider aggregation equipment
Acts as PPPoE client              (Digital Subscriber Line
Runs <a href="nat.html">NAT (PAT)</a>                     Access Multiplexer)
DSLAM: aggregates hundreds of DSL lines from individual customers
BRAS: authenticates PPPoE sessions; assigns public IP addresses
DSL performance degrades with distance from the exchange (DSLAM):
≤ 300m:  near maximum ADSL2+ speed
1 km:    significant speed reduction
3+ km:   speeds may fall to 2-4 Mbps or less

DSL Characteristics

See also: PPPoE Client Configuration Lab

7. Cable Broadband — HFC Networks

Cable broadband uses the Hybrid Fibre-Coaxial (HFC) infrastructure originally deployed for cable television. Fibre runs from the cable operator's headend to neighbourhood nodes; coaxial cable carries the signal the final distance to each home or business. The DOCSIS (Data Over Cable Service Interface Specification) standard governs how data is transmitted over cable TV infrastructure.

[Internet]──[Cable Headend/CMTS]──[Fibre]──[Node]──[Coax]──[Cable Modem]──[LAN]
│                                              │
Cable Modem                                    CPE (customer)
Termination System                             Runs <a href="dhcp.html">DHCP</a>…
(terminates cable modem                        provides <a href="nat.html">NAT (…
connections, aggregates                       to home/office LAN
subscriber traffic)
Shared medium: coaxial segment from node to homes is shared among
all subscribers in that neighbourhood. Bandwidth contention is highest
during peak hours (evenings when everyone streams video).
DOCSIS versions:
DOCSIS 2.0: ~40 Mbps down / 30 Mbps up
DOCSIS 3.0: ~1 Gbps down / 200 Mbps up (channel bonding)
DOCSIS 3.1: ~10 Gbps down / 1–2 Gbps up (OFDM modulation)
DOCSIS 4.0: ~10 Gbps symmetrical (emerging)

Cable vs DSL Comparison

8. SD-WAN — Software-Defined Wide Area Networking

SD-WAN (Software-Defined WAN) is a modern approach that separates the WAN control plane (intelligence) from the data plane (packet forwarding), using software to manage and optimise traffic across multiple underlying WAN transports simultaneously — MPLS, internet broadband, LTE/5G, or any combination. SD-WAN is not a physical WAN technology itself; it is an overlay that runs on top of existing transports.

Middle
Destination
SD-WAN architecture overview:
[Branch CE/Edge Device]MPLS[HQ/DC]
└Internet (broadband)
└LTE/5G (cellular)
└ SD-WAN Overlay (encrypted tunnels) ┘
(vEdge / cEdge devices at each site)
SD-WAN centralised components:

SD-WAN Key Capabilities

SD-WAN vs Traditional MPLS

See full detail: SD-WAN Overview | Cisco SD-WAN / Viptela Overview Lab

9. VPN Overlays on WAN — IPsec, GRE, and DMVPN

When organisations use internet broadband (DSL, cable, LTE) as their WAN transport, they need to secure traffic and create private connectivity between sites. This is achieved using VPN overlays — encrypted tunnels that run across the public internet, making it behave like a private WAN.

Internet-only WAN with IPsec site-to-site:
[Branch A]──IPsec──[Internet]──IPsec──[HQ]
Spoke-to-spoke traffic must go via HQ (hub-and-spoke)
Each site-pair = one tunnel configuration = scales poorly
Internet WAN with DMVPN:
[Branch A]──┐
[Branch B]──┼──[mGRE]──[Internet]──[mGRE]──[HQ (hub)]
[Branch C]──┘                              ↑
Spokes register with hub via NHRP;         │
Branch A needs to talk to Branch C:        │
→ NHRP lookup gets Branch C's real IP ─────┘
→ Direct spoke-to-spoke tunnel built on demand
→ Traffic bypasses HQ entirely

See also: IPsec VPN | GRE Tunnels | DMVPN | Site-to-Site vs Remote Access VPN | GRE Tunnel Lab | Site-to-Site IPsec VPN Lab | DMVPN Phases Lab

10. Choosing the Right WAN Technology

See also: WAN Overview | MPLS Deep Dive | SD-WAN Overview | DMVPN | IPsec VPN | IPsec Basics | QoS Overview | DMVPN Lab | Cisco SD-WAN Lab

Test Your Knowledge — WAN Technologies Quiz

Related Topics & Step-by-Step Tutorials

Continue your WAN studies:

• WAN Technologies Overview — comprehensive overview of all WAN types
• MPLS – Multiprotocol Label Switching — label switching operation, CE/PE/P roles, Traffic Engineering
• DMVPN – Dynamic Multipoint VPN — dynamic spoke-to-spoke tunnels over hub-and-spoke infrastructure
• SD-WAN Overview — centralised control, multi-transport, app-aware routing
• IPsec VPN – Concepts & Protocols — site-to-site encrypted tunnels; Phase 1 IKE and Phase 2 SA
• IPsec — ESP, AH, IKE explained
• GRE Tunnels – Generic Routing Encapsulation — encapsulating multicast/routing protocols over WAN links
• Site-to-Site vs. Remote-Access VPN – Complete Compar… — site-to-site vs remote access VPN comparison
• BGP – Border Gateway Protocol Overview — EGP for inter-AS routing; the Internet routing protocol
• OSPF Overview – Open Shortest Path First Explained — most common IGP in enterprise WANs
• OSPF Areas and LSAs – Detailed Explanation — hierarchical OSPF design for large WANs
• EIGRP Overview — Cisco proprietary IGP with unequal-cost load balancing
• Floating Static Routes – Backup Routes, AD & Failover — WAN backup routing with elevated AD
• Default Routes – Complete Guide — 0.0.0.0/0 used at WAN edge to reach the internet
• QoS – Quality of Service Overview — prioritising VoIP and video over congested WAN links
• NAT – Network Address Translation Overview — translating private addresses at the WAN edge
• show interfaces – Interface Statistics & Error Analy… — check WAN interface up/down and error counters
• show ip route — verify routes to remote WAN sites
• Ping — test WAN reachability
• Traceroute – Packet Path Analysis & Troubleshooting — find where WAN path breaks
• DMVPN Phase 1, 2 & 3 (Step-by-Step)
• Site-to-Site IPsec VPN — IKEv1 & IKEv2 (Step-by-Step)
• GRE Tunnel Configuration (Step-by-Step)
• PPPoE Client Configuration (Step-by-Step)
• MPLS Fundamentals (Step-by-Step)