Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Enterprise WAN Overview

 

The enterprise WAN consists of network segments and configurations that enable the enterprise to generate revenue in today’s highly connected, dynamic environment. The enterprise WAN itself consists of business site types that must be interconnected to enable business and revenue. The corporate LAN and data center are at the core of the enterprise WAN. These sites provide a bulk of the enterprise support, applications, and business enablers.

Figure 2: Enterprise WAN overview
Enterprise WAN overview

The enterprise WAN is the sum of the configurations and design of the interconnections between the data center and corporate headquarters and the rest of the enterprise. The enterprise remote sites can consist of campus environments as well as small offices, revenue gateways (such as a storefront or branch sales office), and other remote locations.

The enterprise WAN is often designed to provide dedicated interconnection with partners, home-based workers, and other support resources. This is the key to the solution as it provides the backbone over which most enterprise traffic travels. Understanding the enterprise WAN as a whole is key to understanding the subsequent solution components—WAN aggregation and Internet edge.

A large enterprise WAN can be built in several ways to accommodate control, security, and performance concerns. The three models of enterprise WAN network are public, hybrid overlay, and private.

Public Enterprise WAN

A public enterprise WAN uses a purely service provider MPLS network to provide pseudo-private enterprise WAN services. The service provider hands off a circuit to the enterprise site and provides all MPLS services transparently to the enterprise. For most enterprises, this architecture provides excellent service with little to no management required by the enterprise.

Many service providers manage the MPLS customer edge (CE) routers at all branches, effectively making the WAN transparent to the enterprise and its users. While this approach is appropriate in most cases, large enterprises often choose to augment or replace the carrier-managed option with their own architecture and design. A hybrid overlay network is often one of these choices.

Figure 3: Public enterprise WAN is managed entirely by the service provider
Public enterprise WAN is managed entirely by the service
provider

Hybrid Overlay Enterprise WAN

The hybrid overlay network lets the enterprise consolidate and control WAN resources where it makes financial and geographical sense—for example, overlaying private WAN securely over the Internet to augment a carrier-provided private MPLS service. In a hybrid overlay network, regions with a high density of enterprise offices are aggregated onto an aggregation router that the enterprise controls. This aggregation router has a high-speed transport to the rest of the enterprise.

Figure 4: Hybrid overlay enterprise WAN
Hybrid overlay enterprise WAN

Private Enterprise WAN

Often, the hybrid approach is not sufficient, and the enterprise wants to build and manage the entire MPLS network. In these solutions, the carrier provides core services to regional aggregation hubs and acts only as logical transport. The enterprise performs all MPLS, class of service, and other configurations. This model gives the greatest control to the enterprise, but often at great expense.

Figure 5: Private enterprise WAN is almost entirely managed by the enterprise. Remote sites and home users are brought into the network using IPsec over public transport
Private enterprise WAN is almost entirely managed by
the enterprise. Remote sites and home users are brought into the network
using IPsec over public transport

WAN Aggregation

In hybrid overlay and private enterprise WAN deployments, the key to the solution are the WAN aggregation routers that are often co-located at the carrier office. As such, the WAN aggregation routers are a key focus of the overall enterprise WAN solution. WAN aggregation is a network architecture that consolidates multiple networks, such as the campus, branch, and data center networks, onto the enterprise WAN network. WAN aggregation stitches together networks and site types to enable seamless communication between the enterprise’s locations.

Figure 6: Sample WAN aggregation routers that combine multiple remote branch sites into a single enterprise WAN
Sample WAN aggregation routers that combine multiple
remote branch sites into a single enterprise WAN

The most common aggregation model is a single backhaul to a corporate headquarters or data center where all site-to-data center traffic and site-to-site traffic are routed within the enterprise.

The aggregation of WAN connections can be private leased line, MPLS Layer 3 VPN, Layer 3 tunneling, any of the Layer 2 VPN technologies, or by an Internet VPN. It is common to find a mix of these connection methods in the WAN aggregation as the enterprise often selects transport based on business need and criticality.

Internet Edge

The second part of the overall enterprise WAN solution is the Internet edge. The Internet edge acts as a centralized gateway for the enterprise, providing connectivity to the Internet for branch offices as well as enabling connection of remote workers and partners to enterprise resources.

Figure 7: Sample Internet edge network with remote branch traffic backhauled to headquarters for Internet access
Sample Internet edge network with remote branch traffic
backhauled to headquarters for Internet access

You can also use the Internet edge to provide:

  • Backup connectivity to the WAN for branch offices when the primary WAN connectivity fails.

  • Transport for remote workers to access the enterprise, either using software (SSL VPN) or hardware gateways (firewall with IPsec VPN).

  • Access to services the enterprise hosts.