WAN Edge Module – WAN for the Enterprise
2 min read
Enterprises can have multiple WAN interconnections. WAN connectivity between an organization’s headquarters and remote sites is generally across a service provider network, such as with an MPLS WAN. Alternative options for connecting branch offices involve using broadband technologies, coupled with IPsec VPNs over the Internet, such as DMVPN or newer approaches such as SD-WAN. In addition, there are several cloud connectivity options including Direct Connect and MPLS Direct Connect with AWS, Azure, and Google Cloud.
Direct Connect is a service that provides a private, dedicated connection between a customer’s on-premises data center and a cloud provider’s data center.
MPLS Direct Connect is a service that provides a private, dedicated connection between a customer’s on-premises data center and a cloud provider’s data center using MPLS technology.
WAN technologies can be point-to-point (P2P) or multipoint, such as MPLS WAN services. Most WAN service providers offer MPLS WAN solutions, where the enterprise edge router interacts with service providers at Layer 3. Public WAN connections over the Internet are available, ranging from 4G wireless technologies all the way up to multigigabit connectivity wired WAN options. Typically, these services do not provide any guarantee of network availability, so they are considered “best effort” service. MPLS network solutions usually have a much higher degree of reliability and availability.
Note
When you are seeking a WAN service, the options can vary depending on the service provider’s offerings, and it is recommended to review options from multiple WAN service providers.
Enterprise Edge Modules
The enterprise edge modules include the demilitarized zone (DMZ) and SP edge. Internet service providers (ISPs) offer many connectivity options for the SP edge and DMZ modules in the enterprise edge:
- Demilitarized zone (DMZ): DMZs are used to further divide network applications and are deployed with firewall policy protections. Common DMZs include Internet DMZs for e-commerce applications, remote-access VPNs for corporate users, and site-to-site VPNs for connections to remote sites and cloud connectivity to AWS, Azure, and Google Cloud.
- Service provider (SP) edge: The SP edge is used to connect to ISPs and provide reliable Internet connectivity. Internet service sometimes needs high availability and is frequently deployed with multiple ISP connections as well as redundant routers and switches for aggregating the multiple network connections.
Figure 8-2 illustrates the use of modules, or blocks, in the enterprise.
Figure 8-2 Enterprise Modules
