The process of connecting from anywhere with an internet connection, maybe a corporate office or your home; how does our connection path look like through the WAN (Wide Area Network)?
Let’s specifically talk about corporate office-to-data center communication. There are a lot of different reasons as to why a direct connection from a data center to a corporate office is needed. One reason may be a phone system living in a data center. Then each phone in multiple different locations can directly talk to the data center and corporate office. Or it could be a POS system, email servers, databases, web servers, you name it, it could be anything.
Now we will talk about some much older designs first before we advance to some more modern designs.
The first way we used to connect our corporate office to our data center would be through something called a Leased Line which uses T1 and T3. A T1 line would be a copper connection at speeds of ~1.54 Mb/s. Some even connected through T3 speeds which are around ~43.74 Mb/s. These are American standards. European standards include the E1 and E3 (2.048 & 34.368 Mb/s). This leased line is a dedicated link between two places so you have the right to all the bandwidth (not shared amongst others). They are however expensive.
Another “older” alternative to a leased line would be something called MPLS (Multi Protocol Label Switching). The way this works in simple terms is when you order this service from an ISP you are buying the right to have your stuff talk to ONLY your stuff and nothing else. A good diagram is shown below of what this means. Keep in mind that this is still WAN but you are only allowed to talk to devices within your infrastructure across the internet and nothing else. Additionally, you are sharing bandwidth with other customers, so you don’t get the advantage as you do in that respect as you do with a leased line.
To keep your data private they use Virtual Circuits which you can think of as VPN in a way but at the ISP level. The way they can do this is by, as the name says, Label the frame/packet uniquely to the given customer. Seen from the OSI/TCP/IP model it can be seen at level 2.5 (between Datalink and Network). Now the carrier network knows with that label where to send the data. Also, keep in mind that this connection isn’t necessarily encrypted. Additionally, all of this is done through L3 routing (IP packets). Lastly, the router that clients route traffic in/out of is called the CE (Client Edge) router, and the ISP end; we call that the PE (Provider Edge) router.
Another newer modern way to connect our cooperate office to our data center is through something called Metro-E or Metro-Ethernet. At the hardware end, you ask your ISP for a dedicated fiber line (or two) to and from your cooperate office and data center. This can really only be done in the city as long-distance fiber lines are stupidly expensive and little to no one is willing to pay for such a long line. These connections usually start at a 1Gb/s connection and move up upwards of 10Gb/s or more. This connection can also be referred to as a P2P (Point to Point) connection. In rare cases, you might need a dedicated line for a larger distance. With fiber options, you can rent a dedicated wavelength to help achieve this but again, not common and unlikely to deal with.
The link is also often L2. You will also need to provide your own hardware (ie. switches). The provider only provides the cable. In some cases though some providers may install a piece of their own proprietary equipment for you to connect to. The diagram below can be seen as an E-Line connection, there are multiple types but this is just one of them. The actual line itself the provider gives you can be seen as an EVC (Ethernet Virtual Circit). A diagram of this version of Metro-E can be shown below.
Another form of Metro-E can be seen as the equivalent of a cloud switch and you get a whole mesh going. Each place you connect to (ie. data center, corporate office, site) will have its own fiber and this is a zero-compromise solution. This can be labeled as a E-LAN. Another diagram can be seen below
Yet another form of Metro-E is known as a Hub and Spoke method of connection. This is where you have a central hub location and your spokes are connections from different sites all connecting to the hub under dedicated fiber connections from a provider. This connection is also called an E-Tree. You can think of this as the edge router of the data center in the analogy below being the root and the leaves being the different sites. Another analogy of this can be seen below.
The cheapest but more common way to connect sites/offices to our data center may just be through a regular old internet connection from any ISP. The way we would make sure our data connection is private though would be through a custom encrypted VPN tunnel site-to-site. Keep in mind though, the biggest drawback of this solution is the connection speed. You are sending traffic through the global internet and there is A LOT of traffic that goes through the public internet. Packet loss is very common and since there is no dedicated line or path, so this problem is inevitable. Additionally, there is no packet prioritization; QoS (Quality of Service).
There is a competitor/replacement between using the public internet with a VPN and MPLS though and its name is SD-WAN (Software Defined WAN). More on SD-WAN in a later section though as this one is packed with information.