MPLS (Multiprotocol Label Switching) is a WAN routing technique that forwards packets based on short fixed-length labels rather than long IP address lookups. Labels are assigned at the network edge and packets are switched through a provider's core network at high speed along pre-determined Label Switched Paths (LSPs). MPLS provides predictable performance, traffic engineering, and Quality of Service — making it ideal for voice and video traffic. It is a private, managed service provided by carriers.

SD-WAN (Software-Defined WAN) applies software-defined networking principles to WAN connectivity. It abstracts the underlying transport — MPLS, broadband internet, LTE, or any combination — into a centrally managed overlay network. SD-WAN intelligently routes traffic across multiple links based on real-time performance metrics, automatically sending latency-sensitive traffic (voice, video) over the best path. SD-WAN dramatically reduces WAN costs compared to pure MPLS by leveraging cheaper internet connections.

What is a leased line?

A leased line is a dedicated, symmetric, point-to-point connection between two locations provided by a carrier. Unlike broadband, a leased line is not shared with other customers — guaranteed bandwidth is available 24/7. Leased lines are used for connecting branch offices to headquarters, connecting to internet exchanges, and providing reliable low-latency connectivity. They are significantly more expensive than broadband but provide guaranteed SLAs for uptime and performance.

WAN Technologies — MPLS, SD-WAN & Leased Lines

⚡ Quick Answer

A WAN (Wide Area Network) connects geographically separated sites. Key technologies: MPLS = carrier-managed private network that forwards packets by labels for predictable performance and QoS — expensive but reliable. SD-WAN = software-defined overlay that intelligently routes across any mix of links (MPLS + broadband + LTE), reducing costs while maintaining performance. Leased line = dedicated point-to-point circuit with guaranteed bandwidth and an SLA — not shared with anyone. Broadband (cable/DSL/fiber) = shared internet, cheap but variable performance. For Network+, know what each technology is used for and when to choose it.

WAN vs LAN — The Basics

A LAN (Local Area Network) connects devices within a single building or campus — you own and control all the infrastructure. A WAN (Wide Area Network) connects sites across cities, countries, or continents — you typically lease connectivity from a carrier rather than building it yourself.

The key WAN challenge is balancing cost, performance, and reliability. Dedicated private circuits deliver predictable performance but cost significantly more than shared internet. Modern enterprises use a mix of technologies — private MPLS for critical traffic and cheaper internet connections for general traffic, managed intelligently by SD-WAN.

MPLS — Multiprotocol Label Switching

MPLS is a carrier-provided WAN technology that routes traffic based on short fixed-length labels rather than performing complex IP address lookups at every hop. When traffic enters the MPLS network at an edge router (PE router — Provider Edge), the carrier assigns a label. Core routers (P routers — Provider core) forward packets purely by swapping labels, making forwarding extremely fast. When traffic exits the MPLS network, the label is removed and normal IP routing resumes.

MPLS supports traffic engineering — the ability to pre-determine the exact path packets take through the carrier's network, ensuring latency-sensitive traffic (voice, video conferencing) always takes the lowest-latency path. MPLS also supports multiple VPNs over the same infrastructure through MPLS VPNs (Layer 3 VPN), where each customer's traffic is completely isolated from other customers despite sharing the carrier's physical infrastructure.

✅

MPLS Strengths

Predictable, guaranteed performance. Supports QoS classes of service. Traffic engineering — control exact path. Low jitter for voice/video. Private — not shared with general internet traffic. Carrier-managed SLA.

Predictable latencyQoS supportPrivate network

⚠️

MPLS Weaknesses

Expensive — significantly more costly than broadband. Long provisioning lead times (weeks to months). Rigid topology — changes require carrier involvement. Poor for cloud-bound traffic (must hairpin through HQ). Declining relevance as cloud adoption grows.

High costSlow to provisionNot cloud-optimised

SD-WAN — Software-Defined Wide Area Network

SD-WAN applies software-defined networking (SDN) principles to WAN connectivity. Instead of being locked into a single expensive MPLS circuit, SD-WAN creates an overlay network on top of any combination of underlying transport links — MPLS, broadband internet, LTE/5G, or satellite — and manages them through a centralised software controller.

SD-WAN constantly monitors the performance of every available link (latency, jitter, packet loss) and automatically routes each application's traffic over the best-performing path in real time. Latency-sensitive applications (VoIP, video conferencing) are sent over the lowest-latency link; bulk transfers (backups, software updates) can use cheaper broadband links. If a link degrades or fails, traffic is instantly rerouted to an alternate path — often without users noticing.

The result is a dramatic reduction in WAN costs (replacing expensive dedicated MPLS with commodity internet) while maintaining or improving performance for cloud-based applications. SD-WAN also provides centralised visibility and management — a single dashboard shows traffic flows, application performance, and security posture across all branch sites simultaneously.

MPLS vs SD-WAN — The Modern WAN Choice

Most enterprises today are not choosing between MPLS and SD-WAN — they're replacing or augmenting MPLS with SD-WAN. A common architecture: keep a lower-bandwidth MPLS circuit for the most critical traffic (real-time voice, financial transactions) while adding cheaper broadband and LTE connections. SD-WAN intelligently manages all three, giving you MPLS-level performance for critical apps at a fraction of the cost of pure MPLS.

The tipping point: when most traffic is destined for cloud applications (Office 365, Salesforce, cloud ERP) rather than a corporate data centre, MPLS's hub-and-spoke model forces all that traffic through HQ — creating a bottleneck. SD-WAN enables direct internet breakout at each branch, dramatically improving cloud application performance.

Leased Lines

A leased line (also called a dedicated line or private circuit) is a dedicated, symmetric, point-to-point connection between two fixed locations, provided and maintained by a carrier. Unlike broadband, bandwidth is not shared with other customers — the full contracted capacity is available 24/7 with guaranteed uptime SLAs.

Common leased line standards include T1 (1.544 Mbps, North America) and E1 (2.048 Mbps, Europe), with higher-bandwidth options scaling through T3 (44.7 Mbps) and fiber-based services. Modern leased lines are typically delivered as Ethernet circuits (EoF — Ethernet over Fiber) at speeds from 10 Mbps to 10 Gbps.

Use cases: connecting headquarters to a data centre with guaranteed bandwidth, internet exchange connections for ISPs, point-to-point links between two buildings in the same city. Leased lines are significantly more expensive than broadband but provide the guaranteed performance and SLA that critical links require.

Other WAN Technologies

Technology	Type	Key Characteristics	Use Case
DSL	Broadband	Uses telephone copper lines. ADSL asymmetric (faster download). VDSL faster but shorter range. Shared last mile.	Small office, home office broadband
Cable (DOCSIS)	Broadband	Uses coaxial TV cable. Shared neighbourhood segment — performance varies with congestion. High speeds available.	Home/SMB broadband
Fiber (FTTH/FTTP)	Broadband	Fiber to the premises. Symmetrical speeds available. Lowest latency of broadband options. Gold standard for business.	Business broadband, ISP backhaul
LTE / 5G	Cellular WAN	Wireless WAN. Used as primary connectivity in remote sites or as failover backup. High latency on LTE vs fiber.	Remote sites, WAN failover, IoT
Satellite	Satellite	Global coverage. High latency (~600ms geostationary, ~40ms LEO/Starlink). LEO satellites dramatically improved usability.	Remote/rural sites with no terrestrial option
Metro Ethernet	Carrier Ethernet	Ethernet connectivity across a metropolitan area via carrier fiber. Scalable bandwidth. Point-to-point or multipoint.	Connecting multiple sites in a city
Frame Relay	Legacy packet-switched	Legacy WAN technology — largely replaced by MPLS and broadband. Uses permanent virtual circuits (PVCs). Still appears on older Network+ exam versions.	Legacy corporate WANs (historical)
ATM	Legacy cell-switched	Uses fixed 53-byte cells. Very low latency. Legacy carrier backbone technology, largely replaced. May appear on older exams.	Legacy carrier backbones (historical)

🎯 Network+ WAN Key Points

MPLS = label-based switching, traffic engineering, QoS, private carrier network. Key terms: PE router, P router, LSP (Label Switched Path), MPLS VPN.

SD-WAN = software overlay over any WAN links, centralised controller, application-aware routing, reduces cost vs pure MPLS.

T1 = 1.544 Mbps (24 DS0 channels × 64 Kbps). T3 = 44.7 Mbps (28 T1s). E1 = 2.048 Mbps (30 channels, used in Europe).

Frame Relay and ATM are legacy technologies — they appear in older study materials and may appear on exams as "what did MPLS replace?"

WAN Connectivity Concepts

🌐

Point-to-Point

A dedicated link between exactly two locations. Simple, reliable, and predictable. Examples: leased lines, MPLS point-to-point circuits. Higher cost because the circuit is exclusively yours.

🕸️

Hub-and-Spoke

All branch sites connect to a central hub (headquarters or data centre). Simple to manage but all inter-branch traffic must transit through the hub — creates bottleneck and latency. Classic MPLS topology.

🔗

Full Mesh

Every site connects directly to every other site. Best performance — no transit through hub. Very expensive: N sites requires N×(N-1)/2 circuits. Practical only for small numbers of critical sites.

⚡

Last Mile

The final segment of the network connecting the carrier's infrastructure to the customer's premises. Often the bottleneck in broadband — DSL performance degrades with distance from the exchange. Fiber eliminates this limitation.

Exam Scenarios

Scenario: A company has 50 branch offices connected via MPLS. Most traffic now goes to Office 365 and Salesforce rather than the corporate data centre, and users complain of slow cloud application performance. What solution should be recommended? Answer: SD-WAN with direct internet breakout. SD-WAN allows cloud-destined traffic to exit directly at each branch over internet connections rather than hairpinning through HQ via MPLS, dramatically improving cloud application performance.

Scenario: A small branch office needs a WAN connection with guaranteed 10 Mbps symmetric bandwidth and a contractual uptime SLA. Internet broadband exists but performance is inconsistent. What WAN technology meets these requirements? Answer: A leased line (dedicated Ethernet circuit). Leased lines provide guaranteed symmetric bandwidth and carrier SLAs — unlike broadband which is shared and variable.

Scenario: What is the bandwidth of a T1 line, and how many DS0 channels does it contain? Answer: T1 = 1.544 Mbps, consisting of 24 DS0 channels at 64 Kbps each.

Scenario: An organisation wants to use a mix of MPLS, broadband fiber, and LTE as WAN transport for its branches. Which technology enables centralised management and intelligent routing across all three links? Answer: SD-WAN. SD-WAN creates an overlay across all transport types and routes traffic intelligently based on application requirements and real-time link performance.

WAN Failover and Redundancy

Relying on a single WAN connection for business-critical connectivity is a significant availability risk. WAN outages — whether from carrier infrastructure failures, cable cuts, or equipment failure — are common enough that enterprise network design always accounts for redundancy. Understanding WAN failover concepts is directly relevant for Network+ exam scenarios.

Dual ISP connections (multihoming) is the standard approach for WAN redundancy. A company connects to two different ISPs, ideally using different physical paths and infrastructure. If one ISP fails, traffic automatically routes through the second. This is more effective than having two circuits from the same ISP, which may share physical infrastructure in the carrier's network. SD-WAN simplifies dual ISP management by monitoring both connections in real time and automatically routing traffic based on performance.

4G/LTE and 5G cellular failover provides a cost-effective backup for broadband internet connections. A cellular failover device (router with SIM card) acts as an automatic backup — when the primary connection fails, it switches to cellular. This is widely used in retail and branch office environments where even brief outages cost significant revenue. The limitation is that cellular bandwidth is typically lower and latency higher than fiber broadband, making it suitable for failover but not as a primary WAN for bandwidth-intensive applications.

For exam scenarios: if the question describes a company that needs WAN connectivity to remain operational even if their primary ISP fails, the answer involves dual ISP connectivity or WAN failover. If the question asks which technology provides real-time monitoring of multiple WAN links and automatic failover with intelligent path selection, the answer is SD-WAN.

WAN Routing and BGP

When packets travel across the internet or between large enterprise networks and service providers, BGP (Border Gateway Protocol) is the routing protocol that makes it possible. BGP is the protocol that runs between autonomous systems (AS) — large independently managed networks such as ISPs, enterprises, and cloud providers. Understanding BGP is important for Network+ because it explains how routing decisions are made at the internet scale.

Unlike interior routing protocols such as OSPF or EIGRP that optimize purely for shortest path, BGP uses path attributes to make routing decisions. Key attributes include AS-PATH (the list of autonomous systems a route passes through), LOCAL_PREF (preference used within an AS to select outbound paths), and MED (Multi-Exit Discriminator, used to influence how traffic enters your AS from a neighbour). BGP is a policy-driven protocol — network engineers can configure it to prefer certain routes for business reasons, not just technical ones.

For WAN exam scenarios, remember that BGP is the protocol used for internet edge routing and is often how enterprises connect to multiple ISPs (multihoming) for redundancy. If one ISP fails, BGP will failover traffic to the second ISP automatically.

Site-to-Site VPN as a WAN Alternative

Many organizations — especially smaller ones — avoid the cost of dedicated MPLS circuits by building site-to-site VPN tunnels across the public internet. A site-to-site VPN connects two entire networks (rather than a single remote user) by creating an encrypted tunnel between two VPN gateways, typically firewalls or dedicated VPN concentrators at each site.

The most common protocol for site-to-site VPN today is IPsec (Internet Protocol Security), which operates at Layer 3 and can run in two modes. Tunnel mode encapsulates the entire original IP packet inside a new IP packet — this is the standard mode for site-to-site VPNs because it hides the internal addressing. Transport mode only encrypts the payload, leaving the original IP header intact — used for host-to-host encryption within a single site.

IPsec itself is not one protocol but a suite of protocols. The two main components are AH (Authentication Header), which provides integrity and authentication but no encryption, and ESP (Encapsulating Security Payload), which provides both encryption and authentication. In practice, ESP is almost always used because encryption is the primary goal. IPsec uses IKE (Internet Key Exchange) — either IKEv1 or the more modern IKEv2 — to negotiate security parameters and exchange encryption keys before the tunnel is established.

DMVPN — Scaling Site-to-Site VPN

DMVPN (Dynamic Multipoint VPN) is a Cisco technology that solves the scalability problem of traditional site-to-site VPN. In a traditional hub-and-spoke IPsec setup, every branch site connects to the hub — branch-to-branch traffic must transit through the hub, adding latency. DMVPN allows branches to dynamically establish direct spoke-to-spoke tunnels on demand, without pre-configuring every possible branch pair. This gives you the management simplicity of hub-and-spoke with the performance of full-mesh — critical for large enterprise WAN deployments with hundreds of branch offices.

WAN Optimization

Even with high-bandwidth WAN links, application performance can suffer due to latency, packet loss, and protocol inefficiency. WAN optimization technologies address these issues through several techniques that are worth understanding for the exam.

Compression reduces the amount of data that needs to traverse the WAN link by compressing repetitive data patterns. Deduplication (also called data reduction or caching) goes further — if the same data block has already been transmitted, only a hash reference is sent instead of retransmitting the full data. This can dramatically reduce WAN utilization for workloads involving large file transfers or backup replication.

TCP optimization addresses the problem that TCP's congestion control algorithms were designed for low-latency LAN environments. On high-latency WAN links, TCP window sizes become a bottleneck — the protocol has to wait for ACKs before sending more data. WAN optimizers use TCP spoofing (also called TCP proxying) to locally acknowledge data on behalf of the distant endpoint, allowing the sender to continue transmitting without waiting for round-trip delays.

Protocol optimization handles chatty protocols that generate many round trips. CIFS/SMB (Windows file sharing) is notorious for this — accessing a single file can generate dozens of round trips, which is tolerable on a LAN with sub-millisecond latency but causes terrible performance over a 50ms WAN link. WAN optimization appliances cache and pre-fetch data to reduce these round trips.

WAN SLAs and Performance Metrics

When purchasing WAN services from a carrier, the Service Level Agreement (SLA) defines the performance guarantees and remedies if the carrier fails to meet them. Understanding WAN SLA metrics is directly exam-relevant for Network+.

Metric	Definition	Typical SLA Value
Uptime / Availability	Percentage of time the circuit is operational. "Five nines" = 99.999% = ~5 min downtime/year.	99.9% – 99.999% depending on service tier
Latency	One-way or round-trip delay between two points. Critical for voice and video. Measured in milliseconds.	Typically <20ms for MPLS, <50ms for metro Ethernet
Jitter	Variation in packet delay. Even if average latency is low, high jitter causes choppy VoIP calls. Measured in milliseconds.	<5ms for premium voice-grade services
Packet Loss	Percentage of packets that fail to arrive. Any packet loss degrades TCP throughput and causes dropped VoIP samples.	<0.1% for enterprise-grade MPLS
Bandwidth (CIR)	Committed Information Rate — the guaranteed minimum bandwidth the carrier will deliver, regardless of network congestion.	Equal to contracted bandwidth for leased lines

For exam scenarios involving WAN service selection, if the question mentions guaranteed performance, SLA, or contractual uptime, the answer typically involves a dedicated leased line or MPLS circuit rather than shared broadband. If the question mentions cost reduction while maintaining performance and the company already has MPLS, the answer is SD-WAN.

Common WAN Troubleshooting Scenarios

The Network+ exam tests practical troubleshooting as well as conceptual knowledge. For WAN links, common issues and their causes include the following. Intermittent connectivity drops on a broadband WAN link often indicate line quality issues — for DSL, the line may be too long or have bridge taps causing attenuation; for cable, the coaxial infrastructure may have signal noise. Tools such as checking SNR (Signal-to-Noise Ratio) margins on a DSL modem or signal levels on a cable modem help diagnose this.

High latency or jitter on an MPLS circuit that previously performed well may indicate that the carrier is experiencing congestion in their core network, or that traffic classes are misconfigured — bulk traffic may be using the same MPLS class of service queue as latency-sensitive voice traffic. Work with the carrier to review QoS markings and ensure DSCP values set by the enterprise are being honored by the carrier's network.

One-way audio on VoIP calls over a site-to-site VPN is a classic NAT/firewall issue — RTP (the voice media protocol) uses dynamically assigned UDP ports, and if the firewall or NAT device is blocking return traffic, audio flows in only one direction. The fix involves enabling SIP ALG (Application Layer Gateway) or using a session border controller that handles NAT traversal for SIP.

Studying for CompTIA Network+?

Check out the full Network+ study guide and cheat sheet.

View Network+ Study Guide →

WAN Technologies Explained