What is a wide area network (WAN)?
A wide area network (WAN) is a large computer network that connects groups of computers over large distances. WANs are often used by large businesses to connect their office networks; each office typically has its own local area network, or LAN, and these LANs connect via a WAN. These long connections may be formed in several different ways, including leased lines, VPNs, or IP tunnels (see below).
The definition of what constitutes a WAN is fairly broad. Technically, any large network that spreads out over a wide geographic area is a WAN. The Internet itself is considered a WAN.
What is a LAN?
A local area network (LAN) is a network confined to a small, localized area. Home WiFi networks and small business networks are common examples of LANs. Typically, whoever manages the LAN also manages the networking equipment it uses. A small business, for instance, will manage the routers and switches involved in setting up the LAN.
WAN vs. LAN
LANs typically exist in a contained area and usually share a single central point of Internet connection. WANs are designed to provide network connectivity over long distances. They are usually made up of several connected LANs. An organization that sets up its own WAN will almost always rely on network infrastructure that is outside their control: for instance, a company with an office in Paris and an office in New York will have to send data between these offices over undersea cables that cross the Atlantic Ocean.
Usually a WAN will include multiple routers and switches. A LAN only needs one router for connecting to the Internet or other LANs, although it may use switches as well.
What is a leased line?
One of the ways that organizations connect their LANs to form a WAN is by using something called a leased line. A leased line is a direct network connection rented from a large network provider such as an ISP. Building their own physical network infrastructure — including cables, routers, and Internet exchange points across hundreds or thousands of miles — would be an almost impossible task for most organizations. So instead, they lease a direct, dedicated connection from a company that already has this infrastructure.
What is tunneling? What is a VPN?
If a company does not want to pay for a leased line, they can connect their LANs using tunneling. In networking, tunneling is a method for encapsulating data packets* within other data packets so that they go somewhere that they would not go otherwise. Imagine mailing an envelope inside another envelope, with both envelopes having a different address, so that the internal envelope gets mailed from the external envelope's destination address. That is the general idea of tunneling, except data is contained within packets instead of envelopes.
Some network tunnels are encrypted in order to protect the packets' contents from anyone who might intercept them en route. Encrypted tunnels are called VPNs, or virtual private networks. VPN connections between WANs are more secure than unencrypted tunneling connections. IPsec is one common VPN encryption protocol.
The main drawback of using tunneling to connect LANs is that tunneling increases overhead; it takes more computing power, and thus more time, to send packets in this way. Encapsulating and encrypting each packet slows down communications, just as stuffing an envelope twice instead of once slows down how quickly it can be placed in the mail. Additionally, encapsulated packets may end up larger than some routers on the network can handle, resulting in fragmentation and adding more delays.
*All data sent over a network is broken up into packets, which are smaller chunks of data. Each packet includes information about the packet's origin, destination, and position in the series of packets.
What is a software-defined WAN (SD-WAN)?
A software-defined WAN, or SD-WAN, is a WAN that uses software to route traffic, in addition to or instead of traditional routers. With an SD-WAN, networking functions are virtualized — they run in software instead of hardware — making network management much easier for IT teams. In fact some SD-WAN vendors offer software-defined routers that can at least partially replace existing hardware routers.
SD-WANs are one form of software-defined networking (SDN), which is a category of technologies that make it possible to manage networks with software. They are also a key component of secure access service edge (SASE) solutions, which combine networking and network security functions into a single, cloud-based service.
How does Cloudflare protect WANs and SD-WANs?
LANs, WANs, and SD-WANs can all be targeted for DDoS attacks. Cloudflare Magic Transit protects networks from such attacks. Magic Transit also applies Cloudflare's firewall capabilities to on-premise networks and accelerates network traffic. Learn more about Magic Transit.