top of page
  • Writer's pictureEfe Dinler

What is a Traditional Private WAN?

In a traditional WAN environment, each branch office is connected using a single dedicated private network connection that is point to point between the branch and head office sites.

Occasionally this single private line will be backed up by another link (normally a cheaper commodity connection and often from the same ISP as the main link) that acts as a failover connection, but not always – and certainly not without additional cost.

For example, we can see the head office local area network has two WAN connections. In red, we have a direct to public internet service and in blue, the connection to the managed WAN providers network that subsequently provides routing of traffic to the three remote branch offices (A,B,C)<insert bestprac_1>

It’s important to note that the branch offices do not have a direct internet connection at all. Instead they each have a single dedicated link back to the head office location, so all internet access at the remote sites passes through the head office public internet link (shown in red).

When we look at the hardware involved to achieve this configuration we might see something like this:<insert bestprac_2>

At the head office location we have two routers, one for public internet access and the other for access to the private WAN. At the branch office location, we have a single router that acts as the default gateway for the LAN clients there and sends all traffic back over the private network to the head office.

Example IP Addressing

To explain this type of configuration further, here is a diagram showing how the IP addressing might be configured for this type of Layer 3 traditional private WAN.<insert bestprac_3>

The head office network has a network subnet of, and uses the public internet access router ( as the default gateway. The public internet access router has a static route with a supernet of and the private WAN access router ( as the target. In this way, any traffic destined for the remote branch offices reaches the default gateway router and is then forwarded to the private access router, enabling the sites to communicate with head office in a hub and spoke fashion.

What is a Hybrid WAN?

A Hybrid WAN combines private point to point links with public Internet links using an encryption to ensure that any traffic sent over the public internet is secure.<inserthybrid_wan>

The end result is a Wide Area Network made up of multiple connections between each location that can be actively used at the same time to improve connection reliability and aggregate bandwidth.

It requires the use of multi-WAN routers at each location that are capable of sending traffic securely over multiple WAN links at the same time from a remote branch office that are then also able to combine the traffic again when it reaches the destination.

Our Software Defined Network (SDN/ SD WAN) and bandwidth bonding technology is the mechanism for creating Hybrid SD network using multiple private and public links.<insert Hybrid-WAN-Explanation>

Hybrid SD WAN Example

If we wanted to use Hybrid SD WAN technology in our previous example, the high level design would look like this:<insert hybrid-wan-best-practice-06>

In this example, the head office network now has three routers. A SD WAN device has been added to act as the default gateway for the network. This has the public internet access router and the private WAN access router connected to its WAN ports.

The remote branch location also has an additional SD WAN device. This has the original private WAN router connected to its WAN ports along with new additional public internet access routers.

The two SD WAN devices create a single logical connection made up of multiple secure connections between each other, across both the public and private networks. Both networks can send and receive traffic at the same time. The benefits to this Hybrid WAN approach are considerable:

  • Additional bandwidth can be added quickly using public internet links that tend to be cheaper with much higher bandwidth than dedicated private WAN links.

  • Using our Software Defined Network (SDN/ SD WAN) technology, multiple network technology types (Fiber, DSL, Cellular and even Wi-Fi) can be used at each location and combined to provide resilience.

  • The WAN links at each location do not need to be from the same ISP or managed service provider – allowing for provider diversity.

  • The end result is a more resilient, more agile, higher bandwidth and secure WAN.

Hybrid WAN IP Addressing Example

The diagram below shows the network diagram for an example Hybrid WAN configuration using the topology from the previous traditional WAN example as a starting point<insert hybrid_ip_network>

HQ <insert hybrid_ip_HQ>

In the head office location a new SD WAN router is added that acts as the default gateway for the network. On its WAN1 is the existing public internet access router and on WAN2, it has the existing private WAN access router.

The private WAN access router (shown in blue) is configured with a new LAN IP in a different range than the head office LAN. The original head office LAN IP range ( is maintained on the LAN to reduce the amount of reconfiguration needed on servers and infrastructure at this location.

The Software Defined Network (SDN/ SD WAN) has an outbound policy added to tell it to route all traffic for the remote private WAN routers (in the remote branch offices) over WAN2. This outbound policy enables traffic to route between the WANs of the remote SD WAN routers and the one at head office, which in turn enables secure tunnels to be created over the existing private WAN.

Branch <insert hybrid_ip_branch>

In the remote branch offices, a new SD Wan router is added to act as the gateway device for the local network and the branch office subnet is changed to be in the 10.12.x.0/24 range.

Note: Any statically assigned network devices – such as printers, VoIP PBX’s or CCTV cameras will need to be reconfigured to connect on the new subnet.

On the WAN1 of the SD WAN a public internet connection is added, with the private network access router on WAN2.

Depending on the design used at the remote branch offices up to 32 WAN connections can be used in total which can be a mix of fixed line, cellular and point to point wireless networks connections. Typically we would see a branch location combine existing fiber/cable connectivity from the private WAN with additional public internet connectivity over fiber or xDSL and LTE cellular from different providers. Additional internet connectivity can be added on demand to the branch office location and included in the Hybrid WAN.

With this configuration in place we have the level topology configured as illustrated <insert hybrid_ip_branch1>


Hybrid WAN technologies can improve branch office connectivity, resilience and bandwidth, whilst also reducing costs as well as provide new, more agile ways to deploy and manage branch office connectivity requirements using a mix of internet connectivity types from diverse service providers.

Using Software Defined Network (SDN/ SD WAN) routers, you can choose to bolt Hybrid WAN connectivity onto the side of existing traditional WAN deployments, combine private and public WANs incrementally as required, and ultimately completely replace the traditional enterprise WAN if desired.

Our Software Defined Network (SDN/ SD WAN) controller in combination with Hybrid WAN provides agile remote site connectivity options with easy central management and monitoring – greatly simplifying both the initial deployment of Hybrid WAN in the enterprise and its subsequent operational management.

8 views0 comments


bottom of page