WAN Networks in Practice: Architecture, Challenges and Monitoring

We are nothing without others, as those Christmas commercials say, and the same applies to organizations. Today, they need to be connected across all their branches (wherever they are), with employees working remotely, those on the move, and those having video meetings from thousands of kilometers away. The proper synchronization of all this and the optimal operation of the organization depends on WAN networks, which we will thoroughly examine today.

The old song says that “twenty years is nothing”, but that is not true in IT. Two decades ago, critical infrastructure resided in a single building, connected through a secure and controlled local area network (LAN). Today’s reality is made up of interconnected locations, cloud applications, hybrid data centers, and workers operating from anywhere.

The WAN (Wide Area Network) has become the nervous system of organizations, serving as the highway that connects everything and carries critical data, voice and video over IP (VoIP), financial transactions, and much more.

However, the complexity of these distributed networks presents significant challenges. That is why we will analyze this topic in depth, including the key to ensuring this highway, as another AC/DC song says, does not become a highway to hell: WAN network monitoring. Thanks to it, we will know what is happening in every corner of the path and ensure it always performs at its best.

What is a WAN network

A Wide Area Network or WAN (for its initials in English, Wide Area Network) is a telecommunications infrastructure that enables connectivity beyond a limited geographical scope.
For the long-suffering IT professional, the technical definition of a WAN goes beyond geography, being the collection of links, devices, and protocols that allow, for example, a subnet at the Madrid headquarters to communicate with a server in a data center in London, or with a branch office in Mexico, as if they were in the same room.

Key differences between WAN and LAN

Obviously, the fundamental differences are the required infrastructure and the network scope, but when we talk about management, the main key coincides with the unresolved traumas of those of us who work in IT:

• Trust in others.
• Loss of control.

While in a local area network or LAN (Local Area Network) the organization usually owns all the hardware (switches, access points, and even the cables), in a WAN the communication infrastructure generally belongs to third parties: communications service providers.
Thus, we move from having absolute iron-fisted control over the physical medium to depending on someone else. Normally, we will have signed so-called Service Level Agreements (SLA) with them, which contractually guarantee a certain level of proper operation, compensating in some way when that is not the case.

Likewise, an organization’s data is sensitive and valuable merchandise, so we must also apply encapsulation technologies to transmit such data securely over public networks or leased circuits.
Trusting and learning to let go is all very well according to my therapist… and also according to hackers and industrial spies who take advantage of it. Hence the importance of relying on good providers, but monitoring the WAN network, as we will see later.

How a WAN works in corporate environments

The operation of a corporate WAN at a general level is easy to understand in theory, as it is based on the interconnection of remote nodes.
To do this, we will use various physical elements and other more intangible ones, such as third-party services.

Routers and physical devices on our premises

At the heart of the WAN are routers and other devices such as firewalls, which are located at the perimeter (edge devices) where our facilities end and the wild west of external networks begins.
These devices act as gateways and also as security barriers.
Thus, when a data packet leaves a computer in our Valencia office, the router analyzes the destination IP address. If that destination is outside the local network of that office, then it routes (directs) the packet to the WAN interface, allowing it to leave and reach whoever needs it, such as a salesperson on the move, an external cloud application, or another office in Barcelona, for example.

Transport and Service Providers (ISP)

Since I do not think we are rich and powerful enough to have invested in our own external networks, once the traffic leaves the corporate router, it enters the infrastructure of the communications service provider.
That infrastructure can take various forms depending on the need.

• Optical fiber.
• Satellite networks.
• Microwave links.
• The public Internet infrastructure, and so on.

Now, one of the challenges from a systems administration perspective is that the WAN is a kind of black box, now that the term is so fashionable with artificial intelligence.
That is, we know what leaves the Valencia office I mentioned earlier and what enters the one in Barcelona, but the exact path that packets take can change dynamically depending on the routing protocol (such as BGP) and/or the state of the provider’s network.
Or perhaps our main developer is one of those geniuses who lives isolated in a lost bunker, and their only connection to the office is via satellite.
This lack of direct visibility over the transport medium is precisely what makes WAN network monitoring from the edges critical.

Main WAN technologies and models

As with almost all elements of IT, when it comes to WAN networks we do not usually use a single technology, but rather adopt a hybrid approach.
And within those diverse elements of a WAN we find:

1. Dedicated links and leased lines

As in everything in life, there are classes, and this has been, especially in the old days, the premium option.
It consists of physical or logical point-to-point connections reserved exclusively for our organization (for example, when I thought I was king with a cable from the old Ono, the consultancy I worked for at the time operated using the old T1/E1 lines).
Nowadays, these usually take the form of fiber networks and offer guaranteed bandwidth and stable latency. In return, their cost is high and they are not very flexible.

2. MPLS (Multiprotocol Label Switching)

With MPLS we are not talking about a physical connection, but rather a data transmission technique.
This allows packets to be labeled in order to prioritize certain types of traffic (such as voice or video) and to create virtual private networks over the operator’s shared infrastructure.
This technique is commonly used in corporate networks that prioritize Quality of Service (QoS). In return, it remains costly and slow to provision.

3. VPN and Tunneling (IPsec)

VPNs (Virtual Private Networks) use the Internet as the transport medium, but of course, corporate data cannot travel in the same lanes as everything else, nor be exposed to highway robbers.
Thus, with VPNs we create encrypted tunnels between the communicating endpoints (such as an employee’s laptop at home and the office they are assigned to).
Traveling through these tunnels is an economical, flexible, and common option that allows secure communications.
The challenge is that, since it depends on the same Internet that four thousand gamer kids might be congesting at that moment, network latency or performance is more unpredictable and not guaranteed, as it would be with the previous options.

4. SD-WAN (Software-Defined WAN)

This is an evolution that allows the use of many types of connections (MPLS, 5G, the pedal-powered fiber I am writing this from…) and to manage traffic intelligently through software (hence its name).
What does this allow? Flexibility and optimization.
If the primary link becomes saturated because everyone is stuck in endless video meetings, SD-WAN can redirect less critical traffic to another link.
In return, we add complexity, of course, by introducing a new logical layer in our configuration that must be carefully monitored.

Common problems in WAN networks

In LAN networks we usually have abundant bandwidth to work with, access files, applications, and so on, but when we talk about WAN networks things become more complicated, meaning administrators face (more) challenges such as:

1. Network latency

Defined both as the excuse you always use when you get killed in Call of Duty and as the time it takes for a packet to travel from source to destination.
In a WAN, the physical distance between those points obviously plays a role, but so does the number of hops that must be made to get there, like the thousand layovers on cheap flights we buy because we did not invest in Bitcoin fifteen years ago.
Thus, you might need to connect Madrid with Barcelona, but the latency is unbearable because some genius configured previous hops through Asia because they dream of retiring in Thailand (an exaggerated and unlikely case, but illustrative).

2. Jitter (Fluctuation)

In the end, you do not know whether higher latency is worse, or unstable latency, causing a high variation in packet arrival times, which is the most basic definition of jitter (for detail lovers, here I explain jitter in IT networks in depth).
If that jitter is too high, video meetings will freeze, calls will drop, and the user’s forehead vein will start to bulge.

3. Packet loss

This consists of sending data but, as if you were using a courier service, some packets get lost along the way.
This usually happens due to congestion, hardware failures, and so on. The issue is that even very small losses can reduce operational performance, making this yet another thing to monitor.

4. Link and bandwidth saturation

WAN bandwidth is not cheap, and it often happens that during peak hours, when everyone is in meetings or Windows decides to update itself, the link becomes saturated, preventing those messages or calls that were going to close an important deal.

5. MPLS instability

Although the MPLS technique we have discussed offers guarantees, it is not invulnerable and may suffer outages or degradations in the provider’s network (fiber cuts, routing failures, and so on).
Taking all this into account, the WAN network must be monitored very closely, not only to avoid failures, but also to optimize performance and ensure it does not become the bottleneck for the organization’s operations.
This is where monitoring comes into play.

What should be monitored in a WAN network

An effective monitoring strategy must handle health, performance, and traffic metrics such as:

• Link availability: Checking if the connection is operational.
• Quality of Experience (QoE): Continuously monitoring latency, jitter, and packet loss end-to-end.
• Bandwidth usage: Who is clogging the network again? Why is there a full-speed torrent server running where it shouldn’t be? Using protocols like NetFlow, jFlow, or sFlow, traffic must be analyzed to identify these bandwidth vampires.
• Status of edge devices: Mainly CPU usage, memory, and temperature of routers and firewalls. A router saturated from processing a VPN will introduce latency, even if the link is idle.
• Status of VPN tunnels: IPsec tunnels can go down even if the physical connection works. It is crucial to monitor the logical state of the tunnel interfaces.
• Subnets and routing: Unauthorized changes to routing tables (OSPF/BGP) — perhaps because the intern has access and ChatGPT suggested a “better configuration” — can isolate an entire branch office.

WAN monitoring in modern infrastructures: Prevent and optimize

Reactive problem detection like “The network is down, call the provider” hasn’t been enough for a long time.
A centralized visibility is required (regardless of the network elements, technologies used, or connection points), which also enables proactive network monitoring.

That is, the system must alert when there are early signs of issues, such as latency exceeding acceptable levels, before users start flooding support with tickets and worsening the problem.

This is where correlation comes into play — one of the most powerful techniques used by expert monitoring systems like Pandora FMS.

A WAN running at snail’s pace instead of Warp 9 often explains why the CRM application is slow. But without network monitoring, IT teams can waste hours investigating whether the problem lies with the database server or the application, when in fact the culprit is a saturated link.

Unified monitoring with the rest of the IT infrastructure

The WAN network is not an island; it is the connective tissue linking servers, applications, storage, locations, and users. Therefore, isolating WAN network monitoring from the rest of IT monitoring is a strategic mistake.
Unified monitoring means integrating WAN network data with server and application data. This enables better diagnostics and optimizations. For example:

• If a scheduled backup fails at night, was it due to a disk error or because the VPN went down?
• If the corporate website is slow, is it the server or the Internet provider’s fault?

Having a tool that controls the entire infrastructure from a single place allows you to find root causes much faster, reducing the MTTR (Mean Time To Resolution). And that’s where Pandora FMS comes in…

How Pandora FMS addresses WAN network monitoring

Pandora was born out of our own frustrations and needs, so we required that total visibility and unified monitoring, regardless of how heterogeneous the infrastructure or LAN and WAN networks were.

Thus, we created Pandora FMS to offer:

Flexible monitoring of devices and services

No matter what we need or how unique we are, Pandora FMS adapts by allowing you to monitor server status, latency, full load times, or APIs, for example. Each infrastructure and network is a different world, so you decide, define, and control. From firewalls to routers, including any endpoint that interacts with the WAN, Pandora FMS lets you see everything as if you had a Palantír and control everything as if you had The One Ring.

In-depth network analysis

Thanks to its ability to process NetFlow and sFlow, Pandora FMS allows you to see everything happening on the network, easily detecting bottlenecks and enabling quick decisions so your WAN runs like a highway and not a dirt road.

Integration with the rest of the IT infrastructure

And of course, Pandora FMS doesn’t treat the WAN as an isolated element. It integrates router monitoring (via SNMP), link status, server metrics, and user experience into a single console… and also into the custom dashboards you need and can easily build.

No matter what you want to monitor in your WAN (or across your entire IT infrastructure), Pandora does it — and you can try it for yourself with a free demo or by downloading the Trial version.