1.19 WAN Concepts
A WAN is used to connect two or more local area networks (LANs). A
LAN is a privately owned communications system that is designed to allow
users to access and share resources (computers, printers, servers) with
other users. The best known example of a WAN is the Internet itself.
LANs that are interconnected by a WAN may be located in the same
geographical area, such as a campus setting, or in separate geographic areas,
such as different cities or regions. To provide access between different
schools and to the Internet, a school district will install a district WAN.
This WAN will connect all schools to each other, as well as, to the Internet
via an ISP. The actual connection between the different points is handled
by a provider, such as the telephone company.
What type of WAN technology is used may be determined by
budgetary funds and/or the options available through the ISP. When
determining the cost of WAN technology, you must determine both
recurring and non-recurring costs. Recurring costs include fees paid to the
ISP either monthly and/or yearly, maintenance fees for equipment,
management fees (if any), etc. . Non-recurring costs include the cost of
equipment, installation, and set-up fees. Non-recurring costs are usually
paid only once at the beginning of the service.
Data travels over a WAN in two different directions, from the ISP to
the building, and from the building to the ISP. The first is called the
downlink because the data is being sent down (download) from the ISP, and
the second is called uplink because the data is being sent up (upload) to the
ISP. Different technologies offer different rates for this transmission
depending on whether both directions are transmitted at the same rate.
Different Technology and Transmission Speeds
Technology Speeds Maximum Distance
POTS – Plain Old 9.6 Kbps – 52.6 Kbps Unlimited
Leased Line (digital) from 56.6 kbps & up Unlimited
for example: 1.544 Mbps
(T1), 45 Mbps (T3), and
560.160 Mbps (T5)
ISDN 64 Kbps – 128 Kpbs Unlimited
Wireless 2 Mbps 25 miles
Cable TV 4 Mbps
Satellite 56 Kbps – 115 Kbps Unlimited
Fiber 10 Mbps – 1 Gbps 1000 meters
POTS (Dial-up Service): This technology relies on standard phone
lines to connect to the Internet. Using current analog technology, this
service runs at speeds up to 52.6 Kbps in each direction. It is a cheap and
easy way to get a machine connected to the Internet quickly. It has low
start-up costs and low monthly rates. The only additional equipment
required on each machine that requires connectivity is a modem.
LEASED LINE: Leased lines are often used for WAN connections.
These lines go point-to-point with a fixed rate of speed. With a leased line,
the district buys a permanent connection from the phone company either to
another school or to an ISP. The district sets up a router and a CSU/DSU
(Channel Service Unit/Digital Service Unit) at each school that will be
connected, the leased line connects to the CSU/DSU. This establishes a
network connection between the two ends of the leased line. Leased line
speeds range from 56 Kbps through 560 Mbps (T5) and beyond. Typically
universities and schools use a T1 line, with a speed of 1.544 Mbps, to connect
the WAN. T3 lines are usually used as major arteries for connections for
universities, ISPs, and large corporations.
Leased lines support almost any distance. Installation costs can be
high, and monthly fees are distance sensitive. Along with connecting each
building, a connection needs to run to an ISP. However, leased lines used in
conjunction with wireless technology may offer a more economical approach
to creating a WAN.
FRAME RELAY SERVICE: These are point-to-point lines that pass
through a central cloud. Numerous schools could connect into one cloud.
Speeds range from those mentioned above with guaranteed based speed
rates and “burst” rates for periodic faster speed when the network usage is
heavy. Frame relay requires less equipment and less lines than other
methods thereby making it a good option for multi-site networks.
ISDN: Integrated Services Digital Network (ISDN) is a technology
(type of phone line) that offers connections at either 64 Kbps or 128 Kbps in
each direction. The basic service called Basic Rate Interface (BRI),
contains two 64 Kbps data lines called B-channels, and a 16 Kbps control line
called a D-channel. ISDN lines are usually metered, meaning that you pay
for connect time, unlike a leased line where you pay for connection time
24/7. The use of ISDN on a WAN is very similar to that of a leased line
except that a Network Terminator, Type 1 (NT-1) is used to connect to the
phone line rather than a CSU/DSU. Many routers can now be purchased with
ISDN connection capability. ISDN can transmit data, voice, and video at
the same time on one line. This allows for multiple devices (computers,
faxes, telephones) to share one line.
WIRELESS: Another approach to providing network services is
wireless communications to connect multiple buildings. Wireless offers high
speed and minimal or no recurring costs. Start up costs for wireless
technologies will be higher than for leased lines, but over the lifetime of the
network, wireless will prove more cost effective. Wireless technologies
require expensive towers to clear natural and man-made obstructions around
the schools because all wireless communications require a clear line of sight
between transmitting and receiving equipment.
CABLE TV: Cable TV is another alternative to consider. Cable TV
allows a district to provide WAN connectivity using the cable TV wiring.
While cable TV can offer high speeds at low costs, there are several
limitations that must be considered:
• Television broadcasting is a one directional process. Information is
not sent back to the central office when broadcasting television. New
cable equipment that allows two-way communication is now available to
address this issue, and many cable companies are installing upgrades
to the cable TV equipment to help eliminate this problem.
• Many buildings share a cable TV signal. This leads to the problem of
shared capacity and security. This results in each building getting
only a small part of the total bandwidth. Security can also be a
problem in this shared environment as anyone with the correct
knowledge and experience can view unencrypted information placed on
In terms of cost, the cable company will charge a monthly fee for each
building that connects.
SATELLITE: For districts located in remote areas, where other
technologies are either not available or extremely expensive, satellite
connection may be the option of choice. With this technology, the district
buys a satellite dish and the necessary hardware needed to connect the dish
to the network. A building may have a downlink of up to 115 Kbps. While the
rates for this type of connection may be much higher than other options
previously discussed, this may be the best option in rural areas.
FIBER: The ideal solution for a district is to connect all of its
buildings with fiber-optic cables. Fiber speeds exceed 1 Gbps, allowing
districts to connect WANs at high speeds immediately and to upgrade to
even faster speeds in the future. Fiber can be very expensive running
between $2/foot to $2.50/foot. Installation can also be expensive requiring
the acquisition of land “right of way” rights.
ROUTERS AND BRIDGES
Routers and bridges are also covered in Sections 1.17 Ethernet
Concepts. Information from these two sections is referenced here. This
article will highlight a few areas of interest to these two devices as related
to WAN concepts.
The router connects a LAN to another LAN, a WAN or can be used to
partition a larger WAN into smaller segments to increase performance.
Routers operate at the network layers of the OSI model. Routers offer
some level of security between the different networks. Routers determine
how information gets to various destinations and translate the various
protocols between various networks. Routers can also acts as barriers
(security) between the local network and the WAN by filtering through
various ports and protocols.
Other duties of the router:
• It ensures that information doesn’t go where it’s not needed. This is
crucial for keeping large volumes of data from clogging the
connections of non-intended recipients.
• Since every device on the network has its own individual and unique
address, it makes sure that information makes it to the intended
A routing table is maintained internally by a router about specific routes
data may take. The router has the ability to “self-learn” from these tables
therefore increasing efficiency.
Routing is the process of finding appropriate paths for data packets
across networks as it moves throughout a LAN or WAN. The router reads
the information contained in each packet or frame, uses complex network
addressing procedures to determine the appropriate network destination,
transmits the data to the appropriate destination. Packets destinations
other than the LAN will travel out onto the WAN and continue its path
through other routers until its destination is reached.
Bridges are more simplistic devices than routers which have more
capacity to direct traffic. Used to connect two separate LANS over a
private communications link, they read the destination address of each
packet and allow only necessary traffic to pass through. Traffic not allowed
to pass through is forwarded to the correct segment. Hence, they can be
thought of as drop or forward machines. Bridges do not analyze and/or re-
route packets to the WAN destination—just “bridge” the data to the
correct WAN segment. Bridges are protocol dependent while routers are
Computer networks are generally designed to do one thing: allow any
computer connected to the network to freely exchange information with any
other computer also connected to the same network. Internet Protocol (IP)
was designed to be an open protocol that allows any IP device to freely
connect to any other. In the early days of the Internet it was common for
users to leave his/her files open to sharing. At this time most Internet
users were professors, students, and researchers who collaborated and
shared their information over the Internet. Today, however, the Internet is
now accessible by millions of businesses and personal users from all over the
world. Security is now a major issue.
In the real world, a firewall is a hardened, fire-resistant wall designed
to keep a fire contained within a building. In the Internet world, a firewall
is a special type of router designed to keep intruders out of a private
network. A firewall disrupts free communication between trusted and non-
trusted networks, attempting to manage the information flow and restrict
dangerous free access.
A true firewall is a computer that you connect between the Internet
and your LAN which intercepts every connection and packet coming in to
your LAN from the Internet. It is the TCP/IP equivalent of a “guard shack”
at the physical entrance to your company. All traffic must pass through it,
and the guard on duty requires proper credentials to allow anyone to pass
into the facility. Consequently, a firewall works closely with a router
program examining each network packet to determine whether to forward it
toward its destination.
Just as a guard at the entrance to your physical building limits the
freedom of movements of those who should be in the building, a firewall will
create some compromises on the ability of those in your building who “sit
behind a firewall” to access systems outside on the Internet. But in many
cases, the security is worth the tradeoff in usability, just as it is in those
cases where guards and security procedures are used in physical buildings.
The firewall connects a private LAN to the public Internet. Because
the firewall connects between the LAN and the outside world, the firewall
has no effect on normal LAN traffic. Computers on the LAN can
communicate with one another with no restrictions. Most hardware-based
firewalls also include a third interface called the DMZ connection (named
after the demilitarized zones that divide Korea). The DMZ is used to
connect Web servers, email servers, and other devices that must be freely
available on the Internet.
Clients on the protected LAN can access Internet resources such as
Web and email servers, as long as that access is allowed by the current
firewall settings. Network administrators can program the firewall to block
certain types of traffic such as Instant Messenger, peer file sharing, and
network game programs. Client computers on the Internet can access public
Web and email servers connected the firewall’s DMZ port. As traffic
arrives from the Internet, the firewall inspects each packet and allows
traffic into the firewall only if it was requested by a client computer on the
protected LAN. Uninvited traffic coming from the Internet is ignored.
There are several firewall screening methods. A simple one is to
screen requests to make sure they come from acceptable domain name and
IP address. A firewall implementing a packet filter looks at one packet at a
time, and considers it in isolation in order to make a forwarding decision. A
filtering firewall functions at the Network Layer of the OSI model. What
data enters or leaves the network is determined by the rules established by
the firewall software. Filtering occurs based on the type of packet, the
source address, the destination address, and the port information. Packets
are allowed to arrive (in) or leave (out) based on each filter rule that the
network administrator creates. Each filter rule created applies only to
packets that move in the direction which was specified in the rule.
Therefore, there are separate rules for packets received in and packets
Another type of firewall is a proxy server. A proxy server is a server
that acts as an intermediary between a user and the Internet so that the
network can ensure security, administrative control, and caching service.
Proxy servers are usually associated with or are part of a gateway server
that separates the network from the outside.
Proxy servers provide these three features:
1. firewall protection and filtering
2. connection sharing
The proxy server receives requests for an Internet service (Web
page) from a user. If the request is allowed based on filtering rules, the
proxy server looks in its local cache (if it’s a cache server) of previously
downloaded pages. If it finds the page, it returns it to the user without
going to the Internet. If the page is not in the server’s cache, the proxy
server uses its own IP address to request the page from the Internet.
When the page is returned, the proxy server forwards it on to the user.
Firewall technology also serves a useful function on school networks.
Firewalls allow outgoing request for Web pages (HTTP) to pass through to
the public Internet, but it generally prevents messages (other than replies
to those specific requests) from traveling in the opposite direction. The
filtering capability of proxies allows network administrators to explicitly
disallow access to any “unacceptable” domains. The functions of proxy and
firewall can be in separate server programs or combined in a single package.
However, network administrators often configure and deploy firewall
hardware separately from proxy server hardware.
The term wireless is used to describe telecommunications in which
electromagnetic waves rather than wires carry a signal over a communication
path. Today’s society has many resources available through wireless
technology: cellular phone and pagers, Global Positioning Systems (GPS),
remote control garage door openers, satellite television, and wireless
networks. A wireless network is one where a mobile user can connect to a
LAN through a wireless (radio) connection.
The standard, IEEE 802.11 (Wi-Fi) specifies the technologies for
wireless LANS. For a few years, 802.11b reigned supreme, gathering
momentum as prices plummeted. Wi-Fi operates at 2 to 11 Mbps at distances
from 50 to 150 feet indoors to well over 1,000 feet line-of-sight outdoors.
It works on Windows, Macintosh, and various Linux/Unix/BSD flavors,
sending TCP/IP and other packet data as an extension to plain old Ethernet
Recently, new specifications have been added to the Wi-Fi mix. These
specifications include 802.11a and 802.11g from the IEEE, and the
commercially supported HomeRF and Bluetooth protocols. HomeRF,
Bluetooth, and 802.11g all share the 2.4-GHz band frequency with 802.11b.
The standard that you choose to employ for your wireless needs will
determine the type of radio card that is chosen for user devices and access
The wireless option makes sense for many school districts. There are
many factors involved in bringing the Internet and networks to schools.
Wireless LANs/WANs offer productivity, convenience, and cost advantages:
• Provide users with access to real-time information anytime, anywhere
to increase productivity, efficiency, achievement, etc. Due to factors
such as class size, course offerings, etc. teachers who use technology
in their teaching may be forced to move their classrooms. Wireless
connectivity would allow teachers to move their entire “collection” of
computers with them without worrying about connection availability.
• Wireless installation requirements are minimal and relatively easy to
install—no cables to pull through walls and ceilings. Setup is generally
• Provides installation flexibility because wireless WAN technology can
go where wire cannot venture. Numerous additions and renovations
chop up building access and wiring layout making wireless an option for
these hard to reach areas.
• While the investment required for wired LANs hardware will initially
be higher than the cost of wired LAN hardware, overall wireless LAN
and WAN installation expenses and significantly lower. The long-term
cost benefits of wireless LANs are greatest in environments requiring
frequent moves and changes.
• Wireless WAN configuration is applied in a variety of ways to meet
the needs of specific applications and installations. These
configurations are easily changed and range from peer-to-peer
networks to large wireless LANs which include thousands of users.
• The performance of wireless networks has increased greatly in the
last 5 years or so. Currently wireless networks can operate at speeds
up to 10 Mbps which is faster than some T-1 lines.
As great as these advantages seem, there are several challenges that
must be addressed. There are some issues:
• low speed and interference problems with existing IEEE Standard
• Limited range of both 802.11a and 802.11b standard options
• Incompatibility between the above two standards.
• Security of data transmission
Wireless LANs and wireless WANs are not secure. The basic problem
is that information is being transmitted through the air, making it virtually
impossible to secure. While measures have been taken to try to establish
levels of security, to date no technology has been developed to guarantee
security. Several options are available to help address this problem:
• Take advantage of the security features that are offered by
your operating system using the security features available
• In most situations, wireless serves best as an add-on, not a
replacement, for wired networks.
• Make use of firewalls to keep the wired and wireless networks
separate from one another.
• Carefully plan the location of access points to minimize
• Limit the number of users per access point.
For high-bandwidth tasks, a wired Ethernet network connected with a
fiber backbone is still the best option. Save the wireless portion of the
network for lower-bandwidth needs.
• HomeRF is wireless network, RF standing for radio frequency.
Using a standard called Shared Wireless Access Protocol
(SWAP), it allows for up to 127 devices per network. Because it
uses a wireless transceiver built into a PCI card inside the
computer, no access point is needed. Speed, range and
interference can be problems with this form of wireless.
• Bluetooth is a relatively new technology created in combination
with several large telecommunications/technology companies.
Bluetooth offers low cost, untethered connectivity to the
Internet and other WANs using a variety of devices (PCs, cell
phones, PDAs, etc.). As mentioned earlier, Bluetooth operates
at a 2.4 GHz band frequency (very high).
• Satellite technology can offers connectivity via a satellite dish
mounted in a location where an unobstructed view of the
southern sky is possible. Download speeds are about 8 times
faster than dial-up modem service, with upload speeds about
equal to or slightly faster than dial-up modems.
Telephone lines were designed to transmit human voice, not electronic
data from computers. Modem is an acronym for Modulator Demodulator.
Modems are devices that convert data from digital computer signals to
analog signals that can be transmitted over a phone line. The conversion
from digital to analog is called modulation. The conversion from analog to
digital is called demodulation.
A modem on one end will dial the telephone line. The other side will
ring; the modem will “hear” the ring and answer the call. The receiving
modem will put tone on the line and the other modem will recognize the tone
and recognize it as being another modem. Humans do not make a tone so the
modem knows if it had misdialed. The modems listen to these tones and
convert the data as appropriate.
Modems are available in different speeds and can be installed inside
the computer (internal) or connected to the serial port (external). Early
modems transmitted data at 2400 Bps (bits per second). Dial-up modems
today reach speeds up to 56.6 Kbps. Most modems contain features like
error control and data compression to increase the speed and accuracy of
There are a number of different protocols for converting data to be
transmitted over telephone lines. Some are official standards, while others
have been developed by private companies. Most modems have built-in
support for the more common protocols—at least at slower speeds. Higher
transmission speeds protocol standards are less standardized.
There are many ways of connecting to the Internet. Most people still
connect via Dial-up: the user’s modem calls an ISP server where an ISP’s
modem answers and provides them with a signal to make the connection.
Dial-up services can allow teachers and other staff an opportunity to
access network resources from remote locations. In effect, the dial-up
connection becomes an extension of the network. This service can be
expensive as a host computer with an interface, modem, and telephone line,
must be dedicated to every remote session.
Digital Subscriber Line (DSL) is a high-speed technology that uses
copper telephone lines to connect to the Internet. A DSL line can remain
connected to the Internet (always on) so you don’t need to dial-up to go
online. However, you still need a type of modem and a network card to
connect. Typically with DSL, data is downloaded to a computer at rates up
to 1.544 Mbps and data can be uploaded at 128 kbps. Since DSL carries
both voice and data, you don’t have to install another phone line. Many times
existing lines can be used to establish DSL service, however DSL isn’t
available in all areas because it is “distance sensitive”. This means that you
must reside within a specified distance from the telephone switching office.
Cable TV is another option that offers high-speed Internet access.
Cable modems offer speeds up to 36 Mbps and can download data in seconds.
Working over a TV cable, it doesn’t tie up a telephone line, and like DSL it’s
always on so there is no need to connect.