<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=1110556&amp;fmt=gif">
Skip to content
    September 4, 2025

    The Public Internet Is Not Your WAN

    In the move from MPLS to SD-WAN, you gained agility but lost visibility. It's time to reclaim it.

    6 min read

    Key Takeaways
    • Find out how, when replacing MPLS with public internet connectivity, you lose visibility and control.
    • Discover how SD-WAN lacks visibility into the internet underlay, and can't reveal why a path is performing poorly.
    • Establish effective management by shifting from device-centric monitoring to end-to-end path visualization.

    Within many organizations, there’s been a strategic imperative to abandon MPLS in favor of SD-WAN and direct internet access, particularly when it comes to branch office connectivity. The benefits of this move are undeniable and compelling. Organizations can establish direct cloud connectivity and realize cost savings and improved agility.

    However, when you make this move, you fundamentally alter your network's foundation, trading the predictable, engineered transport of MPLS for the best-effort nature of the public internet. This has created a critical visibility gap—a gray zone between your branch and your applications that most network teams are ill-equipped to peer into.

    This isn't just a minor operational hurdle; it's a paradigm shift. The days of a single, accountable provider with a contractually backed service level agreement (SLA) are over. Your control over the end-to-end packet path has vanished, replaced by a reality that’s governed by factors you don't manage.

    The public internet is not your WAN

    It's crucial to internalize that the internet is not a cohesive network; it's a federation of thousands of independent autonomous systems (AS) that interconnect via the Border Gateway Protocol (BGP). The path your branch office traffic takes to your data center or to a SaaS application is determined by a complex and dynamic web of peering agreements between these service providers. This path can change at any moment due to routing policy adjustments, network congestion, or even politically motivated traffic engineering, none of which are under your control.

    Unlike MPLS, where traffic paths are engineered for performance, internet paths are often engineered for the lowest cost to the provider. This frequently leads to “hot-potato” routing, instances in which an ISP hands off your traffic to the next network as quickly as possible. This can route your packets through congested peering points thousands of miles out of the way, introducing significant latency and packet loss. Even if your local broadband connection is performing perfectly, a problem in the middle mile—at an interconnection point between two major backbones—can cripple application performance, and you would have no way of knowing where it's happening.

    Deconstructing the SD-WAN abstraction

    SD-WAN is a great technology for navigating this new reality, but it's not a silver bullet for visibility. SD-WAN operates at the overlay level, creating secure tunnels (like IPsec) that run on top of physical internet connections, which constitute the underlay. Your SD-WAN appliance intelligently monitors the performance of these tunnels, measuring metrics like latency, jitter, and packet loss. If it detects that the path over your primary broadband link is degrading, it can dynamically reroute application traffic to a secondary link, such as another internet connection or LTE.

    The limitation, however, is that the SD-WAN overlay only sees the cumulative result of the underlay path; it treats the entire internet journey as a single, opaque link. It can tell you that a tunnel's performance is poor, but it cannot tell you why. The packet loss could be occurring on the local loop, within the ISP's metro-area network, at a BGP peering point, or on the SaaS provider's network doorstep. Without visibility into the underlay, you can't perform root cause analysis. You're left making blind decisions, like upgrading bandwidth at a branch when the actual bottleneck is an underperforming transit provider hundreds of hops away.

    Why traditional tooling falls short

    The tools you've relied on for decades are insufficient for this new landscape. SNMP-based monitoring, for example, is great for telling you the interface status of the router you own, but it's completely blind to the provider networks beyond it. Your router can be perfectly healthy, while the user experience is unbearable because of an issue deep within the internet.

    Simple diagnostics like ping and traceroute offer a glimpse but are ultimately inadequate. ICMP traffic is often deprioritized or blocked by network devices, providing unreliable performance metrics. While traceroute shows a list of IP hops, it doesn't provide historical performance data and can be misleading due to asymmetric paths and unresponsive routers. It gives you an instantaneous, often incomplete, picture and fails to measure critical metrics like per-hop jitter or loss.

    The imperative for end-to-end path visualization

    To effectively manage branch office connectivity today, you must shift your focus from device health to a continuous, hop-by-hop understanding of the entire data path. This requires a new class of visibility solution that goes beyond the overlay. The goal is to actively measure performance from the branch edge, across every BGP-defined AS hop in the internet underlay, all the way to the application's hosting environment.

    This is achieved with active monitoring that simulates application traffic (for example, using TCP or UDP packets) to continuously probe the network path. By analyzing the response from each hop, you can build a detailed, historical map of per-hop latency, loss, and jitter. This transforms troubleshooting. Instead of following up on a vague complaint about a slow application, you can pinpoint that a specific peering exchange between two ISPs began exhibiting 10% packet loss at a specific time, directly correlating it to user-reported issues.

    This level of empirical data ends the finger-pointing between your network team, your ISPs, and your application vendors. It provides objective evidence to escalate issues effectively and validate that provider fixes have actually resolved the underlay problem. Moving beyond MPLS was a strategic necessity, but succeeding in this new environment requires you to stop guessing about internet performance and start measuring it from end to end.

    To explore these concepts in greater detail and see how you can move from traditional to active monitoring, view our on-demand technical webcast, Take the Hassle Out of SD-WAN Management.

    Yann Guernion

    Yann has several decades of experience in the software industry, from development to operations to marketing of enterprise solutions. He helps Broadcom deliver market-leading solutions with a focus on Network Management.

    Other Resources You might be interested In

    icon
    Blog September 4, 2025

    The Public Internet Is Not Your WAN

    Moving beyond MPLS was a strategic necessity. To succeed in modern environments, you need to stop guessing about internet performance and start measuring it.

    icon
    Blog September 3, 2025

    Weaving AppNeta Experience Insights into DX NetOps: A Step-by-Step Guide

    Find out why the integration of DX NetOps and AppNeta is such a game-changer. Give teams a unified view of what’s really happening—wherever it’s happening.

    icon
    Blog September 2, 2025

    Your Network Disaster Recovery Plan is Only as Good as its Execution

    This post examines how network configuration management (NCM) plays an essential role in the execution of your disaster recovery plan (DRP).

    icon
    Blog August 20, 2025

    What’s Hiding in Your Wiring Closets?

    See why you must move from periodic audits to a state of perpetual awareness. Track every change, validate it against policy, and understand its impact.

    icon
    Blog August 15, 2025

    All Network Monitoring Tools Are Created Equal, Right?

    See how observability platforms provide a unified view across multi-vendor environments and correlate network configuration changes with performance issues.

    icon
    Blog August 7, 2025

    What Your SD-WAN Isn't Telling You

    SD-WAN's limited view blinds it to underlay issues. Augment SD-WAN with end-to-end visibility to validate decisions and diagnose root causes for network resilience.

    icon
    Blog August 7, 2025

    How DX NetOps Topology Streamlines and Optimizes Triage

    DX NetOps Topology gives you the context and clarity to stay ahead of problems and keep your networks running smoothly. Troubleshoot quickly and seamlessly.

    icon
    Course August 1, 2025

    DX NetOps: Capacity Planning Trend Dashboard

    Learn how to build a Capacity Planning Trend Dashboard that empowers Capacity Planners with insights into the historical and projected performance of network components, enabling optimal investment...

    icon
    Blog July 31, 2025

    Streamlining the Complexity of SD-WAN Deployments With DX NetOps Topology

    See how DX NetOps Topology enables network operations teams to visualize full SD-WAN topologies across sites and regions—boosting clarity, speed, and control.