We're breaking down how AI might impact enterprise networks in data-driven deep dives. Using TeleGeography’s WAN Cost Benchmark—a customized platform that makes it easy to model and track your WAN network costs—we're modeling potential real-life network setups and configurations for AI.
In these posts, we're comparing the total cost of ownership (TCO) of a legacy MPLS network—one that still represents many multinationals’ WANs in 2025—to various hybrid or internet-first alternatives designed to accommodate changes brought by AI and cloud. While our argument for moving past MPLS-centered WANs was historically mostly about cost, it is now much more about getting the network right sized for the coming AI-driven bandwidth crunch, resiliency, app-specific policy and performance, and full utilization of cloud.
This is the last post of this series. Catch up with the first three posts:
- Predicting How AI Will Impact Enterprise Networks
- How to Make Your Hybrid Network AI-Ready Without Increasing Costs
- Bandwidth and Price for an AI-Ready, Internet-First Network
Hub and Spoke WAN
Previous analyses in this series explored tiered hybrid models and internet-first strategies, both of which leverage the flexibility and cost-effectiveness of internet connectivity, managed and secured by an SD-WAN overlay. But in this post, we examine the most radical revision yet: the Hub and Spoke WAN.
The Hub and Spoke WAN model represents a significant challenge to a fundamental assumption of modern networking: the need for ubiquitous any-to-any connectivity. Instead of a meshed private network, such as MPLS, or a flexible overlay, like SD-WAN, this architecture involves creating a private, "carrier-like" network where branch offices ("spokes") are directly tethered to regional data centers ("hubs").
Adopting such a "carrier-like" network represents more than a technological shift; it signals a fundamental transformation in the enterprise's IT operational model. The organization transitions from being a passive consumer of a managed WAN service to an active manager of its own private backbone. This new role involves sourcing and managing a diverse set of components for the backbone and potentially co-location facilities for the hubs themselves. This shifts the responsibility for end-to-end network performance, routing integrity across the core, and long-term capacity planning from the carrier to the in-house IT team. The decision, therefore, can hinge as much on an organization's internal capabilities as it does on the technological merits of the architecture.
Modeling a Hub and Spoke WAN
These are the changes we implemented at each WAN site tier to create such a network:
- DCs— We added a backbone of large bandwidth wavelengths between the data centers.
- All Tiers—One DIA port of a similar speed to the original MPLS, along with an EoMPLS private line of a similar speed back to the closest regional data center. We included local access to all DIA sites, excluding those in the United States, Canada, and Western Europe.
- We kept MPLS for the Chinese sites for private connectivity at those sites, rather than the DIA (we still added private lines for those sites).
- Because the offices have a direct private connection, there is no need to adopt SD-WAN.
So why would an enterprise forgo SD-WAN, the market's leading technology trend? The answer lies in what this architecture prioritizes instead of ultimate flexibility.
Because all private traffic from a spoke has a single, deterministic destination—its designated hub—the complex, dynamic path selection and policy enforcement of SD-WAN becomes unnecessary. This architectural choice has profound implications for both cost and operational complexity. With important corporate traffic to the data center going through private lines, security can also be much simpler than in a hybrid or internet-first WAN architecture.
For a specific class of enterprise, the benefits of absolute traffic isolation on private lines, radically simplified routing logic, and enhanced control over the network core outweigh the advantages of a fully meshed, internet-centric design. This is not a legacy architecture, but a modern, strategic choice for organizations whose business requirements demand security and predictability above all else.
Average Total Bandwidth per Site in Each Subregion—Dual MPLS WAN vs. Hub and Spoke WAN
Note: Each bar represents the average total site bandwidth, including multiple ports or underlay services, across all sites in the listed subregion.
- The Hub and Spoke network is essentially the same bandwidth as the original MPLS WAN. We did this to make the comparison as one-for-one as possible with an MPLS network and because bandwidth is less of an issue in a P2P situation where traffic is on a private network destined for the data center.
- In some locations, the average bandwidth is slightly down, while it was more likely to go up a bit in places where we swapped a lower capacity MPLS port with a slightly larger private line.
- All P2P connections, except those between data centers, got an access line.
Distribution of Total Site Speeds—Hub and Spoke WAN
Note: Each section represents the percentage of total site bandwidths that fall within each bandwidth range.
- In the original, we were adding together two identically sized MPLS ports. Here we are adding together the DIA port and the EoMPLS line, which are occasionally slightly different speeds but very close.
- Over half of the sites in this network have a total site bandwidth of 200 Mbps or below.
- About 10% of sites have a total site bandwidth above 1,000 Mbps.
Original Dual MPLS and Hub and Spoke WAN Scenario TCOs
Note: Each column represents the total annual cost of ownership for that WAN scenario, broken out by product in each color section.
- While the bandwidth is essentially the same, the Hub and Spoke network is more affordable, with the TCO decreasing about 12% from $8.1m to $7.1m.
- This network is inherently secure (sensitive corporate traffic goes over private lines not on shared infrastructure) and resilient (EPL over a meshed network) even if it lacks the ability to share data between any two random offices on the network.
- Access is the majority of the cost of the network–57%–with the next largest share going to the private lines at 23%.
- There are no additional SD-WAN costs, which keeps the price down compared to other scenarios.
The Hub and Spoke model analyzed here is defined by its deliberate omission of an SD-WAN overlay. Instead, the enterprise effectively builds its own private backbone connecting key regional hubs, with all other sites connecting to this core. This is a modern, hybrid architecture that blends private and public connectivity with a clear purpose for each, and is ready-made for AI, especially as adding incremental bandwidth to EoMPLS links will be simple and cost-effective.
The Hub and Spoke model's readiness for AI is rooted in its centralized architecture, which directly addresses the unique traffic patterns and data requirements of artificial intelligence workloads. By centralizing compute and data in well-connected hubs, the Hub and Spoke model creates an efficient and secure environment that is purpose-built for the demands of large-scale AI model training and inference.
Model Your Own WAN
You don't have to make expensive commitments to find out how much your WAN will cost. TeleGeography's WAN Cost Benchmark platform lets you model your WAN network, try different configurations, and get real insights into how your budget will be impacted.
Some enterprises prioritize cutting costs, but we more commonly see enterprise customers use TeleGeography's WAN Cost Benchmark platform to set up a more resilient and better performing, AI-ready network without having to ask the c-suite for more money. You can get more details and a video tour here.
WAN Managers: We Want to Hear From You
Are you a WAN architect or IT infrastructure professional? Do you work with networks at a non-telecom carrier enterprise?
Take our WAN Manager Survey to understand how enterprises like yours are designing their underlays to balance AI-driven bandwidth demands, costs, and performance.
Your response to our brief 10-20 question survey will earn you free access to the full report as well as a TeleGeography infrastructure wall map! Click here for the survey.
