The big idea
A carrier service is a commercial connectivity product sold by a telecommunications operator (“carrier”) that owns a regional, national, or global backbone of cables, switches, and radio links. Instead of every organisation laying its own long-distance fibre, it rents capacity on the carrier’s infrastructure. When many customers coexist on the same physical core, we call the offering a shared carrier service.
Why “shared” matters
- Economic scale – the carrier amortises trenching, fibre, and amplification equipment across thousands of subscribers, so a single company can obtain high-bandwidth links without capital expenditure.
- Logical separation – traffic from different tenants is kept private through physical wavelength assignment, time-division slots, VLAN tags, MPLS labels, or encrypted tunnels.
- Service-level guarantees – contracts (SLAs) specify speed, latency, jitter, uptime, and restoration targets, giving enterprises predictable performance that the public Internet alone cannot promise.
Glossary of terms
| Term | Precise definition (first-year computer-science level) |
|---|---|
| 5G | The fifth-generation cellular standard defined by 3GPP, delivering ≈ 1 Gb/s peak download and ≤ 10 ms radio-access latency on licensed spectrum bands. |
| Broadband | High-capacity “last-mile” access (cable-DOCSIS, fibre, DSL, 5G FWA, etc.) that gives end-users continuous Internet connectivity at ≥ 25 Mb/s downlink. |
| Carrier (telecom carrier) | A licensed operator that owns and manages long-haul fibre, metro rings, radio facilities, and switching equipment, and sells connectivity services to other organisations. |
| Carrier Ethernet | A family of MEF-standardised services (E-Line point-to-point, E-LAN multipoint, etc.) that let customers extend native Ethernet frames across a carrier MAN/WAN using encapsulation techniques such as Q-in-Q or MAC-in-MAC. |
| CIR (Committed Information Rate) | The minimum throughput (in Mb/s or Gb/s) that the carrier contractually guarantees to deliver for a service, even under congestion. |
| Demarcation (demarc) | The physical hand-off point where carrier responsibility ends and customer responsibility begins; often a smart jack or NID in the equipment room. |
| DIA (Dedicated Internet Access) | A business-grade Internet circuit in which the full purchased bandwidth (e.g., 500 Mb/s) is reserved end-to-end for one customer, unlike oversubscribed residential broadband. |
| DSL (Digital Subscriber Line) | A family of copper-pair technologies (ADSL, VDSL, G.fast) that modulate high-frequency signals over telephone lines to provide asymmetric broadband access. |
| E-carrier | The European PDH time-division multiplexing hierarchy (E1 = 2.048 Mb/s, E3 = 34.368 Mb/s) that predates synchronous SDH/SONET fibre systems. |
| Ethernet | IEEE 802.3 Layer-2 protocol that frames data with source/destination MAC addresses and a CRC trailer; scales from 10 Mb/s (legacy) to 400 Gb/s (modern). |
| Flex-Algo | An IETF extension to Segment Routing-MPLS that lets operators compute constraint-based paths (latency, bandwidth, affinity) on-demand without per-LSP signalling. |
| IPsec (Internet Protocol Security) | An IETF suite (ESP/AH, IKEv2) that authenticates and encrypts IP packets at Layer-3 using symmetric crypto (AES-GCM) and key-exchange protocols. |
| Label (MPLS label) | A 20-bit field pushed onto a packet’s shim header by the ingress router; core routers forward solely by label, not by IP lookup, enabling traffic engineering and VPN separation. |
| Layer-1 / Layer-2 / Layer-3 | The bottom three layers of the OSI model: physical signalling (L1), data-link framing/switching (L2), and network routing with logical addresses (L3). |
| Leased fibre / leased line / private circuit | A dedicated Layer-1 wavelength or time-slot that the carrier books end-to-end for a single customer, presenting as an always-on transparent pipe. |
| MAC-in-MAC (Provider Backbone Bridges) | IEEE 802.1ah encapsulation that wraps a customer Ethernet frame inside a new outer source/destination MAC pair for scalability in large carrier backbones. |
| MPLS (Multi-Protocol Label Switching) | A forwarding paradigm that prepends short numeric labels to packets; routers switch on labels instead of IP prefixes, allowing fast path setup, QoS, and L3/L2 VPNs. |
| MPLS-TE (Traffic Engineering) | Extensions that reserve explicit label-switched paths with bandwidth and latency constraints through resource reservation and link-state advertisements. |
| NID (Network Interface Device) | Customer-edge appliance supplied by the carrier that terminates the service (Ethernet hand-off, optical transceiver) and measures SLA metrics. |
| PE router (Provider Edge) | The carrier’s edge router where customer circuits or tunnels terminate; it inserts/removes MPLS labels and holds separate VRF tables for each VPN. |
| Q-in-Q (802.1ad Provider Bridging) | Double-tagging method that places a customer’s 12-bit VLAN ID inside a second 12-bit “service-provider” VLAN, extending VLAN scaling to ≈ 16 million logical circuits. |
| QoS (Quality of Service) | Traffic-management mechanisms (classification, queuing, scheduling, policing) that allocate bandwidth and bound latency/jitter for priority flows like VoIP. |
| SD-WAN (Software-Defined Wide-Area Network) | An overlay system where software appliances at each site create encrypted tunnels over multiple underlay links (DIA, LTE, MPLS) and dynamically steer packets based on real-time path metrics and policy intent. |
| Smart jack | A managed demarc device that provides diagnostic loopbacks, performance monitoring, and electrical/optical conversion for T-carrier/E-carrier services. |
| T-carrier | North-American PDH hierarchy (T1 = 1.544 Mb/s, T3 = 44.736 Mb/s) that multiplexes 64 kb/s voice channels over copper or microwave links. |
| Virtual Routing and Forwarding (VRF) | A logical routing table on a PE router; each customer VPN has its own VRF so overlapping IP subnets remain isolated. |
| WireGuard | A modern VPN protocol that runs over UDP, uses Curve25519 key exchange and ChaCha20-Poly1305 encryption, and is simpler and faster than traditional IPsec. |
| Wavelength (optical) | A specific light frequency (e.g., 1550 nm) used in dense wave-division multiplexing (DWDM) so multiple 10 Gb/s+ channels share a single fibre strand. |
Representative shared carrier services
| Service family | How it works | Typical use-cases & traits |
|---|---|---|
| Leased line / private circuit (e.g., “leased fibre”, T-carrier, E-carrier) | The carrier dedicates a physical wavelength or time slot end-to-end for one customer. From the user’s viewpoint it behaves like an always-on Layer-1 pipe between two sites. | Data-centre interconnect at 10 Gb/s+, latency-sensitive replication. Highest performance and privacy; most expensive. |
| Carrier Ethernet (E-Line, E-LAN) | Ethernet frames ride a carrier MAN/WAN core encapsulated with VLAN/Q-in-Q or MAC-in-MAC headers. Customers keep native Ethernet semantics across cities or countries. | Campus extension across a metro area, video surveillance backhaul. Simpler than MPLS for pure Layer-2 needs. |
| MPLS VPN (Layer-3 and Layer-2) | The provider core inserts an MPLS label stack that steers packets through the backbone; each label maps to a customer VRF (virtual routing and forwarding) table, isolating traffic logically while sharing routers and fibre. | Multinational WANs linking dozens of branch LANs with QoS for voice, ERP, and SaaS. Good balance of privacy, scalability, and price. |
| Broadband DIA + IPsec / SD-WAN overlay | A commodity Internet access circuit (DSL, cable, 5G) supplies raw bandwidth; software appliances build encrypted overlays (IPsec, WireGuard) and use multiple links with dynamic path selection and traffic shaping. | Rapid deployment of branch stores, flexible fail-over, cost-optimised backups. Lower SLA; security handled by the overlay. |
Key technical characteristics
- Medium & layer – offerings span Layer-1 waves, Layer-2 Ethernet, and Layer-3 MPLS; each layer implies different customer control and carrier responsibility.
- Quality of Service (QoS) – carriers police and shape queues so premium classes (voice, real-time control) meet latency and jitter budgets even when links are congested.
- Demarcation – the hand-off device (smart jack, NID, CE router) marks the boundary: everything on the customer side is under enterprise admin, everything beyond is the carrier’s managed domain.
- Redundancy options – diverse physical paths, dual-homed provider edge (PE) routers, and automatic reroute (MPLS-TE, Flex-Algo) protect against fibre cuts.
- Billing model – monthly recurring charges scale with committed information rate (CIR), class-of-service tiers, and distance between endpoints.
Putting it into practice
When designing a wide-area network, an engineer weighs bandwidth, determinism, security, and cost:
- Choose leased fibre where microsecond latency and absolute isolation are mission-critical.
- Select MPLS VPN or Carrier Ethernet for predictable, any-to-any enterprise connectivity with carrier-grade SLAs.
- Combine broadband DIA links with SD-WAN overlays to maximise price-per-Mbps while still enforcing policy and encryption in software.
Understanding these shared carrier services—and the role of the carrier that provisions them—lets you architect WANs that meet stringent technical and business requirements without owning all the glass in the ground.