The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This marketing document is intended to foster the initial discussion around migrating your network from a traditional routing implementation over to an SD-WAN architecture. It is not intended as an exhaustive, complete engineering document with all of the steps required to migrate your WAN to a modern SD-WAN. For those purposes, the Cisco support team has created an in-depth (55-page) SD-WAN migration guide for use by network engineers engaged in the architecture, planning, design, and implementation: https://www.cisco.com/c/dam/en/us/td/docs/routers/sdwan/migration-guide/cisco-sd-wan-migration-guide.pdf
This document is intended to be a quick overview of the basic steps and work involved so that customers can get a general idea of the time investment required by their IT team. After a brief discussion of the benefits of SD-WAN in general, this Quick Start document will cover the following migration steps:
1. Verify that your current Cisco® routers support SD-WAN.
2. Select the Cisco DNA software for your SD-WAN tier.
3. Install the Cisco SD-WAN controller, either on premises or in the cloud.
4. Convert your current router configurations to SD-WAN configurations.
5. Push your new SD-WAN configurations to your branch routers.
As companies continue to rely more on applications in the cloud, and as workers and branch offices are ever more distributed, SD-WAN becomes a critical business enabler. Cisco customers tell us that their most visible benefits after migrating from traditional routing to SD-WAN are:
● Improved application experience, including up to 40% improvement in Office 365 performance
● Faster onboarding of new services
● Reduction in unplanned downtime
● Reduction in OpEx
● Improved security
● Cloud OnRamp for SaaS
● SASE to support hybrid work
The first step in mapping out your migration to SD-WAN is to verify that the Cisco campus and branch edge routers that you are currently using can be software upgraded to SD-WAN, thereby eliminating the need to purchase new hardware. The three series of routers that are software upgradable to SD-WAN are the Cisco 1000 Series Integrated Services Routers (ISR 1000), G2 launched in 2009; Cisco 4000 Series Integrated Services Routers (ISR 4000), launched in 2013; and the Cisco ASR 1000 Series Aggregation Services Routers (ASR 1000), launched in 2008. How can routers that were originally sold back in 2008 still be relevant to SD-WAN? The reason is the power of software—and good hardware design. Figure 2 lists the models of Cisco routers that can be upgraded to SD-WAN software.
Cisco routers eligible for SD-WAN software upgrade
There are a number of caveats and exceptions, such as certain specific models and/or interface modules that are not supported. Take an inventory of your current Cisco routers with the actual model number and serial number for each. Check the Install and Upgrade notes for the latest version of the Cisco IOS® XE Software that you will be installing. The notes for Release 17.2.1, with router version support, can be found here: https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/sdwan-xe-gs-book/install-upgrade-17-2-later.html
The complete list of release notes for all SD-WAN software versions can be found here: https://www.cisco.com/c/en/us/support/routers/sd-wan/products-release-notes-list.html
If you have Cisco Catalyst® 8000 Edge Platforms Family devices in your network, these also can support SD-WAN, and they already come with Cisco IOS XE installed from the factory. You should upgrade these devices to the latest version of Cisco IOS XE before migrating them to SD-WAN.
Cisco Catalyst 8000 Edge Platforms Family
Figure 4 below is a high-level view of the SD-WAN and Routing packages available at Cisco. The tiered design of Cisco DNA Software is nested, meaning that each next higher package includes all of the features in the lower package(s). All of the functionality of Essentials is contained within Advantage. And likewise, Premier includes all the functionality of both Essentials and Advantage, plus the Premier-only items.
Practically speaking, small SD-WAN deployments limited to four user VPNs and simple SD-WAN use cases will be served well by the Cisco DNA Essentials product offering. More complex and expansive SD-WAN use cases, including network analytics, will require the Advantage tier. And those customers desiring an entry into the world of secure access service edge, or SASE, will need to select the Premier product.
SD-WAN and Routing software subscription offer structure
The marquee Premier feature is Cisco Umbrella® Secure Internet Gateway, or Cisco Umbrella SIG, which includes:
● Cloud delivered DNS-layer security to block requests before a connection is even established
● A full-proxy secure web gateway to log and inspect all web traffic
● A cloud access security broker (CASB) plus App Discovery functionality to uncover rogue apps
● A cloud-delivered firewall (CDFW) to prevent intrusion
● Globally sourced internet activity threat intelligence to uncover malicious domains, IPs, and URLs
● Cisco Secure Malware Analytics (formerly Threat Grid) to detect and quarantine malicious files
For a more complete breakdown of capabilities in each of the three tiers, please consult the Cisco DNA Software for SD-WAN and Routing Feature Matrix.
The “software-defined” part of SD-WAN is powered by the controller. The Cisco SD-WAN controller is a single entity, but it has three separate functions: vManage, vSmart, and vBond.
The Cisco vManage portion is the network management system (NMS) and interface dashboard for operations and maintenance, including device provisioning, configuration, authentication, and policy management, as well as operational status, such as performance and troubleshooting.
The Cisco vSmart Controller section is the centralized brain of the Cisco SD-WAN solution, controlling the flow of data traffic throughout the network. It oversees the control plane of the Cisco SD-WAN fabric, efficiently managing provisioning, maintenance, and security for the entire Cisco SD-WAN overlay network. The Cisco vSmart Controller works with the Cisco vBond Orchestrator to authenticate Cisco vEdge devices as they join the network and to orchestrate connectivity among the edge routers.
The Cisco vBond Orchestrator automatically authenticates all other Cisco vEdge devices when they join the Cisco SD-WAN overlay network and orchestrates connectivity between edge routers and Cisco vSmart Controllers. If any edge router or Cisco vSmart Controller is behind a Network Address Translation (NAT) device, the Cisco vBond Orchestrator also serves as an initial NAT traversal orchestrator.
All three of these components are installed simultaneously on a virtual machine (VM) format supporting popular hypervisors (ESXi, KVM, AWS, Azure). These three components can be deployed on customer premises, private cloud, or public cloud. They can be hosted by Cisco on AWS or Azure VPC. A combination of options is also possible, but in practice, this usually translates to a control plane hosted by Cisco (vBond, vSmart) and an on-premises management plane (vManage). For most customers, installing the SD-WAN controller on an on-premises server is the simplest and quickest way to get started.
Customers are encouraged to discuss with their Cisco partner or Cisco account manager the best option for their needs. Further information about Cisco’s SD-WAN controllers can be found in our detailed SD-WAN Controller Setup Guide and in our SD-WAN On-Prem Controller Deployment video.
Cisco has developed an SD-WAN conversion tool that greatly facilitates migrating from traditional routing to SD-WAN. This tool analyzes your current router configuration and automatically creates a new router configuration for SD-WAN. Not only does this save countless hours of work, but it also guarantees consistency in the configuration of each branch router. Additionally, the tool will flag any configuration parameters that are not supported in SD-WAN and will recommend workarounds when necessary.
Cisco’s online Convert to SD-WAN tool
To use this converter, you will need to establish a library of all the Cisco router model configurations that are currently active in your network. Once you have this library established, use the tool at https://convert2sdwan.cisco.com and follow the steps to upload, analyze, and convert each individual router configuration. Click here for a video further explaining Cisco’s convert to SD-WAN tool.
Once the conversion process is complete, the newly created SD-WAN configuration library is ready for deployment via the Cisco SD-WAN Controller.
The final step is to push your new SD-WAN configurations via vManage to your devices. If you have many branches to migrate, this process can be automated with a workflow that supports up to 25 devices (branch routers) simultaneously. You can view a video of this quick connect process here.
Hopefully this quick start guide has given you an idea of the steps and effort involved in upgrading a traditional routed WAN to the latest Cisco SD-WAN. Cisco has taken many steps to ensure that this complex process is as simple as possible; however, your IT engineers should consult with your Cisco partner or managed services partner for guidance and support and follow the complete Cisco SD-WAN End-to-End Deployment Guide for this process.