Cisco Catalyst SD-WAN Data Sheet
Available Languages
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
With the continued transition to multicloud and hybrid environments, it has become essential for IT to pivot their networks to support a distributed workforce, provide seamless and secure access to business-critical applications across all clouds, deliver superior experience, and gain insights to enable them to respond to business demands faster.
Cisco Catalyst SD-WAN connects any user to any application with integrated capabilities for multicloud, security, predictive operations, and enhanced network visibility —all on a SASE-enabled architecture. Cisco Catalyst SD-WAN enables you to transform your IT infrastructure by delivering network connectivity that’s cloud-agnostic, efficient and simpler to manage, lowers operational costs and increases control and visibility across the entire digital service delivery chain.
Cisco Catalyst SD-WAN provides a flexible architecture to extend SD-WAN to any environment (Figure 1). The solution automatically discovers, authenticates, and provisions both new and existing Cisco Catalyst SD-WAN devices.
Flexible and scalable architecture for network transformation
The Cisco Catalyst SD-WAN (Figure 2) connects all company data centers, core and campus locations, WAN branches, colocation facilities, cloud infrastructure, and remote workers. Using the Overlay Management Protocol (OMP), Cisco Catalyst SD-WAN provides centralized control over the entire network. It simplifies IT operations with automated provisioning, unified policies, and streamlined management to help ensure rapid updates and resolutions, and provides advanced network functionality, reliability, and security.
Cisco Catalyst SD-WAN Manager dashboard showing network and application health
The global network topology with site and tunnel health.
After connecting to Cisco Catalyst SD-WAN, each network device can find the best path to the applications that reside in the data center or multicloud. Cisco Catalyst SD-WAN can use any transport method (satellite, broadband, Multiprotocol Label Switching [MPLS], 5G/LTE) from any location (core, edge, cloud) for any network service (security, application- voice). Through OMP, Cisco Catalyst SD-WAN supports both common and advanced routing protocols that are necessary for managing networks across the WAN and cloud, such as Border Gateway Protocol (BGP), Enhanced Interior Gateway Routing Protocol (EIGRP), Equal-Cost Multipath (ECMP) routing, Open Shortest Path First (OSPF), Virtual Router Redundancy Protocol (VRRP), and IPv6. Cisco Catalyst SD-WAN provides this flexibility for both full and partial mesh deployments, allowing maximum customization based on business needs.
Cisco Catalyst SD-WAN Analytics is a SaaS component of the solution that provides enhanced visibility into network and application performance, along with historical trend information to establish benchmarks and expedite root cause analysis. In addition, it offers predictive network capabilities, enabling enterprises to take corrective actions and gain total control of the user experience.
Table 1. Features and benefits
| Feature |
Benefit |
| Full SD-WAN feature stack with unified communications |
Provides sophisticated control of the network with a set of features for routing, unified communications, multicloud, security, and centralized policy control and management. |
| Multicloud choice and control |
Enables a range of optimization for multicloud applications using the Cisco Catalyst SD-WAN Cloud OnRamp architecture. It optimizes major Software-as-a-Service (SaaS) applications and workflow integrations to major public clouds and colocation providers. |
| Security that is built in, not bolted on |
The Distributed Security Enforcement (DSE) framework enables centralized security policies and provides segmentation across the entire network and a robust security stack, either on-premises or in the Cisco Umbrella cloud (Figure 3). Instantly deploy the right security in the right place, all from a single dashboard. |
| Visibility and analytics |
Provides granular visibility into applications and infrastructure, enabling rapid failure correlation and mitigation. |
| Maximum choice and control |
Offers flexibility with a cloud-first architecture to connect any user to any application, across any cloud. |
| Simplicity |
Offers intuitive configuration, management, and monitoring experience for operational simplicity |
Best-in-class technology innovation
● Fully integrated security everywhere.
◦ Distributed Security Enforcement (DSE) framework, which includes - Embedded security (Next Generation Firewall), fabric security, SD-WAN integration with cloud security, monitoring and visibility and certifications and compliance.
◦ On-premises Security with NGFW, Advanced IPS, AMP with Sandboxing, URL-Filtering, TLS proxy, Unified logging, Identity Firewall support.
◦ Cloud Security Integration with Cisco Umbrella for a Unified SASE Solution.
◦ Modular SASE solution through integration with third-party SSE cloud security provides, including Zscaler, Netskope, Palo Alto, Cloudflare, and Skyhigh.
◦ Integration with third-party SIEM and SOAR vendors, including Splunk and Microsoft Sentinel, enhances monitoring and visibility, offering actionable insights into network and security events.
◦ A centralized view of network security events with actionable threat data for security operations center teams through the Catalyst SD-WAN Manager Security dashboard.
◦ Routing intelligence and threat intelligence on a certified trustworthy infrastructure.
◦ Industry leading Threat detection and response powered by the Talos engine.
● True SD-WAN architecture
◦ Separate and dedicated components for the control plane, data plane, and management and orchestration of the WAN.
◦ Flexibility to implement overlay, underlay, physical, and virtual networks.
◦ Voice and unified communications support.
◦ IPv6 support (BGP, OSPF).
◦ AIOps capabilities such as Predictive Path Recommendations powered by ThousandEyes WAN Insights and bandwidth forecasting.
● Robust IP multicast support
◦ Enables network traffic control, enhances efficiency by eliminating traffic redundancy, and reduces server and CPU loads.
◦ Efficiently handles one-to-many or many-to-many communications.
◦ Provides multicast capability across platforms (Protocol Independent Multicast Source-Specific Multicast [PIM-SSM], Internet Group Management Protocol [IGMP] v2, and IGMP v3).
● Enhanced application visibility
◦ Cisco Catalyst SD-WAN Analytics offers historical and correlated site, device, circuit, tunnel, and application health information for better visibility.
◦ Integrated with Cisco ThousandEyes to bring end-to-end visibility into application delivery and network performance.
◦ Extends end-to-end granular insights into network health and application performance with a full hop-by-hop analysis across the internet and cloud.
◦ Isolates fault domains and provides actionable insights that drastically expedite troubleshooting and resolution, before users are affected.
● Investment protection
◦ Leverages traditional transport protocols for the best application experience
◦ Allows you to simply upgrade existing Cisco routers with SD-WAN functionality if you prefer
◦ Flexible multicloud deployment options
◦ Cloud OnRamp for Multicloud
◦ Cloud OnRamp for SaaS (with Cisco IOS® XE support)
◦ Cloud OnRamp for Colocation
◦ Cloud OnRamp for Cloud Interconnect
◦ Cloud OnRamp for Cloud Hub
| Category |
Description |
| Authentication, Authorization, and Accounting (AAA) |
TACACS+, RADIUS, local, role-based access control |
| Routing |
OSPF, external BGP (eBGP), internal BGP (iBGP), EIGRP, ECMP, static, connected, OMP |
| Bridging |
802.1Q, native VLAN, bridge domains, Integrated Routing and Bridging (IRB), host-mode bridging |
| Security |
Built-in security: Intrusion prevention system, web security, enterprise firewall, Malware Defense, AMP, URL filtering, and SSL inspection Cloud security (Cisco Umbrella): Web security with SSL proxy, DNS-layer enforcement, URL filtering, Cloud Access Security Broker (CASB), and enterprise firewalls. Read more: https://learn-umbrella.cisco.com/i/1153736-cisco-umbrella-secure-internet-gateway-sig-essentials/0? Device- and network-level security: Zero trust, segmentation, whitelisting, tamper-proof module, Datagram Transport Layer Security (DTLS)/TLS, IPsec, ESP-256-CBC, authentication header, HMAC-SHA1, Distributed Denial-of-Service (DDoS) protection, control plane protection, Network Address Translation (NAT) traversal Compliance and Certifications: ISO27001, 27017, 27018, 27701, C5, PCI-DSS, SOC2, MEF SD-WAN 3.0, Cisco SD-WAN for Government- FedRAMP |
| Unified communications |
Public Switched Telephone Network (PSTN) voice and fax support, SIP trunk support with CUCM, Secure Survivable Remote Site Telephony (SRST), CUBE, DSPFarm Media Resource Pooling |
| Application/WAN optimization |
FEC and packet duplication for User Datagram Protocol (UDP), TCP optimization, Predictive Path Recommendations powered by ThousandEyes WAN Insights, Cloud OnRamp optimization for SaaS applications |
| Multicloud and colocation |
Public cloud integrations into AWS, Azure, and Google Cloud Cloud OnRamp optimization for SaaS applications Cloud OnRamp for Colocation |
| Cloud Interconnect and Cloud Hub |
Optimized Connectivity with Cloud OnRamp for Cloud Hub and Cloud Interconnect |
| Monitoring and Troubleshooting |
Enhanced visibility into Application and Network (sites, WAN circuits) availability, performance and usage. Expedited and intuitive troubleshooting capabilities with Network Wide Path Insights (NWPI), Underlay Measurement and Tracing Services (UMTS) and more. Gain additional visibility with Cisco ThousandEyes. Cisco ThousandEyes is natively integrated with eligible Cisco Catalyst 8200 and 8300 Series platforms and 4000 Series Integrated Service Routers (ISR) with a minimum of 8 GB DRAM and 8 GB bootflash/storage. Additional memory and storage will be required to concurrently run the ThousandEyes agent with containerized SD-WAN security services. |
| Forwarding and Quality of Service (QoS) |
Classification, prioritization, low latency queuing, remarking, shaping, scheduling, policing, mirroring, NAT/Port Address Translation (PAT) |
| Multicast |
Internet Group Management Protocol (IGMP) v1/v2/v3, Protocol Independent Multicast (PIM), Auto-RP, scale-out traffic replication |
| Policy |
Route policies, app-aware routing, control policy, data policy, Access Control List (ACL) policy, VPN membership policy |
| Location services |
Route policies, app-aware routing, control policy, data policy, ACL policy, VPN membership policy |
| Cellular |
Integrated 4G/LTE modem on some devices |
| Mobility |
Wi-Fi 802.11a/b/g/n/ac, WPA2-Enterprise, WPA2-Personal, MAC filtering, 8 SSIDs per radio, 802.11i security enhancement and 802.11e QoS, wireless intrusion detection and protection |
| System and network services |
IPv4, Simple Network Management Protocol (SNMP), Network Time Protocol (NTP), DNS client, Dynamic Host Configuration Protocol (DHCP) client, DHCP server, DHCP relay, configuration archival, syslog, Secure Shell (SSH), Secure Copy (SCP), NAT/PAT, Cflowd v10 IPFIX export |
| Configuration and monitoring |
NETCONF over SSH, Command-Line Interface (CLI), REST (Cisco Catalyst SD-WAN Manager), Linux shell |
| Out-of-band management |
Management port (vEdge 1000, vEdge 2000, vEdge 5000), serial console port (vEdge 1000, vEdge 2000, vEdge 5000), USB console port |
| Cisco TrustSec® |
Defined segmentation – policy through security groups. Open through IETF, available within OpenDaylight SDN controller and supported on third-party platforms |
Cisco DNA Software for SD-WAN and Routing
Cisco DNA Software subscription licensing offers three feature tiers: Cisco DNA Essentials, Cisco DNA Advantage, and Cisco DNA Premier. These are nested SKUs and represent good, better, and best offers. All are available as a 3-year or 5-year subscription and have bandwidth tier options. Cisco DNA Advantage is also available as a 7-year subscription.
Benefits:
● The latest innovations through simple subscription tiers
● Available across the portfolio
● Flexibility to choose on-premises or cloud management
● Easy license portability across on-premises and cloud
● Easy upgrade across tiers
● Software Support Service (SWSS) included
For more information on Cisco DNA Software subscriptions, go to: https://www.cisco.com/c/m/en_us/products/software/sd-wan-routing-matrix.html?oid=otren019258.
Cisco DNA Software subscription licensing for SD-WAN and routing
For more information, review the Cisco DNA Software for SD-WAN and Routing Ordering Guide.
Other buying programs are available, including Enterprise Agreements (EA) and Managed Service Licensing Agreement (MSLA). A Cisco Enterprise Agreement provides a simpler way to manage licenses and reduces costs, and a single agreement covers the purchase of software and subscription licenses as well as application software support. The MSLA helps partners align business costs with a subscription-based model for their customers.
Cisco ThousandEyes
A valid ThousandEyes agent license is required to activate the ThousandEyes agent. Existing ThousandEyes subscriptions can be leveraged on the supported router platforms. For additional ThousandEyes subscription information, go to https://www.thousandeyes.com/signup/?utm_source=Cisco&utm_medium=referral&utm_campaign=CiscoSD-WAN.
Flexible payment solutions to help you achieve your objectives
Cisco Capital® makes it easier to get the right technology to achieve your objectives, enable business transformation, and stay competitive. We can help you reduce the total cost of ownership, conserve capital, and accelerate growth. In more than 100 countries, our flexible payment solutions can help you acquire hardware, software, services, and complementary third-party equipment in easy, predictable payments. Learn more.
See how Cisco Catalyst SD-WAN can help you move faster, lower costs, and reduce risk: https://cisco.com/go/sdwan.