The Cisco® SD-WAN solution offers a complete SD-WAN fabric with centralized management and security built in, creating a secure overlay WAN architecture across campus, branch, and data center and multicloud applications. The software solution runs on a range of SD-WAN routers across hardware, virtual, and cloud form factors.
Cisco SD-WAN builds on the architecture called Secure Access Service Edge (SASE). WAN security and features today must be distributed, cloud-based, flexible, and agile. Cisco SD-WAN is the industry’s first fully integrated SASE offering that combines best-of-breed SD-WAN with the cutting-edge Cisco Umbrella Cloud Security portfolio.
The Cisco SD-WAN dashboard (Figure 1) connects all company data centers, core and campus locations, WAN branches, colocation facilities, cloud infrastructure, and remote workers. Cisco SD-WAN uses the Overlay Management Protocol (OMP) to control the entire network. It simplifies IT operations with automated provisioning, unified policies, and streamlined management to help ensure rapid updates and resolutions, and provides advanced network functionality, reliability, and security.
The Cisco SD-WAN dashboard
The Cisco SD-WAN secure, cloud-scale architecture
Cisco SD-WAN provides a flexible architecture to extend SD-WAN to any environment (Figure 2). The solution automatically discovers, authenticates, and provisions both new and existing Cisco SD-WAN devices.
After connecting to Cisco SD-WAN, each network device can find the best path to the applications that reside in the data center or multicloud. Cisco SD-WAN can use any transport method (satellite, broadband, MPLS, 5G/LTE) from any location (core, edge, cloud) for any network service (security, application Quality of Experience [QoE], voice). Through OMP, Cisco SD-WAN supports both common and advanced routing protocols that are necessary for managing networks across the WAN and cloud, such as Border Gateway Protocol (BGP), Enhanced Interior Gateway Routing Protocol (EIGRP), Equal-Cost-Multi-Path (ECMP) routing, Open Shortest Path First (OSPF), Virtual Router Redundancy Protocol (VRRP), and IPv6. Cisco SD-WAN provides this flexibility in both full and partial mesh encrypted deliveries, allowing maximum customization based on business needs.
Feature |
Benefit |
Full SD-WAN feature stack with unified communications |
The solution provides sophisticated control of the network with a set of features for routing, unified communications, multicloud, security, and centralized policy control and management. |
Multicloud choice and control |
Enables a range of optimization for multicloud applications using Cloud OnRamp architecture. It optimizes major Software as a Service (SaaS) applications and workflow integrations to major public clouds and collocation providers. |
Security that is built in, not bolted on |
Enables centralized security policies and provides segmentation across the entire network and a full security stack either on-premise or in the Cisco Umbrella® cloud (Figure 3). Instantly deploy the right security in the right place, all from a single dashboard. |
Visibility and analytics |
Centralizes management to make it easy to deploy SD-WAN and security while maintaining policy across thousands of sites. |
Maximum choice and control |
Offers flexibility with a cloud-first architecture to connect any user to any application, across any cloud. |
Cisco SD-WAN built-in security (on-premise or Cisco Umbrella cloud)
Best-in-class technology innovation
● Fully integrated security everywhere
◦ Built-in security or cloud security with Cisco Umbrella Secure Internet Gateway (SIG)
◦ Routing intelligence and threat intelligence on a certified trustworthy infrastructure
◦ Integrated auto-registration and auto-configuration of cloud-delivered Cisco Umbrella from SD-WAN
◦ Talos® security, enabling fast, industry-leading threat detection
◦ On-premise security with application-aware enterprise firewall, Snort IPS, encryption, URL filtering, AMP for networks, and more
● True SD-WAN architecture
◦ Separate and dedicated components for the control plane, data plane, and management and orchestration of the WAN
◦ Flexibility to implement overlay, underlay, physical, and virtual networks
◦ Voice and Unified Communications (UC) support
◦ IPv6 support (BGP, OSPF)
● Robust IP multicast support
◦ Enables network traffic control, enhances efficiency by eliminating traffic redundancy, and reduces server and CPU loads
◦ Efficiently handles one-to-many or many-to-many communications
◦ Provides multicast capability across platforms (PIM-SSM, IGMPv2, and IGMPv3)
● Investment protection
◦ Leverages traditional transport protocols for the best application experience
◦ Allows you to simply upgrade existing Cisco routers with SD-WAN functionality if your customers prefer
● Flexible multicloud deployment options
◦ Cloud OnRamp for IaaS
◦ Cloud OnRamp for SaaS (with Cisco IOS® XE support)
◦ Cloud OnRamp for Colocation
Category |
Description |
Authentication, Authorization, and Accounting (AAA) |
TACACS+, RADIUS, local, role-based access control |
Routing |
OSPF, external BGP (eBGP), internal BGP (iBGP), EIGRP, ECMP, static, connected, OMP |
Bridging |
802.1Q, native VLAN, bridge domains, Integrated Routing and Bridging (IRB), host-mode bridging |
Security |
Built-in security: Intrusion prevention system, web security, Enterprise firewall, Cisco Advanced Malware Protection (AMP), Next Generation Antivirus (NGAV), URL filtering, and SSL inspection Cloud security (Cisco Umbrella): Web security with SSL proxy, DNS-layer enforcement, URL filtering, Cloud Access Security Broker (CASB), and Enterprise firewalls. Read more: https://learn-umbrella.cisco.com/i/1153736-cisco-umbrella-secure-internet-gateway-sig-essentials/0? Device- and network-level security: Zero trust, segmentation, whitelisting, tamper-proof module, Datagram Transport Layer Security (DTLS)/TLS, IPsec, ESP-256-CBC, authentication header, HMAC-SHA1, Distributed Denial-of-Service (DDoS) protection, control plane protection, Network Address Translation (NAT) traversal |
Unified Communications |
SIP, Public Switched Telephone Network (PSTN) voice and fax support, Survivable Remote Site Telephony (SRST), 911 calling, conferencing, Cisco Unified Communications Manager and Webex Calling |
Application/WAN optimization |
Forward Error Correction (FEC) and packet duplication for User Datagram Protocol (UDP), TCP optimization, Cloud OnRamp optimization for SaaS applications |
Multicloud and colocation |
Public cloud integrations into AWS, Azure, and Google Cloud Cloud OnRamp optimization for SaaS applications Cloud OnRamp for Colocation |
Forwarding and Quality of Service (QoS) |
Classification, prioritization, low latency queuing, remarking, shaping, scheduling, policing, mirroring, NAT/Port Address Translation (PAT) |
Multicast |
Internet Group Management Protocol (IGMP) v1/v2/v3, Protocol Independent Multicast (PIM), Auto-RP, scale-out traffic replication |
Policy |
Route policies, app-aware routing, control policy, data policy, Access Control List (ACL) policy, VPN membership policy |
Location services |
Route policies, app-aware routing, control policy, data policy, ACL policy, VPN membership policy |
Cellular |
Integrated 4G/LTE modem on some devices |
Mobility |
Wi-Fi 802.11a/b/g/n/ac, WPA2-Enterprise, WPA2-Personal, MAC filtering, 8 SSIDs per radio, 802.11i security enhancement and 802.11e QoS, wireless intrusion detection and protection |
System and network services |
IPv4, Simple Network Management Protocol (SNMP), Network Time Protocol (NTP), DNS client, Dynamic Host Configuration Protocol (DHCP) client, DHCP server, DHCP relay, configuration archival, syslog, Secure Shell (SSH), Secure Copy (SCP), NAT/PAT, Cflowd v10 IPFIX export |
Configuration and monitoring |
NETCONF over SSH, Command-Line Interface (CLI), REST (vManage), Linux shell |
Out-of-band management |
Management port (vEdge 1000, vEdge 2000, vEdge 5000), serial console port (vEdge 1000, vEdge 2000, vEdge 5000), USB console port |
TrustSec |
Defined segmentation – policy through security groups. Open through IEFT, available within OpenDaylight SDN Controller and supported on 3rd party platforms |
Cisco DNA Software for SD-WAN and Routing
Cisco DNA Software subscription licensing offers three feature tiers: Cisco DNA Essentials, Cisco DNA Advantage, and Cisco DNA Premier. These are nested SKUs and represent good, better, and best offers. All are available as a 3-year or 5-year subscription and have bandwidth tier options.
Benefits:
● The latest innovations through simple subscription tiers
● Available across the portfolio
● Flexibility to choose on-premise or cloud management
● Easy license portability across on-premise and cloud
● Easy upgrade across tiers
● Software Support Service (SWSS) included
For more information on Cisco DNA subscriptions, go to: https://www.cisco.com/c/m/en_us/products/software/sd-wan-routing-matrix.html?oid=otren019258
Cisco DNA Software subscription licensing for SD-WAN and Routing
For more information, review the Cisco DNA Software for SD-WAN and Routing Ordering Guide.
Note: Other buying programs are available, including Enterprise Agreements (EA) and Managed Service Licensing Agreement (MSLA). A Cisco Enterprise Agreement provides a simpler way to manage licenses and reduces costs, and a single agreement covers the purchase of software and subscription licenses as well as application software support. The MSLA helps partners align business costs with a subscription-based model for their customers.
Flexible payment solutions to help you achieve your objectives
Cisco Capital makes it easier to get the right technology to achieve your objectives, enable business transformation and help you stay competitive. We can help you reduce the total cost of ownership, conserve capital, and accelerate growth. In more than 100 countries, our flexible payment solutions can help you acquire hardware, software, services and complementary third-party equipment in easy, predictable payments. Learn more.
See how Cisco SD-WAN can help you move faster, lower costs, and reduce risk: https://cisco.com/go/sdwan.
New or Revised Topic |
Described In |
Date |
Initial data sheet creation with SD-WAN version 17.2 release |
New |
05/08/2020 |
Update to SD-WAN version 17.5 release |
Update |
30/03/2021 |