Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Cisco SD-WAN Data Sheet

Networking Solutions Island of Content Event

Available Languages

Download Options

  • PDF
    (833.6 KB)
    View with Adobe Reader on a variety of devices
Updated:March 30, 2021

Available Languages

Download Options

  • PDF
    (833.6 KB)
    View with Adobe Reader on a variety of devices
Updated:March 30, 2021

Table of Contents

 

 

The Cisco® SD-WAN solution offers a complete SD-WAN fabric with centralized management and security built in, creating a secure overlay WAN architecture across campus, branch, and data center and multicloud applications. The software solution runs on a range of SD-WAN routers across hardware, virtual, and cloud form factors.

Cisco SD-WAN builds on the architecture called Secure Access Service Edge (SASE). WAN security and features today must be distributed, cloud-based, flexible, and agile. Cisco SD-WAN is the industry’s first fully integrated SASE offering that combines best-of-breed SD-WAN with the cutting-edge Cisco Umbrella Cloud Security portfolio.

Solution overview

The Cisco SD-WAN dashboard (Figure 1) connects all company data centers, core and campus locations, WAN branches, colocation facilities, cloud infrastructure, and remote workers. Cisco SD-WAN uses the Overlay Management Protocol (OMP) to control the entire network. It simplifies IT operations with automated provisioning, unified policies, and streamlined management to help ensure rapid updates and resolutions, and provides advanced network functionality, reliability, and security.

The Cisco SD-WAN dashboard

Figure 1.            

The Cisco SD-WAN dashboard

The Cisco SD-WAN secure, cloud-scale architecture

Figure 2.            

The Cisco SD-WAN secure, cloud-scale architecture

Cisco SD-WAN provides a flexible architecture to extend SD-WAN to any environment (Figure 2). The solution automatically discovers, authenticates, and provisions both new and existing Cisco SD-WAN devices.

After connecting to Cisco SD-WAN, each network device can find the best path to the applications that reside in the data center or multicloud. Cisco SD-WAN can use any transport method (satellite, broadband, MPLS, 5G/LTE) from any location (core, edge, cloud) for any network service (security, application Quality of Experience [QoE], voice). Through OMP, Cisco SD-WAN supports both common and advanced routing protocols that are necessary for managing networks across the WAN and cloud, such as Border Gateway Protocol (BGP), Enhanced Interior Gateway Routing Protocol (EIGRP), Equal-Cost-Multi-Path (ECMP) routing, Open Shortest Path First (OSPF), Virtual Router Redundancy Protocol (VRRP), and IPv6. Cisco SD-WAN provides this flexibility in both full and partial mesh encrypted deliveries, allowing maximum customization based on business needs.

Features and benefits

Feature

Benefit

Full SD-WAN feature stack with unified communications

The solution provides sophisticated control of the network with a set of features for routing, unified communications, multicloud, security, and centralized policy control and management.

Multicloud choice and control

Enables a range of optimization for multicloud applications using Cloud OnRamp architecture. It optimizes major Software as a Service (SaaS) applications and workflow integrations to major public clouds and collocation providers.

Security that is built in, not bolted on

Enables centralized security policies and provides segmentation across the entire network and a full security stack either on-premise or in the Cisco Umbrella® cloud (Figure 3). Instantly deploy the right security in the right place, all from a single dashboard.

Visibility and analytics

Centralizes management to make it easy to deploy SD-WAN and security while maintaining policy across thousands of sites.

Maximum choice and control

Offers flexibility with a cloud-first architecture to connect any user to any application, across any cloud.

 

Cisco SD-WAN built-in security (on-premise or Cisco Umbrella cloud)

Figure 3.            

Cisco SD-WAN built-in security (on-premise or Cisco Umbrella cloud)

Prominent feature

Best-in-class technology innovation

      Fully integrated security everywhere

    Built-in security or cloud security with Cisco Umbrella Secure Internet Gateway (SIG)

    Routing intelligence and threat intelligence on a certified trustworthy infrastructure

    Integrated auto-registration and auto-configuration of cloud-delivered Cisco Umbrella from SD-WAN

    Talos® security, enabling fast, industry-leading threat detection

    On-premise security with application-aware enterprise firewall, Snort IPS, encryption, URL filtering, AMP for networks, and more

      True SD-WAN architecture

    Separate and dedicated components for the control plane, data plane, and management and orchestration of the WAN

    Flexibility to implement overlay, underlay, physical, and virtual networks

    Voice and Unified Communications (UC) support

    IPv6 support (BGP, OSPF)

      Robust IP multicast support

    Enables network traffic control, enhances efficiency by eliminating traffic redundancy, and reduces server and CPU loads

    Efficiently handles one-to-many or many-to-many communications

    Provides multicast capability across platforms (PIM-SSM, IGMPv2, and IGMPv3)

      Investment protection

    Leverages traditional transport protocols for the best application experience

    Allows you to simply upgrade existing Cisco routers with SD-WAN functionality if your customers prefer

      Flexible multicloud deployment options

    Cloud OnRamp for IaaS

    Cloud OnRamp for SaaS (with Cisco IOS® XE support)

    Cloud OnRamp for Colocation

Software feature matrix

Category

Description

Authentication, Authorization, and Accounting (AAA)

TACACS+, RADIUS, local, role-based access control

Routing

OSPF, external BGP (eBGP), internal BGP (iBGP), EIGRP, ECMP, static, connected, OMP

Bridging

802.1Q, native VLAN, bridge domains, Integrated Routing and Bridging (IRB), host-mode bridging

Security

Built-in security: Intrusion prevention system, web security, Enterprise firewall, Cisco Advanced Malware Protection (AMP), Next Generation Antivirus (NGAV), URL filtering, and SSL inspection

Cloud security (Cisco Umbrella): Web security with SSL proxy, DNS-layer enforcement, URL filtering, Cloud Access Security Broker (CASB), and Enterprise firewalls. Read more: https://learn-umbrella.cisco.com/i/1153736-cisco-umbrella-secure-internet-gateway-sig-essentials/0?

Device- and network-level security: Zero trust, segmentation, whitelisting, tamper-proof module, Datagram Transport Layer Security (DTLS)/TLS, IPsec, ESP-256-CBC, authentication header, HMAC-SHA1, Distributed Denial-of-Service (DDoS) protection, control plane protection, Network Address Translation (NAT) traversal

Unified Communications

SIP, Public Switched Telephone Network (PSTN) voice and fax support, Survivable Remote Site Telephony (SRST), 911 calling, conferencing, Cisco Unified Communications Manager and Webex Calling

Application/WAN optimization

Forward Error Correction (FEC) and packet duplication for User Datagram Protocol (UDP), TCP optimization, Cloud OnRamp optimization for SaaS applications

Multicloud and colocation

Public cloud integrations into AWS, Azure, and Google Cloud

Cloud OnRamp optimization for SaaS applications

Cloud OnRamp for Colocation

Forwarding and Quality of Service (QoS)

Classification, prioritization, low latency queuing, remarking, shaping, scheduling, policing, mirroring, NAT/Port Address Translation (PAT)

Multicast

Internet Group Management Protocol (IGMP) v1/v2/v3, Protocol Independent Multicast (PIM), Auto-RP, scale-out traffic replication

Policy

Route policies, app-aware routing, control policy, data policy, Access Control List (ACL) policy, VPN membership policy

Location services

Route policies, app-aware routing, control policy, data policy, ACL policy, VPN membership policy

Cellular

Integrated 4G/LTE modem on some devices

Mobility

Wi-Fi 802.11a/b/g/n/ac, WPA2-Enterprise, WPA2-Personal, MAC filtering, 8 SSIDs per radio, 802.11i security enhancement and 802.11e QoS, wireless intrusion detection and protection

System and network services

IPv4, Simple Network Management Protocol (SNMP), Network Time Protocol (NTP), DNS client, Dynamic Host Configuration Protocol (DHCP) client, DHCP server, DHCP relay, configuration archival, syslog, Secure Shell (SSH), Secure Copy (SCP), NAT/PAT, Cflowd v10 IPFIX export

Configuration and monitoring

NETCONF over SSH, Command-Line Interface (CLI), REST (vManage), Linux shell

Out-of-band management

Management port (vEdge 1000, vEdge 2000, vEdge 5000), serial console port (vEdge 1000, vEdge 2000, vEdge 5000), USB console port

TrustSec

Defined segmentation – policy through security groups. Open through IEFT, available within OpenDaylight SDN Controller and supported on 3rd party platforms

Licensing

Cisco DNA Software for SD-WAN and Routing

Cisco DNA Software subscription licensing offers three feature tiers: Cisco DNA Essentials, Cisco DNA Advantage, and Cisco DNA Premier. These are nested SKUs and represent good, better, and best offers. All are available as a 3-year or 5-year subscription and have bandwidth tier options.

Benefits:

      The latest innovations through simple subscription tiers

      Available across the portfolio

      Flexibility to choose on-premise or cloud management

      Easy license portability across on-premise and cloud

      Easy upgrade across tiers

      Software Support Service (SWSS) included

For more information on Cisco DNA subscriptions, go to: https://www.cisco.com/c/m/en_us/products/software/sd-wan-routing-matrix.html?oid=otren019258

Cisco DNA Software subscription licensing for SD-WAN and Routing

Figure 4.            

Cisco DNA Software subscription licensing for SD-WAN and Routing

For more information, review the Cisco DNA Software for SD-WAN and Routing Ordering Guide.

Note:   Other buying programs are available, including Enterprise Agreements (EA) and Managed Service Licensing Agreement (MSLA). A Cisco Enterprise Agreement provides a simpler way to manage licenses and reduces costs, and a single agreement covers the purchase of software and subscription licenses as well as application software support. The MSLA helps partners align business costs with a subscription-based model for their customers.

Cisco Capital

Flexible payment solutions to help you achieve your objectives

Cisco Capital makes it easier to get the right technology to achieve your objectives, enable business transformation and help you stay competitive. We can help you reduce the total cost of ownership, conserve capital, and accelerate growth. In more than 100 countries, our flexible payment solutions can help you acquire hardware, software, services and complementary third-party equipment in easy, predictable payments. Learn more.

For more information

See how Cisco SD-WAN can help you move faster, lower costs, and reduce risk: https://cisco.com/go/sdwan.

Document history

New or Revised Topic

Described In

Date

Initial data sheet creation with SD-WAN version 17.2 release

New

05/08/2020

Update to SD-WAN version 17.5 release

Update

30/03/2021

 

 

 

Learn more