SD-WAN Vendors Comparison Chart

SD-WAN vendors: How Cisco stacks up to the competition

Scan SD-WAN and router vendors to see how Cisco outperforms Huawei, HPE, and other SD-WAN vendors. With innovations like software-defined networking, NFV, and integrated security, Cisco solutions offer more than the competition and help provide a foundation for intent-based networking. 

Contact Cisco

  • Get a call from Sales
  • Contact Sales via Email
  • Product / Technical Support
  • (852) 3071 4911
  • 9:00am-6:00pm

SD-WAN

Cisco

Velocloud

Versa

Silver Peak

Expand all

Advanced Security

Advanced branch threat defenseCisco's converged branch platform integrates real-time contextual awareness, security automation, and industry-leading threat prevention, malware protection, EAL4-certified perimeter defense, and web security. LimitedOffers access-control lists, stateful firewall, and Network Address Translation only.Offers integrated next-generation firewall and intrusion detection system.LimitedOffers access-control lists, stateful firewall, and Network Address Translation only.
Cisco's converged branch platform integrates real-time contextual awareness, security automation, and industry-leading threat prevention, malware protection, EAL4-certified perimeter defense, and web security. Offers access-control lists, stateful firewall, and Network Address Translation only.Offers integrated next-generation firewall and intrusion detection system.Offers access-control lists, stateful firewall, and Network Address Translation only.
End-to-end secure architectureSite-to-site and remote-access VPN technologies, DMVPN, GET VPN, FlexVPN, and SSL VPN help protect sensitive enterprise communications. NIST-approved, line-rate encryption secures data in motion.
Site-to-site and remote-access VPN technologies, DMVPN, GET VPN, FlexVPN, and SSL VPN help protect sensitive enterprise communications. NIST-approved, line-rate encryption secures data in motion.
Real-time threat intelligenceCloud-delivered, integrated security service for Cisco branch routers, providing protection against malware, botnets, phishing, and targeted online attacks at the DNS layer. Requires a third-party solution.LimitedSupports an intrusion-detection system but not detection of DNS-layer attacks.Requires a third-party solution.
Cloud-delivered, integrated security service for Cisco branch routers, providing protection against malware, botnets, phishing, and targeted online attacks at the DNS layer. Requires a third-party solution.Supports an intrusion-detection system but not detection of DNS-layer attacks.Requires a third-party solution.
Network as sensor and enforcerComprehensive network visibility with behavioral-based analytics enables faster anomalies detection and deeper forensics of internal and external threats. LimitedClaims support for analytics-based anomaly detection.
Comprehensive network visibility with behavioral-based analytics enables faster anomalies detection and deeper forensics of internal and external threats. Claims support for analytics-based anomaly detection.
Trustworthy systemsSecure development lifecycle is published and verifiable. Products have trust anchors, secure boot, and runtime prevention. Software is digitally signed.
Secure development lifecycle is published and verifiable. Products have trust anchors, secure boot, and runtime prevention. Software is digitally signed.

User Experience

Application-aware WANMonitor more than 1400 applications and network performance. Troubleshoot issues ​quickly. Deploy business-intent policies across the entire network with no probes or additional hardware.Claims to monitor more than 2500 applications. Offers application group support and application filter support.Claims to monitor more than 2000 applications and protocols. Offers application group support, application filter support, and application visibility and log support.Supported via deep packet inspection and DNS snooping. Used in application steering, QOS, WAN optimization, and security policies.
Monitor more than 1400 applications and network performance. Troubleshoot issues ​quickly. Deploy business-intent policies across the entire network with no probes or additional hardware.Claims to monitor more than 2500 applications. Offers application group support and application filter support.Claims to monitor more than 2000 applications and protocols. Offers application group support, application filter support, and application visibility and log support.Supported via deep packet inspection and DNS snooping. Used in application steering, QOS, WAN optimization, and security policies.
Application high availabilityMonitor path performance and apply what is learned to select the best network path for a given application. Effectively load-balance across paths while delivering ideal application-level SLAs.Monitor path performance and apply what is learned to select the best network path for a given application. Effectively load-balance across paths while delivering ideal application-level SLAs.Monitor path performance and apply what is learned to select the best network path for a given application. Effectively load-balance across paths while delivering ideal application-level SLAs.Monitor path performance and apply what is learned to select the best network path for a given application. Effectively load-balance across paths while delivering ideal application-level SLAs.
Monitor path performance and apply what is learned to select the best network path for a given application. Effectively load-balance across paths while delivering ideal application-level SLAs.Monitor path performance and apply what is learned to select the best network path for a given application. Effectively load-balance across paths while delivering ideal application-level SLAs.Monitor path performance and apply what is learned to select the best network path for a given application. Effectively load-balance across paths while delivering ideal application-level SLAs.Monitor path performance and apply what is learned to select the best network path for a given application. Effectively load-balance across paths while delivering ideal application-level SLAs.
Enhanced application experienceCisco’s software- and hardware-integrated solution offers bandwidth optimization, application acceleration, and intelligent caching. LimitedIntegrated forward error correction and tunnel bonding-type features. Requires third party for WAN optimization.LimitedIntegrated forward error correction and tunnel bonding-type features. Requires third party for WAN optimization.Fully integrated WAN optimization and acceleration.
Cisco’s software- and hardware-integrated solution offers bandwidth optimization, application acceleration, and intelligent caching. Integrated forward error correction and tunnel bonding-type features. Requires third party for WAN optimization.Integrated forward error correction and tunnel bonding-type features. Requires third party for WAN optimization.Fully integrated WAN optimization and acceleration.
Seamless cloud extensionExtend the WAN to any private and public cloud. Get broad hypervisor and cloud support, seamless network extension and mobility, and advanced cloud security features.
Extend the WAN to any private and public cloud. Get broad hypervisor and cloud support, seamless network extension and mobility, and advanced cloud security features.
Last-mile network resiliencyProvide primary connectivity or backup communications. Cisco Advanced LTE Category 6 support offers network resiliency for business continuity, up to 150 times faster and with far lower latency than 3G links offer.
Provide primary connectivity or backup communications. Cisco Advanced LTE Category 6 support offers network resiliency for business continuity, up to 150 times faster and with far lower latency than 3G links offer.

Agility

SDN controller and applicationsGet software-defined networking for the enterprise branch, campus, and WAN. A simple user interface and plug-and-play protocols automate policy-based application profiles.LimitedLimited to SD-WAN overlay only.LimitedLimited to SD-WAN overlay only.LimitedLimited to SD-WAN overlay only.
Get software-defined networking for the enterprise branch, campus, and WAN. A simple user interface and plug-and-play protocols automate policy-based application profiles.Limited to SD-WAN overlay only.Limited to SD-WAN overlay only.Limited to SD-WAN overlay only.
Open and programmableCisco offers NETCONF and YANG support across branch, WAN, and cloud platforms.
Cisco offers NETCONF and YANG support across branch, WAN, and cloud platforms.
Pay-as-you-grow servicesPerformance license upgrades add dedicated compute and storage resources for additional services.
Performance license upgrades add dedicated compute and storage resources for additional services.
Software licensing packagesCisco ONE Software suites make software buying simple. Instead of choosing from hundreds of separately priced software features, you purchase one software product, for predictable OpEx.
Cisco ONE Software suites make software buying simple. Instead of choosing from hundreds of separately priced software features, you purchase one software product, for predictable OpEx.

Virtualization

Enterprise Network Functions VirtualizationSimplify operations and deployment of virtual routing, security, and application services. Supports third-party VNF hosting.Supports third-party VNF hosting.LimitedAvailable as a VNF.
Simplify operations and deployment of virtual routing, security, and application services. Supports third-party VNF hosting.Supports third-party VNF hosting.Available as a VNF.
Native application hostingAutomate workflows, configuration, and operation of lightweight network functions or third-party tools natively on our IOS XE operating system.Available as a VNF.Available as a VNF.Available as a VNF.
Automate workflows, configuration, and operation of lightweight network functions or third-party tools natively on our IOS XE operating system.Available as a VNF.Available as a VNF.Available as a VNF.
Integrated compute and storageIncludes local compute and storage resources for applications, network functions or services, data backup, and analytics.
Includes local compute and storage resources for applications, network functions or services, data backup, and analytics.

Services

Depth of services portfolioProvides a diverse and complete lifecycle of advisory, implementation, optimization, technical, managed, and training service offers for SD-WAN and intent-based networking.LimitedLimited portfolio of strategic planning and advisory services. Service delivery/orchestration and analytics through Velocloud's Virtual Services' NSX SD-WAN solution relies on multiple virtualized network functions. Multiservice capabilities for SD-WAN, including enterprise, managed, and cloud IP platform.LimitedTiered Managed SD-WAN Service provides various levels of service: base, integrated, enhanced (optimization), and cloud optimization. Limited portfolio of strategic planning and advisory services as well as end-to-end solution support.
Provides a diverse and complete lifecycle of advisory, implementation, optimization, technical, managed, and training service offers for SD-WAN and intent-based networking.Limited portfolio of strategic planning and advisory services. Service delivery/orchestration and analytics through Velocloud's Virtual Services' NSX SD-WAN solution relies on multiple virtualized network functions. Multiservice capabilities for SD-WAN, including enterprise, managed, and cloud IP platform.Tiered Managed SD-WAN Service provides various levels of service: base, integrated, enhanced (optimization), and cloud optimization. Limited portfolio of strategic planning and advisory services as well as end-to-end solution support.
Ease of getting startedSD-WAN Advise and Implement Quick Start accelerates adoption with predefined project scope and budget to simplify implementation with validated best practices. Get centralized 24/7 support from expert engineers and a primary point of contact, accountable from first call to resolution. Velocloud's NSX SD-WAN integrates with existing service provider networks for wide-area networking that integrates advanced services through a zero-touch deployment model. Offers a limited free trial evaluation. LimitedThe managed SD-WAN solution has built-in service chaining to easily integrate with existing third-party network and security functions in the branch office. You can schedule a demo, but there are no free trials or quick-start offers.Tiered Managed SD-WAN Service allows customers to add or upgrade software capabilities through their service provider. Within the Tiered Managed SD-WAN Service, Silver Peak offers the Unity EdgeConnect SD-WAN Solution that includes service chaining.
SD-WAN Advise and Implement Quick Start accelerates adoption with predefined project scope and budget to simplify implementation with validated best practices. Get centralized 24/7 support from expert engineers and a primary point of contact, accountable from first call to resolution. Velocloud's NSX SD-WAN integrates with existing service provider networks for wide-area networking that integrates advanced services through a zero-touch deployment model. Offers a limited free trial evaluation.The managed SD-WAN solution has built-in service chaining to easily integrate with existing third-party network and security functions in the branch office. You can schedule a demo, but there are no free trials or quick-start offers.Tiered Managed SD-WAN Service allows customers to add or upgrade software capabilities through their service provider. Within the Tiered Managed SD-WAN Service, Silver Peak offers the Unity EdgeConnect SD-WAN Solution that includes service chaining.
Strength of services for securityTechnology-agnostic services create a security strategy to reduce implementation risks. Cisco Advanced Malware Protection (AMP) identifies and stops threats before, during, and after attacks. Business Critical Services provides an end-to-end view of security architecture. LimitedVirtual service delivery is reliant on the cloud, which presents many security vulnerabilities, challenges, and threats. The Velocoud website is not secure. Managed services combine SD-WAN capabilities with a range of security functions using Versa VNFs. Virtual service delivery is reliant on the cloud, which presents many security vulnerabilities, challenges, and threats.Uses EdgeConnect simplified service chaining with cloud-based security gateways and next-generation firewall vendors. Virtual service delivery is reliant on the cloud, which presents many security vulnerabilities, challenges, and threats.
Technology-agnostic services create a security strategy to reduce implementation risks. Cisco Advanced Malware Protection (AMP) identifies and stops threats before, during, and after attacks. Business Critical Services provides an end-to-end view of security architecture. Virtual service delivery is reliant on the cloud, which presents many security vulnerabilities, challenges, and threats. The Velocoud website is not secure. Managed services combine SD-WAN capabilities with a range of security functions using Versa VNFs. Virtual service delivery is reliant on the cloud, which presents many security vulnerabilities, challenges, and threats.Uses EdgeConnect simplified service chaining with cloud-based security gateways and next-generation firewall vendors. Virtual service delivery is reliant on the cloud, which presents many security vulnerabilities, challenges, and threats.

Updated January 2019, based on public information.

Routers

Cisco

HPE

Huawei

SD-WAN Vendors

Expand all

User Experience

Application-aware WANMonitor more than 1400 applications and network performance. Troubleshoot issues ​quickly. Deploy business-intent policies across the entire network with no probes or additional hardware.LimitedLimited router and network performance monitoring, primarily with sFlow tools.LimitedApplication monitoring through NetStream supports the NetFlow v9 export format. NetStream is sampled Layer 4 (flow-based) and not true deep-packet-inspection technology.LimitedSupport varies between basic and advanced application visibility and performance monitoring.
Monitor more than 1400 applications and network performance. Troubleshoot issues ​quickly. Deploy business-intent policies across the entire network with no probes or additional hardware.Limited router and network performance monitoring, primarily with sFlow tools.Application monitoring through NetStream supports the NetFlow v9 export format. NetStream is sampled Layer 4 (flow-based) and not true deep-packet-inspection technology.Support varies between basic and advanced application visibility and performance monitoring.
Application high availabilityMonitor path performance and apply what is learned to select the best network path for a given application. Effectively load-balance across paths while delivering ideal application-level SLAs.LimitedSupports basic routing metrics and load balancing.LimitedHuawei offers basic policy-based routing, which is static routing policy per application. The technology is not based on an application-level SLA.LimitedSupport varies from basic link monitoring to more advanced, per-application class-level monitoring.
Monitor path performance and apply what is learned to select the best network path for a given application. Effectively load-balance across paths while delivering ideal application-level SLAs.Supports basic routing metrics and load balancing.Huawei offers basic policy-based routing, which is static routing policy per application. The technology is not based on an application-level SLA.Support varies from basic link monitoring to more advanced, per-application class-level monitoring.
Enhanced application experienceCisco’s software- and hardware-integrated solution offers bandwidth optimization, application acceleration, and intelligent caching. LimitedSupports TCP Fast Open and Data Redundancy Elimination ​and LZ compression for general TCP optimization only. Lacks granular application.LimitedRequires extra hardware. Does not support intelligent caching or WAN acceleration.LimitedRequires third-party integration for most SD-WAN vendors.
Cisco’s software- and hardware-integrated solution offers bandwidth optimization, application acceleration, and intelligent caching. Supports TCP Fast Open and Data Redundancy Elimination ​and LZ compression for general TCP optimization only. Lacks granular application.Requires extra hardware. Does not support intelligent caching or WAN acceleration.Requires third-party integration for most SD-WAN vendors.
Seamless cloud extensionExtend the WAN to any private and public cloud. Get broad hypervisor and cloud support, seamless network extension and mobility, and advanced cloud security features.Supported by most vendors but not all.
Extend the WAN to any private and public cloud. Get broad hypervisor and cloud support, seamless network extension and mobility, and advanced cloud security features. Supported by most vendors but not all.
Last-mile network resiliencyProvide primary connectivity or backup communications. Cisco Advanced LTE Category 6 support offers network resiliency for business continuity up to 150 times faster and with far lower latency than 3G links offer.
Provide primary connectivity or backup communications. Cisco Advanced LTE Category 6 support offers network resiliency for business continuity up to 150 times faster and with far lower latency than 3G links offer.

Agility

SDN controller and appsGet software-defined networking for the enterprise branch, campus, and WAN. A simple user interface and plug-and-play protocols automate policy-based application profiles.Limited
Single enterprise network SDN controller for policy-based automation for access; WAN; and campus switching, routing, and wireless.Get software-defined networking for the enterprise branch, campus, and WAN. A simple user interface and plug-and-play protocols automate policy-based application profiles.
Open and programmableCisco offers NETCONF and YANG support across branch, WAN, and cloud platforms.LimitedCertain router models do not support NETCONF/YANG.
Cisco offers NETCONF and YANG support across branch, WAN, and cloud platforms. Certain router models do not support NETCONF/YANG.
Pay-as-you-grow servicesPerformance license upgrades add dedicated compute and storage resources for additional services.LimitedBasic VM capability in high-end routers but no advanced network services. Huawei offers basic VoIP modules and content caching. Huawei routers support modular software upgrades but do not offer systemwide in-service upgrades.LimitedMost vendors require third-party integrations.
Performance license upgrades add dedicated compute and storage resources for additional services. Basic VM capability in high-end routers but no advanced network services. Huawei offers basic VoIP modules and content caching. Huawei routers support modular software upgrades but do not offer systemwide in-service upgrades.Most vendors require third-party integrations.
Software licensing packagesCisco ONE Software suites make software buying simple. Instead of choosing from hundreds of separately priced software features, you purchase one software product, for predictable OpEx. Ties software licensing to the chassis. HPE offers no portability or investment protection with access to ongoing innovation.Offers perpetual software licenses for basic and advanced feature sets, and on a per-device basis. Huawei does not offer license portability.Most SD-WAN vendors offer subscription-based services with high recurring costs.
Cisco ONE Software suites make software buying simple. Instead of choosing from hundreds of separately priced software features, you purchase one software product, for predictable OpEx. Ties software licensing to the chassis. HPE offers no portability or investment protection with access to ongoing innovation.Offers perpetual software licenses for basic and advanced feature sets, and on a per-device basis. Huawei does not offer license portability.Most SD-WAN vendors offer subscription-based services with high recurring costs.

Advanced Security

Advanced branch threat defenseCisco’s converged branch platform integrates real-time contextual awareness, security automation, and industry-leading threat prevention, malware protection, EAL4-certified perimeter defense, and web security. LimitedOffers access-control lists, stateful firewall, and Network Address Translation only.Only supports basic access-control lists for filtering and encryption capability. AR routers lack sophisticated security protection such as web security, threat prevention, or malware protection.LimitedUsually require third-party integration.
Cisco’s converged branch platform integrates real-time contextual awareness, security automation, and industry-leading threat prevention, malware protection, EAL4-certified perimeter defense, and web security. Offers access-control lists, stateful firewall, and Network Address Translation only.Only supports basic access-control lists for filtering and encryption capability. AR routers lack sophisticated security protection such as web security, threat prevention, or malware protection.Usually require third-party integration.
End-to-end secure architectureSite-to-site and remote-access VPN technologies, DMVPN, GET VPN, FlexVPN, and SSL VPN help protect sensitive enterprise communications. NIST-approved, line-rate encryption secures data in motion. LimitedLimitedWhen an AR-series router uses encryption, it incurs a massive performance impact. Huawei does not publish its secure development lifecycle and trustworthy system.LimitedAll offer IPsec VPN but are not U.S. government FIPS140-2 certified.
Site-to-site and remote-access VPN technologies, DMVPN, GET VPN, FlexVPN, and SSL VPN help protect sensitive enterprise communications. NIST-approved, line-rate encryption secures data in motion. When an AR-series router uses encryption, it incurs a massive performance impact. Huawei does not publish its secure development lifecycle and trustworthy system.All offer IPsec VPN but are not U.S. government FIPS140-2 certified.
Real-time threat intelligenceCloud-delivered, integrated security service for Cisco branch routers, providing protection against malware, botnets, phishing, and targeted online attacks at the DNS layer. Limited
Cloud-delivered, integrated security service for Cisco branch routers, providing protection against malware, botnets, phishing, and targeted online attacks at the DNS layer.
Network as sensor and enforcerComprehensive network visibility with behavioral-based analytics enables faster anomalies detection and deeper forensics of internal and external threats. Offers sample-based network application visibility through sFlow, which is not sufficient as a security network sensor.Offers sample-based network application visibility, which is not sufficient as a security network sensor. Does not offer a security enforcer tool based on the NetStream flow information.
Comprehensive network visibility with behavioral-based analytics enables faster anomalies detection and deeper forensics of internal and external threats. Offers sample-based network application visibility through sFlow, which is not sufficient as a security network sensor.Offers sample-based network application visibility, which is not sufficient as a security network sensor. Does not offer a security enforcer tool based on the NetStream flow information.
Trustworthy systemsSecure development lifecycle is published and verifiable. Products have trust anchors, secure boot, and runtime prevention. Software is digitally signed.
Secure development lifecycle is published and verifiable. Products have trust anchors, secure boot, and runtime prevention. Software is digitally signed.

Virtualization

Enterprise Network Functions VirtualizationSimplify operations and deployment of virtual routing, security, and application services. LimitedHuawei offers up to 8 VMs or VNFs, but it uses basic supervisor hardware. Its capability is limited to the chassis.Most vendors support VNF only. Some also support NFVIS or VNF hosting.
Simplify operations and deployment of virtual routing, security, and application services. Huawei offers up to 8 VMs or VNFs, but it uses basic supervisor hardware. Its capability is limited to the chassis.Most vendors support VNF only. Some also support NFVIS or VNF hosting.
Native application hostingAutomate work flows, configuration, and operation of lightweight network functions or third-party tools natively on our IOS XE operating system.Open application platform.LimitedThe router OS, called VRP, does not offer native integration with a third-party tool or application unless it uses another VM.LimitedSome vendors support integrated, third-party VNF support.
Automate work flows, configuration, and operation of lightweight network functions or third-party tools natively on our IOS XE operating system.Open application platform.The router OS, called VRP, does not offer native integration with a third-party tool or application unless it uses another VM.Some vendors support integrated, third-party VNF support.
Integrated compute and storageIncludes local compute and storage resources for applications, network functions or services, data backup, and analytics.LimitedLocal compute and storage resources are offered in a main supervisor module, which is not replaceable or upgradable.
Includes local compute and storage resources for applications, network functions or services, data backup, and analytics. Local compute and storage resources are offered in a main supervisor module, which is not replaceable or upgradable.

Updated on January 2019, based on public information.

Building animation Building animation

We love a good competition.

Admittedly, some are better than others.

Get the report
Paper animation Paper animation

Cisco’s intent-based network
can keep you on target.

ZK Research lays out what it takes to build a secure,
automated network and why we are the best choice to
help you make it happen.

Get the report Restart button

REPORT

Cisco outperforms Huawei and HP Enterprise branch-office routers.

REPORT

Gartner Magic Quadrant

Cisco has been named a Leader in Gartner 2018 Magic Quadrant for WAN Edge Infrastructure.

VIDEO

Miercom ISR 1100 Router Comparative Assessment (5:40)

 

Need a little guidance?

Use our Router Selector to find the right Cisco router for your needs.​

Compare other network technologies

Cisco Networking | Switching | Wireless