Cisco SD-WAN Data Sheet
Available Languages
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Cisco Certified Remanufactured Equipment for Networking
Upgrade at deeply discounted prices to help ensure secure network transformation.
The Cisco® SD-WAN solution offers a complete SD-WAN fabric with centralized management and security built in, creating a secure overlay WAN architecture across campus, branch, and data center and multicloud applications. The software solution runs on a range of SD-WAN routers across hardware, virtual, and cloud form factors.
Cisco SD-WAN builds on the architecture called Secure Access Service Edge (SASE). WAN security and features today must be distributed, cloud-based, flexible, and agile. Cisco SD-WAN is the industry’s first fully integrated SASE offering that combines best-in-class SD-WAN with the cutting-edge Cisco Umbrella® cloud security portfolio.
Cisco SD-WAN provides a flexible architecture to extend SD-WAN to any environment (Figure 2). The solution automatically discovers, authenticates, and provisions both new and existing Cisco SD-WAN devices.
The Cisco SD-WAN secure, cloud-scale architecture
The Cisco SD-WAN dashboard (Figure 1) connects all company data centers, core and campus locations, WAN branches, colocation facilities, cloud infrastructure, and remote workers. Using the Overlay Management Protocol (OMP), Cisco SD-WAN provides centralized control over the entire network. It simplifies IT operations with automated provisioning, unified policies, and streamlined management to help ensure rapid updates and resolutions, and provides advanced network functionality, reliability, and security.
The Cisco SD-WAN dashboard
After connecting to Cisco SD-WAN, each network device can find the best path to the applications that reside in the data center or multicloud. Cisco SD-WAN can use any transport method (satellite, broadband, Multiprotocol Label Switching [MPLS], 5G/LTE) from any location (core, edge, cloud) for any network service (security, application Quality of Experience [QoE], voice). Through OMP, Cisco SD-WAN supports both common and advanced routing protocols that are necessary for managing networks across the WAN and cloud, such as Border Gateway Protocol (BGP), Enhanced Interior Gateway Routing Protocol (EIGRP), Equal-Cost Multipath (ECMP) routing, Open Shortest Path First (OSPF), Virtual Router Redundancy Protocol (VRRP), and IPv6. Cisco SD-WAN provides this flexibility in both full and partial mesh encrypted deliveries, allowing maximum customization based on business needs.
| Feature |
Benefit |
| Full SD-WAN feature stack with unified communications |
Provides sophisticated control of the network with a set of features for routing, unified communications, multicloud, security, and centralized policy control and management. |
| Multicloud choice and control |
Enables a range of optimization for multicloud applications using the Cisco SD-WAN Cloud OnRamp architecture. It optimizes major Software-as-a-Service (SaaS) applications and workflow integrations to major public clouds and colocation providers. |
| Security that is built in, not bolted on |
Enables centralized security policies and provides segmentation across the entire network and a full security stack, either on-premises or in the Cisco Umbrella cloud (Figure 3). Instantly deploy the right security in the right place, all from a single dashboard. |
| Visibility and analytics |
Provides granular visibility into applications and infrastructure, enabling rapid failure correlation and mitigation. |
| Maximum choice and control |
Offers flexibility with a cloud-first architecture to connect any user to any application, across any cloud. |
Best-in-class technology innovation
● Fully integrated security everywhere
◦ Built-in security or cloud security with Cisco Umbrella Secure Internet Gateway (SIG)
◦ Routing intelligence and threat intelligence on a certified trustworthy infrastructure
◦ Integrated auto-registration and auto-configuration of cloud-delivered Cisco Umbrella from SD-WAN
◦ Talos® security, enabling fast, industry-leading threat detection
◦ On-premises security with application-aware enterprise firewall, Snort® IPS, encryption, URL filtering, Malware Defense, and more
● True SD-WAN architecture
◦ Separate and dedicated components for the control plane, data plane, and management and orchestration of the WAN
◦ Flexibility to implement overlay, underlay, physical, and virtual networks
◦ Voice and unified communications support
◦ IPv6 support (BGP, OSPF)
◦ Predictive Path Recommendations powered by ThousandEyes WAN Insights
● Robust IP multicast support
◦ Enables network traffic control, enhances efficiency by eliminating traffic redundancy, and reduces server and CPU loads
◦ Efficiently handles one-to-many or many-to-many communications
◦ Provides multicast capability across platforms (Protocol Independent Multicast Source-Specific Multicast [PIM-SSM], Internet Group Management Protocol [IGMP] v2, and IGMP v3)
● Enhanced application visibility
◦ Integrated with Cisco ThousandEyes to bring end-to-end visibility into application delivery and network performance
◦ Extends end-to-end granular insights into network health and application performance with a full hop-by-hop analysis across the internet and cloud
◦ Isolates fault domains and provides actionable insights that drastically expedite troubleshooting and resolution, before users are affected
● Investment protection
◦ Leverages traditional transport protocols for the best application experience
◦ Allows you to simply upgrade existing Cisco routers with SD-WAN functionality if you prefer
● Flexible multicloud deployment options
◦ Cloud OnRamp for Multicloud
◦ Cloud OnRamp for SaaS (with Cisco IOS® XE support)
◦ Cloud OnRamp for Colocation
◦ Cloud OnRamp for Cloud Interconnect
◦ Cloud OnRamp for Cloud Hub
| Category |
Description |
| Authentication, Authorization, and Accounting (AAA) |
TACACS+, RADIUS, local, role-based access control |
| Routing |
OSPF, external BGP (eBGP), internal BGP (iBGP), EIGRP, ECMP, static, connected, OMP |
| Bridging |
802.1Q, native VLAN, bridge domains, Integrated Routing and Bridging (IRB), host-mode bridging |
| Security |
Built-in security: Intrusion prevention system, web security, enterprise firewall, Malware Defense, Next-Generation Antivirus (NGAV), URL filtering, and SSL inspection Cloud security (Cisco Umbrella): Web security with SSL proxy, DNS-layer enforcement, URL filtering, Cloud Access Security Broker (CASB), and enterprise firewalls. Read more: https://learn-umbrella.cisco.com/i/1153736-cisco-umbrella-secure-internet-gateway-sig-essentials/0? Device- and network-level security: Zero trust, segmentation, whitelisting, tamper-proof module, Datagram Transport Layer Security (DTLS)/TLS, IPsec, ESP-256-CBC, authentication header, HMAC-SHA1, Distributed Denial-of-Service (DDoS) protection, control plane protection, Network Address Translation (NAT) traversal |
| Unified communications |
SIP, Public Switched Telephone Network (PSTN) voice and fax support, Survivable Remote Site Telephony (SRST), 911 calling, conferencing, Cisco Unified Communications Manager, Webex Calling |
| Application/WAN optimization |
FEC and packet duplication for User Datagram Protocol (UDP), TCP optimization, Predictive Path Recommendations powered by ThousandEyes WAN Insights, Cloud OnRamp optimization for SaaS applications |
| Multicloud and colocation |
Public cloud integrations into AWS, Azure, and Google Cloud Cloud OnRamp optimization for SaaS applications Cloud OnRamp for Colocation |
| Cloud Interconnect and Cloud Hub |
Optimized Connectivity with Cloud OnRamp for Cloud Hub and Cloud Interconnect |
| Application visibility |
Cisco ThousandEyes is natively integrated with eligible Cisco Catalyst 8200 and 8300 Series platforms and 4000 Series Integrated Service Routers (ISR) with a minimum 8 GB DRAM and 8 GB bootflash/storage. Additional memory and storage will be necessary for concurrently running the ThousandEyes agent with containerized SD-WAN security services |
| Forwarding and Quality of Service (QoS) |
Classification, prioritization, low latency queuing, remarking, shaping, scheduling, policing, mirroring, NAT/Port Address Translation (PAT) |
| Multicast |
Internet Group Management Protocol (IGMP) v1/v2/v3, Protocol Independent Multicast (PIM), Auto-RP, scale-out traffic replication |
| Policy |
Route policies, app-aware routing, control policy, data policy, Access Control List (ACL) policy, VPN membership policy |
| Location services |
Route policies, app-aware routing, control policy, data policy, ACL policy, VPN membership policy |
| Cellular |
Integrated 4G/LTE modem on some devices |
| Mobility |
Wi-Fi 802.11a/b/g/n/ac, WPA2-Enterprise, WPA2-Personal, MAC filtering, 8 SSIDs per radio, 802.11i security enhancement and 802.11e QoS, wireless intrusion detection and protection |
| System and network services |
IPv4, Simple Network Management Protocol (SNMP), Network Time Protocol (NTP), DNS client, Dynamic Host Configuration Protocol (DHCP) client, DHCP server, DHCP relay, configuration archival, syslog, Secure Shell (SSH), Secure Copy (SCP), NAT/PAT, Cflowd v10 IPFIX export |
| Configuration and monitoring |
NETCONF over SSH, Command-Line Interface (CLI), REST (vManage), Linux shell |
| Out-of-band management |
Management port (vEdge 1000, vEdge 2000, vEdge 5000), serial console port (vEdge 1000, vEdge 2000, vEdge 5000), USB console port |
| Cisco TrustSec® |
Defined segmentation – policy through security groups. Open through IETF, available within OpenDaylight SDN controller and supported on third-party platforms |
Cisco DNA Software for SD-WAN and Routing
Cisco DNA Software subscription licensing offers three feature tiers: Cisco DNA Essentials, Cisco DNA Advantage, and Cisco DNA Premier. These are nested SKUs and represent good, better, and best offers. All are available as a 3-year or 5-year subscription and have bandwidth tier options. Cisco DNA Advantage is also available as a 7-year subscription.
Benefits:
● The latest innovations through simple subscription tiers
● Available across the portfolio
● Flexibility to choose on-premises or cloud management
● Easy license portability across on-premises and cloud
● Easy upgrade across tiers
● Software Support Service (SWSS) included
For more information on Cisco DNA Software subscriptions, go to: https://www.cisco.com/c/m/en_us/products/software/sd-wan-routing-matrix.html?oid=otren019258
Cisco DNA Software subscription licensing for SD-WAN and routing
For more information, review the Cisco DNA Software for SD-WAN and Routing Ordering Guide.
Note: Other buying programs are available, including Enterprise Agreements (EA) and Managed Service Licensing Agreement (MSLA). A Cisco Enterprise Agreement provides a simpler way to manage licenses and reduces costs, and a single agreement covers the purchase of software and subscription licenses as well as application software support. The MSLA helps partners align business costs with a subscription-based model for their customers.
Cisco ThousandEyes
A valid ThousandEyes agent license is required to activate the ThousandEyes agent. Existing ThousandEyes subscriptions can be leveraged on Cisco Catalyst 8200 and 8300 platforms and 4000 Series ISRs. For additional ThousandEyes subscription information, go to https://www.thousandeyes.com/signup/?utm_source=Cisco&utm_medium=referral&utm_campaign=CiscoSD-WAN
Flexible payment solutions to help you achieve your objectives
Cisco Capital® makes it easier to get the right technology to achieve your objectives, enable business transformation, and stay competitive. We can help you reduce the total cost of ownership, conserve capital, and accelerate growth. In more than 100 countries, our flexible payment solutions can help you acquire hardware, software, services, and complementary third-party equipment in easy, predictable payments. Learn more.
See how Cisco SD-WAN can help you move faster, lower costs, and reduce risk: https://cisco.com/go/sdwan.
| New or Revised Topic |
Described In |
Date |
| Updated ThousandEyes references to reflect current state |
Update |
08-March-2023 |
| Update to Licensing section to reflect current state |
Update |
06-June-2022 |
| Update to SD-WAN version 17.6 release |
Update |
30-April-2021 |
| Initial data sheet creation with SD-WAN version 17.2 release |
New |
05-August-2020 |