Cisco Catalyst SD-WAN Data Sheet

Available Languages

Download Options

  • PDF
    (780.7 KB)
    View with Adobe Reader on a variety of devices
Updated:February 6, 2024

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Available Languages

Download Options

  • PDF
    (780.7 KB)
    View with Adobe Reader on a variety of devices
Updated:February 6, 2024

Table of Contents

 

 

With the continued transition to multicloud and hybrid environments, it has become essential for IT to pivot their networks to support a distributed workforce, provide seamless and secure access to business-critical applications across all clouds, deliver superior experience, and gain insights to enable them to respond to business demands faster.

Cisco Catalyst SD-WAN connects any user to any application with integrated capabilities for multicloud, security, predictive operations, and enhanced network visibility —all on a SASE-enabled architecture. Cisco Catalyst SD-WAN enables you to transform your IT infrastructure by delivering network connectivity that’s cloud-agnostic, efficient and simpler to manage, lowers operational costs and increases control and visibility across the entire digital service delivery chain.

Solution overview

Cisco Catalyst SD-WAN provides a flexible architecture to extend SD-WAN to any environment (Figure 1). The solution automatically discovers, authenticates, and provisions both new and existing Cisco Catalyst SD-WAN devices.

Flexible and scalable architecture for network transformation

Figure 1.               

Flexible and scalable architecture for network transformation

The Cisco Catalyst SD-WAN (Figure 2) connects all company data centers, core and campus locations, WAN branches, colocation facilities, cloud infrastructure, and remote workers. Using the Overlay Management Protocol (OMP), Cisco Catalyst SD-WAN provides centralized control over the entire network. It simplifies IT operations with automated provisioning, unified policies, and streamlined management to help ensure rapid updates and resolutions, and provides advanced network functionality, reliability, and security.

Cisco Catalyst SD-WAN Manager dashboard showing network and application health

Figure 2.               

Cisco Catalyst SD-WAN Manager dashboard showing network and application health

The global network topology with site and tunnel health

Figure 3.               

The global network topology with site and tunnel health.

After connecting to Cisco Catalyst SD-WAN, each network device can find the best path to the applications that reside in the data center or multicloud. Cisco Catalyst SD-WAN can use any transport method (satellite, broadband, Multiprotocol Label Switching [MPLS], 5G/LTE) from any location (core, edge, cloud) for any network service (security, application- voice). Through OMP, Cisco Catalyst SD-WAN supports both common and advanced routing protocols that are necessary for managing networks across the WAN and cloud, such as Border Gateway Protocol (BGP), Enhanced Interior Gateway Routing Protocol (EIGRP), Equal-Cost Multipath (ECMP) routing, Open Shortest Path First (OSPF), Virtual Router Redundancy Protocol (VRRP), and IPv6. Cisco Catalyst SD-WAN provides this flexibility for both full and partial mesh deployments, allowing maximum customization based on business needs.

Cisco Catalyst SD-WAN Analytics is a SaaS component of the solution that provides enhanced visibility into network and application performance, along with historical trend information to establish benchmarks and expedite root cause analysis. In addition, it offers predictive network capabilities, enabling enterprises to take corrective actions and gain total control of the user experience.

Table 1.           Features and benefits

Feature

Benefit

Full SD-WAN feature stack with unified communications

Provides sophisticated control of the network with a set of features for routing, unified communications, multicloud, security, and centralized policy control and management.

Multicloud choice and control

Enables a range of optimization for multicloud applications using the Cisco Catalyst SD-WAN Cloud OnRamp architecture. It optimizes major Software-as-a-Service (SaaS) applications and workflow integrations to major public clouds and colocation providers.

Security that is built in, not bolted on

The Distributed Security Enforcement (DSE) framework enables centralized security policies and provides segmentation across the entire network and a robust security stack, either on-premises or in the Cisco Umbrella cloud (Figure 3). Instantly deploy the right security in the right place, all from a single dashboard. With SD-Routing, traditional routing customers gain access to a comprehensive suite of security functionalities, including Zone-based firewall, AMP (Advanced Malware Protection), IPS (Intrusion Prevention System), and URL filtering through Catalyst SD-WAN Manager.

Visibility and analytics

Provides granular visibility into applications and infrastructure, enabling rapid failure correlation and mitigation.

Maximum choice and control

Offers flexibility with a cloud-first architecture to connect any user to any application, across any cloud.

Simplicity

Offers intuitive configuration, management, and monitoring experience for operational simplicity

Prominent features

Best-in-class technology innovation

     Fully integrated security everywhere.

    Distributed Security Enforcement (DSE) framework, which includes - Embedded security (Next Generation Firewall), fabric security, SD-WAN integration with cloud security, monitoring and visibility and certifications and compliance.

    On-premises Security with NGFW, Advanced IPS, AMP with Sandboxing, URL-Filtering, TLS proxy, Unified logging, Identity Firewall support.

    Cloud Security Integration with Cisco Umbrella for an integrated single vendor SASE Solution.

    Modular SASE solution through integration with third-party SSE cloud security provides, including Zscaler, Netskope, Palo Alto, Cloudflare, and Skyhigh.

    Integration with third-party SIEM and SOAR vendors, including Splunk, Microsoft Sentinel and Live Action, enhances monitoring and visibility, offering actionable insights into network and security events.

    A centralized view of network security events with actionable threat data for security operations center teams through the Catalyst SD-WAN Manager Security dashboard.

    Routing intelligence and threat intelligence on a certified trustworthy infrastructure.

    Industry leading Threat detection and response powered by the Talos engine.

     True SD-WAN architecture

    Separate and dedicated components for the control plane, data plane, and management and orchestration of the WAN.

    Flexibility to implement overlay, underlay, physical, and virtual networks.

    Voice and unified communications support.

    IPv6 support (BGP, OSPF).

    AIOps capabilities such as Predictive Path Recommendations powered by ThousandEyes WAN Insights and bandwidth forecasting.

     Robust IP multicast support

    Enables network traffic control, enhances efficiency by eliminating traffic redundancy, and reduces server and CPU loads.

    Efficiently handles one-to-many or many-to-many communications.

    Provides multicast capability across platforms (Protocol Independent Multicast Source-Specific Multicast [PIM-SSM], Internet Group Management Protocol [IGMP] v2, and IGMP v3).

     Enhanced application visibility

    Cisco Catalyst SD-WAN Analytics offers historical and correlated site, device, circuit, tunnel, and application health information for better visibility.

    Integrated with Cisco ThousandEyes to bring end-to-end visibility into application delivery and network performance.

    Extends end-to-end granular insights into network health and application performance with a full hop-by-hop analysis across the internet and cloud.

    Isolates fault domains and provides actionable insights that drastically expedite troubleshooting and resolution, before users are affected.

     Investment protection

    Leverages traditional transport protocols for the best application experience

    Allows you to simply upgrade existing Cisco routers with SD-WAN functionality if you prefer

    Enhances capacity planning capabilities with Bandwidth Forecasting functionality within Cisco Catalyst SD-WAN Analytics

    Flexible multicloud deployment options

    Cloud OnRamp for Multicloud

    Cloud OnRamp for SaaS (with Cisco IOS® XE support)

    Cloud OnRamp for Colocation

    Cloud OnRamp for Cloud Interconnect

    Cloud OnRamp for Cloud Hub

Software feature matrix

Category

Description

Authentication, Authorization, and Accounting (AAA)

TACACS+, RADIUS, local, role-based access control

Routing

OSPF, external BGP (eBGP), internal BGP (iBGP), EIGRP, ECMP, static, connected, OMP

Bridging

802.1Q, native VLAN, bridge domains, Integrated Routing and Bridging (IRB), host-mode bridging

Security

Built-in security: Intrusion prevention system, web security, enterprise firewall, Malware Defense, AMP, URL filtering, and SSL inspection

Cloud security (Cisco Umbrella): Web security with SSL proxy, DNS-layer enforcement, URL filtering, Cloud Access Security Broker (CASB), and enterprise firewalls. Read more: https://learn-umbrella.cisco.com/i/1153736-cisco-umbrella-secure-internet-gateway-sig-essentials/0?

Device- and network-level security: Zero trust, segmentation, whitelisting, tamper-proof module, Datagram Transport Layer Security (DTLS)/TLS, IPsec, ESP-256-CBC, authentication header, HMAC-SHA1, Distributed Denial-of-Service (DDoS) protection, control plane protection, Network Address Translation (NAT) traversal

Compliance and Certifications: ISO27001, 27017, 27018, 27701, C5, PCI-DSS, SOC2, MEF SD-WAN 3.0, Cisco SD-WAN for Government- FedRAMP

Unified communications

Public Switched Telephone Network (PSTN) voice and fax support, SIP trunk support with CUCM, Secure Survivable Remote Site Telephony (SRST), CUBE, DSPFarm Media Resource Pooling

Application/WAN optimization

FEC and packet duplication for User Datagram Protocol (UDP), TCP optimization, Predictive Path Recommendations powered by ThousandEyes WAN Insights, Cloud OnRamp optimization for SaaS applications

Multicloud and colocation

Public cloud integrations into AWS, Azure, and Google Cloud

Cloud OnRamp optimization for SaaS applications

Cloud OnRamp for Colocation

Cloud Interconnect and Cloud Hub

Optimized Connectivity with Cloud OnRamp for Cloud Hub and Cloud Interconnect

Monitoring and Troubleshooting

Enhanced visibility into Application and Network (sites, WAN circuits) availability, performance and usage. Expedited and intuitive troubleshooting capabilities with Network Wide Path Insights (NWPI), Underlay Measurement and Tracing Services (UMTS) and more.

Gain additional visibility with Cisco ThousandEyes. Cisco ThousandEyes is natively integrated with eligible Cisco Catalyst 8200 and 8300 Series platforms and 4000 Series Integrated Service Routers (ISR) with a minimum of 8 GB DRAM and 8 GB bootflash/storage. Additional memory and storage will be required to concurrently run the ThousandEyes agent with containerized SD-WAN security services.

Forwarding and Quality of Service (QoS)

Classification, prioritization, low latency queuing, remarking, shaping, scheduling, policing, mirroring, NAT/Port Address Translation (PAT)

Multicast

Internet Group Management Protocol (IGMP) v1/v2/v3, Protocol Independent Multicast (PIM), Auto-RP, scale-out traffic replication

Policy

Route policies, app-aware routing, control policy, data policy, Access Control List (ACL) policy, VPN membership policy

Location services

Route policies, app-aware routing, control policy, data policy, ACL policy, VPN membership policy

Cellular

Integrated 4G/LTE modem on some devices

Mobility

Wi-Fi 802.11a/b/g/n/ac, WPA2-Enterprise, WPA2-Personal, MAC filtering, 8 SSIDs per radio, 802.11i security enhancement and 802.11e QoS, wireless intrusion detection and protection

System and network services

IPv4, Simple Network Management Protocol (SNMP), Network Time Protocol (NTP), DNS client, Dynamic Host Configuration Protocol (DHCP) client, DHCP server, DHCP relay, configuration archival, syslog, Secure Shell (SSH), Secure Copy (SCP), NAT/PAT, Cflowd v10 IPFIX export

Configuration and monitoring

NETCONF over SSH, Command-Line Interface (CLI), REST (Cisco Catalyst SD-WAN Manager), Linux shell

Out-of-band management

Management port (vEdge 1000, vEdge 2000, vEdge 5000), serial console port (vEdge 1000, vEdge 2000, vEdge 5000), USB console port

Cisco TrustSec®

Defined segmentation – policy through security groups. Open through IETF, available within OpenDaylight SDN controller and supported on third-party platforms

Licensing

Cisco DNA Software for SD-WAN and Routing

Cisco DNA Software subscription licensing offers three feature tiers: Cisco DNA Essentials, Cisco DNA Advantage, and Cisco DNA Premier. These are nested SKUs and represent good, better, and best offers. All are available as a 3-year or 5-year subscription and have bandwidth tier options. Cisco DNA Advantage is also available as a 7-year subscription.

Benefits:

     The latest innovations through simple subscription tiers

     Available across the portfolio

     Flexibility to choose on-premises or cloud management

     Easy license portability across on-premises and cloud

     Easy upgrade across tiers

     Software Support Service (SWSS) included

For more information on Cisco DNA Software subscriptions, go to: https://www.cisco.com/c/m/en_us/products/software/sd-wan-routing-matrix.html?oid=otren019258.

A screenshot of a computer screenDescription automatically generated

Figure 4.               

Cisco DNA Software subscription licensing for SD-WAN and routing

For more information, review the Cisco DNA Software for SD-WAN and Routing Ordering Guide.

Other buying programs are available, including Enterprise Agreements (EA) and Managed Service Licensing Agreement (MSLA). A Cisco Enterprise Agreement provides a simpler way to manage licenses and reduces costs, and a single agreement covers the purchase of software and subscription licenses as well as application software support. The MSLA helps partners align business costs with a subscription-based model for their customers.

Cisco ThousandEyes

A valid ThousandEyes agent license is required to activate the ThousandEyes agent. Existing ThousandEyes subscriptions can be leveraged on the supported router platforms. For additional ThousandEyes subscription information, go to https://www.thousandeyes.com/signup/?utm_source=Cisco&utm_medium=referral&utm_campaign=CiscoSD-WAN.

Cisco Capital

Flexible payment solutions to help you achieve your objectives

Cisco Capital® makes it easier to get the right technology to achieve your objectives, enable business transformation, and stay competitive. We can help you reduce the total cost of ownership, conserve capital, and accelerate growth. In more than 100 countries, our flexible payment solutions can help you acquire hardware, software, services, and complementary third-party equipment in easy, predictable payments. Learn more.

For more information

See how Cisco Catalyst SD-WAN can help you move faster, lower costs, and reduce risk: https://cisco.com/go/sdwan.

Document history

New or revised topic

Described in

Date

-

-

-

-

-

-

 

 

 

Learn more