Cisco Catalyst SD-WAN Reviews

Our use cases are mostly focused on the application side and any kind of cloud breakout, like local breakout clouds.

I'm focusing on using the application ware routing.

There's not much that should be improved, but the focus should be on the application side and more cloud applications should be added into the system. Most common sales applications should be supported.

Mostly, I think cutting edge solutions should be included in this product. I'm talking about buzzwords like the cloud, for example. The solution should be more focused on the cloud because, apart from the controllers, everything can be cloud-based and everyone is moving to the cloud. Cyber security should also be implemented in the solution, along with maybe implementation of AI/ML.

I have been using this solution for about ten years.

The stability of the solution is good as of now. 

The solution has great scalability. The people using it are mostly senior management, junior management, and junior engineers. Maintenance for this solution requires about four people: two senior employees and two regular employees.

I have been using Cisco since the beginning. I am familiar with it and it's easy to deploy, so I am sticking with it for now. I have no plans to switch to any other products, but we are looking at integrating this product with other solutions. 

The initial setup was easy and straightforward.

The deployment was done in-house and did not take more than two to three days.

The return on investment is good. I mean, not when compared to the other solutions on the market, but it is pretty flexible and scalable, so you cannot only consider the cost. The solution has flexibilities that benefit you. The return on investment, if you ask me, can be seen in the long-term. If the organizations who are deploying it are looking to grow for a certain period of time, maybe a longer vision of five to seven years down the road, the solution will be helpful to them.

The licensing cost is slightly on the higher side, but some of the customers are large, so they are willing to pay for it. On a scale of one to five, I would rate Cisco's pricing as a three. 

My advice is that there might be some other solutions on the market that are also pretty good, so they need to understand their market and customer requirements. Think about which solution will be easy to deploy and also how scalable it will be. The strategy should be to understand the solution and have an approach and proper plan and roadmap before implementing the solution. Also, compute the information of the devices before implementing the solution.

I would rate this solution as a nine out of ten.

As a company, we are a Cisco Premier Partner and we work as a system integrator and reseller. As for myself, I currently work simultaneously with Cisco and Fortinet for SD-WAN solutions.

Because we're only an integrator and not an ISP-level company, we haven't engaged with that many SD-WAN projects, and our typical line of work involves using Cisco products in bank solutions, such as for branch connectivity.

From my observations, Cisco has been rolling out new features every other day, so I would say their speed of innovation is one of the most valuable aspects for me.

I would also point to their superior features when it comes to general connectivity, configuration, and reporting.

One of the major areas that Cisco can improve on with their SD-WAN offering is their security features. When compared with Fortinet, who have what they call their 'security pillars' (e.g. firewall and security features built-in to their SD-WAN solutions), Cisco generally comes up short. With Cisco, if you need a security component, you have to pay more to get it done. So if they could add more security features that come part and parcel with their existing solutions, then I think Cisco could be very aggressive in the market.

Essentially, they have to incorporate different security features on top of their SD-WAN box. At the end of the day, I should be able to give one single box to the customer which includes SD-WAN and all the necessary features such as security.

When it comes to IoT edges, they could possibly incorporate their SD-WAN features into the LAN side together with Cisco's DNA networking, just as Aruba is doing with their ESP solution. If Cisco could come up with a similar solution to that, then I think they will have the upper hand in the market compared to their competitors' brands. They have to come to a point where they can better integrate WAN and LAN into one single platform.

Regarding the data center sites, when we're talking about software-defined networking, Cisco has the SD-WAN segment, software-defined access for the LAN segment, and application-centric infrastructure for their data center segment, and they have to combine all three segments into one platform. Just like how the other guys are doing it. Again, if they can accomplish this, then technically they have a fair share in the market.

Otherwise, Cisco could also integrate more features on the cloud side of things, like with SD-WAN in the cloud, or SD-WAN in AWS, some of which I believe they have implemented already.

Beyond that, I can't say too much about what I'd like to see when it comes to new features because almost every day I've seen Cisco add more features to their SD-WAN and SD-LAN portfolios. At the rate they're going, it could be only a few months before they add the security features I've mentioned. So from my perspective, I think they're doing okay.

Finally, in terms of stability, there could be some improvement. In my experience with our current project, there have been some instances where stability has been an issue. But I can't speak for everyone here; other partners who have completed more projects may disagree and this is only my own observations so far.

I have been using Cisco SD-WAN for two to three years. 

I can't say that Cisco SD-WAN is incredibly stable, especially since Cisco has acquired Viptela and they are now busy with trying to improve Viptela's features and tools. So in some situations, it has been my experience that Cisco's SD-WAN is solid but it does succumb to stability issues at times.

So far we have completed only one project with Cisco, while other one is still ongoing. With that experience, I can say some stability improvements are needed, but I don't know about the other partners who have completed ten or more projects, for example.

Scalability-wise, it's good, because when the customer's application load or data traffic increases, I can easily scale out the same product to match the increase.

Technical support is good. When it comes to Cisco's TAC (Technical Assistance Center) and solutions support as a country in the Asian market, they are doing good. 

Alongside Cisco, we also use Fortinet. If we have a firewall or edge/perimeter security or other security measures in place already, we can simply go with Cisco. This is because the interconnectivity, branch connectivity, configuration level, solidness, and other features of Cisco are already adequate and, in some cases, superior. So when it comes to the networking components alone, I prefer Cisco.

But if the customer is asking for networking plus the perimeter level security, then I have to look into products like Fortinet, because with their lower pricing and so on, Fortinet comes out on top. Fortinet is much cheaper than Cisco. And for configuration, Fortinet's interfaces are also very comfortable to use when it comes to complex configurations.

Cisco's pricing is not entirely satisfactory when you compare the SD-WAN solutions in Asian markets — like the South Asian market in Sri Lanka — because there are several competing brands including Fortinet and Citrix, who provide much the same product for a generally lower price. And when it comes to firewall vendors like Palo Alto and SonicWall, they're also selling here. It's the same with VMware, too; they have much the same features.

So when you do a comparative showdown among these giants, you can see that Cisco and their customers could benefit from adjustments in terms of pricing. Fortinet, for one, is much cheaper than Cisco currently.

My overall advice is that if you already have your network security established, then Cisco SD-WAN is a good, solid solution for the rest of the networking components. However, if you require more of an all-in-one SD-WAN solution that incorporates security from the beginning, you might want to look elsewhere.

I would rate Cisco SD-WAN a seven out of ten. 

Cisco SD-WAN has separate OMP routing. 

The solution is very costly. 

.I have been working with the solution for a year. 

The solution is stable, and you need good connectivity. 

Cisco SD-WAN is scalable. 

Cisco SD-WAN's support was good. 

Positive

You can get subscriptions for three or five years. 

You need expert engineers to handle Cisco SD-WAN. I rate it a ten out of ten. 

This technology, in my experience, has a better adoption in companies where the concern for security in platform issues and data privacy is high. The reason for this is the data is protected with encryption systems, and that functionality is audited to meet certain standards.

This is in the context of SaaS because that is where I want to take customers. My option is the cloud with pay-per-use and better cost conditions. Also, companies with large IT departments and a high number of engineers have many reasons to use it.

This solution has allowed us to implement much more flexible payment models than the current ones. As such, we can better plan the budget that is needed for technology.

In addition to this, it has prompted us to see the cloud differently. We now look with more confidence since the orchestration is SaaS, which is why we do not see a compelling reason to avoid introducing more services in this format. We plan to stop investing in physical or virtual infrastructure, reducing our dependencies on data centers where we host services.

When we talk about SDN technologies, we are referring to user experience or customer experience. The complete solution is designed based on the services and the experience that we need our users to have with them.

This product offers the ability to utilize all of the access available in the market. Importantly, it does not affect the quality of the application. The best feature of this technology that is available to us is the ability to do better load-balancing. This is thanks to the deep inspection of the packets and of course, the forwarding of packets based on the application.

I would like to see features related to security compliance, including a view of compliance with standards. With this, I should be able to do an audit of my SD-WAN network.

In addition to having a network with an application-oriented intention, I would like to have a network that is oriented to security standards. I am only referring to the WAN network because with this, we can begin thinking about issues of virtualization. For example, access to SD-LAN where we can bring security policies with the user.

I have been working with Cisco Viptele for three years and more with the first version, Cisco IWAN.

Releases and updates/upgrades for the software in each component are not simple to configure.

The scalability is great when you have a mature template for configurations.

The Cisco Technical Assistance Center (TAC) service should be quicker to provide answers.

Positive

Prior to this, we used Cisco IWAN.

The initial setup is a little complex, especially for those with little experience in SaaS.

We used the Solution Support Partner Program (SSPP) from Cisco.

The ROI for this product in my organization is 18%.

This is not a cheap option but if you move from Capex to Opex, I expect you should have lower costs. I am talking specifically about Managed Services License Agreement (MSLA) model.

Fortinet is a solution that is a good option that is low-cost and much simpler. Meraki is another good choice for some customers.

In summary, this product is very strong when you need complex topologies to match the complexity of your services.

The product helps to aggregate network links. The tool increases security and makes it possible for you to have remote workers. 

The product needs to have more understanding staff in their support team. The tool needs to provide support in every stage of deployment. We did not get the expected support from their team. The product is also not easy to use. 

I have been using the product for two years. 

The product is stable. 

The product's initial setup is difficult and you need Cisco personal to assist you with it. 

The product's license is expensive. 

I would rate the solution a seven out of ten. If you have the money, then you should go for the product. The tool's performance is good. 

Initially, the primary use case was to lower costs, however, over time it has been to increase the availability of services according to the profile of the branches. 

Something very important is the security that this technology brings with it. We protect the data, we segment and give priority to what we need. In the same way, the possibility of being able to choose the underlay that I really need is great. Together with the type of service, the MPLS or Internet, is an advantage. In software-defined networks, the simplicity of doing things is its main characteristic.

It has allowed us to better understand the client's business. It breaks down a bit the traditional barriers of uptime and SLA and thus we are able to profile the branches in a better way.

Real-time traffic monitoring has become a fundamental tool for clients since it allows them to see what is happening in the moment and thus to be able to estimate trends or to project changes in a better and more assertive way.

The secure connection to the cloud is a gain when evaluating the traditional centralized internet links that generally exist in data centers.

Being able to see the traffic in real-time and know what application you are consuming, together with the possibility of taking your requirements directly from the cloud, has been useful.

Load balancing is a feature that allows us to take the best of our links and distribute the load intelligently, always with an eye on the end-customer experience.

Being able to prioritize, according to the applications, the exit and entrance of the traffic in a dynamic way, unlike the current quality of service that is rigid and static, is a tremendous advantage as it is done according to demands in real-time, so the customer experience is always the best.

It is transversal to all industries. What is important is to work on the costs of the solution.

On the technical side, manufacturer-independent solutions should be able to handle different topologies, simple or complex, and without having to invest more money in infrastructure or licensing.

What I also find should be improved is the possibility of really separating the software layer from the hardware layer since today the current offer is not well adopted by the service providers, which is why it does not reach the end customers. I understand this is an issue that directly affects the business goal of each manufacturer.

I've used the solution for five years.

The truth is that I started using an initial solution called IWAN, the intelligent network. It tried to take the best of current technologies and provide it in a network format. In my opinion, it did not achieve its goals.

It is not the cheapest solution on the market, however, without a doubt, it is one of the options that best handles complex topologies. Therefore there is a need to know more accurately what the client wants to do, what their applications are, what their flows are, and, after this consultation, define the best architecture and then choose the best manufacturer that obviously offers me a cost efficient option.

We evaluate the competition, however, within the same conditions, we wanted a dedicated equipment solution of bare metal, software, and hardware together plus the underlying layer.

This is a great solution.

Some clients resist switching to new technology and they're also afraid of problems with compatibility and the layout of the NOC. The NOC must change because nowadays new things are happening, but I believe that the beauty of SD-WAN is the vEdge. So for the customers that are afraid of new technologies, we can install the vEdge without spending a lot of money. It's just a virtual machine over there. You can do it on Cisco CSR or even ISR.

So we deploy a new branch or similar branch with this technology and show them. Then they're not afraid of it. It's very easy. Now, vManage is coming. So we have the analytics team, we have all the GUI interfaces so you can create a policy and now deploy it anywhere or you can define it. I believe everything is very easy for the people who want to work with it. 

Technologies are not new. Just the name changes. VPN is the same as VRF, which is the same as Tenant, but the way they're playing with this technology is very different. The method of management is different. I believe that if I show clients what is happening with vManage— the interface, the analytics how you can integrate with them—they will be in love with that. Mostly what I have done is to define and elaborate for them the differences between two solutions, and point out the advantages like visibility and easy management. In the end, but they agree to move to SD-WAN

But I believe that most of the customers are still afraid of SD-WAN because they rely on old solutions. And the old solution was great and working for many years, so they are afraid of the new solution. With vEdge, we have a great way to attract them to make them feel comfortable upgrading everything into the Cisco SD-WAN.

The best feature is SD-WAN's automation capabilities. I believe many customers don't care whether we use VPN, or that use color or mGRE. When you're talking about management of, for example, a DMVPN solution or MDI solution, what is the option? So we have to go to a bug-by-bug report, like for example, NSRP to show these things. With vManage, we can see everything. We have a graph that we can click on and it helps us to remember better. 

Another good feature in the HCI is the integration of a health monitoring system. Other solutions like SDx are all the same. They have an integrated health monitoring system. So if you are deploying a data center, the options aren't really that great. But this integrated health system in HCI in vManage or even SD-WAN in the vManage is helping a lot. And also 

Customizing SD-WAN is very easy because you can define two colors. You can define two different operators. You can deploy a partial mesh, a full mesh, or hub-and-spoke totally differently. If you want to do this on a DMVPN solution, that's really hard. Also, things like Quality of Service in mGRE environment, in my opinion, are very hard because when you are dealing with mGRE, you have one tunnel at the hub and a different tunnel at the spoke. So what if I want to limit the traffic in my hub at the spoke? Because I have one tunnel, all the branches will be affected if I implement a limitation or restriction. So that's why we have advanced technology, like adaptive quality of service. With SD-WAN, the QoS is much easier because it is separate from the VPN.

The very beauty of SD-WAN is the separation of the plane. Right now, there are different planes. Compared to other solutions, the whole thing is totally changed. Rebound and vManage came into play as well as the new protocols like PnP. I started to convert most of the solutions from regular DMVPN into SD-WAN because we have the capability to define our VPN or define our color and customize by making a full or partial image. 

In the next release, Cisco should focus on simplifying the configuration of SD-WAN.  SD-WAN has a lot of room to grow. If you compare vEdge and something like Cisco CSR, you'll see the difference. Because vEdge is natively from Viptela, it is a little more complicated to set up an SD-WAN compared with an ISE device like CSR or ISR, or ISR 4000. You have now two different configuration spaces like iOS, and then some commands and styles are Viptela. So this is the thing that Cisco should work on. 

I've spent a lot of time on it. I started with version 17 when SD-WAN first came out. I continued using the product after Cisco acquired Viptela because I really love Cisco. I followed everything Cisco-related since I was 18 or 19. I got my CCNP in 2003 and my first CCA in 2011. So I spend all my time on Cisco systems. Right now, I have more than 32 certificates. I recently passed the CISSP. I also have more than 20 certificates that have expired, like Cisco Sales Expert, Cisco ASA, VPN, and several old things.

SD-WAN is 100 percent stable. If you use the suggested operating system, all the Cisco solutions are stable. According to the Gartner Magic Quadrant rating, I believe Cisco was No. 1 three years ago. Now it is No. 2 or 3, so I believe that they could improve more.
And many customers have used DMVPN or VPN solutions for many years, so those solutions are also extremely stable.

it is very easy to deploy the whole solution. I have a customer with VoIP and data. For most of the data, the hub and spoke are enough, but for IP telephony or collaboration like chatting or video conference, they need to have a connection between spokes —between branches together — but not for data. With SD-WAN it's very easy. 

I think vEdge is much easier to work with when you compare it to Cisco CSR. Most of the people I know prefer to use ZTP or Zero Touch Provisioning, but it depends on the type of customer. With some customers, ZTP maybe is not the best solution. They should know what's going on. And if you try to configure SD-WAN on a solution like ISR 4000 or CSR, and you compare the same thing on vEdge, you will see that the vEdge is very straightforward. I believe in CSR and ISR 4000. There are some glitches. It's possible that you will get a little bit confused, but you have followed the instruction. You have to do it very carefully. Then you make the connection vManage and everything is done.

I would rate Cisco SD-WAN seven out of 10. 

The integration to the LAN could be improved. It should be an end-to-end solution, not only on the WAN side but also on the LAN and wifi, so a full end-to-end solution.

The integration of Layer 3 and application routing is great.

The technical support is a bit slow. Regarding additional features, it would be good to have a fully integrated solution with the Meraki solution, leading to a seamless Cisco solution.

We have been using this solution for about six years. It is deployed on-premises, and we are using our own management.

The stability is good.

I think the scalability fits the customer requirements. The number of staff required for maintenance depends on the complexity of the network and the number of sites. A single part does not cover it, so we have about 20 staff running our network services.

I rate the technical support a seven out of ten. They are good but not very innovative, and the feature requests take too long to implement.

We use different solutions like Viptela, VeloCloud and Versa.

The initial setup was complex, and it was completed in-house.

I am unsure about licensing costs.

I rate this solution an eight out of ten.