Cisco Blogs

Network of the Future, Today. How We’re Growing WAN Capacity While Optimizing Costs

August 10, 2018 - 26 Comments

If you haven’t seen my colleague Ben Irving’s Network of the Future blog, I recommend you check it out. In this blog I’ll share what we’ve accomplished so far in terms of the new WAN architecture Ben describes here.

Why increase WAN capacity?

Two reasons. First, we need more capacity to keep delivering a great application experience from our private cloud. Employees in our 450 branch offices use the WAN to access applications for engineering, finance, marketing, HR, etc.

Second, we’re becoming a true multi-cloud company. We use almost 1000 cloud services, including Cisco Webex, Salesforce, Office365, and Box. Currently, more than 25% of traffic from our campuses and branch offices heads to public clouds. We expect that percentage to keep growing, so we need WAN capacity to carry that traffic reliably and securely.

Historically, when we needed more capacity we paid the service provider to bump up the guaranteed bandwidth (committed information rate) on our existing circuits. That’s quite costly in some regions, like the Middle East. Scaling WAN bandwidth also takes a lot of time and coordination because our various service providers and carriers use different systems and backend devices.

Now we’re switching gears by optimizing the capacity we already have, using SD-WAN technology. The bonus is that the same SD-WAN solutions also lower our operational costs in ways I’ll cover at the end of this blog.

Offloading traffic to the Internet

Today, Cisco sites receive one of several WAN services, depending on their size and availability requirements. Large offices and TAC sites get two MPLS circuits—one primary and one for backup. Midsize offices get one MPLS circuit and a VPN-over-Internet connection for backup. Smaller offices typically just have the VPN-over-Internet connection.

MPLS circuits are well worth the cost for our critical traffic because they’re fast and secure. But it’s harder to justify MPLS for backup circuits because they’re hardly ever used. So now we’re experimenting with giving large offices one MPLS and one Internet link. We use the Internet link not only for backup but also for less-critical traffic. Shifting less-critical traffic to the Internet frees up more capacity for critical traffic on the MPLS link—and also saves money.

Making this work requires two kinds of SD-WAN intelligence:

  • Recognizing the type of traffic currently flowing across the network. Does it have security or performance requirements that require it to go over MPLS?
  • Routing the traffic to the right link: critical traffic to MPLS, less-critical traffic to the Internet.

Viptela, our SD-WAN solution, does both. Part of Cisco IT’s mission is to be Cisco’s first customer—“customer zero”—for new products, like Viptela. Putting Cisco products to work to solve our own business needs gives us the chance to validate deployment guidelines, evaluate use cases, and recommend operational best practices for our customers. We’re currently conducting a pilot in nine midsize offices—three in Europe (Scotland, Manchester, and Prague) and six in the Americas (Glendale, Rancho Cordova, Pleasanton, Franklin, Richmond, and Irvine). We’re using Viptela to set policies for which application traffic travels over the primary (MPLS) and secondary (Internet) circuits. For example, video and engineering traffic always travel over MPLS because of their performance and security requirements, while email and web searches can go over the Internet. Based on initial testing, we expect to reduce overall load on the primary circuit at each local office by approximately 25%. You can read about the deployment details in this brief.

Saving money at the same time

In addition to freeing up WAN capacity, SD-WAN technology is also lowering operational costs, by:

  • Putting the idle secondary WAN link to work so that we don’t have to pay for more bandwidth.
  • Providing direct Internet access.
  • Enabling us to manage routing policy centrally from the Viptela cloud. This comes up when we need to apply a security patch, troubleshoot performance issues, or change a WAN security policy. Before, an engineer made the change device by device. With an SD-WAN controller, the engineer can define policy centrally and then push it out to all SD-WAN routers with a click. We expect automation to lower WAN operational costs by 30%.

Next steps

We’ll soon extend Viptela to a total of 25 sites—4 more in August and and the rest in the fall of 2018. In addition to offloading email and web searches to the Internet, we’ll also offload traffic from several business applications, including Webex, Box, iCloud, and Office365. We’ll load-balance this traffic across both circuits.

What are your hopes and plans for SD-WAN? Share them in the comment box.

Spanish version

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. Interesting to hear how the circuits are set up in different-sized locations. I'm surprised the large sites are currently using 2 MPLS circuits since they're so high cost. I'd be interested to know how much of our traffic needs to be low latency/high availability/high security, and how much can operate just fine with normal internet circuits.

    • The large sites with 2 MPLS circuits are usually the ones that are critical to business, and the 2nd circuit is in place as a full backup.
      Presently, with the ability to offload less business critical traffic to business broadband, we are looking at offloading 25% traffic to internet circuits. This number may increase as we evaluate the different applications/traffic.

  2. Glad to hear that it is informative and enjoyable.

  3. Loved the simplicity of the SD-WAN story and the customer perspective. Did not realize we have ~1000 cloud services being used across the company! Thank you for a very informative and enlightening blog, Carol!

  4. Hi Carol,

    Excelent article. Just a question. What would be the correct path to start SD-WAN training? I have the CCNP certificacion…
    Regards and thanks

    • Hernan,
      It depends on where you are at today.
      At a high level, probably 3 areas to think about.
      – Learning about the technologies (Cisco DevNet is a good resource to start)
      – Building out software and data skills
      – If you are in an agile environment, get acquainted with the methodologies.
      Hope this helps.

  5. Nice Blog

    Very Well explained our Plans for SD-WAN.


  6. You are a great story teller Carol. Great job on explaining how our SD-WAN technology works and the business value.

  7. Thank you Carol for this informative blog- it is very valuable to understand our long term SD-WAN strategy & it is exciting to know that IT, GIS & Network Services are working on enabling outcomes that directly connect to our corporate priorities such as Multi-Cloud.

  8. Great writeup to understand the value of Viptela and how we could translate the same to customers being in the fore-front to prove "Customer 0"

  9. Great, real-world example that's helpful for all of us to share with customers

  10. Being a non technical IT professional, really enjoyed reading this blog that firstly put the business value (why) into context and then explain the technical approach we tackle the problem (how). A great reminder for all IT professionals on how we need to tell our story. Nicely done Carol!

  11. Wow! Easy to understand the big picture with crisp and clear explanation . Thank you for this post Carol.

  12. Very Engaging Blog on our SD-WAN Strategy !

  13. Great Blog on our SD-WAN strategy, Carol!

    • Thank you Harry. It is important for all of us to understand our long term SD-WAN strategy and where we are at today.

  14. Great granular detail on how technology works and it's implementation in prod

  15. Once of the best blogs written about SD-WAN in a real world scenario.

  16. You cannot make it clearer. I just enjoy reading this blog. Thanks!

  17. You cannot make it clearer. I just enjoy reading this blog. Thanks!