Revolutionizing WANs with Cisco IOS XE Software-Defined Architecture

August 7, 2018 - 24 Comments

Your distributed office wide area networks are about to get disrupted—in a good way. Software-defined WANs are upgrading application performance to enable people in branch offices, stores, and clinics to operate at peak efficiency. But before today, many organization needed to upgrade their hardware in order to take full advantage of SD-WAN. To make SD-WAN as ubiquitous as possible, Cisco is expanding our Viptela SD-WAN capabilities across the ISR/ASR router family with Cisco IOS® XE software. Let’s look at why this is a perfect union of two powerful technologies and what it means for your organization.

With traditional rigid MPLS WAN implementations, workers at remote branches are constrained by performance and bandwidth issues that affects how they can interact with customers, patients, and coworkers. Applying SD-WAN technology to existing ISR/ASR infrastructure enables higher bandwidth at lower cost, better reliability, and improved Quality of Service (QoS) for superior application experiences. Implementing an SD-WAN solves multiple challenges in managing networks for a distributed enterprise by:

  • Unifying connectivity across MPLS, Ethernet, internet, leased lines, DSL, and LTE networks.
  • Maintaining consistent experience and performance for SaaS, cloud, and data center applications.
  • Securing device and application access to enterprise data resources.
  • Reducing transmission costs while increasing bandwidth for interactive applications, video, and conferencing.
  • Enabling provisioning of remote zero-touch edge routers with configuration via cloud management tools.
  • Managing WAN connectivity with in-house expertise using visual management tools.

Bringing SD-WAN Fabric to Cisco ISR/ASR Routers 

Over a million of our ISR/ASR family of edge routers are in use by organizations worldwide. Shortly after acquiring Viptela in 2017, we made the Viptela SD-WAN solution available to all our customers and partners. The release of Cisco IOS XE provides an instant upgrade path for creating cloud-controlled SD-WAN Fabrics to connect distributed offices, people, devices, and applications operating on the installed base. Progressive organizations are already benefiting from SD-WAN implementations to unite their distributed branches and improve cloud application performance.

  • An insurance organization with thousands of branch offices implemented SD-WAN to increase the reliability and resiliency of their branch connectivity and improve performance for SaaS applications like Office 365 while reducing costly MPLS backhaul traffic.
  • A clothing retail chain added guest Wi-Fi services to 1200 stores to augment the omni-channel shopping experience, segmenting the guest traffic from critical business applications and sensitive traffic such as payment information with the SD-WAN.
  • A life sciences company with research and manufacturing offices worldwide implemented SD-WAN to increase bandwidth and performance at remote facilities while driving down MPLS costs by 80%.

Cisco SD-WAN on edge routers builds a secure virtual IP fabric by combining routing, segmentation, security, policy, and orchestration. It eliminates backhauling from branches to headquarters to access SaaS applications, improving application performance and experience for a distributed and mobile workforce. For example, at the branch-level, you can define a performance policy for Cloud SaaS Onramps to maintain a level of QoS for Office 356 performance and assign a real-time streaming policy for unified communications.

Keeping data traffic and connections secure is also simplified with an SD-WAN. Multilayer security encrypts all data from the WAN edge to the cloud. Segmentation keeps sensitive data from co-mingling with regular traffic. Malware-infected endpoints are automatically isolated from the network to stop infections from spreading.

Simplifying WAN Operations with Cloud Management

One of the main challenges for a distributed organization is managing branch networks without sending IT technicians to sites every time routers need tuning or replacing. The ability to configure and manage branch routers from a central point—the single pane of glass approach—alleviates much of the time and travel expense of maintaining traditional MPLS WANs. With Cisco vManage and zero-touch provisioning of ISR/ASR edge routers, reliability and resiliency are easier to manage. 

A typical Day-Zero to Day-N implementation for adding a branch to the corporate WAN starts with shipping the desired ISR/ASR router to the site to provide MPLS, Internet, or 4G LTE access to Ethernet or Wi-Fi nodes in the office. Local office workers power up the router without needing any technical configuration knowledge. IT uses vManage as a cloud application to connect with the newly installed router, and downloads configuration files, including policies that govern device security, application QoS, and segmentation, among other parameters.

Maintaining Uptime and Simplifying Equipment Replacements

Let’s look at an example of a Cisco SD-WAN implementation to see how global convenience store retailer shortens the replacement time of connections for Point-of-Sale devices at stores. Their Cisco SD-WAN is currently supporting 3400+ locations, adding 500 new stores every month. Before the SD-WAN implementation, replacement equipment had to be pre-configured at IT headquarters, then shipped to the store, which could take several days, during which time the PoS could be unavailable—a real money loser. With Cisco SD-WAN, un-configured devices can be stored regionally for faster shipping and installation. The replacement edge routers are plugged in by local staff and configured via vManage and an LTE connection. With cloud management, there is no need to send IT personnel to stores to configure routers, saving time and travel expenses while maximizing uptime.

SD-WAN Goal Achieved, the Journey to Intent-Based Networking Continues

With this release of Cisco IOS XE, we’ve reached our goal of bringing SD-WAN capabilities to the ISR/ASR router families. But we are not pausing in the journey to bring Intent-Based Networking to distributed enterprises. We will be integrating vManage capabilities into our DNA Center network controller, providing visibility, security, and intent over all the network segments from the campus to data center to distributed branch offices. We will continue our efforts to make the complexities of networking simple, secure, and automated so that you can focus on innovation for your distributed operations.

For a demonstration of Cisco’s SD-WAN architecture, watch a new Cisco TechWiseTV show on SD-WAN and vManage. 


In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. Never mind, I was able to locate all (3) of these vManage, vSmart and vBond in the Software Center via Plug-N-Play.


  2. We are currently setting up a lab are are in need of some information.

    The lab has (4) ISR4331's running (2) at the branch and (1) in each simulated cloud. The 4331's have each been converted to the Viptela code.

    However, we need to understand how to order /download the vManage, vBond Orchestrator and the vSmart Controller.

    We were unable to locate any of these items in Cisco CCW. And were unable to download them from Cisco Software Downloads…

    Thanks in advance,


  3. Hi Jim,

    Please also refer to the just posted white paper


  4. Is there a URL explaining the requirements for running the Viptela image on the 4331. What is need on the 4331?

  5. really great info… with the increased use of cloud services the WAN is really becoming the backbone of the enterprise and Cisco SDWAN is the way to go!!

  6. I already have CCNA R&S, CCNA Security which will be expiring on July 08 2019. I am now studying CCNA Cyber Security fundamental. My question is can this CCNA Cyber Security update my previous CCNA's up to date?

  7. Thank you for this informative Blog. This really is making me want to know more about this technology

  8. Cisco IT has been rolling out Viptela SD-WAN in production at branch offices with excellent results. We have had an excellent partnership with the BU team.

    Currently, we are testing the native Viptela SD-WAN image on ASR1002-HX and the ISRv native SD-WAN image for ENCS platform.

    We are also testing the native SD-WAN image on ISR 4331. The 4331 testing will prepare us to run the native SD-WAN image on 4451X branch office routers in the future when it is supported.

    • Some people cannot replace their routers and move services over to a Viptela box, especially running voice services from the router. This is why its more attractive for a IOS upgrade and a license on an existing 4451-X. It would make things more easier.

  9. Sounds cool! Looking forward to get my hands on this. 🙂

  10. Nice Article … Looks promising…

  11. Is there any definitive timeline when the image is going to be
    available for Isr 4300 or asr1k units which supports SD Wan?

  12. Excellent Blog on SD-WAN, already receiving good feedback from field.

  13. Installation does not work, we had to use many work arounds to get things working, not ready for prime time.

    • Sarah and Tom,

      Please reach out to me at, would be glad to hear about any issues that you might have experienced – we take pride in our software quality.

  14. We would like to see it function better, we have heard for months from our sales reps that the ISR functions are coming still nothing

  15. Rock Solid Platform + Viptela integration is awesome SD-WAN tech available in market today.

  16. Fantastic blog on SD-WAN and its offerings. World's best SD-WAN technology and world's best Routing platforms! Kudos to everyone who made this happen.