Part 2: Optimizing Application Experience

As applications are migrating to the cloud and being offered either as Software-as-a-Service (SaaS) or built as cloud native infrastructure, the network must become more application aware, programmable, and intelligent to deliver the best experience to users. My previous blog post discussed how Cisco Software-Defined WAN (SD-WAN) provides seamless connectivity to applications from anywhere. This blog post explores how applications can take advantage of and work cooperatively with the network to obtain a higher quality of experience through network policy, telemetry, and other features that promote security, reliability, and efficiency.

Application Experience with Cisco SD-WAN

Most enterprise are using SaaS applications for their day-to-day operations and adopting many different cloud environments as their IT infrastructure for business-critical applications. Organizations can custom-select different cloud services for specific functions and to take advantage of flexibility, performance, agility, and cost savings.

These SaaS applications are being consumed by a diverse set of devices, locations, and types of users who are constantly on the move. Enterprises face numerous challenges in terms of automation and management of this multifaceted environment. Meanwhile, application and user requirements are continuously and rapidly evolving. Traditional methods of planning and rollout may not meet current needs. What’s required is a network that is self-learning, aware, and adaptable to address application requirements dynamically and in real-time.

As enterprise application data traverses the internet and encounters congestion, packet loss and high latencies can occur. This results in a sub-optimal experience for users. Cisco SD-WAN, with advanced App Aware Routing based on network and application health telemetry, provides intelligent path selection and policy enforcement. These contribute to an optimal application experience by adopting to the changing needs of an application based on a user’s location, health of the network, and health of the application. Cisco SD-WAN provides best performing SLA for all types of traffic bound to cloud or to on-prem networks.

Application Optimization and Experience for SaaS

Multi Path SaaS Access with Cisco SD-WAN
Figure 1. Multi Path SaaS Access with Cisco SD-WAN

To provide the most optimal SaaS application experience, the SD-WAN fabric must first classify the application, select the best SaaS point of presence (PoP) to serve users, and then decide the most optimal path to the selected PoP that meets the SLA needs of the user.

Example: Microsoft Office 365 Application Suite Experience

Network Based Application Recognition (NBAR) is used to classify distinct URLs for different applications. Applications can be mapped based on different traffic precedence or sensitivity. Typically, applications are categorized into Optimize, Allow, or Default categories. But with end-to-end telemetry using Application Infused Path Feedback (AIPF) an SD-WAN controller can use telemetry imported from Microsoft to optimize applications more granularly based on best path selection logic.

Transforming User Experience with Microsoft - Cisco SDWAN Telemetry
Figure 2. Transforming User Experience with Microsoft – Cisco SD-WAN Telemetry

The SD-WAN fabric continuously monitors the performance of alternate paths to SaaS and selects the best path based on the performance and network metrics such as loss, latency, etcetera. Here’s how application aware networking with Cisco SD-WAN works.

Step 1: DNS requests to the SaaS applications are sent on all available WAN paths

Cloud Access to SaaS Services with Dual DIA.
Figure 3. Cloud Access to SaaS Services with Dual DIA.

Step 2: DNS resolution for the configured SaaS application is completed on all possible path options.

Cisco SDWAN SaaS adoption options.
Figure 4. Cisco SD-WAN SaaS adoption options.

Step 3: Periodic HTTP pings to the configured cloud onramp a SaaS application on each Direct Internet Access (DIA) circuit and probe for loss and latency. The best path selected is based on defined policies. When none of the paths are considered optimal, Cisco has added support for the user to either select the suboptimal path (best of worst) or redirect traffic elsewhere. This action is also based on defined policies.

Step 4: Quality of experience is calculated based on loss, latency, and perceived user experience as determined by telemetry data exchanged with SaaS applications.

At the heart of the enhanced application experience is the ability to combine application health perceived by the users in conjunction with the current health of the network as observed by the SD-WAN fabric to select the best path to Office 365.

Example: Application Experience of a Cloud Hosted Application in Google Cloud Platform

One of the fundamental questions of application aware networking is how network application developers can program the network to meet application needs. Cisco has developed a solution working closely with the Google Cloud Platform (GCP) team to allow DevOps teams to denote the traffic profile of an application using Google Cloud Service Directory, which can Inform vManage to set up a network policy to meet an application’s requirements in a programmable manner.

Different traffic profiles can be associated with different services as needed. Application teams deploy Kubernetes workloads with metadata annotations, properly classifying application services according to certain traffic profiles (e.g., video streaming or VoIP). The integration of service directory with Google Cloud Identity and Access Management (IAM) ensures that only those on the application team with the appropriate permissions can modify the traffic profile for a service.

Cisco Google Application Optimization workflow
Figure 5. Cisco Google Application Optimization Workflow

Step 1: Application team adds metadata annotation to a workload deployment.

Step 2: -Monitoring engine runs in the Kubernetes cluster and actively monitors the deployed services and publishes the metadata to the service registry.

Containers with Meta Data Annotations published in Service Directory
Figure 6. Containers with Meta Data Annotations published in Service Directory

Step 3: vManage on the SD-WAN side connects to the service registry and periodically polls to keep track of updates regarding the services exposed. SD-WAN policies can be updated when changes are detected.

Step 4: SD-WAN application policy is created and maps the service-associated metadata into the detailed SD-WAN policies programmed by NetOps in the SD-WAN controller. The policies are dynamically updated based on metadata annotations published and polled periodically via the service registry.

These simple four steps allow an application developer to express the needs of the application in a programmable manner. The controller then sets up policies for the SD-WAN fabric to meet the application requirements.


This blog summarized how a SaaS application such as Office 365 or a cloud native application built in GCP can cooperatively work with the Cisco SD-WAN fabric to provide a higher quality of experience. Cisco SD-WAN is bringing DevOps, NetOps, and SecOps closer to one other to drive the best outcomes. It’s delivering an application aware network fabric for all modern applications running in private data centers, hosted in the cloud, or delivered as SaaS.

For more information, visit:

Application Aware Networking with Cisco SD-WAN, Part 1: Seamless Connectivity From Anywhere

Cisco SD-WAN Cloud Hub with Google Cloud Delivers Enterprise Connectivity Over Global Cloud Network

SD-WAN and SASE: The new landscape of networking


Check out our Cisco Networking video channel

Subscribe to the Cisco Networking blog


Ram Singh

Vice President of Engineering

Catalyst Engineering