In order to achieve a resilient network, it is important to maintain high availability not only in control plane, but also at the data plane for traffic to flow smoothly, without any disruptions. In the event of unavailability of control plane, which governs and manages the data plane traffic, the whole WAN infrastructure and subsequent site traffic can go down, causing huge outages. The SD-WAN solution should be intelligent enough to not only ensure continuous data plane operation, but also to provide an optimized path for the application traffic for enhanced user experience.

Cisco SD-WAN provides faster link convergence, whenever the primary link fails, making sure that there is zero downtime on the actual traffic flowing across the network. Once the IPsec Tunnels are up and running, data plane traffic does not have any dependency on the control plane. Which means, that even if the connectivity from the edge devices to control plane is down, traffic between the IPsec established sites will remain up and running.

This has been tested and verified by Miercom, wherein following scenarios were recreated:

Internet link from Site-2 toward control plane was shut down, disconnecting it from controllers. 
Figure 1. Internet link from Site-2 toward control plane was shut down, disconnecting it from controllers.
Internet link toward control plane was shut down, disconnecting both the sites from the controllers. 
Figure 2. Internet link toward control plane was shut down, disconnecting both the sites from the controllers.

In both the cases, before bringing down the control connection, Miercom verified that IPSec Connectivity is up and running. Post verification, when the control links were shut down, it was observed that traffic flow was not impacted, and IPSec tunnels remained up and operational. It was observed that Cisco SD-WAN did not require any manual intervention for failover in both the scenarios.

Apart from providing link level resiliency for maintaining continuous flow of data traffic, Cisco SD-WAN also provides best path optimization based upon the SLAs defined in the application policies. It has been tested and verified that if the primary link goes down or if the SLA parameters such as latency, delay, jitter are compromised in comparison to what has been defined in the routing policies, then the application traffic automatically failover to the secondary link.

Default and Optimized Traffic Path

In comparison to such resilient SD-WAN architecture by Cisco, our competitor failed to provide high availability and disruption-free data flow. The similar scenarios were recreated and tested on our competitor’s solution. It has been observed that there is approximately 10 seconds of traffic disruption during failover testing, causing mission critical applications such as financial or banking application to go offline for a good amount of time.

Moreover, from overall architecture perspective, our competitor has dependency on cloud hosted controller and there are fixed ports in their edge devices to enable such connection. Hence, if the respective ports are taken down for disconnecting the controller communication, the edge devices will also go offline disrupting the whole network.

By comparing the functionality and performance for both the solutions, Miercom concluded that Cisco SD-WAN provides highly scalable network architecture, which enables auto failover of traffic circuits, as and when need arise. This makes sure that end users are not impacted due to any disruptions caused by link flapping or degraded circuit performance. Cisco SD-WAN always ensures that the application traffic is routed through the best optimized path, giving best user experience.

For more details on the test performed and other features compared, please refer to the detailed Miercom Report.


Check out our Cisco Networking video channel

Subscribe to the Networking blog


Sagar Anand

Technical Marketing Engineer

Enterprise Networking