Cisco DNA Software for SD-WAN and Routing Guide
Available Languages
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This marketing document is intended to foster the initial discussion around migrating your network from a traditional routing implementation over to a Cisco Catalyst SD-WAN architecture. It is not intended as an exhaustive, complete engineering document with all of the steps required to migrate your WAN to a modern Cisco Catalyst SD-WAN. For those purposes, the Cisco support team has created an in-depth (55-page) Cisco Catalyst SD-WAN migration guide for use by network engineers engaged in the architecture, planning, design, and implementation: https://www.cisco.com/c/dam/en/us/td/docs/routers/sdwan/migration-guide/cisco-sd-wan-migration-guide.pdf.
This document is intended to be a quick overview of the basic steps and work involved so that customers can get a general idea of the time investment required by their IT team. After a brief discussion of the benefits of Cisco Catalyst SD-WAN in general, this Quick Start document will cover the following migration steps:
1. Verify that your current Cisco® routers support Cisco Catalyst SD-WAN.
2. Select the Cisco DNA software for SD-WAN and Routing tier.
3. Install the Cisco Catalyst SD-WAN applications, either on premises or in the cloud.
4. Convert your current router configurations to Cisco Catalyst SD-WAN configurations.
5. Push your new Cisco Catalyst SD-WAN configurations to your branch routers.
As companies continue to rely more on applications in the cloud, and as workers and branch offices are ever more distributed, Cisco Catalyst SD-WAN becomes a critical business enabler. Cisco customers tell us that their most visible benefits after migrating from traditional routing to Cisco Catalyst SD-WAN are:
● Improved application experience, including up to 40% improvement in Office 365 performance
● Faster onboarding of new services
● Reduction in unplanned downtime
● Reduction in OpEx
● Improved security
● Cloud OnRamp for SaaS
● SASE to support hybrid work
SD-WAN diagram
Verify that your current Cisco routers support Cisco Catalyst SD-WAN
The first step in mapping out your migration to Cisco Catalyst SD-WAN is to verify that the Cisco campus and branch edge routers that you are currently using can be software upgraded to Cisco Catalyst SD-WAN, thereby eliminating the need to purchase new hardware. The three series of routers that are software upgradable to Cisco Catalyst SD-WAN are the Cisco 1000 Series Integrated Services Routers (ISR 1000), G2 launched in 2009; Cisco 4000 Series Integrated Services Routers (ISR 4000), launched in 2013; and the Cisco ASR 1000 Series Aggregation Services Routers (ASR 1000), launched in 2008. How can routers that were originally sold back in 2008 still be relevant to Cisco Catalyst SD-WAN? The reason is the power of software—and good hardware design. Figure 2 lists the models of Cisco routers that can be upgraded to Cisco Catalyst SD-WAN software.
Cisco routers eligible for Cisco Catalyst SD-WAN software upgrade
There are a number of caveats and exceptions, such as certain specific models and/or interface modules that are not supported. Take an inventory of your current Cisco routers with the actual model number and serial number for each. Check the Install and Upgrade notes for the latest version of the Cisco IOS® XE Software that you will be installing. The notes for Release 17.2.1, with router version support, can be found here: https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/sdwan-xe-gs-book/install-upgrade-17-2-later.html.
The complete list of release notes for all Cisco Catalyst SD-WAN software versions can be found here: https://www.cisco.com/c/en/us/support/routers/sd-wan/products-release-notes-list.html.
If you have Cisco Catalyst® 8000 Edge Platforms Family devices in your network, these also can support Cisco Catalyst SD-WAN, and they already come with Cisco IOS XE installed from the factory. You should upgrade these devices to the latest version of Cisco IOS XE before migrating them to Cisco Catalyst SD-WAN.
Cisco Catalyst 8000 Edge Platforms Family
Select the Cisco DNA Software for SD-WAN and Routing tier
Figure 4 below is a high-level view of the Cisco DNA Software for SD-WAN and Routing tiers available at Cisco. The tiered design of Cisco DNA Software is nested, meaning that each next higher tier includes all of the features in the lower tier(s). All of the functionality of Essentials is contained within Advantage. And likewise, Premier includes all the functionality of both Essentials and Advantage, plus the Premier-only items.
Practically speaking, small Cisco Catalyst SD-WAN deployments limited to four user VPNs and simple Cisco Catalyst SD-WAN use cases will be served well by the Cisco DNA Essentials product offering. More complex and expansive Cisco Catalyst SD-WAN use cases, including network analytics, will require the Advantage tier. And those customers desiring an entry into the world of secure access service edge, or SASE, will need to select the Premier product.
Cisco DNA for SD-WAN and Routing software subscription offer structure
The marquee Premier feature is Cisco Umbrella® Secure Internet Gateway, or Cisco Umbrella SIG, which includes:
Cloud delivered DNS-layer security to block requests before a connection is even established.
● A full-proxy secure web gateway to log and inspect all web traffic.
● A cloud access security broker (CASB) plus App Discovery functionality to uncover rogue apps.
● A cloud-delivered firewall (CDFW) to prevent intrusion.
● Globally sourced internet activity threat intelligence to uncover malicious domains, IPs, and URLs.
● Cisco Secure Malware Analytics (formerly Threat Grid) to detect and quarantine malicious files.
For a more complete breakdown of capabilities in each of the three tiers, please consult the Cisco DNA Software for SD-WAN and Routing Feature Matrix.
Install the Cisco Catalyst SD-WAN applications
The “software-defined” part of SD-WAN is powered by the Cisco Catalyst SD-WAN Manager, the Cisco Catalyst SD-WAN Controller, and the Cisco Catalyst SD-WAN Validator.
Cisco Catalyst SD-WAN Manager is the Network Management System (NMS) and interface dashboard for operations and maintenance, including device provisioning, configuration, authentication, and policy management, as well as operational status, such as performance and troubleshooting.
Cisco Catalyst SD-WAN Controller is the centralized brain of the Cisco Catalyst SD-WAN solution, controlling the flow of data traffic throughout the network. It oversees the control plane of the Cisco Catalyst SD-WAN fabric, efficiently managing provisioning, maintenance, and security for the entire Cisco Catalyst SD-WAN overlay network. The Cisco Catalyst SD-WAN Controller works with the Cisco Catalyst SD-WAN Validator to authenticate Cisco vEdge devices as they join the network and to orchestrate connectivity among the edge routers.
Cisco Catalyst SD-WAN Validator automatically authenticates all other Cisco vEdge devices when they join the Cisco Catalyst SD-WAN overlay network and orchestrates connectivity between edge routers and Cisco Catalyst SD-WAN Controller. If any edge router or Cisco Catalyst SD-WAN Controller is behind a Network Address Translation (NAT) device, the Cisco Catalyst SD-WAN Validator also serves as an initial NAT traversal orchestrator.
All three of these components are installed simultaneously on a virtual machine (VM) format supporting popular hypervisors (ESXi, KVM, AWS, Azure). These three components can be deployed on customer premises, private cloud, or public cloud. They can be hosted by Cisco on AWS or Azure VPC. A combination of options is also possible, but in practice, this usually translates to a control plane hosted by Cisco (Cisco Catalyst SD-WAN Validator, Cisco Catalyst SD-WAN Controller) and an on-premises management plane (Cisco Catalyst SD-WAN Manager). For most customers, installing the Cisco Catalyst SD-WAN applications on an on-premises server is the simplest and quickest way to get started.
Customers are encouraged to discuss with their Cisco partner or Cisco account manager the best option for their needs. Further information about Cisco Catalyst SD-WAN applications can be found in our detailed SD-WAN Controller Setup Guide and in our SD-WAN On-Prem Controller Deployment video.
Convert your current router configurations to Cisco Catalyst SD-WAN configurations
Cisco has developed a Cisco Catalyst SD-WAN conversion tool that greatly facilitates migrating from traditional routing to Cisco Catalyst SD-WAN. This tool analyzes your current router configuration and automatically creates a new router configuration for Cisco Catalyst SD-WAN. Not only does this save countless hours of work, but it also guarantees consistency in the configuration of each branch router. Additionally, the tool will flag any configuration parameters that are not supported in Cisco Catalyst SD-WAN and will recommend workarounds when necessary.
Cisco’s online Convert to Cisco Catalyst SD-WAN tool
To use this converter, you will need to establish a library of all the Cisco router model configurations that are currently active in your network. Once you have this library established, use the tool at https://convert2sdwan.cisco.com and follow the steps to upload, analyze, and convert each individual router configuration. Click here for a videofurther explaining Cisco’s convert to Cisco Catalyst SD-WAN tool.
Once the conversion process is complete, the newly created Cisco Catalyst SD-WAN configuration library is ready for deployment via the Cisco Catalyst SD-WAN Manager.
Push your new Cisco Catalyst SD-WAN configurations to your branch routers
The final step is to push your new Cisco Catalyst SD-WAN configurations via Cisco Catalyst SD-WAN Manager to your devices. If you have many branches to migrate, this process can be automated with a workflow that supports up to 25 devices (branch routers) simultaneously. You can view a video of this quick connect process here.
Hopefully this quick start guide has given you an idea of the steps and effort involved in upgrading a traditional routed WAN to the latest Cisco Catalyst SD-WAN. Cisco has taken many steps to ensure that this complex process is as simple as possible; however, your IT engineers should consult with your Cisco partner or managed services partner for guidance and support and follow the complete Cisco Catalyst SD-WAN End-to-End Deployment Guide for this process.
Cisco Catalyst SD-WAN Migration Guide
Download the Software for Cisco IOS XE Release 17.2.1r or Later
Install Software on Cisco ASR, Cisco ISR and Cisco ENCS Platforms
Install a Cisco Catalyst 8000V Edge Software Platform
Cisco DNA Software for SD-WAN and Routing Feature Matrix