Transform Your SD-WAN with Cisco IOS XE White Paper
Available Languages
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Why should you migrate from Viptela OS to Cisco IOS XE SD-WAN, and how can you do it successfully?
Cisco’s acquisition of Viptela in 2017 established Cisco as an SD-WAN leader with a compelling control plane architecture suited to handle all deployment use cases while also focusing on direct internet access and saving on circuit costs. The ever-evolving world has sprinted toward SD-WAN, requiring advancements such as anywhere access with multicloud, application experience, security, and analytics being the key areas of focus.
Cisco has been at the forefront of WAN innovation, and the decades of that experience built into Cisco IOS XE, with continuous innovations driven by the need to adapt to new technologies such as seamless SD-WAN integration, UX 2.0, multitenancy, vAnalytics, SSL proxy, and application quality of experience (AppQoE), make Cisco IOS XE truly an enterprise-class operating system.
Cisco has announced the end of life for the vEdge 100, vEdge 1000, vEdge 2000, and vEdge 5000 routers. This was done with a vision to move forward with a single ecosystem that has the best of the controller architecture and the best of the infrastructure running on Cisco IOS XE.
Cisco has built a rich ecosystem over many years by addressing a multitude of use cases with the deployment of applications in data center or cloud, integrated voice with SD-WAN, integration with software-defined cloud interconnect (SDCI) providers such as Megaport and Equinix, and the launch of the Cisco Catalyst 8000 Edge Platforms Family in 2020. This ecosystem offers customers the best of the controller architecture with vManage, vSmart, and vBond; the best of software with Cisco IOS XE; and the best of infrastructure with the Catalyst 8000 Edge Platforms Family and Cisco 1000 Series Integrated Services Router (ISR) branch platforms.
Benefits of IOS-XE
The acquisition of Viptela brought to Cisco a new controller architecture that includes vManage, vSmart, and vBond. This architecture will continue to see innovations in the future, with UX 2.0 as the first step in that evolution. UX 2.0 is a fresh approach from Cisco that changes how our customers monitor, configure, and troubleshoot their WAN.
Some of the critical features of these UX innovations involve how you visualize your WAN:
● Workflow library
● Enhanced application monitoring
● Reporting
● Prebuilt templates
● Automatic site topology
● System- and user-defined tagging
● Enhanced Role-Based Access Control (RBAC)
● Accessibility
● Troubleshooting
Multicloud, application experience, security, and analytics are some of the other key capabilities that are part of all SD-WAN conversations today.
Cisco has been a pioneer in voice and is the only vendor that offers voice optimization with SD-WAN. Optimizing SaaS applications such as Office 365 and Webex by Cisco, and optimizing WAN traffic with TCP optimization and Data Redundancy Elimination (DRE), which are part of AppQoE, are some of the key capabilities that improve the application experience for end users.
The cloud-centric infrastructure with security at the forefront is part of almost all deployments today. The support for both on-premises and cloud security that is available through our integration with Cisco Umbrella gives you the flexibility to choose the right security solution for your organization.
With access from anywhere becoming more and more important, along with the need for faster access to business-critical applications, it is important for you to deliver a solution that not only meets the basic requirements of today’s SD-WAN network but goes beyond that by enabling insights and the ability to respond to evolving threats. Integration with Thousand Eyes and vAnalytics provides sufficient data to our network administrators to enable them to detect not only events occurring in the network now, but also the issues that may arise in future.
All of these extended capabilities and innovations in Cisco IOS XE are available now, and they are included in the solution that we want you to lead with.
Having retired the vEdge platforms, Cisco’s single focus will now be to continue innovating with the controller architecture, platform infrastructure, and software stack that is Cisco IOS XE SD-WAN.
How to successfully migrate from Viptela OS to Cisco IOS XE SD-WAN
Announcing the end of life for the vEdge platforms has been a difficult task. At the same time, we want to lead you into the next era of SD-WAN with an open and modern operating system—Cisco IOS XE. Cisco’s conscious effort has been to ensure a successful and cost-effective transition of your vEdge infrastructure to Cisco IOS XE SD-WAN.
Table 1. Migration assistance program
| Tools, services, and offers |
Benefits |
| Training and best practices |
Webinars to enable training of all stakeholders for a successful migration |
| Automation tools |
Tools to help with seamless migration from vEdge platforms to Cisco IOS XE SD-WAN-based platforms |
| CX Services |
Design validation, migration assistance, and best practices by the Cisco CX organization |
| Partner training |
Training for Cisco Mentored Install Service (MINT) partners to enable migration from vEdge platforms to Cisco IOS XE SD-WAN-based platforms |
| Migration offer |
Migration offer that reduces the overall cost of migration |
All of the above can be leveraged to enable a successful migration from vEdge platforms to Cisco IOS XE SD-WAN-based platforms. There are also tools available for customers who would like to handle the migration on their own but would like to look at the migration readiness of their overall vEdge infrastructure.
One of the most common tasks when planning for migration is to convert the templates from Viptela OS to Cisco IOS XE SD-WAN. One of the tools you can leverage is the SD-WAN conversion tool, which enables an easier and faster conversion of templates from Viptela OS.
The Cisco CX organization offers various services such as migration design validation as well as actual branch migration leveraging best practices, with the whole migration program led by the CX organization.
The overall migration assistance program brings all the pieces of the puzzle together to enable a seamless and successful migration from Viptela OS to Cisco IOS XE SD-WAN.
The feature richness of Cisco IOS XE SD-WAN is further elevated by the power of superior hardware. The migration of the vEdge infrastructure to Cisco IOS XE SD-WAN provides not only a broader feature set but also platforms with greater performance and scale.
The launch of the Catalyst 8000 Edge Platforms Family is a significant milestone in Cisco’s WAN journey. It brought about innovations that set industry standards for branch, aggregation, and cloud deployments.
Table 2. The Catalyst 8000 Edge Platforms Family
| Deployment |
Platform |
| Aggregation |
Catalyst 8500 Series Edge Platforms are powered by the third-generation Cisco QuantumFlow Processor ASIC (QFP 3.0) |
| Branch |
Catalyst 8300 and Catalyst 8200 Series Edge Platforms are powered by an x86 multicore System-on-Chip (SoC) architecture |
| Virtual/cloud |
Catalyst 8000V Edge Software can run on any x86/VNF-based host, either on-premises or in public cloud deployments |
Cisco also launched the 1100 Series Integrated Services Router (ISR 1100) platforms in November 2019. These platforms were purpose-built as migration platforms for the vEdge 100 and vEdge 1000 routers and supported only the Viptela OS at launch. Cisco also launched the ISR 1100X Series platforms in January 2021 and added support for Cisco IOS XE SD-WAN on the existing ISR 1100 and new ISR 1100X Series platforms. The dual OS support was included to enable ease of migration for customers running Viptela OS on the ISR 1100 Series. The ISR 1100X Series platforms support 8 GB of DRAM, which allows deployment of SD-WAN security features.
Table 3. ISR 1100 and ISR 1100X Series platforms
| Deployment |
Platform |
| Small to midsize branch |
Cisco 1000 Series ISR (ISR 1000) platforms can be deployed for small branch deployments with LTE, Wi-Fi, and DSL requirements. The recent launch of the ISR 1131 platforms brings Wi-Fi 6 capabilities (also known as 802.11ax), enabling small branch deployments. The Wi-Fi 6 standard builds on its predecessors by improving spectral efficiency, flexibility, and scalability. These enhancements provide networks with increased speed and capacity for next-generation applications.
Table 4. ISR 1000 Series platforms
Crypto architecture comparison
Table 5. High-performance IPsec—Catalyst 8000 Edge Platforms Family
|
|
vEdge platforms |
Catalyst 8500 |
Catalyst 8500L |
Catalyst 8300 |
|
|
|
|
|
|
| Crypto processing |
Software-based |
QFP 3.0 |
QAT |
QAT |
| Dedicated crypto core |
No |
Yes |
Yes |
No |
vEdge platforms don’t have a separate hardware chip to process IPsec traffic. Encrypt/decrypt functions for IPsec are done in software for all vEdge platforms. This limits the performance of IPsec compared with platforms that do the same in hardware.
With the Catalyst 8500 Series, all crypto processing happens in the QFP 3.0 with inline crypto, while the Catalyst 8500L, Catalyst 8300, and Catalyst 8200 use a Quick Assist Technology (QAT) chipset for encrypt/decrypt functions.
The Catalyst 8000 Edge Platforms Family delivers high IPsec performance with a dedicated core that enables fast processing of IPsec traffic compared to the vEdge platforms, which have no dedicated core.
Comparison of flow distribution algorithms
Table 6. Flow distribution algorithm
|
|
vEdge platforms |
Catalyst 8500 |
Catalyst 8500L |
Catalyst 8300 |
|
|
|
|
|
|
| Flow distribution |
Flow-based distribution |
Load-based distribution |
Advanced flow-based distribution |
Non-strict flow-based distribution |
| Flow assignment |
Flow pinning |
No flow pinning |
Flow pinning |
Flow pinning |
| Support for elephant-flow use case |
No |
Yes |
No |
Yes |
vEdge platforms have flow-based distribution with flow pinning based on 3-tuple hash, which is good from an inter-PPE (Packet Processing Engine) contention perspective but not for use cases such as elephant flows.
The Catalyst 8500L also uses flow-based distribution but uses a 5-tuple hash that gives more flexibility in assignment of flows to different cores.
The Catalyst 8500 uses load-based distribution with no flow pinning. Flows are assigned based on available PPEs. This makes it a perfect platform for all use cases, including elephant-flow use cases.
The Catalyst 8300, Catalyst 8200, ISR 1100, and ISR1100X Series platforms follow a hybrid approach for flow distribution called non-strict flow-based distribution. This allows them to use a helper core architecture in which an available PPE core can be used to help process an existing flow already assigned to another core. This enables them to be positioned for use cases such as elephant flows and provide much better performance compared to vEdge platforms.
Table 7. vEdge to Cisco IOS XE SD-WAN migration platforms
| vEdge platforms |
Cisco IOS XE SD-WAN platforms |
| vEdge 100b |
ISR 1100-4G, ISR 1100X-4G, ISR 1000 |
| vEdge 100m |
ISR 1100-4GLTE, ISR 1000 |
| vEdge 1000 |
ISR 1100-6G, ISR 1100X-6G, ISR 1000 |
| vEdge 2000 |
C8300-2N2S-4T2X, C8300-2N2S-6T, C8300-1N1S-4T2X, C8300-1N1S-6T, C8200-1N-4T |
| vEdge 5000 |
C8500-12X4QC, C8500-12X, C8500L-8S4X |
| vEdge Cloud |
Catalyst 8000V |
The ISR 1100 and ISR 1100X Series platforms are direct migration platforms for the vEdge 100 and vEdge 1000. These platforms support both Viptela OS and Cisco IOS XE SD-WAN. They have higher SD-WAN performance, with higher tunnel scale and an improved flow distribution algorithm. ISR 1100X Series platforms also support key dynamic core allocation features for additional services support such as SD-WAN security functions. Dual OS support on these platforms enables a seamless migration from Viptela OS to Cisco IOS XE SD-WAN.
The ISR 1000 Series platforms can also be positioned as migration platforms for the vEdge 100 and vEdge 1000. The ISR 1000 platforms support Wi-Fi, DSL, and LTE and can be positioned as migration platforms if there is a need for this feature set.
The Catalyst 8200 and 8300 Series have higher tunnel scale and IPsec performance compared to the vEdge 2000. These are usually positioned for midsize to large branch deployments and support more DRAM for additional services deployment.
The Catalyst 8500-12X4QC, 8500-12X, and 8500L-8S4X are targeted for aggregation deployment and are direct migration platforms for the vEdge 5000. They enable low-latency-based packet processing to deliver high IPsec performance with an increased tunnel scale. They are best for aggregation deployments and outperform the vEdge 5000 in performance, scale, and port density.
Feature parity—Viptela OS vs. Cisco IOS XE SD-WAN
Table 8. Secure deployment of multicloud network services at the network edge for enhanced quality of service and improved application experience
| Feature |
Cisco IOS XE SD-WAN |
Viptela OS |
|
| Multicloud |
Cloud OnRamp for IaaS |
|
|
| Cloud OnRamp for SaaS |
|
|
|
| Cloud OnRamp for Co-Location |
|
|
|
| Cloud Hub |
|
|
|
| Cloud Interconnect |
|
|
|
| Multicloud monitoring |
|
|
|
| Office 365 and Webex optimization |
|
|
|
| Application experience |
SD-AVC |
|
|
| Custom app |
|
|
|
| Packet duplication |
|
|
|
| Forward error correction |
|
|
|
| ThousandEyes |
|
|
|
| AppQoE – DRE |
|
|
|
| AppQoE – TCP optimization |
|
|
|
| AppNav |
|
|
|
Table 9. SD-WAN security functions
| Feature |
Cisco IOS XE SD-WAN |
Viptela OS |
|
| SD-WAN security |
Layer 3/Layer 4 stateful firewall |
|
|
| Firewall app aware |
|
|
|
| Intrusion prevention system |
|
|
|
| URL filtering |
|
|
|
| Umbrella DNS-layer security |
|
|
|
| Umbrella auto registration |
|
|
|
| Umbrella auto tunnel |
|
|
|
| Cisco Secure Endpoint |
|
|
|
| FIPS/FedRAMP/PCI compliance |
|
|
|
| Unified security policy |
|
|
|
| Cisco Secure Malware Analytics |
|
|
|
| Third-party security |
|
|
|
| SSL proxy |
|
|
|
Table 10. Unified communications features
| Feature |
Cisco IOS XE SD-WAN |
Viptela OS |
|
| Unified communications |
FXS |
|
|
| FXO |
|
|
|
| T1/E1 |
|
|
|
| Secure Remote Site Telephony (SRST) |
|
|
|
| Secure SRST |
|
|
|
| Cisco Unified Border Element (CUBE) |
|
|
|
| SIP gateway |
|
|
|
| Transcoding/video conferencing |
|
|
|
| SIP trunk |
|
|
|
Table 11. Optimized networking experience
| Feature |
Cisco IOS XE SD-WAN |
Viptela OS |
|
| Core SD-WAN |
IPsec/GRE tunnel—VPN 0 |
|
|
| Zero-Touch Provisioning (ZTP) |
|
|
|
| Multicast app-aware routing |
|
|
|
| Network Address Translation Direct Internet Access (NAT-DIA) |
|
|
|
| DIA tracker |
|
|
|
| IPv6 |
|
|
|
| Per-tunnel QoS |
|
|
|
| Adaptive QoS |
|
|
|
| Per-VPN QoS |
|
|
|
| Multitenancy controllers |
|
|
|
| Multitenancy data plane |
|
|
|
| UX 2.0 |
|
|
|
| vAnalytics |
|
|
|
| DSL, LTE, T1/E1 |
|
|
|
| SD-WAN and SD-Access |
|
|
|
| SD-WAN Application Centric Infrastructure (ACI) |
|
|
|
Change is the only constant, and that holds true for the rapidly evolving WAN. Having announced an important change—end of life for vEdge platforms—we don’t want you to feel overwhelmed when thinking about migrating your existing vEdge infrastructure to Cisco IOS XE SD-WAN-based platforms. Migration, even when relatively straightforward, can be daunting, and for this reason we have a suite of migration tools at your disposal that can be leveraged when migrating from vEdge to Cisco IOS XE SD-WAN-based platforms.
Migration tools
Table 12. Automation migration tools
| Migration tool |
Description |
| AURA-SDWAN (SURE) |
Brings the experience of Cisco support teams to perform preventive validations before upgrade |
| Cisco DNA RAT |
Network readiness assessment with software feature parity analysis between Viptela OS and Cisco IOS XE SD-WAN, platform, and license recommendations |
| convert2SDWAN |
Cloud-hosted solution to automate template or policies workflow conversion from vEdge to Cisco IOS XE SD-WAN |
| BMT (cloud hosted) |
Validates migrations for N+ sites by automating repetitive tasks and validations of vEdge to Cisco IOS XE SD-WAN at scale |
| Sastre |
Enables management of configuration elements, backup, and restore |
| SCDP |
Uses procedural best practices with predefined templates |
| Sastre-Pro |
Validates controller upgrade with pre- and post-upgrade snapshots |
| BMT (on-premises version; CX only) |
Used only in collaboration with Cisco CX services with end-to-end execution workflows |
How do you migrate to Cisco IOS XE SD-WAN with the minimum impact to your network? This is a very important question that needs to be answered when migrating from existing vEdge infrastructure.
Cisco has defined best practices that address this question with the single goal of creating as little impact to your infrastructure as possible during migration.
Let’s look at a typical vEdge deployment.
Typical vEdge deployment
The above deployment shows a dual vEdge 2000 deployed in a data center with single or dual vEdge branch sites connected over MPLS and the internet to the data center. An obvious question would be how to start the migration. You should start planning for migration in the following order:
● Data center sites
● Large branch sites
● Small branch sites
There are multiple approaches that can be used in migrating the data center deployment, and the approach you choose would mostly be used for large or small branch sites as well. Each approach has its pros and cons in terms of complexity, ease of troubleshooting if any issues arise, cost, and operational changes required.
The world of SD-WAN is rapidly evolving, and security, multicloud, application experience, and faster access to data while working from anywhere are at the forefront of the discussions on this subject. Cisco IOS XE SD-WAN is the industry-leading SD-WAN solution, incorporating the best of the controller architecture and best-in-class platforms with the Catalyst 8000 family and ISR 1000. These enable a rich ecosystem with which we can continue to innovate. We want you to lead with Cisco IOS XE SD-WAN to leverage this rich ecosystem that enables a transformative operational and secure experience.
To learn more about migrating from vEdge platforms to Cisco IOS XE SD-WAN-based platforms, visit the following:
Blog: Transform your SD-WAN with IOS-XE
Webinar: All You Need To Know Before Migrating From Viptela OS To XE SD WAN
FAQ: Cisco IOS XE Migration FAQ
End-of-Sale and End-of-Life Announcement for vEdge 2000 and vEdge 5000: End-of-Sale and End-of-Life Announcement for the Cisco VEDGE 2000 and 5000 Routers, Modules and Accessories - Cisco
End-of-Sale and End-of-Life Announcement for vEdge 100 and vEdge 1000: End-of-Sale and End-of-Life Announcement for the Cisco VEDGE-100B, VEDGE-100M AND VEDGE-1000 - Cisco
Migration offer: Upgrade from vEdge to Cisco IOS XE and Save Up To 30%