EMAIL SUPPORT
dclessons@dclessons.comLOCATION
AFCisco SDWAN Platform
Cisco SDWAN Platform
Cisco SD-WAN Edge platforms has following capabilities:
- Flexible and versatile platform support for every use case.
- Varying security services supported across different platforms.
- All platforms offer security services with different performance and feature sets supported.
Catalyst 8000 Series is new and purpose-built for Cisco SD-WAN or secure access service edge (SASE) architecture.
There are two versions of Cisco SD-WAN software:
- Standard Cisco IOS XE Software (which supports Controller mode for Cisco SD-WAN).
- Viptela operating system (which is slowly being deprecated).
Small and Large Branches
The branch use case scenario is split into two parts:
- Small office, home office (SOHO), or small branch, which is typically covered by the integrated services router (ISR) 1000 platform (instead of the original vEdge devices which are now end of sale [EOS]). On Standard Cisco IOS XE Software, this includes the Cisco ISR 1100 portfolio with options such as modular design for pluggable Wireless WAN (Long-Term Evolution [LTE] or 5G) connectivity which makes the platform future proof.
- Medium or large branches are covered by ISR 4000 Series Routers, which offer a more comprehensive set of features, such as advanced security profiles and Cisco Unified Communications services.
The medium and large branch use cases are now also covered by the new Catalyst 8000 Series Routers, which are purpose-built for Cisco SD-WAN and SASE architectures.
Smaller and medium branches are covered by Catalyst 8200 and for larger ones, there is Catalyst 8300.
Other platforms that can cover the SOHO or small branch scenario are Viptela operating system based ISR 1100-4G or 6G platforms. These platforms are purpose-built for Cisco SD-WAN only, supporting both Viptela operating system and now Cisco IOS XE Controller mode. These platforms also support LTE as a wireless WAN connectivity option and can run advanced security features.
If a customer requires to run Cisco SD-WAN as Network Functions Virtualization (NFV) at a branch to deploy, service chaining or wants to simplify their inventory management, universal Customer Premises Equipment (uCPE) platforms such as ENCS or Catalyst 8200 uCPE are available.
Aggregation Locations
For large sites or aggregation locations, Cisco ASR 1000 Series Routers are supported—Specifically, the 1001, 1002, and 1006 routers. From the Catalyst 8000 Series family, similarly powerful Catalyst 8500 routers are available. These platforms can scale and aggregate thousands of IPsec tunnels.
For aggregation using NFV platforms or deployments in the cloud, two cloud-based platforms are available to customers: Cisco Cloud Services Router (CSR) 1000V Series or the new Catalyst 8000V routers. These routers can be deployed in a public or private cloud, supporting the same feature set as physical equipment, with performance depending on the number of allocated resources.
Cisco Catalyst 8000 Series Cloud Scale SD-WAN
Here are Catalyst 8000 cloud-scale SD-WAN Edge platforms benefits:
- Integration with leading cloud providers.
- Improved application performance.
- Integrated security and advanced segmentation.
- Performance enhancements for Cisco Umbrella.
Catalyst 8000 Series routers are the new family of Cisco routing products. They combine Cisco SD-WAN, application visibility, and cloud security to deliver scalable, flexible, and secure cloud connectivity for nearly any organization. They offer fast cloud connections for the entire network, plus visibility and control beyond traditional network boundaries.
Cloud: Built from the ground to support services required for interconnecting with the cloud, Catalyst 8000 routers are highly scalable with improved Cisco SD-WAN performance based on the new QuantumFlow Processor (QFP) 3.0. It positions the platforms as the perfect Edge device when moving to or adopting cloud services.
SASE: Catalyst 8000 Series routers are built for SASE with support for automatic integration with Cisco Umbrella security services. This approach allows for quick and easy setup and integration of the platforms. Integrations extend from just DNS to full secure internet gateway (SIG) deployments, enabling the SASE journey. For scenarios where cloud-delivered security is not an option, these platforms support a full stack of advanced security and threat prevention functionalities such as a zone-based firewall (ZBFW), IPS, Cisco URL Filtering (URL-F), Cisco Secure Endpoint, SSL proxy, and so on.
Edge Processing: With increased requirements for edge processing and compute power Catalyst 8000 Edge Platforms have built-in support for virtualization and application hosting. Deploying applications such as ThousandEyes or Advanced Threat Prevention can now be quick and easy, requiring no additional hardware on the edge. With added support for custom applications hosted container-based environments, the network can easily support any business requirements.
ISR 1000 Series Including ISR 1100-4G and ISR1100-6G
ISR 1000 Series (ISR 1121, 1161, and so on) standard models:
- Support for Cisco SD-WAN or Autonomous mode on Cisco IOS XE Software.
- Better suited for slower rollouts where the customer is gradually upgrading equipment and switching to Cisco SD-WAN.
- Offers a modular approach to Wireless WAN (3G, LTE, and so on). The goal is an easier upgrade to 5G later in the lifecycle.
- Advanced security functionalities (Unified Threat Defense [UTD] container) with additional DRAM and Flash which are available on both LTE and non-LTE models.
- Processor limits tunnel scale. Realistically it is limited to around 200 tunnels per device.
- No support for ThousandEyes Enterprise Agent on these models.
ISR 1100-4G or 6G:
- Originally meant as a replacement for the vEdge 100 and vEdge 1000 Series, supporting only Viptela operating system.
- From 17.4 support for Cisco IOS XE Software (only controller mode).
- 1100-4G or 6G Routers are more suitable for greenfield Cisco SD-WAN deployments.
- No modular Wireless WAN models, limiting deployment options.
- Massive improvements in tunnel scaling, around 1500 tunnels per device (due to different processor architecture).
- Upcoming support for ThousandEyes Enterprise Agent on devices (different processor architecture).
Cisco WAN Edge Platform Security Support
Here is an overview of the security services supported by Cisco SD-WAN Edge platforms:
- All platforms support basic zone-based firewall, DNS or Web-Layer security, and SIG.
- Application-Aware firewall supported only on Cisco IOS XE Software WAN Edge routers.
- Cisco Secure Endpoint requires a minimum of 4GB RAM.
- Enabling on-box security impacts performance.
LEAVE A COMMENT
Please login here to comment.