基于Cisco IWAN 的 SDWAN 技术分析

This artical is reorganized based on Cisco’s White papers: Intelligent WAN Is the Foundation for the SoftwareDefined WAN by Zeus Kerravala, at September 2015.

Cisco’s page link


Introduction: Digital Transformation Drives WAN Evolution

Digital transformation is reshaping the business landscape faster than at any time in history. It used to take decades to disrupt a market, but natively digital companies such as Uber and Airbnb have disrupted their industries in just half a decade.

Digitization is creating new winners and losers at an unprecedented rate —— that is, having the ability to take advantage of market opportunities faster than the competition. This shift to being an agile business has now become a top initiative for IT and business leaders. This is why businesses spent more than $12 billion on technology to make IT more agile in 2014, according to ZK Research.

However, one part of IT that has yet to evolve and lacks flexibility is the enterprise wide area network (WAN) Evolving the WAN must be a top priority for every IT and business leader.

Other factors driving the evolution of the WAN

  • Cloud computing continues to skyrocket.

More applications and workloads are heading to the cloud. Today, the cloud is the fastest growing segment of enterprise software, grow from $46 billion globally in 2014 to more than $116 billion in 2019. (Exhibit 1). The surge in cloud traffic is driving significantly different traffic patterns over enterprise WANs.

  • Collaboration becomes business critical.

For the digital enterprise, competitive advantage is based on an organization’s ability to make the right decision while involving the best people in as short a time as possible, regardless of where they are located.

communications (UC) and video conferencing mission are critical. Multimedia applications, such as voice and video, are putting a strain on today’s WANs.

  • Computing shifts to a network-centric model.

Mobile computing, the cloud, the Internet of Things (IoT) and big data are at the top of almost every organization’s priority list. These new compute models are all network centric, meaning the network plays a significant role in the success or failure of these initiatives.

II: Challenges with the Traditional WAN

The current architecture used to design business WANs has been in place for more than 30 years.

The existing model was designed for predictable traffic flows from client/server computing and best effort Internet traffic. The centralized architecture is optimized for manageability but lacks any kind of dynamism or granular access control required for today’s diverse and varied traffic types driven from mobile users, extranets and telecommuters.

video traffic consumes up to 90% of business traffic today, which is a major shift from even a decade ago when video constituted less than 10% of network traffic.

The evolving business climate is putting new demands on the WAN that cannot be met with legacy deployment models because of the following challenges:

  • Inefficient use of network bandwidth:

    “active/passive” mode almost all organizations provision backup network connections. In most cases, the dual network connections are put in “active/passive” mode, where all traffic is sent down the primary connection and the backup link only becomes active when the primary fails. This causes organizations to pay for up to twice the amount ofbandwidth they are actually using.

  • High cost of bandwidth:

the only way to ensure the availability of bandwidth for applications is to use expensive private IP network services such as Multiprotocol Label Switching (MPLS).

  • Security and performance are overlay technologies:

Securing a legacy WAN is typically accomplished by layering on additional physical appliances to add the new functionality required. The overlay approach, which is built on multiple appliances, can further increase the complexity of the network.

  • Little to no automation capabilities:

WANs have almost no ability to automate network operations tasks.

The provisioning of new services and the implementation of configuration changes are typically done manually on a box-by-box basis, creating long lead times for any kind of change to be made.

In this era of network-centric IT, a network engineer’s time is extremely valuable.

  • Difficulty optimizing the user experience:

    It is still difficult for most network managers to optimize the user experience of WAN-based applications.

    Consequently, network managers are often tuning quality-of-service (QoS) settings, creating alternative paths or changing other network parameters. This
    tweaking of the network is often done “ad hoc” when users are complaining about problems

Improving the quality of experience for applications requires having deep visibility into application behavior, identifying optimal paths and then automating constant changes to QoS settings and other factors.

Business leaders must shed their legacy thinking.

It’s time for the software-defined WAN.

III: Introducing the Software Defined WAN

A software-defined WAN can be thought of as the next generation of WAN architecture that is optimized for network-centric compute models such as cloud, mobile computing and IoT.

An SD-WAN is built on the concepts of openness, agility, orchestration, analytics and security while continuously optimizing application performance. It enables application policies to be used to automate configuration changes, move traffic flows or enact other changes to ensure the network continually meets the needs of the organization.

One approach to accomplishing this is to abstract the control functions into an external controller. This provides the benefit of centralized policy expressions with distributed enforcement for scalability. Other benefits include zero-touch deployment as well as simplified configuration and troubleshooting。

However, it can pose challenges with enforcing security at the branch and with performance and resiliency depending on where the controller is located.

Another approach is to have the controller distributed as part of the network infrastructure. This provides the benefits of centralization but also enables stronger security in the branch, greater availability and more resiliency along with faster adaptation to network conditions.


In 2014, the Open Networking User Group (ONUG) defined the following 10 criteria for an SD-WAN:

  1. Ability for branch offices to leverage both public and private WAN connections in an active/active configuration

  2. Ability to deploy customer-premises equipment (CPE) in either a physical or a virtual form factor on any hardware, including commodity infrastructure

  3. Secure hybrid WAN architecture that allows for dynamic traffic engineering capabilities across private and public WAN paths as specified by application policies, network WAN availability and/or degradation at the transport or application layer

  4. Visibility, prioritization and steering of business-critical and real-time applications as per security and corporate governance and compliance policies

  5. A highly available and resilient hybrid WAN for an optimized application experience.

  6. Layer 2 and layer 3 interoperability with a directly connected switch and/or router

  7. Management dashboard that provides site-, application- and VPN-level performance reporting

  8. Open, northbound (NB) APIs for controller access and management and the ability to forward specific log events to network event correlation managers and security event managers

  9. Zero-touch deployment capabilities at branch sites with minimal to no configuration changes directly on the infrastructure to ensure the highest level of agility

  10. FIPS 140-2 validation certification with automated certificate lifecycle management and reporting

The definition of an SD-WAN is continually evolving, and there is no “de facto standard” when it comes to what is and what is not an SD-WAN.

IV: Cisco’s IWAN

Cisco’s Intelligent WAN can be thought of as a platform for WAN transformation.

A business could start by implementing a hybrid WAN today to gain the cost benefits of the Internet, and then migrate to an SD-WAN at a later date without adding more appliances and complexity in the branch. Once the SD-WAN is in place, the organization can use IWAN as a foundation for branch automation and service virtualization.

IWAN enables the following WAN capabilities:

  • Application experience:

Application optimization features such as intelligent path selection and WAN acceleration to ensure the best possible user experience.

  • Secure access:

Advanced threat detection to block most threats but also quickly identify any breaches that do occur and then rapidly mitigate them.

  • Lower costs:

Transport-independent WANs so that any combination of broadband, 3G/4G wireless or traditional networking services (e.g., MPLS VPNs) can be used for network transport simultaneously, with a single, common network design across every transport.

  • Simplicity:

Automation and orchestration of network services to ensure that the provisioning of new services and the implementation of network changes are driven by business policy and done at the speed required by a digital organization

some reference linking:

Additional benefits:

  • Full system validation:

Deploying an SD-WAN can be a daunting task for most customers. To help simplify deployment, Cisco has created a number of technology design guides, or Cisco Validated Designs (CVDs).

  • End-to-end solution:

The ability to “software define” the WAN provides many benefits to the customer. However, organizations should also consider bringing the benefits of software-defined networking to the campus edge (wired and wireless) and the data center.

  • Single platform for features beyond the SDWAN:

The Cisco Integrated Services Router(ISR)

  • Open platform:

As a company, Cisco has been committed to developing standards-based, open platforms, and the SD-WAN is no exception.The open strategy enables a broad third-party ecosystem to interoperate with and enhance Cisco’s IWAN. This includes expert-system partners such as LiveAction, Glue Networks and Akama.

  • Ability to extend Cisco Application Centric Infrastructure (ACI) to the WAN edge:

The Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM)

  • Automation capabilities:

The Cisco APIC-EM controller’s IWAN Application automates the configuration and deployment of advanced IWAN features such as security, path optimization, enhanced application visibility and QoS on Cisco’s 4000 series Integrated Services Router.

  • Cisco Services and large partner ecosystem…

  • Next-generation branch…

V: Conclusion and Recommendations

The digital era is here and is creating new market leaders almost overnight. Business and IT leaders must focus on building an IT foundation that is dynamic, secure and agile to capitalize on digitization. Shifting the organization’s WAN strategy away from legacy architectures to a software-defined WAN is a key step in building an agile IT foundation.

However, the SD-WAN market is still evolving, and there is no industry-wide accepted definition for this technology. Consequently, it’s important to build a flexible foundation on which services can be deployed today but can then expand in the future as the needs of the business change and as SD-WANs continue to evolve.

Any organization looking to harness the power of digital transformation should make evolving to an SD-WAN a top priority. As next steps, ZK Research recommends the following:

  • Evaluate solution providers on their ability to enable SD-WAN services today, but ensure the needs of the business will be met in the future.

For example, Cisco’s IWAN takes an architectural approach to building an SD-WAN and enables businesses to start with network automation; but then it allows them to move past this phase, evolve the branch office and transition to a virtual services model to deliver any application or service to all users, no matter where they are located.

  • Consider real-time traffic when building an SD-WAN.

Real-time traffic applications such as voice and video are among the most difficult to run over a WAN. The requirements of these types of applications must be considered when architecting a next-generation WAN

  • Shed conventional thinking around network design.

Many factors are involved in designing a WAN, and IT leaders must be willing to think differently today.

For example, years ago, organizations would never have considered using broadband Internet or cellular services for business connectivity. Today, it’s possible to use a combination of DSL, cable and 4G wireless to connect branch offices. An SD-WAN isn’t a traditional WAN, and it’s important that IT leaders not discount possible solutions because of historical biases.