Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Overview

Typical branch offices can have multiple WAN connection types, including MPLS, Internet (such as LTE and ADSL), and so on. In these traditional networks, the MPLS-based connection typically includes performance guarantees known as service level agreements (SLAs) to ensure business-critical applications can function properly. The Internet connection often provides an alternative link for backup and load balancing purposes. However, with Internet access offerings providing ever-increasing bandwidth, many applications can now reasonably be routed over the Internet link.

Software-defined wide area networking (SD-WAN) is primarily thought of as a connectivity solution, implemented as an overlay on top of traditional WAN access. An SD-WAN solution provides the ability to make use of the links in whichever way an enterprise customer wishes, as shown in Figure 1.

In an SD-WAN environment, low-priority traffic can use the lower-cost Internet link(s), while more important traffic can travel across better quality links (such as those provided by an MPLS network). Link usage can also be assigned per application. With an SD-WAN solution, an enterprise customer can mix and match cost optimization with SLA requirements as they see fit.

Starting in CSO Release 6.0.0, you can choose one of the following SD-WAN service levels for a tenant:

  • Essentials—Provides the basic SD-WAN services (called Secure SD-WAN Essentials). This service is ideal for small enterprises looking for managing simple WAN connectivity with comprehensive NGFW security services at the branch sites, using link-based application steering. The SD-WAN Essentials service allows Internet traffic to breakout locally, and thus avoids the need to backhaul web traffic over costly VPN or MPLS links. The sites support features such as intent-based firewall policies, WAN link management and control, CSO-controlled routing between sites connected through the static VPN, and site to site communication through MPLS or internet links behind NAT. A tenant with the SD-WAN Essentials service level can create only SD-WAN Essentials sites. You can upgrade the SD-WAN service level of a tenant from Essentials to Advanced, by editing the tenant information. See Edit Tenant Parameters.

  • Advanced—Provides the complete SD-WAN service (called Secure SD-WAN Advanced). This service is ideal for enterprises with one or more data centers, requiring flexible topologies and dynamic application steering. Site-to-Site connectivity can be established by using a hub in a hub-and-spoke topology or through static or dynamic full mesh VPN tunnels. Enterprise wide intent based SD-WAN policies and service-level agreement (SLA) measurements allow to differentiate and dynamically route traffic for different applications.

    Note:

    SD-WAN sites on CSO Release 5.4 or earlier versions are treated as SD-WAN Advanced sites. You cannot downgrade the SD-WAN service level of a tenant from Advanced to Essentials.