Cisco Systems Brings Some Muscle to SD-WAN

eWEEK NETWORKING ANALYSIS: New Catalyst 8000 Series edge device provides a high-performance foundation for SASE.


Edge router market share leader Cisco Systems this week announced a new line of infrastructure to address the changing needs of the SD-WANs and SASE (Secure Access Service Edge) deployments. 

For years, Cisco’s integrated services routers (ISRs) and aggregation services routers (ASRs) have been the gold standard for edge infrastructure and hold well over 80% market share--even reaching north of 90% in some markets. However, as the poet and songwriter Bob Dylan once sang, “The Times They Are a-Changin’,” and what made Cisco successful at the edge of the network in the past isn’t going to meet the needs of customers moving forward.

Cisco announces new Catalyst 8000 Series edge devices 

Cisco’s new flagship edge products are the Catalyst 8000 Edge Family optimized for SD-WAN and SASE. The products were built with high availability, agility, and cloud scale and simplicity in mind. Cisco has always made the best routers, as evidenced by its share, and the new “Cat 8Ks” still have its best in class routing stack in them, but the product has been beefed up to handle SASE requirements. 

The security requirements of SASE are being addressed through integration with Cisco’s Umbrella suite of cloud-native security services. These are ideally suited for smaller locations with a handful of people.

For larger locations, it makes sense to keep the security local, because the amount of traffic going to and from the Umbrella cloud for inspection purposes could be greater than the network traffic. In that case, the Cat8K is loaded with a full stack of on-board security services, such as a firewall and IDS/IPS.

Customers could also use the product in a hybrid mode, where certain services like DNS security and CASB from the cloud and other services such as a firewall on premises can be deployed. The key is the customer has a tremendous amount of flexibility to architect the SASE environment in a way that’s optimal to it. Juxtapose this with a SASE vendor that only has cloud services, where the customer will be forced into a design that might not work well for them.

Cisco announced several models for its new Cat8K family. Details: 

  • Catalyst 8500 series is designed for high performance environments such as data centers, colocation and aggregation sites. The edge device has integrated 40G and 100G ports and is built on Cisco’s Quantum Flow ASIC. Historically, Cisco has gained a price/performance advantage over the competition by spinning its own silicon. This enables Cisco to design chips that are optimized for high performance network and security services versus ones that are designed for general purpose, and this matters in high-performance environments.
  • Catalyst 8300 series is for branch offices. The product is modular in design enabling customers to deploy a wide range of services and make changes as the business requires. This flexibility enables customers to deploy a fully software-defined branch, including connectivity, edge computing and storage. The compute and switching capabilities can be dropped in using Cisco’s UCS-E blades and UADP powered switch modules.
  • Catalyst 8000V edge software is a virtual version of the Cat8K but delivers the same features in software. This lets customers deploy the 8K feature set in the cloud or on a virtualized system.

Also, as part of this announcement, Cisco unveiled a Catalyst Cellular Gateway. This enables customers to deploy a wireless WAN using 4G services--and soon 5G. The cellular service will likely be used as a backup for most customers but, with 5G, can be a viable option for the primary connection. 

New Catalyst 8000s are fully programmable 

The new SASE devices are open and programmable via a wide range of APIs that can enable automation. During the past five years, Cisco has invested heavily into its DevNet program to increase the level of programmability of its products. The automation capabilities provide a roadmap to an intent-based network, which can be thought of as a fully, self-operating, self-securing and self-optimizing. 

The products also provide rich telemetry information that can be fed into Cisco vAnalytics to provide key insights into performance and anomalies that can indicate a security breach. The machine learning-based analysis can also be used to shift to a proactive model where network professionals are able to predict problems before they happen. 

While Cisco isn’t the first SASE vendor, it’s providing a path to a next-generation WAN just as the market is hitting an inflection point. The new Cat8Ks bring a wide range of capabilities and a mix of on-board and cloud security that gives customers a wide range of choice. 

Zeus Kerravala is an eWEEK regular contributor and the founder and principal analyst with ZK Research. He spent 10 years at Yankee Group and prior to that held a number of corporate IT positions.