Cisco SD-WAN is an enterprise-grade WAN architecture overlay that enables digital and cloud transformation for enterprises. It fully integrates routing, security, centralized policy, and orchestration into large-scale networks. It is a multi-tenant, cloud-delivered, highly automated, secure, scalable, and application-aware solution with rich analytics. The Cisco SD-WAN technology addresses the problems and challenges of common WAN deployments. Some of the benefits include
- Centralized management and policy management
- Ability to mix MPLS, Internet, and any combination of transport technology in active/active fashion
- Transport-independent overlay
- Deployment flexibility
- Robust security, including strong encryption of data, end-to-end network segmentation, a router and controller Zero Trust model, control plane protection, and an application firewall
- Application visibility and recognition and application-aware policies
- Analytics with visibility into applications and infrastructure
As shown in Figure 11-1, Cisco’s SD-WAN architecture is divided into the following planes:

Figure 11-1 SD-WAN Architecture
- Orchestration plane: This plane assists in the automatic onboarding of SD-WAN routers into the SD-WAN overlay.
- Management plane: This plane is responsible for central configuration and monitoring.
- Control plane: This plane builds and maintains the network topology and makes decisions on where traffic flows.
- Data plane: This plane is responsible for forwarding packets based on decisions from the control plane.
Orchestration Plane
The vBond component resides in the orchestration plane. vBond is a software-based component that performs the initial authentication of vEdge devices and orchestrates vSmart and vEdge connectivity. In other words, it tells vEdge routers how to connect with vManage and vSmart controllers, and it tells vSmart controllers about the new vEdge devices.
Because vManage also performs orchestration functions, it is included in this plane.
Management Plane
The vManage component resides in the management plane. vManage is the centralized network management system (NMS) that provides a GUI interface to monitor, configure, and maintain all Cisco SD-WAN devices and links in the underlay and overlay networks. vManage supports web console, REST API, CLI, syslog, SNMP, and NETCONF. The vManage dashboard provides
- Transport independence: vManage automates flexibility over multiple connections, such as MPLS, Internet, and 5G.
- Network services: vManage provides WAN optimization, cloud security, firewalling, intrusion prevention services, and URL filtering.
- Endpoint flexibility: vManage simplifies connectivity across branches, campuses, data centers, and cloud environments.
The vAnalytics engine, which is accessed through vManage, is also a management plane component. vAnalytics allows end-to-end visibility of applications and infrastructure across the entire SD-WAN fabric with real-time information about failure correlation and application scores, ability to see “what-if” scenarios for performance forecasting, application QoS categorization, and policy changes for predictable performance, and assistance in planning application provisioning, bandwidth increases, and branch expansions.