Cisco always signals important market moves, sometimes with tangible changes and sometimes just by erecting an attractive billboard aimed at the media. The one they announced last week, the integration of the Viptela SD-WAN software with Cisco routers, is surely in the first category. Still, does this signal a problem for vendors in the space, an opportunity, a shift in the market dynamic, a change in SD-WAN technology, or perhaps all of the above?
The SD-WAN market is complicated enough as it is. I’ve noted in prior blogs that there are really two visions of SD-WAN. The first is based on the simple extension of MPLS VPNs to sites where MPLS isn’t economically viable. The second, on an “overlay” of existing networks with an SD-WAN/SDN virtualization model to define connectivity in a way much like “network as a service” or NaaS. There are also two principle sales models, one direct SD-WAN to the enterprise and the other SD-WAN services offered by network operators or managed service providers (MSPs). It’s into this multi-dimensional mix that we thrust Cisco’s own strategy.
Cisco has two SD-WAN products, both acquired through M&A. One is Meraki, which is a basic small-site offering that’s probably best for SMBs, and the other is Viptela, which Cisco has appeared to target primarily at the enterprise rather than on service providers. It’s Viptela that’s the focus of the recent announcement.
Viptela is among the SD-WAN market-share leaders, in part because they were doing well when acquired and in part because of Cisco’s influence thereafter. They are fairly conventional in terms of features, offering that I’ve called the “basic” extension model of SD-WAN. I’ve said from the first that I believed that SD-WAN’s future was “logical networking” as the basis for network-as-a-service (NaaS), and I don’t think Viptela has those features yet. Of course, we’re not in the future yet, and so the immediate question is what this will do today. The next question is whether Cisco will push a broader logical-networking position later on, and even the answer to the immediate question may depend on how competitors see that second question being answered.
The Viptela enterprise-centric positioning is a bit off-center with respect to current market trends. MSPs are the primary channel for SD-WAN to business, and network operators the fastest-growing channel. Even the notion that adding SD-WAN to a Cisco router as an option for deployment is strange, if you assume the classic mission of SD-WAN (extend the company VPN to small, thinly connected, sites) is the driver. Those sites wouldn’t likely have a router in place, and it would be way cheaper to add a minimalist SD-WAN appliance or a software instance.
Cisco’s enterprise focus might have left many service-provider-centric SD-WAN competitors feeling pretty save, and surely the enterprise targeting of the current announcement could be seen as extending that enterprise focus. Given all that, this latest SD-WAN-in-the-router play might not seem to matter much, but it does.
The first reason is simple. If Cisco is going to push SD-WAN aggressively to enterprises, it makes operator or MSP sales of SD-WAN more competitive and difficult. Cisco has enormous influence in the big enterprise accounts; it has the highest strategic influence of any company in our most recent surveys. The influence means Cisco people can to a degree control the pace of SD-WAN consideration and establish the mindset of the buyers. It used to be called “wiring the RFP.” Making SD-WAN a part of a Cisco router moves it into the mainstream of Cisco sales efforts, and any competitor who isn’t afraid of Cisco sales is delusional.
The second reason is more complicated. Small sites typical of SD-WAN deployment are not likely targets for routers at all, as we’ve noted. Cisco still has the old Viptela options for those sites, but this new announcement has the potential to get SD-WAN into all sites with routers. It’s the sites that have MPLS VPN connectivity that are now easier to serve with SD-WAN, not to enable users to switch to Internet transport (though some sites could) but to provide SD-WAN agility everywhere. That moves us from what we called, in our SD-WAN tutorial, the “extend” to the “overlay” model of SD-WAN, a model where SD-WAN has complete control over enterprise connectivity.
The primary drivers of the overlay model of SD-WAN have been, up to now, desire for complete management visibility and exploitation of “logical-networking” identity-based connection policy management. The overlay model requires an SD-WAN node in every location, and if Cisco can easily put one there, it means that Cisco might then migrate to the logical networking model to exploit their position in the network. Just that possibility would then push SD-WAN vendors faster toward logical-networking features.
They’d need them anyway. You don’t want to do no-differentiation-for-us competitive sales positionings against the Cisco sales machine. It will be quickly more difficult for SD-WAN competitors to avoid introducing new and valuable features, because loss of market relevance would be the result. MSPs who have an interest in enterprise services will be the first, and most, impacted because Cisco hits them directly from the enterprise side. In any case, Cisco could confound everyone by taking the logical-networking step themselves, preemptively.
Is there anything that would encourage Cisco to shift toward a logical-networking positioning for SD-WAN? Sure is, and it’s a good one. Cisco knows security is perhaps the hottest area in networking when it comes to new product decisions, and nothing puts an incumbent at risk as new-think on the part of buyers. SD-WAN, universally deployed and equipped with strong logical-networking powers, could revolutionize network security. That’s true whether it’s integrated with an edge router or deployed as a software instance or appliance, and whether it’s done by Cisco or by somebody else. Hence, Cisco has to think seriously about doing it, or they admit another vendor onto every site in their network.
Thinking seriously isn’t the same thing as committing, and keeping other vendors out of Cisco accounts could also be achieved simply by getting the Cisco SD-WAN in place and letting the feature wars go on without Cisco’s participation. That might on the surface seem rather short-sighted, but remember that very few SD-WAN vendors (or other vendors) offer logical networking. Cisco was criticized for taking a back seat in adopting the OpenFlow SDN model, and their strategy of policy-based software-defined networking was more than enough to stave off any SDN threat. Could happen again here.
That’s particularly true given that the SD-WAN space is hardly hopping with stories about logical networking or buzzing with RFPs that demand it. Most buyers and vendors are still quite happy to be supporting that old MPLS-VPN-extension model, and it will probably take some major market force to drive things in a more logical-network-oriented direction. If that force doesn’t act, then Cisco is perfectly safe with a conservative enterprise-focused position. The “major market force” can’t come from just anywhere, either. Only two competing SD-WAN vendors have the overall market strength to push things against Cisco’s approach on their buyer influence alone.
One company is VMware, who kind-of-promised a unified logical-networking story with its Virtual Cloud Network, but isn’t quite there at this point. Their Velocloud SD-WAN is used by Windstream, who just claimed to have the largest SD-WAN service base, and they’ve just announced they’re picking up Dell EMC’s service assurance suite in a move aiming (to they say in the release) at network operator 5G evolution. I’d rate them the largest of the vendor threats.
The other is Nokia/Nuage, who has an exceptionally good relationship with the network operators. They also have what I think is the top SDN product, and their SDN and SD-WAN approaches are integrated. The problem Nokia has is largely one of articulation, but in a sales war with Cisco that’s enough of a problem to give pause.
Another possible “major market force” would be the adoption of a logical-networking story by one of the major network operators or MSPs. Whoever supplied the technology, the source of the service would then put the same pressure on Cisco to be more aggressive with logical networking features. It’s impossible to say at this point whether this is going to happen soon, or at all.
Another impact this might have is on management integration. Cisco intends to integrate the Viptela management into its overall management platform, and that could offer users a significant benefit. In turn, it could make other SD-WAN vendors focus more on management and management integration. I expect this to be a longer-term impact, though, not only because management integration isn’t there yet for Cisco’s SD-WAN strategy but because Cisco’s enterprise targeting yields different management requirements than exist for vendors who target network operators and MSPs.
SD-WAN is obviously the populist solution to VPNs. There’s an enormous market benefit to offering SD-WAN as a managed service to SMBs, and similarly to smaller enterprise sites. That pressure operates on both network operators and MSPs. There’s also a significant benefit to having enterprises extend VPNs via SD-WAN, either through managed services or direct SD-WAN product purchases. I think SD-WAN is going to end up as the de facto VPN strategy fairly quickly, and Cisco has to stay level with the SD-WAN playing field or the trend threatens their account control.
Thus, the law of unintended consequences. Cisco has, on the surface, reinforced its enterprise focus for SD-WAN, but by linking SD-WAN into an edge router, it has also made it easier for enterprises to adopt an overlay SD-WAN that would give SD-WANs total connectivity control. Rivals like VMware and Nokia/Nuage, who have a more service-provider focus for their sales, could see Cisco’s move as a broad threat, and turn to logical networking features to help differentiate their stuff and support their customers, who are SD-WAN service providers. Anyone who blinks in the direction of a feature war in SD-WAN promotes logical networking, as the obvious end-game for features.
Could a “typical” SD-WAN vendor push logical networking, and thus push Cisco? It would be far more difficult to do that now, given that SD-WAN is hardly a new concept and the media hates to write recapitulation or repositioning stories about something already covered. Difficult, but not impossible, and if Cisco really locks up the larger enterprises with its SD-WAN-in-a-router model, many of the current SD-WA players might have to take an aggressive swing, before it’s too late.