The Application-centric model of Cisco’s IWAN

I’ve been keeping the very corner of my eye on Cisco’s IWAN and it’s rapid evolution in the realm of SD-WAN.  At the recent Network Field Day event (NFD10), some light was shed on the application-centric aspects of IWAN under APIC-EM that I believe really sets it apart from some of the competing solutions out there. Sumanth Kakaraparthi, Principal Product Manager with Cisco, discussed the company’s approach to SD-WAN in a concise presentation to the NFD10 delegates and live viewers. Two key differences stand out to me –

  • IWAN’s support for wide varieties of connectivity options: MPLS, commodity internet, 3G/4G, cloud
  • IWAN’s seriously flexible application-centric policies.  

If you’re not already familiar with Cisco’s Application Policy Infrastructure Controller Enterprise Module (APIC-EM, phew), it’s essentially a Software-defined Network (SDN) controller providing you a single, centralized management interface for automation and network abstraction in your enterprise and campus networks, delivering an application-centric approach to network operations. APIC-EM is modular, meaning you can bolt on applications, such as IWAN, for specific needs.  IWAN is Intelligent WAN, and it’s core purpose is to automate the configuration and operation of advanced WAN capabilities, abstracting complicated protocols such as: BGP, DMVPN, IKEv2, PfRv3, etc., into policy-based configurations, centralized around application performance and user experience.  There are numerous resources that go much further into detail about APIC-EM and IWAN, which I’ll list at the bottom of this article.

Connectivity Options!


A common trend I’m seeing with SD-WAN solutions is a narrowing focus on zero-touch provisioning (ZTP) under the assumption that all companies are running commodity internet or some service that provides their branch edge router a DHCP address. This assumption and narrowed vision can lead to inadequate solutions and unhappy customers who are living in the real world of MPLS circuits with direct BGP peering with providers. This may one day change, but for now, many enterprise customers will choose to run circuits that guarantee bandwidth and QoS, that don’t rely on unmanaged modems, etc.  SD-WAN solutions that ignore this barrier may be setting themselves up for failure.  I believe Cisco has really done their research here and listened to their customer’s requests, developing an SD-WAN solution that accounts for many connectivity types: MPLS, commodity internet (Cable, DSL), and 3G/4G.  Not only that, but the APIC-EM can understand these connectivity types and dynamically change policies to better suit the business-critical applications in the event of outages or congestion. Hybrid WAN must be a consideration for any SD-WAN solution in order for it to become a viable in the enterprise.

Cisco IWAN Application Visibility and Protection

“You must be able to measure and analyze before you can optimize.”

That may sound like a statement from Captain Obvious, but it’s an invaluable one, and 100% true. Cisco achieves this through classification via NBAR2.  Network Based Application Recognition (NBAR) is Cisco’s mechanism to provide application visibility throughout the network.  NBAR2 works by identifying applications through a variety of means, such as: TCP/UDP port, L4-L7 attributes, custom applications, app fingerprinting, and protocol packs (needed for rogue applications like bit torrent, which constantly evolves signatures to avoid detection).  During the NFD10 presentation, Cisco demonstrated the creation of a custom NBAR2 application via the APIC-EM interface, an elegant process that is simply pushed to your IWAN routers.

Once traffic is classified, performance can be measured. The first aspect of performance monitoring is to identify where the problem is – client-side, server-side, network-side. Based on this information, intelligent decisions can be made to shape the network landscape in support of business-critical applications. Sumanth demonstrates this by imagining three separate applications with three separate connectivity options between the branch and data centers. With IWAN, we can prefer particular paths for particular applications, configure custom failover properties for each, make dynamic decisions based on latency or jitter, and modify QoS rules for each individual application depending on scenario. This is wildly flexible.

IWAN Application Optimization

IWAN gives visibility and protection, but how does it optimize?  Sumanth shares an interesting use case for application optimization with the premise of a new iPhone update.  iPhone update files are typically 750MB in size and can cripple small circuits, especially when numerous users are updating simultaneously. Through technology partnership with Akamai Connect:

  • IWAN-enabled routers can cache data locally, serving it’s local clients, protecting precious bandwidth and latency.
  • Dyanmic URL detection with Akamai additionally solves the problem with services like YouTube, which uses different URIs for the same video depending on the user.
  • First byte replication is yet another optimization granted by the Akamai caching capabilities, whereby streaming media can easily be replicated to multiple users behind the router, again protecting bandwidth and latency.


Why is this important, and why am I not talking about WAAS?  WAAS is a symmetric solution, you need something on the send and receive side in order for it to function. Akamai is actually in the code base of the router and is an asymmetric solution, only needing to be enabled at a single point. Optimization can not only increase application performance, but it can also save large enterprises quite a bit of money by eliminating the need to throw more costly bandwidth at performance problems which otherwise could be done intelligently with the device already sitting at your branch.

Closing Remarks

While the market is overflowing with SDN and SD-WAN solution providers, Cisco is consistently exhibiting a strong solution, especially with primarily dominative Cisco environments.  APIC-EM will likely continue to find it’s way into the enterprise, with IWAN helping enterprises build nimble networks catered to the applications that run the business.


Blog – Cisco Intelligent WAN (IWAN)

Blog – #IWANWed: Harness the Power of Web Within the Enterprise Branch

Blog – Is Your Nework Cloud Ready?

Cisco Intelligent WAN

Cisco PfR: Use Path Control to Solve the Challenges of Application Performance

Elevate the Branch-Office Experience with an Application-Centric Platform

David Varnum


You may also like...

5 Responses

  1. DataPlumber says:

    Great summing-up of the IWAN product – thanks. I think it is very interesting how Cisco are pulling a cart-load of networking features together so well under a user interface that seems very compelling. Of course we only saw a short demo and I am a huge skeptic most of the time! If I had enough hours in the day I’d really like to get some proper hands-on.

    With the ZTP part, I think they’re aiming at the great unwashed – organisations that need cheap connectivity and are happy to run the risk of poor performance from time to time. There must be quite a few of those out there!

  2. L says:

    Hi David,

    Great article on IWAN. A couple of comments. The links you have for the Akamai Connect capabilities actually map to functionality that is part of the Akamai CDN platform.

    In other words it is not the same functionality implemented in Akamai Connect. If you are interested in learning more about Akamai Connect I suggest you check out the Akamai Cloud Networking community here –

    The community has videos and details around Cisco IWAN with Akamai Connect. Also happy to chat if you want to talk and get clarification.


  1. September 15, 2015

    […] IWAN product was demonstrated to us at NFD10. Summed up quite nicely by Overlaid, it brings together their rich feature-set under a slick graphical user interface.  But […]

  2. September 22, 2015

    […] The Application-Centric Model of Cisco’s IWAN (David Varnum @ […]

  3. October 1, 2015

    […] The Application-centric model of Cisco’s IWAN […]

Leave a Reply