Viptela SEN: Hybrid WAN Connectivity with an SDN Twist

Like many of us Khalid Raza wasted countless hours sitting in meetings discussing hybrid WAN connectivity designs using a random combination of DMVPN, IPsec, PfR, and one or more routing protocols… and decided to try to create a better solution to the problem.

Viptela was acquired by Cisco not long after we recorded this podcast. I left the podcast online for historic reasons.

Viptela Secure Extensible Network (SEN) doesn’t try to solve every networking problem ever encountered, which is why it’s simpler to use in the use case it is designed to solve: multi-provider WAN connectivity.

Like everyone else these days, they decided to use an SDN controller, which gave them several advantages over traditional solutions:

  • Simple edge router configuration – all an edge router (vEdge Router) has to do is to report its local connectivity (subnets, VLANs, local IP prefixes) to the controller and get the WAN connectivity information from it;
  • Simplified policy distribution – the WAN policy is no longer configured on every WAN edge device, but distributed from the controller cluster;
  • Simple control plane – SEN vEdge Routers still run traditional routing protocols (there’s nothing wrong with using a technology that works well), but have a small set of adjacencies – they talk with the controllers, not with the other routers. While this approach lacks shared fate property and thus complicates the data plane failure detection, it scales much better; the size of the WAN network is no longer limited by the CPU capabilities of the hub router (if you ever implemented large-scale DMVPN with Catalyst 6500 as the hub router you probably know what I’m talking about).


  1. Hm, I don't know Ivan. At least judging by their website, the thing is vapour... I've seen a lot of your comments when they add an overlay (or an simplified interface) to the same technologies... Complexity is worse than before, nothing new when you really look into the wires, the same protocols... in the end, when the thing is broken, some has to fix it and you end up knowing all these protocols anyway. Nice little movie for a start with even nicer marketing layers of network. By drawing nice layers you can't say that everything works in a new way.
Add comment