SD-WAN (software-defined wide area network) is used to connect enterprise networks, including data centers and branch offices, that are separated by large geographic distances. SD-WAN solutions move network control into the cloud utilizing a software approach that simplifies connecting over a distance and eliminates the need for special proprietary software. These solutions are scalable, easily managed, and provide granular control on a large scale.

Benefits of SD-WAN

Independent Design

Choose the best combination of providers and connectivity for you.

Path Control

Automatically route network traffic to the best path for performance.


Add WAN optimization and caching to help applications run faster and more efficiently.


Block attacks with highly secure VPN overlay and strong encryption techniques.


Centralized billing
and one partner
to work with for

Dynamic Multipoint VPN (DMVPN) provides:

  • Dynamic discovery of IPsec tunnel endpoints and crypto profiles; eliminates the need to configure static crypto maps defining every pair of IPsec tunnels
  • Allows a single GRE interface to support multiple IPsec tunnels
  • Enables IP routing tables to be securely distributed between the branch site and the corporate headend over encrypted tunnels. Allows improved reachability without needing to manually define allowed routes.
  • Enhanced Interior Gateway Routing Protocol (EIGRP), Open Shortest Path First (OSPF), and Border Gateway
  • Protocol (BGP) routing protocols are supported.
  • DMVPN eliminates the need to configure crypto maps tied to the physical interface, dramatically simplifying the number of lines of configuration required for a VPN deployment (e.g., for a 1000-site deployment, DMVPN reduces the configuration effort at the hub from 3900 lines to 13 lines).
  • Adding new spokes to the VPN requires no changes at the hub.
  • Simplifies configuration of split tunneling. Centralized configuration change at the hub controls the split tunneling behavior. In traditional IPsec, all the spokes need to be modified.
  • Cisco DMVPN can be deployed in zero-touch deployment models using Easy Secure Device Deployment for secure PKI-based device provisioning. Devices can be bootstrapped remotely, avoiding the need for extensive staging operations.
  • Direct spoke-to-spoke tunnels eliminate the need for spoke-to-spoke traffic to traverse the hub.
  • Reduces latency for voice over IP (VoIP) deployments over DMVPN and improves effective throughput of the hub router.
  • Tunnels are created dynamically when required and torn down after use, allowing the system to scale better (i.e., smaller spokes can participate in the virtual full mesh).
  • Spoke routers can use dynamic IP addresses, a frequent requirement for Internet connections over cable and DSL.
  • DMVPN supports spoke routers running NAT or behind dynamic NAT devices, enabling enhanced security for branch subnets.
  • DMVPN supports IP Multicast traffic (between hub and spokes); native IPsec supports only IP Unicast. This provides efficient and scalable distribution of one-to-many and many-to-many traffic.
  • Traffic shaping at hub interfaces on a per-spoke or per-spoke-group basis.
  • Hub-to-spoke and spoke-to-spoke QoS policies.
  • Dynamic QoS policies wherein QoS templates are attached automatically to tunnels as they come up.
  • Per-spoke QoS policing, allowing spokes to be differentiated, and protecting the network from being overrun by bandwidth hungry spokes.
  • Cisco DMVPN enables routing-based failover.
  • Dual WAN links and hub redundancy provide higher availability. DMVPN supports dual-hub designs, where each spoke is peered with two hubs, providing rapid failover.
  • Multiple hub topologies allow uninterrupted spoke-to-spoke communication in the event of any single hub failure.
  • DMVPN scales to thousands of spokes using server load balancing (SLB). Encryption can be integrated within the SLB device or distributed to dedicated headend VPN routers. Tunnels are load balanced over available hubs.
  • Performance can be scaled incrementally by adding hubs.
  • Hierarchical hub deployments allow enhanced scalability.
  • Manageability support is provided through IPsec (including VRF-aware IPsec) MIB, NHRP MIB, and command-line interface (CLI).
  • Next Hop Resolution Protocol (NHRP)
  • Allows spokes to be deployed with dynamically assigned public IP addresses.
  • VRF-aware DMVPN deployed at the provider edge hubs allows segregation of customer traffic.
  • MPLS networks can be encrypted over DMVPN tunnels.
  • PfR lets enterprises fully use WAN investments and avoid oversubscription of lines. The growth of cloud traffic, guest services, and video can easily be load balanced across all WAN paths
  • Reduces engineering operating expenses associated with manual network performance analysis and tuning of the routing infrastructure
  • Ensure that mission-critical applications perform with the speed, availability, and reliability required for business success. Let business policies guide network traffic at the application level instead of the traditional IP prefix-based routing
  • Automatic detection of network problems and fast routing around poorly performing paths (within 2 seconds) maintains optimal application performance
  • Active detection of and routing around “black hole” conditions in the network (within 1 second) helps minimize the effects of network outages. Deliver up to 99. 999-percent uptime over any transport, such as MPLS, Internet, or hybrid
    WAN deployments
  • Scale to branch offices over any transport. Scale to thousands of sites (tens of thousands of traffic classes) without stacking deployments. Maintain granular control from the branch office to the data center and out to the public cloud
  • Use smart sensing, which turns off probing when it senses real traffic on the WAN links, also improving scalability

IWAN SD-WAN As A Service

A overview of managed services for IWAN SD-WAN:

Document software and hardware changes As Needed
Service Desk / Help Desk As Needed
Scheduled off time maintenance As Needed
Requested route updates and changes As Needed
Local carrier and LEC management and escalation As Needed
Install manufacturer’s updates to CPE
(Customer Premise Equipment)
As Needed
Basic Moves, Adds and Changes (MACs) As Needed
Monitor connectivity and alerting Daily/Hourly
Quarterly Business Reviews (QBR) Quarterly
CPerformance Monitoring / Capacity Planning Ongoing
Project work Additional Charge
Adding additional sites/locations Additional Charge

We are Bombdiggity.

Better than excellent. All the bomb.
Totally the awesome-ist, no lie.
Try us out.

From Managed Telecom to Security, IT, and PBX –
We’re the one resource you need.

Contact Us