Cisco SD-WAN — built on the Viptela technology platform acquired in 2017 — is the enterprise-grade SD-WAN solution in Cisco's portfolio, distinct from the Meraki SD-WAN offering. Understanding which SD-WAN stack you are buying, how it licences, and where the cost traps lie is essential for any organisation deploying or renewing Cisco SD-WAN. This guide covers the Cisco SD-WAN licensing model, throughput tier pricing, DNA Advantage alignment requirements, and 8 optimization tactics. Part of our Cisco Enterprise Agreement Negotiation Guide.
Cisco offers SD-WAN capabilities through two distinct product stacks: Cisco SD-WAN (based on Viptela) and Cisco Meraki SD-WAN (based on the MX platform). These are not the same product, they target different segments, and they have different licensing models. Many organisations have deployed one without fully understanding the implications of the other, and Cisco's sales teams sometimes conflate them in EA discussions.
Cisco SD-WAN (Viptela) is the enterprise-grade, carrier-class SD-WAN platform designed for large, complex WAN deployments with thousands of sites. It features the vManage controller, vSmart route controller, and vBond orchestration layer — all of which can be deployed on-premises or consumed as cloud-managed services. It is the product that enterprise WAN architects typically reference when discussing Cisco SD-WAN in the context of branch transformation and cloud connectivity.
This guide focuses on the Viptela platform. For Meraki SD-WAN licensing, see our Cisco Meraki Licensing Guide.
| Dimension | Cisco SD-WAN (Viptela) | Cisco Meraki SD-WAN (MX) |
|---|---|---|
| Target segment | Large enterprise, carrier, service provider | Mid-market, distributed enterprise, retail |
| Deployment model | On-prem controllers or cloud-managed (Cisco Cloud) | Cloud-managed only (Meraki Dashboard) |
| Licensing model | Throughput-based + DNA feature tier | Per-device annual licence (Enterprise, Advanced) |
| Hardware platform | ISR 4000/4400, ASR 1000, CSR 1000v, vEdge | MX appliance family |
| Routing protocol support | Full enterprise routing (BGP, OSPF, EIGRP) | Limited routing; focused on internet access |
| Security integration | Cisco Umbrella, SASE (Catalyst 8000 Edge) | Meraki-native security; Umbrella integration |
| EA bundling | Included in Cisco SD-WAN EA suite | Included in Cisco Meraki EA suite |
Want independent help negotiating better terms? We rank the top advisory firms across 14 vendor categories — free matching, no commitment.
Cisco's account teams will frequently position Cisco SD-WAN (Viptela) and Meraki SD-WAN as a portfolio choice based on site complexity and scale. Be cautious about EA deals that bundle both — you may be paying for SD-WAN licences you will not use at all your sites. Require a site-by-site deployment plan before committing to SD-WAN EA quantities.
Cisco SD-WAN (Viptela) is licensed through a combination of platform (hardware), throughput tier, and DNA software tier. Understanding how these components interact is essential for accurate cost modelling.
Every Cisco SD-WAN edge device (ISR, ASR, Catalyst 8000, or virtual CSR) requires a platform licence that entitles you to run the SD-WAN software on that hardware. The platform licence is typically tied to the hardware purchase and does not need separate renewal for the hardware lifecycle — but the software features enabled by the platform are gated by the DNA tier licence described below.
DNA (Digital Network Architecture) software licences determine which SD-WAN features are available on the device. Cisco SD-WAN features are primarily enabled at the DNA Advantage tier — the Essentials tier provides basic functionality but excludes advanced SD-WAN capabilities such as application-aware routing, advanced security policy, and multi-cloud connectivity. The Premier tier adds advanced analytics and AI-powered operations capabilities.
| DNA Tier | SD-WAN Capabilities | List Price Premium | Recommendation |
|---|---|---|---|
| Essentials | Basic SD-WAN; limited application visibility; no advanced security policy | Base | INSUFFICIENT for most enterprise SD-WAN |
| Advantage | Full SD-WAN; application-aware routing; advanced QoS; cloud onramp | +30–50% vs Essentials | STANDARD for enterprise SD-WAN deployments |
| Premier | Everything in Advantage + AI analytics, Network Insights, advanced telemetry | +60–90% vs Essentials | EVALUATE only if analytics use case is clear |
Cisco SD-WAN licences are also tiered by device throughput capacity. For virtual deployments (CSR 1000v, Catalyst 8000v), throughput is a software licence gate — you pay more for higher throughput entitlements. For physical hardware deployments, the hardware platform typically determines the throughput ceiling, but DNA tier unlocks performance features.
Common throughput tiers for virtual SD-WAN edge deployments include 10Mbps, 50Mbps, 100Mbps, 500Mbps, 1Gbps, 2.5Gbps, and 10Gbps. The price difference between tiers is significant — a 1Gbps virtual SD-WAN licence typically costs 5–8x more than a 100Mbps licence. Right-sizing throughput requirements before EA commitment is essential.
The SD-WAN controller layer (vManage, vSmart, vBond) is separately licensed. For customers using Cisco's cloud-hosted SD-WAN controller, controller licences are included in the per-device SD-WAN subscription. For customers hosting controllers on-premises or in their own cloud, controller licences must be purchased separately and sized based on the number of managed devices.
The most common Cisco SD-WAN licensing mistake is purchasing DNA Essentials licences under the impression that they support full SD-WAN functionality. They do not. Critical SD-WAN capabilities — including application-aware routing policies, per-application SLA monitoring, advanced traffic steering, and cloud onramp for SaaS and IaaS — require DNA Advantage or Premier.
Get the IT Negotiation Playbook — free
Used by 4,200+ IT directors and procurement leads. Oracle, Microsoft, SAP, Cloud — all covered.
This creates a common cost surprise sequence: an organisation purchases a Cisco SD-WAN solution with DNA Essentials licences to reduce initial cost; during deployment, the network team discovers that the SD-WAN use cases they planned for require Advantage; a DNA tier upgrade is required mid-project, adding 30–50% to the licence cost and often requiring a contract amendment with True Forward implications.
Prevent this by documenting your SD-WAN use case requirements — specifically application SLA policies, cloud connectivity requirements, and security integration needs — and mapping them to DNA tier requirements before committing to a licence tier in the EA.
Cisco SD-WAN cost scales primarily with site count. A deployment expanding from 200 to 500 sites increases licence costs proportionally. In an EA context, the committed site count determines your baseline — and True Forward applies if you deploy SD-WAN to more sites than your committed quantity at any point during the agreement. Ensure your site count commitment reflects your rollout plan plus a reasonable buffer, not a precise deployment target.
Over-provisioning throughput is the most common SD-WAN overspend. Organisations frequently purchase 1Gbps licences for sites that will never consume more than 200Mbps of actual SD-WAN traffic. Audit your site bandwidth profiles before EA commitment and negotiate a licence mix that reflects actual site requirements rather than uniform over-provisioning.
Data centre edge devices (ASR 1000, Catalyst 8200/8300/8500) are significantly more expensive than branch devices (ISR 4000, Catalyst 8000v at lower throughputs). If your deployment plan includes SD-WAN-enabled data centre edges, model these separately from branch sites — the cost per site for data centre deployment can be 10–20x higher than a standard branch.
Cisco's cloud-hosted SD-WAN controller (Cisco Cloud) is included in the device subscription and adds no separate licence cost. Self-hosted controllers on-premises or in your own cloud require separate vManage, vSmart, and vBond licences sized to your deployment scale. For deployments with complex compliance or data residency requirements that necessitate on-premises controllers, model controller licences explicitly rather than discovering the cost at procurement time.
Audit your current SD-WAN deployment to determine which DNA tier features are actually in use. Organisations that purchased Premier licences often find they are only using Advantage-tier features. A DNA tier downgrade (Premier to Advantage, or Advantage to Essentials for low-complexity sites) can reduce per-device licence costs by 20–40%. Bring this analysis to your EA renewal negotiation — Cisco will resist downgrade but it establishes your cost anchor.
Pull 90-day traffic reports from your SD-WAN vManage for each site. Categorise sites by peak throughput and identify sites that are licenced at a higher tier than their actual usage warrants. A site with peak traffic of 150Mbps that is licenced at 500Mbps can be down-tiered to 250Mbps or 200Mbps at EA renewal, reducing per-site cost by 30–50% for that site category. Present this data during renewal negotiations as evidence for a modified licence mix.
If you have existing Cisco EA coverage for networking or security, negotiate to include SD-WAN licences within the EA framework. Standalone SD-WAN purchases outside the EA carry higher list prices and fewer discount opportunities. EA inclusion typically delivers 20–35% additional discount on SD-WAN licences compared to standalone pricing, with the added benefit of simplified True Forward management under a single EA structure.
VMware SD-WAN (formerly VeloCloud) and HPE Aruba EdgeConnect are the two most credible enterprise alternatives to Cisco SD-WAN for large deployments. Both have deployed at Fortune 500 scale and have comparable feature sets for most enterprise SD-WAN use cases. Use a vendor evaluation process — with documented POC criteria — to establish competitive pricing benchmarks. Cisco SD-WAN list prices are typically negotiable to 30–45% below list when competitive alternatives are formally in play.
Cisco SD-WAN is typically sold in 1, 3, or 5-year subscription terms. Multi-year commitments attract meaningful discounts (10–20% for 3-year vs 1-year). However, SD-WAN deployments evolve — sites are added, requirements change, and throughput needs shift. Negotiate multi-year pricing with annual flex rights that allow you to add site count or upgrade throughput tiers at the originally negotiated rate without triggering a new commercial negotiation. This "lock in the good discount, maintain flexibility" structure is achievable for significant deployments.
Cisco's strategic SD-WAN roadmap increasingly converges with its SASE (Secure Access Service Edge) platform, which combines SD-WAN with Cisco Umbrella (DNS/SWG), Cisco Secure Access (ZTNA), and ThousandEyes monitoring. If you are evaluating Cisco SASE alongside SD-WAN, negotiate the combined package at the outset — the bundle discount will be significantly larger than negotiating SD-WAN and SASE separately. Cisco's account teams have strong incentives to sell the combined SASE platform and will typically improve both components' pricing to close the SASE bundle.
For on-premises controller deployments, Cisco's standard recommendation is to over-provision controller capacity significantly. Review the controller sizing guide for your deployment scale and challenge recommendations that exceed actual need. A deployment of 500 SD-WAN edges does not require controller capacity designed for 2,000 edges — right-sizing controller licences to a realistic capacity headroom (e.g., 150% of current scale) rather than maximum headroom (300%+) reduces unnecessary controller licence cost.
Cisco has announced end-of-support timelines for older Viptela hardware (original vEdge family) and for ISR platforms that are approaching end-of-life. If your organisation has SD-WAN-enabled devices approaching end-of-support, this creates a hardware refresh requirement that Cisco's account team will view as an upsell opportunity. Frame it as leverage instead: negotiate the hardware refresh alongside a commercial improvement on the overall SD-WAN licence estate, securing better rates on new-platform licences in exchange for committing to the refresh cycle.
Renewing your Cisco SD-WAN agreement or evaluating alternatives?
Our recommended firms have deep Cisco WAN licensing expertise and competitive benchmarks.
The SD-WAN market has matured significantly. Before renewing a Cisco SD-WAN agreement, ensure you have benchmarked the following alternatives:
| Alternative | Strengths | Licensing Model | Best Fit |
|---|---|---|---|
| VMware SD-WAN (VeloCloud) | Cloud-native architecture; Broadcom ownership reduces Cisco leverage concern | Per-edge, tier-based | Cloud-first enterprises with large branch counts |
| HPE Aruba EdgeConnect | Strong application intelligence; deep SD-WAN feature set | Per-edge subscription | Enterprises prioritising application-layer SD-WAN |
| Fortinet SD-WAN | Integrated security (NGFW + SD-WAN); lower price point | Bundled with FortiGate hardware/VM | Cost-sensitive deployments; existing Fortinet security estates |
| Palo Alto Prisma SD-WAN | SASE-native; strong cloud-to-branch performance | Per-site subscription | Organisations committed to SASE architecture |
Connect with a specialist Cisco negotiation firm that has benchmarked SD-WAN pricing across the enterprise market and can help you optimise your licence mix.