Comparing the SD-WAN Licensing Needs of Major Vendors
With more enterprises adopting SD-WAN technology, SD-WAN vendor support can be a key to success. We break down the licensing of three major SD-WAN vendors.
As Megaport launches and expands our global SD-WAN coverage with Megaport Virtual Edge (MVE), SD-WAN vendor support is a key requirement and understanding the relevant licensing needs per vendor and per customer use case becomes very important to fully realizing the benefits of MVE, which can include better network performance and security, reduced operating costs, and simplified network management.
Let’s review the licensing approaches of each of Megaport’s partner SD-WAN vendors:
Cisco DNA Software for SD-WAN is composed of Cisco DNA Essentials, DNA Advantage, and DNA Premier all with varying levels of SD-WAN features available.
The only supported Software-Defined Cloud Interconnect (SDCI) license types (a.k.a. Cisco SD-WAN for MVE are Cisco DNA Advantage and Cisco DNA Premier. These licenses support the Catalyst 8000V image which is needed for MVE.
Existing Cisco customers would utilize their current DNA Advantage or DNA Premier licenses for installation of the Megaport Virtual Edge service.
The terms for DNA Advantage are three, five, or seven years while for DNA Premier it is a three or five year subscription option.
In addition, the bandwidth selection process for the Catalyst 8000V has been simplified where the choices are now simply Tier 2 and Tier 3 bandwidth options.
Tier 2: Up to 1 Gbps (Suitable for Small and Medium MVE instances)
Tier 3: Up to 10 Gbps (Suitable for Large MVE instances)
For reference, the Catalyst 8000V license tiers and bandwidth options are detailed below:
|DNA Cat 8K License Tier||Bandwidth|
|DNA-C8KV-T2-A-SDCI||Up to 1 Gbps|
|DNA-C8KV-T3-A-SDCI||> 1 Gbps|
As a summary, if you wish to provision Cisco SD-WAN using Megaport, you simply choose the bandwidth needed, the term of the license and what feature set is required between DNA Advantage and Premium.
For further information please refer to:
The Fortinet approach to FortiGate-VM licensing is simply based on the number of virtual CPU’s configured in the applicable MVE service. The SD-WAN components of FortiGate and FortiOS do not need any additional licensing or bundles (it is still advised to procure the SD-WAN orchestrator license for easy deployment and management of edge devices).
The RAM/memory restriction no longer applies for FortiOS 6.2.2 and later versions, Megaport supports FortiOS 6.4.4, so there are no additional RAM/memory licensing requirements for the MVE service.
As a reminder, the MVE vCPU options are as follows:
Small: Two (2) vCPUs
Medium: Four (4) vCPUs
Large: Eight (8) vCPUs
FortiGate-VM offers a perpetual licensing option (normal series and V-series) as well as an annual subscription option (S-series).
Normal and V-series licenses are perpetual. You’ll need to contract separately for support services.
The annual S-series license contains the Fortinet-VM base package and a FortiCare service bundle with the support service options as follows:
- Only FortiCare
- Unified Threat Management (UTM)
- 360 protection
For example, for a small MVE with 2 vCPUs, your options would be FG-VM02, FG-VM02V, or FG-VM02S.
The “V” suffix means no virtual domains (VDOMs) by default and the “S” suffix is a subscription-based license. If a license has no letter at the end, it means it’s a perpetual license.
For the perpetual or “V” license option,you would then choose the applicable additional security features like Intrusion Protection System (IPS), antivirus, sandboxing, and others if required.
Versa offers licenses based on feature set requirements as well as the bandwidth that the specific device is allowed to consume. Each Versa Operating System (VOS) device that you deploy as a customer-premises equipment (CPE) is associated with a license.
Like all vendors the feature set on offer depends on the specific solution tier with more features increasing the cost of the license.
The breakdown is as follows, with each tier being cumulative:
- Pro Net: Basic and advanced routing features which are Layer 2 bridging, carrier-class Layer 3 routing, bridging, Layer 4 security, universal customer-premises equipment (uCPE), and zero-touch provisioning (ZTP)
- Prime SD-WAN: All Pro Net tier features plus SD-WAN connectivity, application identification (App ID), application policy-based forwarding, and traffic engineering
- Prime Secure SD-WAN: All Prime SD-WAN tier features plus next-generation firewall (NGFW), which provides Layer 7 security, Secure Socket Layer (SSL) proxy (for captive portal), and application delivery controller (ADC) and traffic load balancer (TLB) (for reverse proxy)
- Premier Secure SD-WAN: All Prime Secure SD-WAN tier features plus application performance optimization for best application experience
- Premier Elite SD-WAN: All Premier Secure SD-WAN tier features plus unified threat management (UTM) and transmission control protocol (TCP) optimization.
In addition to the features needed, each VOS device has a limit on traffic. For SD-WAN deployments, this is measured across the WAN interfaces. The VOS device tracks the 95th percentile for both receive (RX) and transmit (TX) traffic on the WAN interfaces. It then uses the higher of the two values to calculate the amount of bandwidth used by each WAN interface.
Rarely does a one-size-fits-all approach work for a customer when it comes to deploying an SD-WAN solution. Many have different bandwidth, performance, features, and support requirements driven by various use cases as well as business needs. We hope this primer on the differences in licensing between major SD-WAN vendors will help you better understand the packages you’ll need to select to deploy Megaport Virtual Edge within your SD-WAN solutions and begin optimizing and modernizing your WAN, reducing operating costs, and improving network performance and security.