Building your vendor or service provider shortlist? Try our 90-second quiz for recommendations.

Register your interest in receiving a demo of Netify. Free from the start, we'll show you how to leverage Netify for better SD WAN and SASE Cybersecurity decision making.

What is the difference between Meraki SD WAN vs Cisco Viptela

Are you an IT decision maker building your vendor or managed provider shortlist?

Take the 90 second SASE Cybersecurity or SD WAN assessment quiz to receive the top 3 vendor or managed provider recommendations based on your unique answers.

Cybersecurity assessment SD WAN assessment

Cisco provides both physical hardware and virtualised software appliances for both Meraki and Viptela. Great from a customer perspective because there is a wide range of business needs and use cases, and both product lines have something to offer.

Meraki, in general, is designed with ease of deployment and ongoing operations in mind with a baseline feature set that covers that vast majority of traditional business needs. While Meraki offers many different products including switches and wireless access points (WAPs), all Meraki SD WAN capable devices are within the MX series of security appliances.

Access methods

Meraki supports only two different access types: Ethernet leased lines and 4G via Mobile through a USB modem, which can be external or internal depending on the appliance model. With Meraki, if your transport does not support a native Ethernet handoff, you will need an intermediary device to terminate the circuit (such as with serial E1/E3 connections). All Meraki MX appliances support dual wired WAN uplinks. SD WAN & VPN Routing.

Access Routing

Meraki supports two different VPN routing models: full mesh and hub-and-spoke with an automatic full mesh between hubs. Full mesh provides a direct tunnel connection between all of your branch offices and 3rd party sites but note that this configuration can lead to hardware performance issues. If you have a lot of sites to connect over SD WAN since many site-to-site tunnels must be maintained. The hub-and-spoke model is appropriate if you have many SD WAN locations because you can designate a couple of sites as hubs with more powerful hardware and then use less expensive appliances at the spoke sites.

Access transport options

Viptela supports more than two active WAN uplinks and can use a variety of transports in addition to standard Ethernet including PPP interfaces and GRE tunnels, depending on the hardware used. The Cisco ISR and ASR series routers support more transport options than the vEdge appliances due to the rich history physical interface support in Cisco routers. Viptela also supports using native 4G interfaces simultaneously with other active wired uplinks.

The Viptela difference

Unlike Meraki, Viptela supports creating multiple VPN architectures over the same set of WAN uplinks. For example, you can specify that a full mesh is established between all of your sites just for Voice over IP (VoIP) traffic, whereas application traffic destined to your datacentre will reside strictly in a hub-and-spoke VPN. Options are full mesh, partial mesh, hub-and-spoke, and point-to-point.

The Meraki difference

Meraki, in general, is designed with ease of deployment and ongoing operations in mind with a baseline feature set that covers that vast majority of traditional business needs. While Meraki offers many different products including switches and wireless access points (WAPs), all Meraki SD WAN capable devices are within the MX series of security appliances.

Broadband 4G Failover

Where low cost branch connectivity is required, we architect FTTC & FTTP Broadband with 4G Assure failover. Cisco Viptela

Cisco offers two different SD WAN product lines through its previous acquisitions of Meraki and Viptela. Both are available as hybrid managed services.

Which is right for your company?

The two Cisco SD WAN product lines described in this article have several overlapping features, but Cisco has made it clear that Meraki and Viptela are geared toward two different markets and general deployment models.

Meraki is designed for simplicity and ease of use above everything else which makes deploying a Meraki SD WAN solution perfect if your business does not have very specific niche requirements or if your support staff is less technical. Viptela has more advanced features available which require a higher level of technical knowledge to achieve a proper network architecture, though if you have specific networking needs like IPv6 or multicast support, the Viptela solution delivers these technologies today with many more configuration options.

You can also opt for a hybrid architecture and use both platforms. Meraki and Viptela will not interact with each other directly, but you could use Meraki if you have many sites that could benefit from the overall simplicity and ease of use Meraki provides, and use Viptela for sites that have more advanced requirements. You can then use a protocol like OSPF or BGP to connect the two separate SD WAN environments together at selected hub “meeting points” such as within your data centers.

The virtualised vMX product line is available only for deployment within Amazon AWS or Microsoft Azure public clouds. Meraki’s SD WAN controller model is entirely cloud-based, with Cisco always maintaining full responsibility over maintaining controller availability. Meraki can be deployed very easily by people with less technical skills because there are fewer configuration options available and you do not have to configure and deploy a separate controller. With the knowledge that you underlying connectivity is backed up with an SLA and one of the best engineered networks in the world, our Cisco platform adds the intelligence.

Viptela, on the other hand, supports a much greater range of features than Meraki. Viptela does make ongoing operations easier by supporting features like Zero Touch Provisioning (ZTP) but requires more initial design and preparation work than Meraki does depending on how specific your network architecture needs are.

Hardware appliances are categorized by their general purpose. The Cisco ISR 1000-series and vEdge 100 routers are designed for small branch offices. The ISR 4000-series and vEdge 1000 routers are intended for medium-size branches and small campus environments. The ASR 1000-series and vEdge 2000 and 5000 models are designed for large campuses and datacentres. Viptela is also available in the ENCS 5100 and 5400 series appliances, which are purpose-built virtualisation hosts intended for virtual network functions (VNF) deployment.

The virtual Viptela edge appliance can also be run in Amazon AWS and Microsoft Azure public clouds, but unlike Meraki, Viptela is also available for your own private cloud in KVM and VMware ESXi formats. This provides maximum flexibility for deployment options as you are no longer tied to physical hardware and can deploy Viptela SD WAN anywhere an x86 hypervisor with enough resources is available.

Failover options

Meraki supports a maximum of two simultaneous SD WAN uplinks plus a backup 4G connection. The USB or internal 4G/LTE modem can only be used if there are no wired links currently available, which means if you require a single active wired link along with a single secondary active 4G data link, you will need to provide wireless data to your MX appliance through an external 4G Ethernet device.

Meraki supports an active/passive model for hardware high availability (HA) with failover times taking an average of 30 seconds to complete. From an SD WAN tunnel failover perspective, spoke appliances can be configured with a hub preference so that if the primary hub becomes unavailable, secondary and tertiary hubs can be used instead.

Viptela allows you to use all available transports simultaneously in active/active mode. The failover in the SD WAN overlay occurs much more rapidly because the Bidirectional Forwarding Detection (BFD) protocol is used to detect failures along the entire SD WAN path. Viptela supports active/active hardware appliances as well, which is important for large campus and datacentre environments where even a few seconds of downtime can be unacceptable. Routing protocols do not understand packet loss, delay, jitter or link/circuit utilization when calculating path routes.

PfR should not be understated. With traditional WAN failover, primary circuits often remain up when services become degraded. The failover state is binary - unless the primary is hard down, the failover circuit remains unused. The result could be an unstable path for your application causing issues we’re all familiar with across networking. While Cisco IP SLA will measure path performance, the actual route remains unmodified. We think of the Internet as being a mostly inferior network to layer 3 Private MPLS, but the reality is that most public networks are well scaled and utilize the traffic engineering properties of the MPLS protocol.

SD WAN with PfR (Performance Routing) supports intelligent path control based on the application class. If a path becomes unstable, alternative connectivity is selected for the application to improve performance until the original path properties improve.In scenarios where bandwidth becomes congested, further connectivity will be used if available to compliment primary connectivity.

Security Integration

The Meraki MX series product line was marketed from the very beginning as a security appliance. It has Next Generation Firewall (NGFW) features and can act as an Intrusion Detection System / Intrusion Prevention System (IDS/IPS), along with providing content filtering and geo-IP restrictions, which means you can limit connectivity to various parts of the world across Global Internet services.

Meraki also supports Cisco’s AMP and ThreatGrid technologies and integrates with Cisco Talos security services.Cisco hardware that supports Viptela SD WAN has the same security-oriented features as Meraki (with AMP and Talos support coming later in 2019). Viptela also supports an interesting VPN security architecture in which segmentation and multitenancy are maintained over the SD WAN service.

For an every SD WAN edge appliance, Viptela maintains separate underlay WAN and out of band management VPNs, and then individual LAN-facing VPNs use the SD WAN overlay.

This means that just like with interfaces assigned to different Virtual Routing and Forwarding (VRF) instances, you can assign interfaces in the same Viptela edge to different VPNs to maintain security and traffic separation end-to-end. In addition to multitenancy, this can be used to maintain various industry compliance and data privacy standards.

Reporting Capabilities

Meraki and Viptela both provide reporting capabilities through web-based dashboards access via secure connectivity. Meraki’s dashboard will show you different traffic statistics including link performance and utilization based on applications. Meraki also supports interaction with a REST API, as well as traditional data collection access methods like SNMP, syslog, and NetFlow.

When you are using multiple WAN uplinks, one of the more interesting things the Meraki dashboard will show you is which link was used for a particular data flow and the reason why the link was used. For instance, one link might be selected over another because VoIP traffic was being sent and the chosen link had lower latency.Whereas Meraki combines all aspects of SD WAN configuration, monitoring and management into a single cloud-based controller, Viptela uses a different architecture that dedicates certain functions to individual appliances. This allows for greater scale and expandability.

Viptela vBond is the orchestrator appliance that coordinates everything and vSmart is the control plane which maintains the SD WAN overlays.The vManage appliance provides both configuration, monitoring and reporting capabilities. Viptela provides real-time alerting along with path performance measurements based on BFD. You can interact with vManage through a REST API, along with SNMP, syslog and NetFlow. Unlike Meraki, Viptela SD WAN also supports NETCONF and command-line interface (CLI) interactions.

Meraki and Viptela share a few miscellaneous features in common

Both support using Open Shortest Path First (OSPF) as a routing protocol. Support for Border Gateway Protocol (BGP) is currently in beta testing for Meraki, whereas Viptela has full BGP functionality. Meraki supports application bandwidth limiting and traffic prioritization based on a 3-class model. Viptela supports a full range of Quality of Service (QoS) features including recognizing and utilizing DSCP tagging. Depending on whether your connectivity is based on MPLS or Internet will dictate whether the end to end QoS is carried end to end.

Meraki has no support for IPv6 or multicast traffic, whereas Viptela supports both. While multicast may be considered a more niche feature, having full IPv6 support in both the underlay and SD WAN overlay is becoming increasingly important, especially for markets where obtaining public IPv4 address space is becoming increasingly more difficult and expensive.

Meraki and Viptela both support Zero Touch Provisioning (ZTP) through web-based portals. ZTP is part of the allure of SD WAN because it dramatically simplifies deploying both new and replacement SD WAN appliances. Other clients leverage 4G connections provided by cellular providers for fast start scenarios.

With ZTP, the appliance is powered on with a blank configuration and uses DHCP to obtain an IP address to connect to the Internet. After Internet connectivity is established, the SD WAN appliance contacts the SD WAN controller and downloads the configuration designated for that particular appliance (typically based on serial number). In the past, when new sites were deployed or hardware needed to be replaced, the devices had to be configured ahead of time before being shipped to the locations. ZTP makes this unnecessary and appliances can be shipped without preconfiguration which saves time and other resources.

Viptela additionally supports TCP optimization and WAN acceleration. These features are integrated into the platform and help you achieve better performance from your SD WAN uplinks. Viptela also supports service function chaining (SFC) where different NFVs can be configured to process network traffic in a specific order depending on your exact needs. Features like these make Viptela a more versatile platform as compared to Meraki, but likewise need staff with more advanced technical knowledge to properly implement them. For many organizations, these kinds of advanced customizations are unnecessary, which makes Meraki a potentially better fit in those situations.

Visit the Netify SASE Cybersecurity and SD WAN marketplace.

Get the data points you need to help with your SASE Cybersecurity and SD WAN decision making process.

Learn More

Suggested Posts


Need to know which SD WAN solutions match your needs?

The simplest way for IT decision makers to shortlist Gartner SD WAN solutions.

Take our quick assessment quiz to find out which top 3 providers or vendors are a match for your answers.

Take the quiz


Need to know which Cybersecurity solutions match your needs?

The simplest way for IT decision makers to shortlist Gartner SASE security solutions.

Take our quick assessment quiz to find out which top 3 providers or vendors are a match for your answers.

Take the quiz


Download the SD WAN Buyers Checklist

Download our most popular IT decision makers SD WAN checklist.

At-a-glance data covering all of the key points you need to understand when buying SD WAN.

Global SD WAN Providers Mindmap Checklist-1

Please complete your details to receive the SD WAN IT decision makers checklist.

Download now

Search for Articles

Looking for something specific? Enter your search below to find information from all of Netify.

Subscribe to Notifications

Explore Topics

Popular Article Topics

Find articles and helpful resources about any of the following:

The Netify Learning Center

Provider and Vendor comparison advice across SD WAN, MPLS, UCAAS and Cloud Voice.

See All Articles

Medivet, CDC Global, British Legion, Permira & Tilney used the Playbook.

We know you're busy, so we've put together this easy-to read guide on the top 10 SD WAN vendors and managed service providers.

Get the most comprehensive research across 10 leading SD WAN solutions. 98 Pages of data to help IT decision makers understand key areas.
Data across Gartner leading solutions, comprehensive SD WAN and Cybersecurity product detail, Pros and Cons, links to the our SD WAN and Cybersecurity shortlisting tools.
Get your top 10 guide and shortlisting tools now.