Overview
As part of Cisco's Cloud connect portfolio, the DNA Advantage package for Catalyst 8000V (C8000V) delivers the maximum performance available in AWS cloud for virtual networking services. Deliver high-speed secure VPN services with High Availability, strong Firewall protection, Application Visibility & Control, and more... This AMI runs Cisco IOS XE technology features and uses AWS instances with direct I/O path for higher & more consistent performance. The C8000V with full Cisco IOS-XE support enables customers to deploy the same enterprise-class networking services that they are so used to in their on-prem networks inside AWS. This AMI enables enterprise-class Routing, VPN, High-Availability, Firewall, IP SLA, VPC Interconnection, Application Visibility & Control, Performance Monitoring, Optimization. he familiar IOS XE CLI and RESTful API ensures easy deployment, monitoring, troubleshooting, and service orchestration.
If you are using the Cisco Cloud Services Router 1000V (CSR 1000V) virtual router in autonomous mode, then you may want to use the GUI-driven migration tool to migrate those instances to Cisco Catalyst 8000V (C8000V) instance. This migration uses AWS CloudFormation template based automation to spin-up a new instance of Catalyst 8000V and copy the configuration files from the CSR 1000V instance. You can batch migrate up to ten CSR 1000V instances in one go. The migrated instances will include the enhanced "secure object storage" feature in C8000V that stores all sensitive configuration information in an encrypted file system inside the VM. See the http://cs.co/c8000v-aws-migration-tool chapter in the Catalyst 8000V Configuration Guide for AWS for more details.
Highlights
- Enterprise-class VPN in AWS that's faster, cheaper, and more scalable than other VPN solutions. Manage both sides of your VPN for greater security. Familiar IOS-XE based VPN supports the same commands, tools, and logs as other Cisco Catalyst 8000 platforms.
- More secure, reliable, and cost effective than native VPN. Feature-rich: IPSec, DMVPN, FlexVPN, GETVPN, EZVPN, SSL VPN, Zone-Based Firewall, and more...
Details
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide

Financing for AWS Marketplace purchases
Pricing
Free trial
Dimension | Cost/hour |
|---|---|
c5n.large Recommended | $3.29 |
c5.9xlarge | $4.12 |
c5n.2xlarge | $4.12 |
t3.medium | $2.34 |
c5n.4xlarge | $5.95 |
c5n.9xlarge | $7.44 |
c5n.xlarge | $4.12 |
c5.2xlarge | $3.29 |
c5.4xlarge | $4.12 |
c5n.18xlarge | $7.573 |
Vendor refund policy
None
How can we make this page better?
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Additional details
Usage instructions
Complete the following steps to launch a Catalyst 8000V (C8000V) AMI: 1. Locate the C8000V product page by searching the AWS Marketplace for 'C8000V'. 2. On the C8000V product page, click the 'Continue' button. 3. Use either the 'Launch with EC2 Console' tab to complete the deployment of a C8000V AMI. Select the correct version and region, and click the 'Launch with EC2 Console' button. 4. The Launch Instances Wizard will open. Select the desired instance type and click 'Next'. 5. Select your desired VPC environment in the 'Network' pull-down menu. 6. Select your desired IP subnet for the first C8000V network interface in the 'Subnet' pull-down menu. 7. Add any additional network interfaces, and select the appropriate subnet for each to connect to. 8. Click 'Review and Launch', and then review the information for correctness. 9. If the information is correct, click 'Launch', and then either select an existing key pair to use for authentication, or create a new key pair. If you create a key pair, make sure to download and save the private key. 10. Click 'Launch Instances'. 11. From the AWS Console, wait for your instance to indicate a state of 'running'. It may take a few moments after that point, before you can connect to your C8000V instance. Connect to your instance using an SSH client, and the private SSH key selected or created earlier in these steps. Example: ssh -i mykeypair.pem ec2-user@myhostname.compute-1.amazonaws.com . 12. See notes for further instructions.
Support
Vendor support
Cisco TAC support services for Pay As You Go is available for purchase through any Cisco Partner. Cisco Partner Locator: https://locatr.cloudapps.cisco.com/WWChannels/LOCATR/openBasicSearch.do . Support Community: https://supportforums.cisco.com/community/csr-amazon . A 30-day free trial period is included for first-time users. For questions or to obtain C8000V AMI access to the GovCloud region, contact ask-csr-aws-pm@cisco.com .
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Standard contract
Customer reviews
Centralized monitoring has improved branch connectivity and reduced troubleshooting time
What is our primary use case?
My main use case for Cisco Catalyst SD-WAN is managing and monitoring SD-WAN connectivity across branch locations. I primarily use it to monitor network health, troubleshoot tunnel and routing issues, configure policies, and ensure stable connectivity between branches and the data center. It also helps me quickly identify network problems, reduce downtime, and maintain secure, reliable application performance. In my day-to-day role, it plays an important part in incident management, network monitoring, and troubleshooting.
One example from my daily work is when a branch office reported an intermittent connectivity issue. Using Cisco Catalyst SD-WAN , I checked the tunnel status, link health, and reviewed routing information from the central dashboard. This helped identify that one WAN link was unstable. After coordinating with the ISP and verifying the link was good, the branch connectivity was restored with minimal downtime. The centralized visibility and troubleshooting feature made it much faster to identify the issue and resolve it.
How has it helped my organization?
Cisco Catalyst SD-WAN is a valuable solution for my organization. It provides centralized management, good visibility, and helps us to reduce issue resolution time and improve network reliability.
Cisco Catalyst SD-WAN has had a positive impact on my organization by improving network reliability and simplifying branch connectivity management. The centralized dashboard provides better visibility into the network, allowing us to identify and resolve issues more quickly. It has reduced troubleshooting time, improved application performance through intelligent path selection, and minimized downtime. Overall, it has increased operational efficiency and helped my IT team to manage the SD-WAN environment more efficiently.
Since implementing Cisco Catalyst SD-WAN, we have seen faster troubleshooting and improved network visibility. The centralized dashboard allows us to identify connectivity issues much more quickly, reducing the time needed to diagnose and resolve incidents. We have also experienced fewer service disruptions because traffic failover maintains connectivity when WAN links have a problem. Overall, it has improved operational efficiency, reduced downtime, and enabled my team to manage the network more efficiently.
What is most valuable?
The features I find most valuable in Cisco Catalyst SD-WAN are centralized management, real-time monitoring, and policy-based automation. The centralized dashboard gives me a clear view of all branch sites, making it easy to manage and monitor tunnel health, bandwidth usage, and device status from one place. Real-time monitoring helps identify issues quickly, while automation simplifies configuration changes and reduces manual effort. These features have improved operational efficiency, reduced troubleshooting time, and helped maintain stable connectivity across the SD-WAN environment.
One additional feature I value in Cisco Catalyst SD-WAN is the centralized dashboard, which gives a complete view of the SD-WAN environment from a single interface. It makes monitoring devices, link performance, and tunnel status much easier. The built-in troubleshooting tools reduce resolution time, and the policy-based management ensures consistent configuration across all branch locations. Overall, these features simplify day-to-day operations.
What needs improvement?
Cisco Catalyst SD-WAN is a strong and reliable SD-WAN solution, but there are a few areas where it could be improved. The user interface could be more intuitive for new users, and reporting and analytics could provide deeper insights with more customizable dashboards. I would also appreciate faster software upgrades, better log correlation for troubleshooting, and more built-in automation features to reduce manual configuration. It is a robust platform that has significantly improved network management and operational efficiency.
Better documentation with real-world examples, improved third-party integration, and more detailed monitoring dashboards would make Cisco Catalyst SD-WAN even more effective.
For how long have I used the solution?
I have been using Cisco Catalyst SD-WAN for about one year in my current role.
What do I think about the stability of the solution?
Cisco Catalyst SD-WAN is stable in the market, and many more organizations can use it because it is very simple to use and has no complexity for the user. It is very straightforward for both the user and the organization because all users in any organization have few problems with it, and it is more efficient to use and much easier.
What do I think about the scalability of the solution?
Cisco Catalyst SD-WAN separates the control plane from the data plane. Its controller architecture is highly matured, making it one of the most valuable and reliable LAN platforms for large enterprises. This is why it has strong scalability. It can also be managed from a single dashboard for all branch locations from a single place. I do not have to travel to the branches for configuration or any troubleshooting steps. All of these steps I can do from a single place and a single dashboard.
How are customer service and support?
Customer support is very appreciated.
Which solution did I use previously and why did I switch?
We previously used a fragmented, multi-vendor legacy infrastructure combined with traditional MPLS circuits. Previously, we used a 1121 series SD-WAN router, which was impacting my organization's provisioning and management of the multiple branches from a single dashboard and from a single location. It is very amazing and useful, and very straightforward and easier to manage with every employee in the organization.
What was our ROI?
There is a tangible return on investment, primarily realized through a drastic reduction in network downtime and operational man-hours. The network provisioning and development time decreased by up to seventy to eighty percent. With Zero Trust provisioning via the Catalyst Center and Meraki dashboard, new branch offices are configured in hours instead of weeks, freeing engineering teams to focus on strategic initiatives rather than manual deployment. This is a benefit of Cisco Catalyst SD-WAN and it is decreasing the manual work.
What's my experience with pricing, setup cost, and licensing?
Cisco offers premium enterprise capabilities, but its pricing, setup cost, and licensing models represent the most significant hurdles for IT organizations. Cisco hardware commands a premium price tag compared to competitors like Juniper. Cisco provides good licensing models, and the cost is higher, but the product it is providing is amazing.
Which other solutions did I evaluate?
We evaluated several industry-leading SD-WAN platforms during our proof of concept.
What other advice do I have?
Cisco's operational efficiency in an IT environment generally involves balancing its strong central automation features against its complexity. Tools like Cisco Catalyst Center , Meraki dashboard, and Intersight offer a unified control plane. They allow network teams to push global policy changes, software updates, and configurations to hundreds of devices simultaneously, instead of managing them individually.
Cisco optimizes the digital experience in hybrid and distributed setups by ensuring application performance, seamless collaboration, and deep visibility. Cisco achieves this optimization through three primary mechanisms. It automatically connects branch offices directly to cloud SaaS applications like Microsoft 365. Cisco SD-WAN routes traffic over the best path based on real-time latency.
Cisco's end-to-end visibility is industry-leading, primarily due to its integration of ThousandEyes and full-stack observability across traditional network silos. Traditional monitoring stopped at the enterprise firewall, but Cisco's ThousandEyes extends visibility across the public internet, ISP, and cloud provider networks like AWS , Azure , and Google Cloud . Cisco Catalyst SD-WAN eliminates blind spots, instantly seeing outside the corporate network into the public ISP transit provider and cloud networks. Instead of chasing individual routers, engineers can pinpoint hop-by-hop latency or packet drop within seconds. A shared source of truth aggregates data across the application, security, and network, giving all teams identical metrics. System administrators, network engineers, and SaaS developers stop debating ownership and focus on identifying the problem.
Cisco Catalyst SD-WAN has been deployed in a public cloud through Amazon Web Services . I gave this review a rating of ten.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
New site-based policies have transformed regional control and improved uptime across locations
What is our primary use case?
Cisco Catalyst SD-WAN has been in use for a year and a half, which is when we first started deploying it. We are now finalizing that deployment in our environment and are almost exclusively switching over from our old SD-WAN solution to the Cisco-based one.
What is most valuable?
I appreciate the control that we have with Cisco Catalyst SD-WAN . With the previous solution that we had, we could not build independent tunnels to each SD-WAN appliance, as they were all aggregated. Now we have considerably more freedom. We no longer have to speculate whether one thing going down means we lose an entire region of the firm; instead, everything is site-by-site based.
Cisco Catalyst SD-WAN helps us specifically through the control of policies. With Catalyst, we are able to build out these policies at a regional level. Rather than relying on a centralized location, we have been able to distribute this across the country. We are able to target bigger regions and optimize traffic flow for those specific regions instead of being locked into whatever the previous vendor was providing us.
What needs improvement?
For our environment, there are some bugs with how we interpret data in terms of circuit usage, for example. This has been on our to-do list for a while because it has been broken. We have not been able to get it to work quite right specifically for our environment. We have been trying to get support and push for that resolution because for our metrics, it is valuable. Having a blank screen instead of this data can be intimidating, so we are trying to get that fixed.
For how long have I used the solution?
I have been working in my field professionally for about three years.
What do I think about the stability of the solution?
Cisco Catalyst SD-WAN has been fine for the most part. We tend to play it safe and use versions that have been tested more thoroughly, rather than necessarily old versions. Issues we might have run into stem from us being out of date, such as wanting to implement and use something that was actually on a newer version that we just had not had time to upgrade to.
How are customer service and support?
I would rate Cisco's operational efficiency in my IT environment very highly. At this point, we are almost an entirely Cisco-based organization, and everything that we operate on for the most part is Cisco-based. We have good support from Cisco, and I think we are happy with how everything is going.
Which solution did I use previously and why did I switch?
Before, our solution was VMware VeloCloud , which was then purchased by Arista recently, and that is what we are switching away from.
How was the initial setup?
I was not involved with the pricing, setup cost, and licensing too much. We did run into some licensing issues in the beginning, but it was through the vendor and the provider that we were using, not necessarily a Cisco thing. If that had not been involved, the process would have been smoother.
What was our ROI?
The increased uptime with Cisco Catalyst SD-WAN has been a return on investment.
What other advice do I have?
We have been focusing on fast deployment and then going back to tweak policies and figure out which features we want. I would rate this review a 10.
Improved WAN connectivity has reduced latency and simplifies secure deployments and troubleshooting
What is our primary use case?
The main use case is WAN connectivity.
What is most valuable?
The features that I like the most about Cisco Catalyst SD-WAN are that it is secure, cheaper, and once you know it, it's easy to deploy.
An example of how these features have benefited our organization is that we have reduced latency and we can troubleshoot faster for packet loss and jitter.
What needs improvement?
I think Cisco Catalyst SD-WAN could be improved because too many vulnerabilities come up, so upgrading it is a challenge, and the hardware keeps changing; we moved from Viptela 1K to 2K, then again to the Cisco Catalyst router, so it's an expense.
For how long have I used the solution?
We have been using Cisco Catalyst SD-WAN in our new company for eight years.
What do I think about the scalability of the solution?
Cisco Catalyst SD-WAN scales with the growing needs of our organization at a level of eight.
How are customer service and support?
I evaluate the customer service and tech support as good support.
Which solution did I use previously and why did I switch?
Before adopting Cisco Catalyst SD-WAN, a decision had already been made regarding the solution when I was onboarded.
How was the initial setup?
I describe the experience with deploying Cisco Catalyst SD-WAN as initial deployment taking some time, but once deployed, it's easy to roll out changes.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing is that it is very tedious.
What other advice do I have?
Cisco does not optimize the experience in a hybrid or distributed enterprise setup for us since we don't have hybrid; it's all on-premises.
We face no specific challenges with hybrid and distributed enterprise networks because we don't have hybrid networks.
My impression of the end-to-end visibility offered by Cisco is that it is a managed solution, and while we reach out to our managed vendor for visibility, I think it is something we should explore more; during troubleshooting, we don't use that tool as much as we would prefer.
I give this review an overall rating of nine.
Faced complex visibility and policy challenges but have improved basic traffic routing control
What is our primary use case?
I have used Cisco Catalyst SD-WAN as a customer. I am a customer of Cisco, and I have been a customer rather than a partner of Cisco.
What is most valuable?
The features are useful, but it is more about how insightful these features are and how easily you are able to understand the flow and mitigate a threat. Although those features exist in Cisco Catalyst SD-WAN , the lack of visibility makes it very difficult to find out what precisely is being monitored through the advanced threat prevention features of Cisco Catalyst SD-WAN Viptela solution. The features are undoubtedly useful, but at the end of the day, it boils down to how easily you can see the insights provided by the solution. I feel Cisco slightly lacks in that aspect. It could be because the hardware itself is a router with added security functionality, while in Fortinet or Palo Alto, those systems are intrinsically firewalls with security capabilities built-in, and routing added on top. Hence, the visibility part in those solutions is better compared to Cisco Catalyst SD-WAN, since it is not a logging device.
What needs improvement?
I have found some other solutions more insightful and user-friendly as compared to Cisco Catalyst SD-WAN, but the basic SD-WAN functionality is good enough. I am using it only because it was done as a pilot project, specifically for my 60 to 70 sites. For the majority of the sites, I am using Fortinet's Secure SD-WAN solution and I found that more viable and more in alignment with my requirements.
For example, there is not any Internet Service Database available in Cisco Catalyst SD-WAN intrinsically. If I want to write a policy based on applications, I am not able to write it, at least in Cisco Catalyst SD-WAN Viptela deployment that we have done, and that is fairly easy to do in Fortinet. The second issue is the logging capability. I think the visibility that Fortinet Secure SD-WAN has is not even comparable. Cisco Catalyst SD-WAN does not provide that sort of insight or control as far as traffic steering is concerned.
With respect to the SLAs, I barely know which sort of SLAs are violated in Cisco Catalyst SD-WAN, so I do not have clear visibility on where the traffic is moving from at my spoke or hub locations. I believe Fortinet gives me a very clear picture of where the traffic is going. Overall visibility, whether it is data traffic or logs, is much better in Fortinet compared to Cisco Catalyst SD-WAN.
The complexity of Cisco Catalyst SD-WAN Viptela is noticeable and quite complicated to configure. If something breaks, you have to involve TAC and others to fix it. On the contrary, you can work with underlays. Even if your IPsec overlay tunnel is down, it does not impact your production. Thus, we find Fortinet's solution significantly better than Cisco Catalyst SD-WAN solution.
I have used Application-aware Routing in Cisco Catalyst SD-WAN. However, I found it to be very complicated, especially regarding policy writing. For my breakout of VC traffic, we had to write a bunch of IP addresses for Zoom, Webex , and others. Presently, it can only identify Webex as an application, and I highly doubt whether there is any application identification for Zoom and other platforms, as we were not able to find it during our implementation. It is done through static whitelisting of the IPs, which is not a scalable solution since IPs can change at any time. Overall, the application-aware routing policies are not as flexible and scalable as the Internet Service Database feature of Fortinet provides.
The struggles encompass policy writing, logging capabilities, traffic visibility, and complex configuration. There is also the issue of load balancing. We have faced considerable challenges with traffic load balancing between the links. Although the SLA targets are configurable, understanding how traffic flows is challenging, making troubleshooting exceedingly difficult. Overall, I find it a quite complicated solution with not that much operational usability.
For how long have I used the solution?
I have been working with Cisco Catalyst SD-WAN for close to two and a half years now.
What do I think about the stability of the solution?
The basic functionality and the control connections created are complicated, and a simple issue in the control connections between the fabric causes numerous complexities that demand extensive troubleshooting time.
What do I think about the scalability of the solution?
It is done through static whitelisting of the IPs, which is not a scalable solution since IPs can change at any time.
How are customer service and support?
The complexity of Cisco Catalyst SD-WAN Viptela is noticeable and quite complicated to configure. If something breaks, you have to involve TAC and others to fix it.
Which solution did I use previously and why did I switch?
We are using Cisco Catalyst SD-WAN infrastructure primarily because we have invested in it after using ISR 4K routers and the legacy IWAN solution, which is the predecessor of SD-WAN, Intelligent WAN. Since the devices still have an operational life left, we want to leverage that.
What other advice do I have?
I have already settled with Cisco ISE after visiting the website a few months ago where I researched Cisco ISE and other Cisco products. I have already procured the Cisco ISE solution. There are some other products as well. We are using Cisco ACI as well. Cisco ACI stands for Application Centric Infrastructure. Cisco Catalyst SD-WAN Viptela is also being used and we are using Cisco ACI as well. I am not sure how Cisco Catalyst SD-WAN supports cloud environments because our deployment is on-premises. Therefore, I cannot comment on the vAnalytics and other solutions that could enhance security or visibility since I have not used them myself. My overall review rating for this product is four out of five.
Has provided reliable support and improved deployment experience with a simpler interface
What is most valuable?
In my view, Cisco Catalyst SD-WAN would be less effective when it comes to SD-WAN functions compared to Versa.
The overall operability of Versa is better than Cisco Catalyst SD-WAN . As a seller, I still find Cisco Catalyst SD-WAN to be a little complicated.
The ease of use, interface, and implementation are better with Versa.
Functionality-wise, both Versa and Cisco Catalyst SD-WAN possibly would be at par. I would not comment on that for sure, but from the deployment perspective, I still feel Versa has got an easy interface to get things managed.
The integrated threat protection and end-to-end encryption features in Cisco Catalyst SD-WAN are good.
What needs improvement?
More or less, it's the same with Cisco in terms of complexity and pricing, so there's not much of a difference. They might want to consider incorporating features seen in Versa or other competitors to improve their points.
How are customer service and support?
I would rate the technical support by Cisco as nine out of ten.
That's even a little bit better than what Versa has, because Cisco engineers can be found everywhere compared to Versa. This is an advantage that they carry.
What other advice do I have?
Cisco Catalyst SD-WAN is positioned ideally where customers already have Cisco routers and other equipment, making migration to Cisco Catalyst SD-WAN easier. In these use cases, Cisco Catalyst SD-WAN is very competitive.
When discussing application-aware routing features, this is a standard feature all the OEMs are offering.
Cisco Catalyst SD-WAN would be more expensive compared to Versa. I have been a partner and reseller of both Versa and Cisco.
I rate Cisco Catalyst SD-WAN eight out of ten.