📘 Case Study
Hybrid SD-WAN & WAN Transformation with SilverPeak, Palo Alto NGFW & Cisco ASR9K
👤 Client Profile
A global enterprise operating across Equinix data centers and on-premise locations. Required a scalable SD-WAN and WAN architecture to support hybrid cloud applications, secure internet access, and multi-tenant segmentation across regions.
⚠️ Challenges
• Needed scalable SD-WAN overlays across dual MPLS providers and multiple DIA circuits for dynamic traffic steering
• Required redundant 10G internet edge for secure and high-performance SaaS and cloud access
• Mandated full BGP table exchange with upstream providers for optimized internet routing and public prefix advertisement
• Sought integration with existing multi-tenant EVPN/VXLAN data center fabrics
• Required secure hybrid cloud connectivity to Azure and AWS with SD-WAN appliances and regional failover
• Needed automated provisioning and configuration to accelerate deployment timelines and reduce operational errors
✅ Solutions Delivered
• Deployed SilverPeak (Aruba) SD-WAN overlays with dynamic path control, application-aware routing, and automated failover
• Provisioned SD-WAN virtual appliances in Azure and AWS with policy-based routing and secure overlay integration
• Implemented Cisco ASR 9000 routers at the edge receiving full BGP tables from dual DIA providers, using communities and route maps for path control
• Streamlined default route (0.0.0.0/0) forwarding to Arista 7000 edge switches and Palo Alto PA-5450 firewalls for DMZ enforcement
• Installed Palo Alto PA-5450 firewalls with multi-vSYS for per-tenant segmentation and advanced security enforcement (IPSec VPNs, threat prevention)
• Extended SD-WAN and internet edge routing into existing Arista EVPN/VXLAN fabrics across Equinix East, Central, and West
• Automated configuration and security policy deployment using Ansible and Jinja2 templates
🚀 Results & Impact
🌍 Expanded global WAN/SD-WAN reach across Equinix data centers and remote sites
🚦 Optimized traffic flow with dynamic routing and dual MPLS overlays
🛰️ Achieved full BGP edge routing for fine-grained path selection and prefix advertisement
🛡️ Strengthened security posture with centralized multi-vSYS firewall enforcement
⚙️ Streamlined deployment with Ansible and Jinja2 automation templates
☁️ Enabled hybrid cloud integration with secure Azure & AWS SD-WAN overlays
🛠️ Technologies Used
• SD-WAN & Routing: SilverPeak / Aruba SD-WAN (Overlays, App-Aware Routing, Dynamic Path Control)
• Edge & Internet Routing: Cisco ASR 9000 (Full BGP Tables, Internet Edge)
• Firewalling: Palo Alto PA-5450 NGFW (Multi-vSYS, IPSec VPNs)
• Switching & Fabric: Arista 7000 (Edge Switching, Fabric Integration)
• Data Center Fabric: EVPN/VXLAN (Existing Fabric Integration)
• Hybrid Cloud Integration: Azure & AWS (SD-WAN Appliance Integration, VPN, Routing)
• Automation: Ansible, Jinja2 (Automation & Policy Templating)
