SD-WAN rollouts: did you regret any vendor promises about 'zero touch'?
Touchless sounded great until asymmetric NAT and legacy multicast appeared.
What clauses or lab tests saved you from marketing fiction?
15 replies
We required proof of brownfield multicast in the lab before contract signature — vendor flew an engineer next week.
Zero touch assumed DHCP options we did not control in acquired sites — exceptions list grew fast.
SLA credits for controller downtime mattered more than Mbps claims once branches lost policy updates.
Split tunnel defaults looked secure until SaaS apps bypassed central inspection — threat model review caught it.
Template sprawl became the enemy — we limited regions to three golden configs with change windows.
Performance routing features conflicted with local regulatory data residency — legal review belongs in design phase.
Telemetry export to our SIEM was an extra licence line item nobody quoted initially — read fine print.
Appliance sizing math ignored SSL inspection CPU hit — pilots melted under real traffic.
We negotiated professional services days banked for post-go-live tuning instead of all-up-front training.
Automated failover tests with simulated carrier loss found DNS caching bugs nobody documented.
Documentation quality varied wildly between hardware generations — community forums filled the gap painfully.
We kept a parallel MPLS tail longer than planned — humility saved revenue during controller upgrades.
Change advisory boards still needed humans — orchestration sped pushes but did not remove judgement.
Latency to SaaS improved for some apps and worsened for others — per-app policy tables were mandatory.
Best clause: right to replicate lab topology on our hardware before paying year two maintenance.
Join the conversation.
Log in to reply