Showing results for 
Search instead for 
Did you mean: 

CISCO SD-WAN Software Upgrade Best practices


This document will explain the steps and best practices for upgrading Cisco SD-WAN.

Using the link below, use the compatibility matrix embedded in the release notes to verify the version of the controllers (vManage, vBond, vSmart, and WAN Edges) or you can go to the SDWAN compatibility matrix webpage.


SD-WAN Release Notes

SD-WAN Compatibility Matrix


As an example, if the controllers are running on release 19.3.x, the Edge devices should be running on the following versions 18.4, 19.2, 19.3. See figure 1.


Screen Shot 2020-06-11 at 3.46.11 PM.png

 Figure 1. Compatibility Matrix



Controller versions must follow the compatibility matrix to avoid operational issues.


The interim build is only needed for the vManage. All other devices can be directly upgrade from 17.1.x to 18.4.4 code.


The upgrade path is: 17.1.x-----17.2.10-----18.4.4



Important Links for Software Upgrades


EOL/EOS Notification


Field Notice


Cisco SD-WAN Upgrade and Install Guide


Release Notes Upgrade Instructions




Software Bugs


Cisco SD-WAN Upgrade

To upgrade the software running on the devices in the overlay network, download the new software packages from the Cisco SD-WAN website.

Visit the following link and select your hardware to validate the available releases,

Additionally you can go directly to the Software Download Center and download the available releases


Important Prerequisites:

  • Controllers and WAN Edge devices should be upgraded in the following order:
    • 1.- vManage
    • 2.- vBond
    • 3.- vSmart
    • 4.- WAN Edge
  • Download the new software packages from the Cisco SD-WAN website before upgrading the software running on the devices in the overlay network
  • Collect a vManage configuration-db backup before the upgrade. This is in addition to your daily VM (Virtual Machine) snapshot for the vManage
  • Upgrade the software from the vManage NMS GUI rather than from the CLI
    • The Upgrade task pushes new software to the SD-WAN device and installs it on the file system.  It does not change the code or impact the device.  This task can be done ahead of the software activation maintenance window to optimize change control time.
  • For a special vManage cluster configuration where tunnel-interface is not configured on VPN 0 and the vManage isn’t managing any WAN Edges, then you must perform the upgrade of all vManages through CLI instead of through GUI. This type of configuration is used when vManage nodes in a cluster have some dedicated services running. Refer to “Upgrading the cluster" section in the following document for upgrading these type of cluster deployments:


  • When upgrading the software image on a remote vManage NMS, the overlay network must be operational
  • If the new software images are in the image repository on the vManage NMS, ensure that the WAN in which the vManage NMS is located has sufficient capacity for concurrent file transfers.
  • If the new software images are located on an external FTP server, ensure the FTP server can handle concurrent file transfers
  • You cannot include the vManage NMS in a group software upgrade operation. You must upgrade and reboot the vManage server individually in the vManage Software Upgrade tab.
  • vSmart and vBond controllers must be upgraded separately in the Controllers tab in the vManage Software Upgrade tab.
  • Be sure to activate a software image before setting it to the default software image.

Steps for Upgrading SD-WAN

To upgrade all devices in the overlay network, perform the upgrade in the following order:


  1. Add new software to the image repository of vManage or external FTP server if applicable
  2. Upgrade the vManage NMS(s).  Then activate the new code on vManage NMS
  3. Upgrade one-half the vBond orchestrators.   Then activate the new code on one-half the vBond orchestrators and validate vBond function on new code.
  4. Upgrade the remainder of the vBond orchestrators.
  5. Upgrade one-half of the vSmart controllers.  Then activate the new code on one-half the vSmart Controllers and validate vSmart function on new code.
  6. Upgrade the remainder of the vSmart controllers.
  7. Upgrade 10% of the WAN Edge routers. For multi-router sites, it’s recommended to limit upgrades to one router per site. A recommended plan of action would be to upgrade Production test device(s), low risk sites, medium risk sites, then high risk sites.
  8. Validate WAN Edge function of the network services after code upgrade.
  9. Upgrade the remainder of WAN Edge routers.


Frequently Asked Questions (FAQs)


  1. Q: How often should I upgrade?

A:  With each new version of code comes multiple bug fixes that improve product quality. The release notes contain all bug fixes that came in with that release. Release code versions 18.3 and older are now End-of-Sale and End-of-Life per the following notice:


  1. Q: If I am running a Deferred release will my network be impacted?

A: Yes, running a deferred release is not recommended and can cause that device has an abnormal behavior caused by a software defect.

The latest versions are located in the Software Download Center:

The recommended version is 18.4.5

  1. Q: Is it only vManage that I need to upgrade?

A: No, you will need to upgrade the suite of controllers in the following manner: 1) vManage 2) vBond 3) vSmart. This is documented in the following link in the section entitled Best Practices for Software Upgrades:

Upgrading Cisco IOS XE Devices video:


  1. Q: Will I run into issues when upgrading from certain versions?

A: Yes! It is important to consider the upgrade path based upon your current controller version along with which version you will be upgrading to. The reason for this is because of schema changes in the database when upgrading to a version that is a major code release. Refer to the following upgrade path below:

17.1.x -18.3.8 -18.4.4


Note: This process is for vManage


  1.        5. Q: Should I consider my Edge device version compared to my controller version?

A: Yes, you should always follow the Compatibility Matrix provided in the release notes for each version. You never want your Edge device version to be higher than the controller version in your environment. For example, in the Compatibility Matrix section of the release notes below, you’ll see the following:

18.3 controllers à 18.3 vEdge and 16.9 XE SDWAN

18.4 controllers à 18.4 vEdge and 16.10 XE SDWAN


  1. Q: What is the process to upgrade ISR4000 to SD-WAN?

            A: The upgrade process is explained in the YouTube video below:

Additional information is available at:


  1. Q: Do I need specific hardware to install SD WAN software?

A: Yes, not all Cisco routers support SD-WAN software.

You can do the migration from traditional IOS-XE to IOS-XE SD WAN software on the following devices,




For example, SD-WAN is not supported on CISCO 2900 or 3900 series.












very informative; thanks!


Hi @jurangel,

thanks for the great post.

I wonder if anyone had fresh experience with upgrading to 20.1.12?

We need to upgrade our vManage, vEdge cloud and vSmart, vBond, from 18.4.4 to 20.1.12.

Any hints, warnings, experiences?

Did you find that something was super tricky in your case?





Cisco Employee

Hi Aleksa,

Thanks for your update,


I have upgraded the controllers/vEdge devices to 20.1.12

You can upgraded directly from 18.4.4 to 20.1.12 without problems.


Controllers and WAN Edge devices should be upgraded in the following order:

  • 1.- vManage
  • 2.- vBond
  • 3.- vSmart
  • 4.- WAN Edge

Warm Regards