Uber’s enterprise network encompasses about 250 offices worldwide, from compact workspaces to expansive campuses. To support this global presence, we’re moving away from a legacy centralized backbone network in favor of a scalable, flexible SD-WAN architecture. Our objectives are to cut latency, streamline operations, boost automation, and reduce costs.

Historically, our large office connectivity relied on a backbone model using regional PoPs (Points of Presence) and centralized firewalls for routing and control. However, deploying a PoP near every office hasn’t always been practical. Often, a single PoP serves multiple offices across national borders, forcing internet-bound traffic to traverse the PoP first before reaching the internet. This detour introduces latency and adds to network complexity.

Maintaining P2P (point-to-point) connections requires careful planning: primary and backup links must be provisioned with different ISPs to avoid overlap, increasing operational overhead. While this backbone model has enabled Uber’s growth so far, it has also led to high costs, slow deployments, and growing infrastructure complexity. To address these pain points, we’re shifting to a decentralized, AI-driven SD-WAN architecture. This transition is already allowing for quicker deployments, better scalability, and smarter network operations, with less dependence on traditional PoPs and data centers.

This initiative was driven by the need to lower operational costs, speed up deployment timelines, and reduce reliance on aging, complex infrastructure. At the same time, our goal was to deliver better performance and enable automation across Uber’s global office network.

Previously, enterprise offices relied on dedicated P2P circuits and centralized firewalls connected to PoPs. While effective early on, this model lacked scalability and flexibility as our footprint grew. To modernize our network, we explored several SD-WAN solutions and ultimately adopted a cloud-native, AI-driven platform that offered strong automation capabilities and global scalability.

Key priorities during the evaluation included supporting ZTP (zero-touch provisioning), and enabling seamless integration into our existing network environment without requiring a full hardware refresh. At the same time, the selected solution needed to support a full-stack approach, covering not only SD-WAN but also wireless and switching. 

Other essential features included strong API support for automation, advanced monitoring and observability, and native integration with cloud platforms. Compatibility with third-party SaaS, IT service management tools, IaC (infrastructure-as-code) frameworks, identity and access solutions, along with support for SASE (Secure Access Service Edge) principles, was essential to ensure a secure, adaptive, and high-performing user experience across all sites.

Additionally, vendor presence around the globe was a significant factor in our decision. Having hardware readily available in multiple regions ensures quick replacement and minimal downtime in the event of any equipment failures.

Uber’s office connectivity is currently built around a centralized backbone model. As shown in Figure 1, internet-bound traffic from offices traverses these P2P links, reaches a centralized PoP, undergoes inspection, and only then exits to the internet. This architecture adds latency, limits flexibility, and requires complex coordination.

As part of our ongoing SD-WAN transformation (see Figure 2), we’re transitioning to a decentralized model where offices connect via dual DIA (Direct Internet Access) links and reach the internet directly, bypassing regional PoPs. In this model, only internal RFC1918 traffic destined for data centers continues to traverse the SD-WAN fabric, accounting for less than 1% of total office traffic. Most traffic is being routed directly to the Internet and inspected locally, leading to a leaner, faster, and more efficient network as adoption expands.

The technologies and services used are:

To integrate with Uber’s tech stack, we provisioned pipelines and enterprise systems using non-proprietary protocols. We also implemented real-time monitoring tied into our internal observability stack. 

What makes this solution novel is that it: 

When implementing this solution, we faced some challenges. First, we had to replace legacy hardware in active offices without causing downtime. We also had to manage mixed connectivity models (P2P and internet) during transitional phases. This included implementing robust failover mechanisms to ensure continuous connectivity. 

Other challenges included needing to procure DIA circuits for globally distributed sites promptly, adapting the SD-WAN solution to fit our needs without adopting the vendor’s full technology stack, and handling NAT changes. 

Along with those challenges, we had to precisely size hardware for throughput, session limits, and performance bursts. Finally, as part of this work we had to create globally scalable templates that accommodated various office sizes and topologies.

To overcome those challenges, we executed staged deployments with coordination from local site teams. To ensure continuous connectivity, we implemented automated validation and rollback workflows through IaC tooling. We also built modular, flexible templates to support phased rollouts and different hardware configurations. Collaborating across networking, security, and infrastructure teams, we aligned on architectural tradeoffs and performance expectations. To address our unique needs with vendor technology, we worked closely with the vendor to tune the solution, adapt features, and ensure reliable global delivery and support.

This approach enabled a consistent global rollout with minimal manual intervention and zero-downtime migrations even at 24/7 sites. It also laid a solid foundation for ongoing automation, monitoring, and future scaling.

We’re actively rolling out our new SD-WAN-based office network. Several offices have already transitioned, and more are joining each month..

By replacing P2P links with dual DIA circuits, we’ve reduced complexity and lowered costs. DIA circuits are simpler to order, faster to deploy, and less expensive to maintain than traditional point-to-point links, accelerating our global expansion.

In certain regions, the user experience has improved dramatically. For instance, latency to common DNS endpoints like 8.8.8.8 dropped from 80-90 milliseconds to 8-10 milliseconds, making online tools and video calls much more responsive.

ZTP allows us to deploy hardware with minimal manual effort. Sites are onboarded automatically using templates and automation, saving engineering time and reducing errors.

As offices migrate to SD-WAN, we’re decommissioning regional PoPs that are no longer necessary, saving on hardware, space, and operational support.

Only internal traffic destined for our data centers uses the SD-WAN fabric. All other traffic is sent directly to the internet and inspected locally, reducing latency and increasing efficiency.

We’ve integrated the SD-WAN system with our monitoring and observability platforms. This gives us real-time visibility into performance and issues, making troubleshooting much faster.

We’re also integrating the solution with internal tools for easier provisioning and policy management. This includes identity systems, service automation, and IaC frameworks.

In offices, where we also deploy AI-driven wireless and switching, users benefit from more stable wifi, automatic optimization, and better coverage without needing traditional wireless controllers.

Overall, the SD-WAN architecture is helping Uber build a faster, simpler, more reliable office network that’s easier to scale globally.

We’re continuing the global rollout of our SD-WAN architecture, with several additional offices scheduled for transition in the coming months. More regional PoPs are also planned for decommissioning, helping reduce our operational footprint and simplify the overall network.

As we scale, we’re deepening integration with our internal automation and monitoring systems to support faster provisioning, consistent policy enforcement, and real-time visibility.

Looking forward, we’re focusing on leveraging AI to detect network incidents proactively and move toward self-healing and automated resolution. Our long-term goal is to build an intelligent, adaptive infrastructure that requires minimal manual intervention and continuously optimizes itself based on real-time data and performance trends.

Our SD-WAN transformation has fundamentally changed how our offices connect, prioritizing performance, scalability, and simplicity. We’ve reduced reliance on centralized infrastructure, empowered automation, and set the stage for a future-ready network across Uber’s global office footprint, with ongoing progress continuing.

Stay up to date with the latest from Uber Engineering—follow us on LinkedIn for our newest blog posts and insights.