[c-nsp] SD-WAN design for large scale

daniel.dib at reaper.nu daniel.dib at reaper.nu
Tue Mar 24 06:27:14 EDT 2020 

Cisco SD-WAN doesn't use DMVPN, it uses OMP for control plane and IPSec for data plane.

Omar: Yes, by default you will have a full mesh of tunnels. It's easy to build Hub and Spoke topology if you want to. Often large organizations build regional Hub and Spoke where you traverse a Hub to go to another geographical region, such as EU to US etc.

Best regards,
Daniel

-----Original Message-----
From: cisco-nsp <cisco-nsp-bounces at puck.nether.net> On Behalf Of Christophe LUCAS
Sent: den 24 mars 2020 11:05
To: omar parihuana <omar.parihuana at gmail.com>
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] SD-WAN design for large scale

Hi,

No, DMVPN and NHRP phase3 make you able to make spoke-to-spoke communications.

Regards,
Christophe

----- Mail original -----
De: "omar parihuana" <omar.parihuana at gmail.com>
À: cisco-nsp at puck.nether.net
Envoyé: Lundi 23 Mars 2020 20:02:22
Objet: [c-nsp] SD-WAN design for large scale

Guys I've just read the follow document:

https://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/sd-wan/white-paper-c11-743108.html


So i am asking about the IPsec tunnel scalability in SD-WAN large deployments. One benefit of L3VPN in MPLS are the full mesh connectivity.
>From point of view of CE one default route could be enough. Now in SDWAN data plane if I want a full mesh topology a lot of IPsec tunnels are established... maybe I am wrong but I will expect n(n-1)/2 IPsec Tunnels (without consider the second path) then for example if I have 300 branch I could expect 37350 tunnels... really? So hub-and-spoke will be the solution... comments please... maybe it is time to say goodbye to full mesh in SD-WAN deployments?

--
Omar E.P.T
-----------------
Certified Networking Professionals make better Connections!
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list