Guys I've just read the follow document:
https://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/sd-wan/white-paper-c11-743108.html
So i am asking about the IPsec tunnel scalability in SD-WAN large
deployments. One benefit of L3VPN in MPLS are the full mesh connectivity.
From point of view of CE one default route could be enough. Now in SDWAN
data plane if I want a full mesh topology a lot of IPsec tunnels are
established... maybe I am wrong but I will expect n(n-1)/2 IPsec Tunnels
(without consider the second path) then for example if I have 300 branch I
could expect 37350 tunnels... really? So hub-and-spoke will be the
solution... comments please... maybe it is time to say goodbye to full mesh
in SD-WAN deployments?
--
Omar E.P.T
-----------------
Certified Networking Professionals make better Connections!
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
https://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/sd-wan/white-paper-c11-743108.html
So i am asking about the IPsec tunnel scalability in SD-WAN large
deployments. One benefit of L3VPN in MPLS are the full mesh connectivity.
From point of view of CE one default route could be enough. Now in SDWAN
data plane if I want a full mesh topology a lot of IPsec tunnels are
established... maybe I am wrong but I will expect n(n-1)/2 IPsec Tunnels
(without consider the second path) then for example if I have 300 branch I
could expect 37350 tunnels... really? So hub-and-spoke will be the
solution... comments please... maybe it is time to say goodbye to full mesh
in SD-WAN deployments?
--
Omar E.P.T
-----------------
Certified Networking Professionals make better Connections!
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/