Dual ISP Deployment: Two Hubs and Four Spokes in Different Regions

In the following dual ISP topology, the hubs are in different regions, and have two directly connected spokes each. The hubs and their directly connected spokes use Internal Border Gateway Protocol (iBGP) as the routing protocol, and the hubs use External Border Gateway Protocol (eBGP) to exchange routing information.

  • Hub HA1 and Hub HA2 are hub threat defense devices at the headquarters.

  • Branch1, Branch2, Branch3, and Branch4 are spoke threat defense devices at the branches.

  • HQ1, Branch1, and Branch2 are in a single region with AS number as 1111.

  • HQ2, Branch3, and Branch4 are in a single region with AS number as 2222.

  • ISP1 is the VPN interface of each spoke to ISP1.

  • ISP2 is the VPN interface of each spoke to ISP2.

Dual ISP Topology with Two Hubs and Four Spokes in Different Regions
Dual ISP Topology with Two Hubs and Four Spokes in Different Regions

To configure this topology, you must create the following four SD-WAN topologies using the SD-WAN wizard:

SD-WAN Topology 1

Parameter

Value

Primary Hub

Hub HA1

Secondary Hub

Hub HA2

Spokes

Branch1, Branch2

AS Number

1111

Secondary AS Number

2222

VPN Interface (Spoke Tunnel Source)

ISP1

The number of tunnels in SD-WAN Topology 1 is 4.

SD-WAN Topology 2

Parameter

Value

Primary Hub

Hub HA1

Secondary Hub

Hub HA2

Spokes

Branch1, Branch2

AS Number

1111

Secondary AS Number

2222

VPN Interface (Spoke Tunnel Source)

ISP2

The number of tunnels in SD-WAN Topology 2 is 4.

SD-WAN Topology 3

Parameter

Value

Primary Hub

Hub HA2

Secondary Hub

Hub HA1

Spokes

Branch3, Branch4

AS Number

2222

Secondary AS Number

1111

VPN Interface (Spoke Tunnel Source)

ISP1

The number of tunnels in SD-WAN Topology 3 is 4.

SD-WAN Topology 4

Parameter

Value

Primary Hub

Hub HA2

Secondary Hub

Hub HA1

Spokes

Branch3, Branch4

AS Number

2222

Secondary AS Number

1111

VPN Interface (Spoke Tunnel Source)

ISP2

The number of tunnels in SD-WAN Topology 4 is 4.

The total number of VPN tunnels for this dual ISP deployment is 16.

Note

If the hubs are in different geographic locations and have different protected networks behind them, to ensure direct communication between these networks, configure a point-to-point route-based VPN topology between the two hubs using the route-based VPN wizard.