Dual ISP Deployment: Two Hubs and Four Spokes in the Same Region
In the following dual ISP topology, the hubs and the spokes are in a single region, with AS number as 1111. The hubs and spokes use Internal Border Gateway Protocol (iBGP) as the routing protocol to exchange routing information.
-
Hub HA1 and Hub HA2 are hub threat defense devices at the headquarters.
-
Branch1, Branch2, Branch3, and Branch4 are spoke threat defense devices at the branches.
-
ISP1 is the VPN interface of each spoke to ISP1.
-
ISP2 is the VPN interface of each spoke to ISP2.
To configure this topology, you must create the following two SD-WAN topologies using the SD-WAN wizard:
SD-WAN Topology 1
|
Parameter |
Value |
|---|---|
|
Primary Hub |
Hub HA1 |
|
Secondary Hub |
Hub HA2 |
|
Spokes |
Branch1, Branch2, Branch3, Branch4 |
|
AS Number |
1111 |
|
VPN Interface (Spoke Tunnel Source) |
ISP1 |
|
Number of Tunnels |
8 |
The total number of tunnels in SD-WAN Topology 1 is 8.
SD-WAN Topology 2
|
Parameter |
Value |
|---|---|
|
Primary Hub |
Hub HA1 |
|
Secondary Hub |
Hub HA2 |
|
Spokes |
Branch1, Branch2, Branch3, Branch4 |
|
AS Number |
1111 |
|
VPN Interface (Spoke Tunnel Source) |
ISP2 |
|
Number of Tunnels |
8 |
The total number of tunnels in SD-WAN Topology 2 is 8.
The total number of VPN tunnels for this dual ISP deployment is 16.
Note | If the hubs are in different geographic locations and have different protected networks behind them, to ensure direct communication between these networks, configure a point-to-point route-based VPN topology between the two hubs using the route-based VPN wizard. |