SD-WAN Considerations

7.0.0

Copy Link

Copy Doc ID 7030e0d2-4287-11ec-bdf2-fa163e15d75b:955542

Download PDF

SD-WAN Considerations

The SD-WAN configuration of the spokes in a multi-regional solution remains identical to the one described in the single-region examples. Note that the spokes are only connected to their local, regional hub overlays, and only those overlays are configured as SD-WAN members. Therefore, only those overlays will be used in SD-WAN rules for all the corporate traffic (including cross-regional ones).

This is true for both described methods: whether cross-regional ADVPN is used or not, the SD-WAN configuration on a spoke remains the same.

SD-WAN Member	SD-WAN Zone	Performance SLA	SD-WAN Rule	Firewall Policy
Based on per-region topology	Based on per-region topology	Health check server: Business critical applications or resource in the other region Health-check: RegB_DC1_App5 Members: dc1_overlay1_wan1, dc1_overlay2_wan2, dc2_overlay1_wan1, dc2_overlay2_wan2	Based on per-region topology. If inter-region traffic should be steered differently than intra-region traffic, more specific rules can be made for greater granularity	Granular firewall policies can be made for intra-region and inter-region control and inspection

SD-WAN Member

SD-WAN Zone

Performance SLA

SD-WAN Rule

Firewall Policy

Based on per-region topology

Health check server: Business critical applications or resource in the other region

Health-check: RegB_DC1_App5

Members:

dc1_overlay1_wan1, dc1_overlay2_wan2,

dc2_overlay1_wan1, dc2_overlay2_wan2

Based on per-region topology.

If inter-region traffic should be steered differently than intra-region traffic, more specific rules can be made for greater granularity

Granular firewall policies can be made for intra-region and inter-region control and inspection

SD-WAN Considerations

This is true for both described methods: whether cross-regional ADVPN is used or not, the SD-WAN configuration on a spoke remains the same.

SD-WAN Member	SD-WAN Zone	Performance SLA	SD-WAN Rule	Firewall Policy
Based on per-region topology	Based on per-region topology	Health check server: Business critical applications or resource in the other region Health-check: RegB_DC1_App5 Members: dc1_overlay1_wan1, dc1_overlay2_wan2, dc2_overlay1_wan1, dc2_overlay2_wan2	Based on per-region topology. If inter-region traffic should be steered differently than intra-region traffic, more specific rules can be made for greater granularity	Granular firewall policies can be made for intra-region and inter-region control and inspection

SD-WAN Member

SD-WAN Zone

Performance SLA

SD-WAN Rule

Firewall Policy

Based on per-region topology

Health check server: Business critical applications or resource in the other region

Health-check: RegB_DC1_App5

Members:

dc1_overlay1_wan1, dc1_overlay2_wan2,

dc2_overlay1_wan1, dc2_overlay2_wan2

Based on per-region topology.

If inter-region traffic should be steered differently than intra-region traffic, more specific rules can be made for greater granularity

Granular firewall policies can be made for intra-region and inter-region control and inspection