Fortinet black logo

SD-WAN / SD-Branch Architecture for MSSPs

Home FortiGate / FortiOS 7.2.0 SD-WAN / SD-Branch Architecture for MSSPs
7.2.0
7.2.0
7.0.0
6.4.0

Overlay network designs

Overlay network designs

In this chapter we describe several reference design flavors for the SD-WAN/ADVPN overlay network. It is important to select the right design flavor for your project from the start, as it determines the foundation that will be configured on all the SD-WAN nodes.

  • First, you will need to choose a routing design. We will describe two options: the traditional "BGP per Overlay" and the newer "BGP on Loopback".

  • Second, you will need to choose between a simple single-VRF deployment and a more advanced multi-VRF deployment. The latter allows you to implement end-to-end segmentation across the entire SD-WAN network. Both routing designs described support this functionality.

    Note

    It is often referred to as a "Segmentation over Single Overlay", because the same overlay network is forwarding traffic belonging to multiple segments (VRFs), while preserving their segregation across all the SD-WAN sites.

But before discussing each of the design flavors separately, let us summarize what they all share in common.

Previous
Next

Overlay network designs

In this chapter we describe several reference design flavors for the SD-WAN/ADVPN overlay network. It is important to select the right design flavor for your project from the start, as it determines the foundation that will be configured on all the SD-WAN nodes.

  • First, you will need to choose a routing design. We will describe two options: the traditional "BGP per Overlay" and the newer "BGP on Loopback".

  • Second, you will need to choose between a simple single-VRF deployment and a more advanced multi-VRF deployment. The latter allows you to implement end-to-end segmentation across the entire SD-WAN network. Both routing designs described support this functionality.

    Note

    It is often referred to as a "Segmentation over Single Overlay", because the same overlay network is forwarding traffic belonging to multiple segments (VRFs), while preserving their segregation across all the SD-WAN sites.

But before discussing each of the design flavors separately, let us summarize what they all share in common.

Previous
Next