Hub connection: full-mesh
In this example, we enhance the Spoke-to-Hub connection redundancy, by interconnecting the two nodes with a full mesh of static IPsec tunnels.
Do not confuse this with a Full-Mesh overlay network topology! Our overlay network still remains Hub-and-Spoke, as described earlier. We are only talking about the overlay connectivity between a given Spoke and a Hub.
Also in this example, with BGP on loopback design, we can configure a single Dial-Up endpoint terminated on each of the Internet connections on the Hub (two Dial-Up endpoints in total). Each Spoke will establish two static IPsec tunnels towards each of these endpoints (four tunnels in total). There will be no tunnel subnets and no additional BGP sessions. BGP routes will be recursively resolved through all available overlay paths.
It must be noted that this topology nevertheless introduces certain added configuration complexity on the Spoke side, because all the static IPsec tunnels must become SD-WAN Members. In our example, the Spoke will have four overlay SD-WAN Members that must be correctly ordered in the SD-WAN rules.