Cisco SD-WAN doesn't use DMVPN, it uses OMP for control plane and IPSec for 
data plane.

Omar: Yes, by default you will have a full mesh of tunnels. It's easy to build 
Hub and Spoke topology if you want to. Often large organizations build regional 
Hub and Spoke where you traverse a Hub to go to another geographical region, 
such as EU to US etc.

Best regards,

-----Original Message-----
From: cisco-nsp <> On Behalf Of Christophe 
Sent: den 24 mars 2020 11:05
To: omar parihuana <>
Subject: Re: [c-nsp] SD-WAN design for large scale


No, DMVPN and NHRP phase3 make you able to make spoke-to-spoke communications.


----- Mail original -----
De: "omar parihuana" <>
Envoyé: Lundi 23 Mars 2020 20:02:22
Objet: [c-nsp] SD-WAN design for large scale

Guys I've just read the follow document:

So i am asking about the IPsec tunnel scalability in SD-WAN large deployments. 
One benefit of L3VPN in MPLS are the full mesh connectivity.
From point of view of CE one default route could be enough. Now in SDWAN data 
plane if I want a full mesh topology a lot of IPsec tunnels are established... 
maybe I am wrong but I will expect n(n-1)/2 IPsec Tunnels (without consider the 
second path) then for example if I have 300 branch I could expect 37350 
tunnels... really? So hub-and-spoke will be the solution... comments please... 
maybe it is time to say goodbye to full mesh in SD-WAN deployments?

Omar E.P.T
Certified Networking Professionals make better Connections!
cisco-nsp mailing list
archive at
cisco-nsp mailing list
archive at

cisco-nsp mailing list
archive at

Reply via email to