Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Full Mesh Topology Overview

Contrail Service Orchestration (CSO) supports the full mesh topology on tenants in a software-defined WAN (SD-WAN) implementation. In a full mesh topology, all sites of a tenant are connected to one another. The sites are connected to one another through GRE and GRE_IPsec overlay tunnels. The default overlay tunnel encapsulation is GRE_IPsec.

In the full mesh topology, a WAN interface of one type is connected to a WAN interface of a different type if these WAN interfaces are associated with same mesh tags. A mesh tag is a label that you associate with a WAN link of a site. Mesh tags provide you the flexibility to establish overlay tunnels between WAN links of two different sites

Note:

With mesh tags, you can connect two WAN links even if the link types (MPLS and Internet) are different.

The following requirements must be satisfied for connections between WAN interfaces:

  • IP addresses of Internet WAN interfaces must be reachable on the Internet. Also, IP addresses must be preserved and change in IP addresses is not supported.

  • WAN links that are associated with same mesh tags must be reachable on the Internet.

For more information about mesh tags, see Mesh Tags Overview.

The full mesh topology supports the following:

  • Static policies and Application Quality of Experience (AppQoE)

  • Dynamic mesh

  • Mesh tags

  • LAN segmentation

  • Departments

  • Multiple VPNs

CSO supports only sparse mode connections in full mesh topology. In sparse mode, a WAN interface of a specific type in a site is connected to only one other interface of the same type (see Figure 1). This configuration reduces the number of overlay tunnels formed and is easy to maintain. However, sparse mode is susceptible to SD-WAN network performance deterioration due to connectivity disruptions because if connectivity on one tunnel is lost, then the respective connected WAN interfaces become unreachable.

Figure 1: Sparse ModeSparse Mode

Local Breakout in Full Mesh Topology

Local breakout is supported on all sites in the full mesh topology. Local breakout is the ability of a site to route Internet traffic directly from the site. A site can have multiple WAN interfaces, but only the WAN interfaces (up to a maximum of three) that are not enabled exclusively for local breakout traffic are chosen for connecting to the full mesh network. For instance, consider a site that has four WAN interfaces enabled. If WAN_1 on the site is enabled exclusively for local breakout traffic, then only WAN_0, WAN_2, and WAN_3 can be chosen for forming a full mesh.

WAN interfaces that are enabled exclusively for local breakout traffic cannot be used for non-Internet traffic and this makes those WAN interfaces essentially unusable in the full mesh topology. For WAN interfaces that are chosen to connect to the full mesh network, you do not need to provide overlay tunnel information while configuring the site; the overlay tunnel information is computed automatically.

CPE Devices Behind NAT in Full Mesh Topology

CSO supports site-to-site tunnels for WAN links of CPE devices behind NAT in full mesh topology. You can now provide private IP addresses for WAN links behind NAT and create the tunnels to hub or spoke sites. The support for CPE devices behind NAT in full mesh topology is applicable only for spoke devices. The OAM hubs, data hubs, and enterprise hubs or on-premise gateways require static public IP addresses for their WAN interfaces.

The supported NAT types are listed in Table 1.

Table 1: CPE Behind NAT in Full Mesh Topology

WAN IP Address

NAT Type

Spoke-to-Hub Tunnel

Spoke-to-Spoke Tunnel

Public IP address

No NAT

Supported

Supported

Private IP address

Full cone NAT

Supported

Supported

Private IP address

Restricted NAT

Supported

Supported

Private IP address

Symmetric NAT

Supported

Not supported