Help Center User GuideGetting StartedFAQRelease NotesRelease NotesRelease NotesRelease Notes
User Guide
Getting Started
Release Notes
Release Notes
Release Notes
Release Notes

Full Mesh Topology Overview

Contrail Service Orchestration (CSO) supports the full mesh topology on tenants in a software-defined WAN (SD-WAN) implementation. In a full mesh topology, all sites of a tenant are connected to one another. The sites are connected to one another through GRE and GRE_IPsec overlay tunnels. The default overlay tunnel encapsulation is GRE_IPsec.

In the full mesh topology, a WAN interface of one type is connected to a WAN interface of a different type if these WAN interfaces are associated with same mesh tags. A mesh tag is a label that you associate with a WAN link of a site. Mesh tags provide you the flexibility to establish overlay tunnels between WAN links of two different sites

Note With mesh tags, you can connect two WAN links even if the link types (MPLS and Internet) are different.

The following requirements must be satisfied for connections between WAN interfaces:

For more information about mesh tags, see Mesh Tags Overview.

The full mesh topology supports the following:

Contrail Service Orchestration supports only sparse mode connections in full mesh topology. In sparse mode, a WAN interface of a specific type in a site is connected to only one other interface of the same type (see Figure 9). This configuration reduces the number of overlay tunnels formed and is easy to maintain. However, sparse mode is susceptible to SD-WAN network performance deterioration due to connectivity disruptions because if connectivity on one tunnel is lost, then the respective connected WAN interfaces become unreachable.

Figure 9: Sparse Mode

Sparse Mode

Local Breakout in Full Mesh Topology

Local breakout is supported on all sites in the full mesh topology. Local breakout is the ability of a site to route Internet traffic directly from the site. A site can have multiple WAN interfaces, but only the WAN interfaces (up to a maximum of three) that are not enabled exclusively for local breakout traffic are chosen for connecting to the full mesh network. For instance, consider a site that has four WAN interfaces enabled. If WAN_1 on the site is enabled exclusively for local breakout traffic, then only WAN_0, WAN_2, and WAN_3 can be chosen for forming a full mesh.

WAN interfaces that are enabled exclusively for local breakout traffic cannot be used for non-Internet traffic and this makes those WAN interfaces essentially unusable in the full mesh topology. For WAN interfaces that are chosen to connect to the full mesh network, you do not need to provide overlay tunnel information while configuring the site; the overlay tunnel information is computed automatically.

Related Documentation

Help us to improve. Rate this article.
Feedback Received. Thank You!
  • Traffic-Based Steering Profiles and SD-WAN Policies Overview

  • About the Tenants Page

  • Breakout and Breakout Profiles Overview

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      

Additional Comments

800 characters remaining

May we contact you if necessary?


Need product assistance? Contact Juniper Support