Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Full Mesh Topology Overview


Contrail Service Orchestration (CSO) supports the full mesh topology on tenants in a software-defined WAN (SD-WAN) implementation. In a full mesh topology, all sites of a tenant are connected to one another. The sites are connected to one another through GRE and GRE_IPsec overlay tunnels. The default overlay tunnel encapsulation is GRE_IPsec.

In the full mesh topology, a WAN interface of one type is connected to a WAN interface of a different type if these WAN interfaces are associated with same mesh tags. A mesh tag is a label that you associate with a WAN link of a site. Mesh tags provide you the flexibility to establish overlay tunnels between WAN links of two different sites


With mesh tags, you can connect two WAN links even if the link types (MPLS and Internet) are different.

The following requirements must be satisfied for connections between WAN interfaces:

  • IP addresses of Internet WAN interfaces must be reachable on the Internet. Also, IP addresses must be preserved and change in IP addresses is not supported.

  • WAN links that are associated with same mesh tags must be reachable on the Internet.

For more information about mesh tags, see Mesh Tags Overview.

The full mesh topology supports the following:

  • Static policies and Application Quality of Experience (AppQoE)

  • Dynamic VPNs

  • Mesh tags

  • LAN segmentation

  • Departments

  • Multiple VPNs

Contrail Service Orchestration supports only sparse mode connections in full mesh topology. In sparse mode, a WAN interface of a specific type in a site is connected to only one other interface of the same type (see Figure 1). This configuration reduces the number of overlay tunnels formed and is easy to maintain. However, sparse mode is susceptible to SD-WAN network performance deterioration due to connectivity disruptions because if connectivity on one tunnel is lost, then the respective connected WAN interfaces become unreachable.

Figure 1: Sparse Mode
Sparse Mode

Local Breakout in Full Mesh Topology

Local breakout is supported on all sites in the full mesh topology. Local breakout is the ability of a site to route Internet traffic directly from the site. A site can have multiple WAN interfaces, but only the WAN interfaces (up to a maximum of three) that are not enabled exclusively for local breakout traffic are chosen for connecting to the full mesh network. For instance, consider a site that has four WAN interfaces enabled. If WAN_1 on the site is enabled exclusively for local breakout traffic, then only WAN_0, WAN_2, and WAN_3 can be chosen for forming a full mesh.

WAN interfaces that are enabled exclusively for local breakout traffic cannot be used for non-Internet traffic and this makes those WAN interfaces essentially unusable in the full mesh topology. For WAN interfaces that are chosen to connect to the full mesh network, you do not need to provide overlay tunnel information while configuring the site; the overlay tunnel information is computed automatically.