Dynamic Mesh Tunnels Overview
In releases earlier than CSO 4.1.0, all the overlay tunnels for the site are established between branch sites during the Zero Touch Provisioning (ZTP) process.
However, starting with CSO Release 4.1.0, during ZTP, only the following static tunnels are established:
Between a branch site and the corresponding enterprise hub (primary enterprise hub or secondary enterprise hub)
Between a branch site and the provider hub (primary provider hub or secondary provider hub)
Between two enterprise hubs
Therefore, the communication between two branch sites (with the Secure SD-WAN Advanced service) is established only through the enterprise hub or the provider hub.
For sites with the Secure SD-WAN Advanced service, CSO dynamically creates or deletes a mesh tunnel (also called DVPN tunnel) between two branch sites directly so that the traffic does not go through an enterprise hub or a provider hub, if:
The number of sessions closed between two branch sites crosses the configured threshold value, and
The WAN links of branch sites have matching mesh tags. For more information, see Mesh Tags Overview.
The dynamic mesh feature is applicable only for Secure SD-WAN Advanced sites (Full mesh).
Sites with the Secure SD-WAN Essentials service do not support creation or deletion of dynamic mesh tunnels based on a user-defined threshold for the number of sessions closed between two branch sites. However, an OpCo administrator or a tenant administrator can create a static tunnel between a source site and destination site by using the CSO GUI in Customer Portal.
The SP administrator, OpCo administrator, or tenant administrator can modify the default threshold value on the following pages:
SP administrator or OpCo administrator:
Administration > Dynamic Mesh page of Administration Portal
The Add Tenant page
Tenant administrator:
The Administration > Tenant Settings page (Dynamic Mesh section) of Customer Portal (global level)
The Add Branch Site page
The Add Enterprise Hub page
The threshold value that you specify at site-level takes precedence over the tenant-level and global-level threshold values.
That is, the threshold value that you specify on the Add Tenant page overrides the threshold value that you specified on the Dynamic Mesh page of Administration Portal.
Similarly, the threshold value that you specify in the Add Site page overrides the threshold value that you specified on the Dynamic Mesh page and Add Tenant page.
Changes that OpCo and SP administrators make at global level do not apply to existing tenants. The changes are applied only to tenants added after the changes have been made at the global level.