Mesh Tags Overview
A mesh tag is a label that you associate with a WAN link of a spoke site. Mesh tags provide you the flexibility to establish overlay tunnels between WAN links of two different spoke sites. If WAN links are associated with same mesh tags, CSO creates a VPN tunnel between WAN links of spoke sites (enterprise hub to enterprise hub, branch site to enterprise hub, branch site to branch site).
Mesh tags are applicable only for SD-WAN sites in the Real-time optimized mode (Full mesh).
Mesh tags can be predefined (MPLS and Internet) or user-defined. You can create user-defined mesh tags on the Administration > Mesh Tags page. You can associate a mesh tag to a WAN link when creating or editing a site. To do that, enable the WAN link with the ‘Use For Fullmesh’ option, and select a mesh tag for that WAN link.
With mesh tags, you can connect two WAN links even if the link types (MPLS and Internet) are different.
For example, consider that a tenant has two sites—Site A and Site B. Site A has four WAN links (WAN0 through WAN3) and Site B has three WAN links (WAN0 through WAN2). WAN0 in Site A and WAN0 in Site B are associated with MPLS (predefined mesh tag), and WAN1 in Site A and WAN1 in Site B are associated with Internet (predefined mesh tag).
A tunnel is established between WAN0 in Site A and WAN0 in Site B and between WAN1 in Site A and WAN1 in Site B because they are associated with the same predefined mesh tags.
- In a branch site, you can associate mesh tags to a maximum of three WAN links. In an enterprise hub or a dual CPE site, you can associate mesh tags to all the four WAN links.
- On a WAN link, only one site-to-site tunnel is formed between a pair of sites, except in redundant sparse mode.
In Figure 1, two tunnels are formed between Site 1 and Site 2 (WAN0 to WAN0 and WAN1 to WAN1), because of the matching mesh tags (Gold on WAN0 links and Silver on WAN1 links).
Region-based Meshing
Enterprise hub sites support multiple mesh tags per WAN link, allowing enterprise hubs to support use cases such as region-based fullmesh.
In Figure 2, Site 1 and Site 2 are in the USA region and Site 3 and Site 4 are in the IND region. While the site-to-site tunnels are created between the sites in the same region, the enterprise hub has tunnels with all the four sites – the two sites in the USA region and the two sites in the IND region.
If multiple mesh tags are present on a WAN link, only one mesh tag is required to match to create a tunnel.
Dynamic Load Balancing of Tunnels Across WAN Links
When multiple WAN links have the same mesh tag, CSO dynamically assigns one of the WAN links to the site-to-site tunnel so that the tunnels are load-balanced across the WAN links.
In Figure 3, Site 1, Site 2, and Site 3 have one WAN link each. Site 4 has three WAN links. All the sites have the same mesh tag. CSO connects the tunnels from WAN0 in Site 1, Site2, and Site 3 to WAN0, WAN1, and WAN2 in the site 4. Therefore, even if one WAN link in the site 4 goes down, the other tunnels remain functional.
Redundant-Sparse Mode
By default, CSO creates site-to-site tunnels in sparse mode, that is, one WAN link on a site is connected to single WAN link (1:1) on another site based on matching mesh tags.
However, if certain conditions are met, CSO connects the sites in redundant sparse mode. In redundant sparse mode, CSO connects two WAN links in one site to one WAN link in another site (2:1). The redundant sparse mode is enabled if the following conditions are met:
- Only one site-to-site tunnel is possible between the sites unless a redundant sparse link is added.
- The redundant sparse link shares a matching mesh tag with the sparse links.
- The WAN links added as the redundant sparse links must be either backup links or primary links in both the sites. A backup link in one site does not connect to a primary link in the other site.
