There is No Such Thing as Branch Mesh in SD-WAN

TL;DR: Unless you have dark fiber in a point-to-point configuration between all of your branch sites (i.e., [n (n – 1)] / 2 dark fiber runs), you don’t have a “branch mesh network”.

You Really Don’t Have Branch Mesh

The term “mesh” evolved with the concept of redundancy in the architecture of interconnected networking appliances. This led to “full mesh” architecture, which fully interconnected networking appliances, as shown in the first diagram.

Branch Mesh 1

But given the cost of duplicating or deploying multiples (2N, 2N+1, 3N, etc.) or hardware, full mesh architecture was basically limited to:

  • ISPs and telecommunications company infrastructure that aggregated last mile circuits for transit onto the Internet
  • Governments who had to maintain their own infrastructure to ensure continuity
  • A select few large enterprises with relevant resources and networking requirements

Mesh Goes Mainstream

Internet links have become cheaper and redundancy has become easier to manage, but this is commonly single location redundancy — meaning any given site can have two or more last mile circuits (with or without carrier diversity) to ensure they have continuous access to the Internet.

Branch Mesh 2

The idea of full mesh wide area networks was born with the introduction of virtual private networking, because we could create encryption tunnels between all our sites simultaneously and encrypt all traffic destined for those sites. That full mesh network looks something like the second diagram and has [ n (n – 1) / 2 ] interconnections. (In this case, there are 15 interconnections.)

Full Branch Mesh in SD-WAN

But Full Branch Mesh in SD-WAN?

Vendors that claim to offer full branch mesh in SD-WAN networking are playing a game of smoke and mirrors. Their claim implies a direct connection between branch sites when there really isn’t — because the cost of deploying 15 dark fiber runs between sites (from our example above) would be prohibitive.

More often than not, these vendors have repackaged VPN technology with a pretty interface and added the VPN to a service chain with other services to emulate SD-WAN. Their solutions rely on Internet backbones that transit through a service provider’s data center or core network and good ol’ VPN tunneling to create the appearance of branch mesh in SD-WAN.

Technically, these solutions are less efficient, because most vendors don’t make use of enhanced interior gateway routing protocol (EIGRP), a foundational protocol for routing data within your own network. A true SD-WAN solution allows you to use EIGRP over the SD-WAN to extend your internal network to your entire network of sites — not just encrypt data and rely on the service provider’s routing decisions.

TTGI SD-WAN is the Only Solution

Turnium Technology Group has developed a true SD-WAN solution that extends your network to all sites and gives you control over routing protocols and traffic prioritization. Encryption is built into our SD-WAN — not just added as an afterthought in a service chain.

Our core network nodes can be meshed together to allow the SD-WAN to make intelligent routing choices based on your quality of service requirements.