AutoVPN tunnel count formula

Hopefully this is an easy one.


Can anyone explain to me why the documented formula for full mesh total tunnel count is ((H)*(H-1)/2) * L1 instead of ((H)*(H-1)/2) * L1 * L1 ?


Seems to be a simple geometry node formula and if each node has the same number of interfaces wouldn't there be a vpn tunnel per pair making the final factor squared?

The documented formula for the tunnel count per MX has this term squared, meaning there actually is a vpn tunnel per pair of interfaces, so why is it not squared in the total tunnel count?


Same thing for the Hub part of the total tunnel count of the Hub and Spoke topology. It should be identical to the full mesh total tunnel count, correct?


The documentation is here: Auto VPN Hub Deployment Recommendations - Cisco Meraki


I want to earn the Meraki cert, but I'm concerned about the exam questions requiring calculation on these formulas. Would the exam questions require correct calculations as documented, or as I suspect the correct formula should be?



Kind of a big deal

I think you are right and the documentation is wrong.

The formulas are inconsistent. The easiest check is a full mesh with two hubs and two links each. The tunnel count per MX has to equal the total tunnel count. I assume that they just forgot the "to the power two" for the L1 in the first formula.

Kind of a big deal

I’ve been thinking about this, and have to agree with @MG41372 . It does look like the total tunnel count for a full mesh with hubs needs the L1 to be squared. Take for example three hubs, if they each have one uplink the formula works, and gives the answer 3. However, consider if each hub has two uplinks, then each of the three hubs will try to build 4 tunnels to each other hub (W1-W1, W1-W2, W2-W1, W2-W2) - whether it succeeds or not is all part of the design, but this is what the hubs will try and do. Quickly you realise this is a total of twelve tunnels, so the L1 must be squared to make the formula work


Thanks for your reply, glad I'm not going crazy!

But my bigger concern is with the exam questions, since the ECMS2 course final exam scores its question using the calculated value from the incorrect formula as documented in the course material as well as the posted Meraki doc.


I have reached out to Cisco regarding the doc and course materials a while ago, but have not received any responses.

