Yes I understand what you say, BUT how does it apply to SDWAN as this overlay needs to probe the tunnel quality between each other? If you attach some MX of your network to some hubs you're losing this direct & interactive probing between the MX of the other branch you built depending from another hub. Does this SDWAN is still functioning conceptually?

1-Here you are describing a hub&spoke topology with a single WAN (internet) uplink while my topic is for a dual uplink WAN for each site in the case of SDWAN. The magnitude is more when you have an SDWAN with dual port/WAN at each location and probing against each other the realtime SDWAN thresholds;

2-I've asked the question for the other topology which an SDWAN customer may want and  they may not want to depend on one hub which all the other sites goes only through it to exchange and this is my second question actually of my question:

"2) Has anyone made any calculation for an SD-WAN meshed/any to any VPN topology, which naturally upsizes the number of tunnels above the hub&spoke case above? With the same reasoning in terms of number of SD-WAN tunnels but applied to the any-to any case here, I made some rapid calculations:

Can anyone confirm these orders of magnitude and model sizing, please? Many thanks

How does the autoVPN works on the Meraki devices? Lets say that we have 50 sites using SD-WAN meshed/any to any VPN topology (2x WAN links for each site).

Does each site establish tunnels with all of the other sites, regardless of whether there's actual traffic going through those tunnels?

Or does it auto establish tunnels when there's actual need for traffic to pass from one specific site to another one and drops the tunnel after an x amount of time that the tunnel is idle?

A branch office for example, would be required to be able to communicate mainly with 3x datacenters and occasionally with a couple more branch offices. Would it still be required to use the MX450 that would be able to handle 4900 VPN tunnels?

>Does each site establish tunnels with all of the other sites, regardless of whether there's actual traffic going through those tunnels?

If you configure a full MESH - then yes, a tunnel is formed over both WAN connections to every site.  SDWan actively measures every VPN so it can tell how to apply any performance based traffic policies.

If branches don't normally need to talk directly to each other (or only do it occasionally) then you would not configure a full mesh.  Branches can still communicate with each other via a hub.

The below image is an example from one of my clients.  This is a single site that has dual WAN connections and two SDWAN performance classes defined, one for RDP and one for VoIP.  The screen shot is the stats between two of the sites - and you have this for every site you have a VPN connection to.

How did you get that screen with all of those statistics? If I go to Organisation > VPN status I can only see statistics for latency and usage

You need to try randomly click on things (that is how I found it the first time).

Go:

Security Appliance/VPN Status

Then click anywhere on a listed VPN except the hyperlink name (such as the VPN status, Usage, Latency, etc).

Thanks again!