We have site-to-site VPNs configured as a Hub and Spoke topology.
All our branches (spokes) have WAN1 (MPLS Link) and WAN2 (Broadband Link on site).
Our MPLS have an Internet breakout at our Data Center with public IP of 220.127.116.11. Our hub is also in our Data Center with public IP of 18.104.22.168 (same subnet, different IP).
Based on the Site-to-site VPN over MPLS documentation, my understanding is that if we want to build a tunnel over MPLS (by using the PRIVATE interface IP address of our hub and our spokes), the source public IP have to match between our hub and our spokes.
In this situation, the hub has 22.214.171.124 and all spokes have 126.96.36.199. Because of that, I'm wondering if the tunnels are built correctly on our MPLS link... Wouldn't be better if the WAN1 (MPLS) tunnel was built using private IPs ? Now it looks like the WAN1 (MPLS) tunnel is built between 188.8.131.52 and 184.108.40.206. Traffic is going upstream to the edge of our DC to come back in after.