You can definitely achieve what you’re trying to do with Meraki, and we run a SD-WAN network that is larger than that on multiple MXs. I’m sure you’ve already seen the MX sizing guide, but here it is for reference https://meraki.cisco.com/product-collateral/mx-sizing-guide/?file I’m not sure of the performance of the MX600, but since it’s heading towards its last day of support (admittedly slowly) I’d be planning on replacing it. I’d also be going to two clusters too, especially if there is an expectation to grow to 1,500 sites. Also, do the remote sites have single or dual connections? That could be doubling the number for VPN tunnels, so having the head-end capacity. I really wouldn’t want to be exceeding the recommended 1,500 site-to-site VPN tunnels on the MX450, and I’d want to give myself some headroom if I could. If 1,500 tunnels is the absolute maximum then I’d consider using two HA pairs of MX250 if the 1Gbps VPN throughput will be adequate. Otherwise, yes, the MX450s, but again two HA pairs. But that would also depend on your data centre layout and whether you expect to be able to failover everything to one HA pair in the event of a data centre outage. From a DC integration perspective I’d say you need to be running in VPN concentrator mode (I’d be surprised if you weren’t already) and that BGP is the way to integrate routing - it will give you a bit more flexibility. Hope this helps in your way forward.
... View more