Thank you both Karstenl and PhilipDAth for your reponses and help.   A couple of questions to clarify my understanding...Karstenl, if I understand you correctly, I will have a /29 public subnet available on each of the Internet access links, and each MX will take a public address from each WAN subnet as their port address. Have I understood you correctly?   PhilipDAth, you mention "Recovery after failure". I was planning to use a full mesh of auto-VPN load-balancing links, so while I can see the benefit of having vIPs when failing over, because there is no need to ARP for the IP address of the warm spare, I'm unclear if there is a benefit when there is already a running link if the other fails. I read your links (I went through them when trying to find the answer for myself) but given that I'm looking at a fully-configured SD-WAN, I don't understand the benefit...I am missing something   Thanks   Jim ... View more