Hi  I have a set up of around 150 sites with 1 DC. There are also around 10 other sites that hosts applications. Hub and Spoke to the 1DC would create suboptimal routing for some sites especially some international sites. And doing a full mesh means that a lot of sites (90%) with smaller boxes would not be able to support so many tunnels (I have see the formula to calculate number of tunnels).   Is multiple HUBs a recommended solution? In my case there will be close to 10 sites with servers and applications. Consolidation of applications to Hybrid (on prem and cloud) is still 2 years down the line. What are some of the challenges if we go ahead with 10 HUB and spokes selectively choose their appropriate hubs.    Jay ... View more

Hi all,  I have Meraki SDWAN set up with MPLS (WAN1) and Internet (WAN2). At primary and secondary HUB I have MX250 with Primary Uplink as MPLS (WAN1). For traffic to the internet I have configured 'Flow preference --> Internet' on Security & SDWAN tab. Internet is working fine. I also have a  rule that specifically allows traffic from a LAN subnet to Internet service provider /30 via the Internet link (WAN2).  From the Cisco LAN switch I am creating IPSLA with the responder IP as the service provider /30 (I am tracking routes for fail over reason). I am not able to ping the internet provider /30 IP address (Carrier PE). I can see that the ping traffic is going out through the correct interface (Internet port) but traffic does not seem to come back. I have ruled out any filters on the service provider PE as I can get a response back when the MPLS link is plugged out from the MX. This could also mean that the FW rules are working.    Internet is working fine and I can reach 8.8.8.8 but for few reasons I do not want to use google DNS as the IPSLA responder.    Any pointers to resolve this please?  ... View more