In a Hub-and-Spoke topology, the hub site is connected to multiple spoke sites to exchange traffic. This topology is the most common for SD-WAN network design because it simplifies network management and provides a higher level of security by routing traffic through the hub site where traffic analysis and categorization is performed. The Hub-and-Spoke topology also enables more efficient use of bandwidth by optimizing and prioritizing traffic at the hub site.
To build a Hub-and-Spoke topology, you need to assign the SD-WAN gateway and standard CPE roles to CPE devices. In this case, SD-WAN gateways establish links with other SD-WAN gateways and standard CPE devices, while standard CPE devices establish links only with SD-WAN gateways.
The figure below shows a Hub-and-Spoke topology in which spoke sites communicate with the hub site, but not with each other. SD-WAN networks built using this topology are easy to design and maintain, because all necessary network services and applications are located in the same data center.
CPE devices being registered are automatically included in the management transport service with the Leaf role and can be behind NAT (Network Address Translation) and PAT (Port Address Translation). In such a Hub-and-Spoke topology, traffic cannot be transmitted directly between CPE devices.
Hub-and-Spoke topology without connection between spoke sites
The figure below shows a Hub-and-Spoke topology in which spoke sites can communicate with each other through the hub site. CPE devices being registered are automatically added to the management transport service and may be behind NAT and PAT.
Hub-and-Spoke topology with connection between spoke sites through the hub site
