Im still trying to get a grasp of the concept of SDWAN - DIA anypath. The components and configuration are pretty straight forward but the "why/when" is not making sense. The main scenario that's proposed is "when you want to fail over to using the internet at another site (over the vpn) when local DIA is not available." Again, I must be missing something obvious here but when your local internet is down, the vpn is most likely down as well. You cant fail over to the vpn. I can understand some of the other scenarios mentioned such as having some bandwidth heavy applications go out local internet while having some applications go out the hub internet for extra inspection/visibility.
If local DIA isn't available, you need to have another transport that has access to another site. A big benefit of SD-WAN is using multiple links to carry traffic. Sites with single links won't really see a benefit from SD-WAN since there's no failover or traffic manipulation over multiple links.
The doc that @Declan69 included states that "DIA links must be able to fail over to another link that has a direct path or indirect path (through a hub or branch) to the internet"
That might be MPLS or P2P for example, but there needs to be multiple links.
Are you referring to this: "DIA AnyPath supports a DIA link failing over to a private VPN tunnel going to a hub firewall to then reach the internet."
Even over private links, the overlay of SD-WAN is a VPN. VPNs in SD-WAN don't necessarily go over the internet/DIA link, they will be over any transport available.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!