I wrote this post for people that may be interested in a scalable Multipoint VPN solution for site-to-site communication. I intend for this to be a multi-part series, so let me know if there’s anything specific you’d like to see related to a deployment like this.
I’d love to see a version using Mikrotik RouterOS instead of VyOS. (Nothing against VyOS, but I’m seeing more and more Mikrotik stuff in the field). Maybe adapting Zerotier & Mikrotik design concept - Infrageeks to use BGP instead of the Zerotier routing…
Thanks for the offer! I have a few more things I’m working on as far as labs. Let me check out the cloud router and see if it’ll work for lab purposes first.
Although this now has me going down the rathole of trying to truly understanding BGP in this context and thinking about the impacts of the Hub failure in this scenario…
In Part 2 I’ll be adding additional regions for scalability, as well as additional hubs for redundancy. In this design, the Hubs are not part of the forwarding path (unless you make it so), which allows you to place them anywhere. You can have some on-prem, and some in the cloud. Hub redundancy can be as