Certain deployments require the routing infrastructure to be separated over their SD-WAN overlays. For this kind of deployments, we have introduced the support for multiple virtual routers on the SD-WAN branches that enable you to have overlapping IP subnet addresses on both the hub and branch devices. This feature adds to the SD-WAN capability to logically separate the routing infrastructure over SD-WAN and provides the ability to use overlapping IP subnets.

Multiple virtual routers can run multiple instances of routing protocols with a neighboring router with overlapping address spaces configured on different virtual router instances. Multiple virtual router deployments provide the flexibility to maintain multiple virtual routers, which are segregated for each virtual router instance.

You can now enable Multi-VR Support on the SD-WAN branch device to keep the traffic of different entities separate. A maximum of 20 virtual routers can be configured on the SD-WAN branch. However, the number of virtual routers supported on the PAN-OS SD-WAN branch varies by platform.

The following figure illustrates three SD-WAN branches with each configured with two virtual routers. By enabling multiple virtual routers support on the SD-WAN branches, the three branches connecting to the same SD-WAN hub can have overlapping IP subnets or belong to different entities and function independently because their traffic goes to different virtual routers. To enable multiple virtual routers on the SD-WAN branch, the SD-WAN hub connecting to the branches must be also be configured with multiple virtual routers.