Certain deployments require the routing infrastructure to be separated over their SD-WAN overlays. For this kind of deployments, we have introduced the support for multiple virtual routers on the SD-WAN branches that enable you to have overlapping IP subnet addresses on both the hub and branch devices. This feature adds to the SD-WAN capability to logically separate the routing infrastructure over SD-WAN and provides the ability to use overlapping IP subnets.

Multiple virtual routers can run multiple instances of routing protocols with a neighboring router with overlapping address spaces configured on different virtual router instances. Multiple virtual router deployments provide the flexibility to maintain multiple virtual routers, which are segregated for each virtual router instance.

You can now enable Multi-VR Support on the SD-WAN branch device to keep the traffic of different entities separate. A maximum of 20 virtual routers can be configured on the SD-WAN branch. However, the number of virtual routers supported on the PAN-OS SD-WAN branch varies by platform.

The following figure illustrates three SD-WAN branches with each configured with two virtual routers. By enabling multiple virtual routers support on the SD-WAN branches, the three branches connecting to the same SD-WAN hub can have overlapping IP subnets or belong to different entities and function independently because their traffic goes to different virtual routers. To enable multiple virtual routers on the SD-WAN branch, the SD-WAN hub connecting to the branches must be also be configured with multiple virtual routers.

Currently it's difficult for the network administrators to quickly identify the cause for an application’s poor performance in an SD-WAN device. It's because there isn't enough information available to identify the issue and the available limited information (such as VPN statistics, Panorama's device health statistics, and link health statistics) are located between Panorama and firewalls. It becomes a time consuming activity for the administrators to correlate this information and locate the performance issues on an SD-WAN device.

We’ve introduced bandwidth which is a primary measure of a link performance in addition to existing jitter, latency, and packet loss performance measures. For a VPN cluster, you will now be able to view the bandwidth of a tunnel and a physical interface for a selected site by default. There is no configuration required from the user to view the bandwidth of a tunnel.

With earlier SD-WAN plugin versions, you can't have SD-WAN configurations on multiple virtual routers. By default, a sdwan-default virtual router is created and it enables Panorama to automatically push the router configurations. Due to this restriction, customers faces difficulty and spends additional effort in some of the SD-WAN deployments:

SD-WAN plugin now supports multiple virtual routers on the SD-WAN hubs that enable you to have overlapping IP subnet addresses on branch devices connecting to the same SD-WAN hub. Multiple virtual routers can run multiple instances of routing protocols with a neighboring router with overlapping address spaces configured on different virtual router instances. Multiple virtual router deployments provide the flexibility to maintain multiple virtual routers, which are segregated for each virtual router instance.

However, the number of virtual routers supported on the PAN-OS SD-WAN hub varies by platform.

The following figure illustrates an SD-WAN hub with two virtual routers. By enabling multiple virtual routers support on the SD-WAN hub, the four branches connecting to the same SD-WAN hub (but different virtual routers) can have overlapping IP subnets or belong to different entities and function independently because their traffic goes to different virtual routers.

You can now configure additional point-to-point private link types, Private Link1, Private Link2, Private Link3, and Private Link4 along with the existing private link types (MPLS, Satellite, Microwave/Radio) for one to one connectivity while configuring the SD-WAN Interface Profile.

These private link types enable you to avail reliable providers for your remote regions to establish one to one connection with the overlay network and avoid provider outages.

The number of hubs to configure in a VPN cluster has been increased from 4 to 16. Only four of the 16 hubs can have the same hub priority within a VPN cluster due to ECMP.