Multiple virtual routers on an SD-WAN branch enable overlapping subnet IP addresses
on hub and branch devices.
SD-WAN deployments require strict routing separation and support for overlapping IP
subnets to meet regulatory requirements and accommodate complex network
architectures. Enabling multiple virtual routers (VRs) in your SD-WAN deployment
logically separates the routing infrastructure over SD-WAN overlays, which helps you
to comply with regulations and maintain network segregation while utilizing
overlapping IP subnets.
With this new functionality, you can run multiple instances of routing protocols on
your multiple VRs when connecting to neighboring routers. Those VRs can now use
overlapping address spaces and still successfully route traffic to the appropriate
destination based on the virtual router ID (VR-ID) associated with each virtual
router. This provides you with the flexibility to maintain multiple segregated VRs
for each connection.
To enable multiple virtual routers on an SD-WAN branch, you must first configure multiple virtual routers on the SD-WAN
hub to which these branches connect. You can configure a maximum of 20
virtual routers on an SD-WAN branch. However, the maximum number of virtual routers varies
based on the Palo Alto Networks Next-Generation Firewalls you use in your
deployment.
This illustration contains three SD-WAN branches, each configured with two virtual
routers. When you enable support for multiple VRs on the SD-WAN branches, those
three branches connected to the same SD-WAN hub can use overlapping IP subnets or
belong to different devices. In this configuration, these SD-WAN branches can
function independently because the branch traffic goes to different virtual
routers.