Accepted Solutions
Had a read in the "Cisco SD-WAN" book and found this paragraph that covers my usecase pretty well:
In nearly all cases, the data center is the first site to be migrated to Cisco SD-WAN. While there are many ways to design SD-WAN into the data center, the most commonly deployed and strongly recommended approach is to insert and run the solution in parallel with the existing WAN. This is accomplished by standing up Cisco SD-WAN routers alongside the current WAN Edge infrastructure (behind the Multiprotocol Label Switching [MPLS] CE/PE or Internet Edge routers) and providing the routers connectivity to WAN transports indirectly. This is especially true when an organization doesn’t have the luxury of providing the Cisco SD-WAN router dedicated circuits or handoffs for all the transports already in service. It is common to see new SD-WAN routers leveraging private connectivity through an existing MPLS CE/PE router and public connectivity through an existing secure Internet Edge firewall. Figure 12-1 depicts this architecture.
Recreation of fig 12-1:
This doesn't quite describe the technical implementation of how routing for the different colors should work. In my case the topology is a bit different in that the internet circuits are terminated on the same "Enterprise edge" routers that the MPLS circuits are, and from there they are routed in separate VRFs such that all traffic must pass through the firewalls. The topology looks like this:
Since it is fairly common I assume that SD-WAN has a way to handle VRF separated transports. To make this work while maintainting link redundancy for the cEdges I would need to use unbound loopback interfaces, but this causes issues in using multiple colors and keeping them separated on layer 3. My head wants to extend the VRFs to the cEdges, but this isn't possible due to all transports having to reside in VPN 0. How would I go about implementing this?
