Crazy about VMware SD-WAN

 In my previous blog I stated, that in VMware SD-WAN we can have Branch to Branch connectivity via overlay, as long as we have the branch routes announced with a maximum of 2 overlay hops away. Now let´s proof this assumption in my lab and modify it in order to establish a 4-tier hierarchy: I applied a new profile to the Regional Hubs, which now have only overlay tunnels to the 2 DC-Hubs, thus removing the permanant tunnel between all Regional Hubs. There is no change in paths between Branch Edges and DC-network  VPC-A1> ping 10.1.201.2   (VPC-DC) 84 bytes from 10.1.201.2 icmp_seq=1 ttl=60 time=58.340 ms 84 bytes from 10.1.201.2 icmp_seq=2 ttl=60 time=19.604 ms 84 bytes from 10.1.201.2 icmp_seq=3 ttl=60 time=48.628 ms 84 bytes from 10.1.201.2 icmp_seq=4 ttl=60 time=180.321 ms 84 bytes from 10.1.201.2 icmp_seq=5 ttl=60 time=23.469 ms VPC-A1> trace 10.1.201.2   (VPC-DC) trace to 10.1.201.2, 8 hops max, press Ctrl+C to stop  1   10.2.201.1   3.737 ms  2.933 ms  0.999 ms            

  Recently my teaching collegues from VMware sent me this range of questions: "Can I create a full, global mesh even using different hubs? Gateways are not an option in this scenario. In other words, I have: AMER DC with Hub Cluster EMEA DC with Hub Cluster APAC DC with Hub Cluster  And I have profiles that use dynamic E2E VPN set to use the regional hub.  Can we, in this topology, get, essentially, a full overlay mesh between Edges directly? Like, can I actually build a tunnel from, say, a Tokyo Edge to a Chicago Edge even with different hubs?   Will secondary hubs in the VPN config provide the meet-in-the-middle connectivity in order to create the E2E VPN?  My understanding of the hub cluster order in the Cloud VPN config is that we simply use the first cluster, but if that is unavailable, we use the next cluster in the list." My first assumption was:  In my opinion (static or dynamic) E2E works only when there is a single or 2 hop continuous set of permanent over