Hi all,
I'm quite new to sd access, I see that it is possible to deploy small sites with a single node as FE/CP/Border, to avoid loosing resiliency and have auto consistent sites. But in this way, in case I create 20 different vrf, I would have to configure all these vrf between the border node and the site's CE device connected to the WAN, on every small site. If I deploy a multi-site fabric, on the other hand I would have to place the CP outside of all the sites, in case one of them gets isolated, it would loose resiliency, the site would not be auto-consistent. So the question is ... why can't I have CP inside a small site, and a '2nd level' CP in a central/HQ site or a DataCenter, to be pointed by the first-level hierarchy CP ? the local FE would point to the local CP, in case it doesn't have an answer for locally registered endpoint, it queries the 2nd level CP ... more or less like it happens for DNS. This would also guarantee that in case a site gets isolated, at least locally end-hosts should still be able to talk to each other. But I also would have a unique fabrique for many sites, thus vrf segmentation would require less manual work.
The concept is different from the so called "transit CP", this architecture would still require a Border Router on every small site, thus I still have to configure vrf light manually on many sites.