Hello everyone.

Before asking a question let me briefly explain the topology for our future hub-to-spoke SD-WAN network,

Requirement is to use no Internet connections at all, another option we currently have is L2 VLAN's provided by ISP on each branch, this VLAN's can't be allowed to our DC and we have to create a separate internal VLAN, this means we need some kind of ISP VLANs aggregation point in the middle of the branch topology and from that aggregation point we will have an internal VLAN towards DC

Main thing here is to create a dynamic prefix exchange between branches <> DC Hubs/SD WAN controllers, lets take an example:

One SD-WAN Branch, ISP provided a L2 VLAN towards branch, on the other hand there is a L2 VLAN from ISP to my aggregation point in the middle, between that aggregation point and branch I will create an OSPF peering, from aggregation point towards my DC there will be our internal VLAN, over that VLAN I will create same OSPF process with different area towards HUB's in DC, each branch IP address will be redistributed on HUB's towards FW and from there to my controllers (vBond, vSmart, vManage)

On this stage I should have a connectivity from my branch router towards HUBs and SD-WAN controllers and vice versa, if reachability is available, this means I can bring up secure IPsec tunnels between HUB and branch and DTLS/TLS tunnels from branches towards controllers

All above is only for one L2 circuit, but my question is, if I will have another backup ISP L2 VLAN on the branches, will I be able to add this interface to the same Underlay OSPF process, more than that if I have another Disaster recovery site, I will have to create another OSPF process through my aggregation VLAN point