As far as I can see, the internet flow from site1 goes through DC and then to the internet? Why does it have to go through DC?
Or does it go through the devnet environment and then go to the internet?

Hello, the internet flow from site1 goes through DC and then to the internet, (although i do not believe devnet sandbox has open internet access). In this design this is because the DC is likely where the internet connection for the entire network is located.

DevNet has its own network which the sandboxes are located in, think of this as a DMZ, if sandboxes (other others could reach the internet) they could the sites could go direct to the internet via the DevNet Gateway.

Hope this helps.

I'm sorry, I can not for the life of me find a large enough picture of the topology to read. I am using the SDWAN sandbox just fine but I can't see a link to the topology anywhere aside from the small picture of it under Instructions / Access details which is not big enough to read. I suspect a cisco site update that moved stuff around... again. Please help. 

@grayswan937 you would need to ask the Cisco DevNet team for this information.

Hope this helps.

Please find inline 

1. 1 DC/Regional Hub IOS-XE SD-WAN router

Yes, the 1 DC/Regional will contain virtual vSmart, virtual vBond, and virtual vManage.These virtual components are responsible for different aspects of the SD-WAN architecture:

• vSmart: The vSmart is the centralized intelligence of the SD-WAN network. It is responsible for collecting and analyzing network data, making routing decisions, and enforcing security policies.
• vBond: The vBond is responsible for creating and managing the virtual connections between the SD-WAN devices.These virtual connections can use any type of transport, such as MPLS, broadband, or LTE.
• vManage: The vManage is the management console for the SD-WAN network. It allows administrators to provision devices, monitor network performance, and troubleshoot problems.

The two other devices in the model are the branch routers.

2. 2 DCs have 2 interfaces connected to the management network

The two DCs have two interfaces connected to the management network for redundancy and failover. If one of the interfaces fails, the other interface can be used to manage the DC. Additionally, the two interfaces can be used to load balance management traffic.

3. "2 IOS-XE SD-WAN (C8000v) branch routers with 1 router at each branch and 1 vEdge Cloud branch router".

Yes, this means that each branch will have 2 vEdges: 1 physical vEdge and 1 Cloud vEdge. The physical vEdge is deployed at the branch site and provides connectivity to the branch network. The Cloud vEdge is deployed in a cloud environment and provides connectivity to cloud-based applications.

The reason for having two vEdges at each branch is to provide redundancy and failover. If one of the vEdges fails, the other vEdge can be used to maintain connectivity. Additionally, the two vEdges can be used to load balance traffic between the branch network and the cloud.

Hope this helps.

Thats correct that the two DCs (dc-cedge1 and DC WAN) are virtual two separate routers, in a production environment they would be physical routers. The centralized hub-n-spoke control policy means that all of the branches will form IPsec tunnels with the DC/Hub router. This means that all data traffic between the branches will go through the DC/Hub router.

In this particular design, the branches do not need to set up tunnels to each other to transmit data. This is because all of the traffic between the branches is routed through the DC/Hub router. This can simplify the network design and reduce the amount of bandwidth required between the branches.

Hope this helps