Edge Peering Overview
Edge peering creates encrypted site-to-site connectivity between your SecureLink edges. It allows traffic to flow directly between sites without routing through a central gateway, providing low-latency, high-throughput connections across your network.
Tunnel Protocols
When creating a peering group, you choose between two tunnel protocols:
- WireGuard (default) -- A modern, lightweight protocol with fast handshakes and low overhead. Uses Curve25519 key exchange and ChaCha20-Poly1305 encryption. Ideal for most deployments.
- IPSec -- An industry-standard protocol using AES-256-GCM encryption. Provides manual rekeying controls and Security Association (SA) management. Choose IPSec when compliance requirements mandate it or when integrating with networks that require IPSec.
The tunnel protocol is set at the peering group level -- all members and links within a group use the same protocol. See IPSec Configuration for details on IPSec-specific settings.
Use Cases
- Branch-to-Branch: Connect remote offices directly so users at one site can reach resources at another.
- Branch-to-Datacenter: Link branch offices back to a central datacenter or cloud environment for access to shared services.
- Multi-Site Mesh: Build a fully interconnected network where every site can communicate with every other site.
Topology Types
When you create a peering group, you choose one of three topology types. This determines how edges connect to each other.
Mesh
Every edge peers with every other edge in the group. When you add a new member, links to all existing members are automatically created.
Best for small networks with 3 to 10 sites where you need any-to-any connectivity. As the number of sites grows, the number of tunnels increases rapidly (n*(n-1)/2), so consider partial-mesh or hub-spoke for larger deployments.
Hub-Spoke
A central hub edge peers with all spoke edges. Spokes do not peer directly with each other -- all inter-spoke traffic routes through the hub.
Good for datacenter-centric designs where branch offices need to reach central resources but rarely communicate with each other. Simple to manage and scales well.
Partial Mesh
You manually choose which edges connect to each other. No links are auto-created -- you add and remove links individually.
Best for large or complex networks where full mesh is impractical and hub-spoke is too restrictive. For example, you might connect all branches to two regional datacenters but not to each other.
Peering List Page
The peering list page shows all peering groups for your tenant in a table with the following columns:
| Column | Description |
|---|---|
| Name | The descriptive name you gave the peering group. IPSec peerings display an amber IPSec badge next to the name. |
| Topology | Mesh, Hub-Spoke, or Partial Mesh |
| Members | Number of edges currently in the peering group |
| Status | Overall health of the peering group |
| Redundancy Mode | Single, Active-Standby, or Active-Active |
Click on any row to open the peering detail page where you can manage members, links, and view health status.
Getting Started
To set up edge peering:
- Click Create Peering to create a new peering group.
- Add member edges to the group.
- For partial-mesh topologies, add links between members.
- Monitor health via BGP and BFD status indicators.
If you are unsure which topology to choose, start with Hub-Spoke. It is the simplest to set up and manage, and you can always recreate the peering group with a different topology later.