Let’s start the hands-on portion of this chapter with one of the most typical use cases for centralized control policies - controlling the topology. As we have seen multiple times, the default behavior of the Cisco SD-WAN solution is to build a full mesh of IPsec tunnels between all sites. However, there is little need for direct branch-to-branch communication in typical real-world deployments. There is also a scaling limitation in large implementations with thousands of branches. Edge routers at remote sites are typically not sized to operate in full mesh environments and handle hundreds of thousands of IPsec tunnels. A better, more practical design approach is a hub-and-spoke topology where a data center or a regional hub operates as an aggregation point for multiple smaller remote sites.