Configure Site Mesh Group

Published April 5, 2023 | Last modified August 5, 2025

Objective

This document presents information and provides instructions on how to configure site mesh group in F5® Distributed Cloud Services. The site mesh group is used to directly connect F5® Distributed Cloud Console CE sites to other arbitrary CE sites using IPsec. Using the site mesh group, connectivity between the CE sites can be direct and not via the RE sites. For more conceptual information on site mesh group, see Site to Site Connectivity.

F5® Distributed Cloud Console supports connecting the CE sites in the following modes:

  • Hub-Spoke: A hub site routes traffic between the spoke sites.

  • Full Mesh: All sites have direct connectivity to each other.

Using the instructions provided in this guide, you can configure site mesh group objects and select sites for them.

Prerequisites

The following prerequisites apply:

  • A valid Account is required. If you do not have an account, see Getting Started with Console.

  • Two or more registered sites in the enterprise tenant. If you do not have a registered site, see Site Management.

  • A virtual site. If you do not have a virtual site, see Virtual Site.

  • Port 4500 should be open on the CE sites for ingress traffic.

Restrictions

The following restrictions apply:

  • A spoke can form IPsec tunnels with multiple hubs.

  • A hub site can be a spoke site for another site mesh group.

  • A site can be member of either a hub group or a spoke group but not both in the same hub-spoke relation.

  • Only IPsec tunnel type is supported.

  • Path maximum transmission unit (PMTU) discovery is not supported over the site mesh group.

Configure Hub-Spoke Site Mesh Group

In the Hub-Spoke model, two site mesh groups are required. One group is for the hub sites and the other is for the spoke sites. The spoke sites establish tunnels with all the hub sites. The hub sites form full mesh connectivity with each other. The sites for each mesh group are selected using the virtual site functionality.

The steps provided in this procedure configure site mesh between two CE sites, with one as a hub and other as a spoke.

Step 1: Create site mesh group for hub sites.
  • Select the Multi-Cloud Network Connect workspace.
Figure: Homepage

Figure: Homepage

  • Select Manage > Networking > Site Mesh Groups from the options.

  • Select Add Site Mesh Group.

Figure: Navigate to Site Mesh Group

Figure: Navigate to Site Mesh Group

  • Enter Name for your site mesh group object.

  • From the Virtual Site (Sites in this group) drop-down menu, select the virtual sites that are to be part of this hub group.

Note: In a hub-spoke site mesh group, a hub can have only one site.

  • From the Mesh Choice menu, select Hub.

  • Select Add Site Mesh Group.

Figure: Hub Site Mesh Group

Figure: Hub Site Mesh Group

Step 2: Create site mesh group for spoke sites.
  • Select the Multi-Cloud Network Connect workspace.
Figure: Homepage

Figure: Homepage

  • Select Manage > Networking.

  • Select Site Mesh Groups from the options.

  • Select Add Site Mesh Group.

  • Enter Name for your site mesh group object.

  • Enter Labels and Description as needed.

  • From the Virtual Site (Sites in this group) drop-down menu, select the virtual sites that are to be part of this hub group.

  • From the Mesh Choice menu, select Spoke.

Figure: Spoke Site Mesh Group

Figure: Spoke Site Mesh Group

  • From the hub_mesh_group (site mesh group) menu, select the hub site mesh group object created in the previous step.

  • Select Add Site Mesh Group.

Configure Full Site Mesh Group

Perform the following:

Step 1: Create full site mesh group object.
  • Select Multi-Cloud Network Connect.
Figure: Homepage

Figure: Homepage

  • Select Manage > Networking.

  • Select Site Mesh Groups from the options.

  • Select Add Site Mesh Group.

Figure: Navigate to Site Mesh Group

Figure: Navigate to Site Mesh Group

Step 2: Define sites that are part of the full mesh.

  • Enter Name for your site mesh group object.

  • From the Virtual Site (Sites in this group) drop-down menu, select the virtual sites that are to be part of this group.

Figure: Virtual Site Site Mesh Group

Figure: Virtual Site Site Mesh Group

Step 3: Set mesh group type as full mesh.

  • Select Full Mesh from the Mesh Choice drop-down menu.

  • From the Full Mesh Choice menu, select an option.

Figure: Full Mesh

Figure: Full Mesh

Step 4: Complete creating the full mesh group.

Select Add Site Mesh Group.

Note: The Tunnel Type field is populated as IPsec by default.

Verify Tunnel Status

The site dashboard page shows the status of the IPsec tunnel between CEs. Apart from the connected REs, you can also monitor all CE sites that it connects to using IPsec.

Step 1: Open site.

  • Select Multi-Cloud Network Connect.

  • Select Sites.

  • Select the desired site to open its dashboard.

Figure: Site List

Figure: Site List

Step 2: View status objects in site dashboard.

  • Scroll to the bottom of the Dashboard page to the Connectivity section.

  • Select the CE tab.

  • Select the CE object with Status ID containing string SiteStatusMgr. The JSON format pop-up window opens.

Step 3: Confirm tunnel status in JSON.

  • Check for site_tunnel_status section in the displayed JSON.

  • Verify that the state field of the tunnel toward the other CE is TUNNEL_UP. You can also confirm status using the Tunnel status column with Up values.

Concepts

API References

On this page: