Greetings, Dear Community! Consider the following scenario: major colo with a pair of transits, peering, and a single transport back to another colo on our backbone. Transport carries public but also several overlays (VRFs) for management and whatnot. If the transport fails, we're good on transit/peering, but we can't get back to the mothership for mgmt. We're looking at solutions (secure tunnels over transit) to bring the severed colo back to "HQ" ... looking at a hub/spoke topology with the intent of possibly doing this more than once. Requirements: * Multiple VRFs across the tunnel * OSPF - each VRF should have its own instance, so we need something that supports interface-based tunneling since IPsec doesn't handle multicast well. Open to other tunneling strategies. Wireguard? OpenVPN? * v6 a plus (OSPFv3) * 10G should suffice across the board, but it should have interfaces that are LAGable. The appliances we have considered so far do most if not all of these things, but they come with a lot of features (and cost) we simply don't need (e.g., UTM, DPI) Also open to something server (VM) based since our traffic requirements aren't that significant. Easy to support is obviously a plus. Curious if others have had similar needs and how they solved this problem. Recommendations (good or bad) greatly appreciated. Thank you! - bryan