In large-scale Prisma SD-WAN deployments, such as a retail network with 1,000 branches, architectural resilience is achieved through a strategy known as Hub Clustering. A Data Center Cluster is a logical grouping of ION devices at a hub site that provides termination for branch-to-DC VPN tunnels. To prevent the creation of a massive, single fault domain, Palo Alto Networks best practices recommend segmenting the branch population across multiple clusters.

By creating more than one data center cluster in each data center and strategically assigning sites to these clusters, an administrator can effectively isolate failure events. In a metropolitan area where stores are concentrated, spreading nearby retail locations across different clusters ensures that a localized resource failure or a cluster-specific misconfiguration only impacts a subset of the stores in that region rather than causing a complete regional outage.

This design directly addresses the requirement for maintaining application availability. Since Data Center 1 and Data Center 2 host different applications, each branch site must maintain active paths to both DCs. By using multiple clusters at each DC, the risk management group's goal of avoiding a large fault domain is met through "blast radius" containment. If Cluster A at Data Center 1 fails, the 1,000 sites are not all affected simultaneously; instead, only the specific sites bound to Cluster A lose connectivity to that hub, while their neighbors bound to Cluster B remain functional. This approach provides the highest level of regional resiliency and operational stability for high-density retail environments.