Meraki Community

Matt_Carroll

As someone who primarily uses the out of band management interfaces for our switch management, especially for our fabric deployments, we would like the ability to utilize the Mgmt-vrf interface for Cloud Monitoring. The limitation with this as I understand is that a secure tunnel must be built for Meraki management and obviously we cannot have more than one interface in the Mgmt-vrf (so no room for the Loopback and Tunnel interfaces), and you are not currently supporting any non-default / Global VRFs.

The issue for some of our devices, like fabric-deployed leaf switches, is that even if we do allow communication via the underlay / Global VRF to the Meraki cloud (which we don't really want to do), the TLS tunnel and the provisioning script doesn't seem to play well with ECMP, which is heavily used for leaf-to-spine; so the tunnel is always tied to just one upstream interface (can't just rely on current routing table) and the tunnel fails to establish correctly at all when ECMP is happening anyways.

With the planned changes to the monitoring architecture and move to native NETCONF interaction with IOS-XE, could we instead get an VM/container based solution that is deployed on-prem and can communicate with the managed devices directly over any interface via NETCONF, while the VM acts as a satellite for proxying communication between the devices and the Cloud via secure tunnel terminated on the VM instead?

I've seen that Meraki-managed BGP-EVPN fabrics are planned / on the roadmap, but not sure how we plan to architect the solution if still relying on the TLS tunnel with the same limitations for Cloud connectivity establishment.

PhilipDAth

> could we instead get an VM/container based solution that is deployed on-prem

I don't know the answers. My guess is this is very improbable. It goes against the entire philosophy of Meraki. Meraki used to support using an HTTP proxy, which might have helped in this case - but that support has also been dropped (proxies are typically an on-premise solution).

I tihnk what Cisco would tell you here is if you want an on-premise solution you can deploy into a VM farm - use Catalyst Centre.

IMHO, you use case it not a good fit for Meraki. It's a better fit for Catalyst Centre.

View solution in original post

PhilipDAth

> could we instead get an VM/container based solution that is deployed on-prem

I don't know the answers. My guess is this is very improbable. It goes against the entire philosophy of Meraki. Meraki used to support using an HTTP proxy, which might have helped in this case - but that support has also been dropped (proxies are typically an on-premise solution).

I tihnk what Cisco would tell you here is if you want an on-premise solution you can deploy into a VM farm - use Catalyst Centre.

IMHO, you use case it not a good fit for Meraki. It's a better fit for Catalyst Centre.

Matt_Carroll

Thank you @PhilipDAth,

I had half-expected this to be the case, as I made the same argument to myself on why it's unlikely. Still, wanted to put out a feeler to see if maybe this was of interest to others in a similar situation.

We do currently use Catalyst Center for an Assurance-only deployment. For all the great things that DNAC/CC is, a great user experience it is not. Meraki has just nailed the GUI and it's a much more approachable tool that some of our non network-focused team members can use to get visibility into the network and simplify some of their workflows. Cloud-monitoring for Catalyst was something that had re-sparked my hope for a single pane of glass, but in the current state, it's not going to work for our campus fabric designs.

Interested to see how this ultimately pans out with the plans for Meraki-managed BGP-EVPN fabrics; the current issues might be solved by then

Thanks again for your response.

Meraki Community

Cloud Monitoring - Satellite Option

Cloud Monitoring - Satellite Option