Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How Symmetry is achieved with 2 vMX in Azure with Azure Route Server

Solved
Kushan
Here to help
‎Jun 26 2023 4:04 AM
‎Jun 26 2023 4:04 AM

How Symmetry is achieved with 2 vMX in Azure with Azure Route Server

We have deployed 2 vMX in Azure cloud as per Architecture mentioned in below Link.

 

https://documentation.meraki.com/MX/Deployment_Guides/vMX_and_Azure_Route_Server

 

But we are facing Asymmetric routing.

Branch MX sends traffic to Azure vMX1 as Azure vMX1 concentrator priority is higher than Azure vMX2.

But Azure Workload VM sends return traffic to both vMX as Workload VM learns branch subnet from both vMX with equal AS path length and weight.

This causes issue as packets from Azure vMX2 do not reach branch MX (as I think branch MX only consider incoming traffic from Azure vMX1 which has higher concentrator priority)

 

How to achieve symmetry (what kind of configuration/setup needed in Azure) so that Azure Workload VM sends traffic to Azure vMX1 only by default and send traffic to vMX2 when vMX1 is not live ?

Labels:
0 Kudos
Subscribe
1 Accepted Solution
In response to PhilipDAth
Kushan
Here to help
‎Jun 29 2023 7:32 PM
‎Jun 29 2023 7:32 PM

We solved this issue by keeping Branch as Spoke, so both Azure vMX (as HUB) would advertise branch subnets with different AS path length, so Azure Route server would send return traffic to primary HUB. 

View solution in original post

Subscribe
2 Replies 2
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 26 2023 1:52 PM
‎Jun 26 2023 1:52 PM

The lack of symmetry causes issues if you are using VPN firewall rules - because they are stateful - if traffic goes out one VMX it must return via the same VMX to maintain firewall state.

 

If you are not using VPN firewall rules - it should not matter.

0 Kudos
Subscribe
In response to PhilipDAth
Kushan
Here to help
‎Jun 29 2023 7:32 PM
‎Jun 29 2023 7:32 PM

We solved this issue by keeping Branch as Spoke, so both Azure vMX (as HUB) would advertise branch subnets with different AS path length, so Azure Route server would send return traffic to primary HUB. 

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.