Meraki

Kushan · ‎Jun 26 2023

We have deployed 2 vMX in Azure cloud as per Architecture mentioned in below Link.

https://documentation.meraki.com/MX/Deployment_Guides/vMX_and_Azure_Route_Server

But we are facing Asymmetric routing.

Branch MX sends traffic to Azure vMX1 as Azure vMX1 concentrator priority is higher than Azure vMX2.

But Azure Workload VM sends return traffic to both vMX as Workload VM learns branch subnet from both vMX with equal AS path length and weight.

This causes issue as packets from Azure vMX2 do not reach branch MX (as I think branch MX only consider incoming traffic from Azure vMX1 which has higher concentrator priority)

How to achieve symmetry (what kind of configuration/setup needed in Azure) so that Azure Workload VM sends traffic to Azure vMX1 only by default and send traffic to vMX2 when vMX1 is not live ?

Kushan · ‎Jun 29 2023

We solved this issue by keeping Branch as Spoke, so both Azure vMX (as HUB) would advertise branch subnets with different AS path length, so Azure Route server would send return traffic to primary HUB.

View solution in original post

PhilipDAth · ‎Jun 26 2023

The lack of symmetry causes issues if you are using VPN firewall rules - because they are stateful - if traffic goes out one VMX it must return via the same VMX to maintain firewall state.

If you are not using VPN firewall rules - it should not matter.

Kushan · ‎Jun 29 2023

We solved this issue by keeping Branch as Spoke, so both Azure vMX (as HUB) would advertise branch subnets with different AS path length, so Azure Route server would send return traffic to primary HUB.

Meraki

Community

How Symmetry is achieved with 2 vMX in Azure with Azure Route Server

How Symmetry is achieved with 2 vMX in Azure with Azure Route Server