Meraki

Community

vMX and related issues (deployment & operational concern)

Solved
Mohit_Chauhan
Here to help
‎Feb 1 2022 9:00 PM
‎Feb 1 2022 9:00 PM

vMX and related issues (deployment & operational concern)

Hi guys,

 

I am quite new to Azure and hope someone can help me with some ideas/suggestions/solution to few of my concerns in regards to commissioning up  vMX on Azure Cloud.

 

1. /25 or /24: Can we use /25 as the subnet instead of /24 for the vMX?The reason I am asking was that whenever I have tried using /25 it gave me the error in the end of the build. Has anyone tried that?

2. Spare Subnet Issue: We have a vnet in the RG (Aus Southeast region) with /22 subnet which gives us 4 x /24 subnets. Out of these 4 , 3 are already used (one for servers, one for DMZ and 3rd as GatewaySubnet). Now we are left with only 1 x /24 subnet free. We need to use VPN clients off this vMX. How do we deal with this situation?

   a) Can we use server subnet to install the vMX and use this 4th spare subnet for the VPN users?

       In this case, do we will still need to configure the Route Table so the servers can use vMX as the next hop to reach to   the WAN site? Or it will automatically do that given the vMX and servers are on the same subnet? Right now they are pointing to the Express Route for accessing the WAN sites as well as the Internet hosted in the client;s DC.

  b) Should we use this spare subnet just for vMX and then just add another vNet with /22 and then use a subnet from there? I think with that we will need to create some inter-vnet peering? Any thoughts on that?

 

Look forward to hear back on the above points so I can move forward with this build. Appreciate your time in reading the above and also thanks in advance if you can provide some inputs/ideas to my concerns.

 

Regards,

 

Mohit

0 Kudos
1 Accepted Solution
In response to Mohit_Chauhan
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 2 2022 3:51 PM
‎Feb 2 2022 3:51 PM

It works maybe 90% of the time with deployments.  The other 10% you get constant packet loss

and the only way to resolve it is to completely delete the VMX and re-deploy it.

 

Client VPN does not use a subnet inside of the VNET.

View solution in original post

6 Replies 6
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 2 2022 10:47 AM
‎Feb 2 2022 10:47 AM

You should be able to use a /25.  I think I have a customer using /29's.

 

Client VPN users (to a VMX) won't be using a subnet out of Azure.  You will need to think up a new range outside of the Azure range for this.

You mentioned you have a subnet for the "Gateway".  This sounds like a good place to put the VMX.

0 Kudos
In response to PhilipDAth
Mohit_Chauhan
Here to help
‎Feb 2 2022 3:40 PM
‎Feb 2 2022 3:40 PM

Thanks so much for your inputs?

1. I have never thought of using GatewaySubnet for this as I was in the impression it should not be touched at all (as I mentioned I am quite new to Azure). The client is running Express Routes, I am hoping using GatewaySubnet should not impact that (or anything else) as we dont want that to be disturbed.

2. How about using the server subnet altogether. Is that a safe call?

3. When you say "Client VPN users (to a VMX) won't be using a subnet out of Azure", did you mean outside of the given vnet? As I was thinking that as other alternative to add another vnet in the same region and use a subnet from there, if it was possible?

 

Thanks.

0 Kudos
In response to Mohit_Chauhan
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 2 2022 3:51 PM
‎Feb 2 2022 3:51 PM

It works maybe 90% of the time with deployments.  The other 10% you get constant packet loss

and the only way to resolve it is to completely delete the VMX and re-deploy it.

 

Client VPN does not use a subnet inside of the VNET.

In response to PhilipDAth
Mohit_Chauhan
Here to help
‎Feb 2 2022 3:58 PM
‎Feb 2 2022 3:58 PM

Thanks for the quick reply.

"90% of the time" , is this using GatewaySubnet, or Server subnet?

 

It makes sense about client subnet. This could be any subnet (outside of Azure) just like any other SDWAN site, isnt it?

0 Kudos
In response to Mohit_Chauhan
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 2 2022 3:59 PM
‎Feb 2 2022 3:59 PM

Server subnet.  Correct, like any other SD-WAN site.

0 Kudos
In response to PhilipDAth
Mohit_Chauhan
Here to help
‎Feb 2 2022 4:04 PM
‎Feb 2 2022 4:04 PM

Thanks Phil, that should be alright then. Having the VPN subnet no more my problem now, we should be good to use the 4th available subnet. It was good to know all the info you shared, especially to be able to use the GatewaySubnet for the vMX. I wish I could have more info on that including pros and cons with that approach.

Anyway thanks a lot for valuable inputs.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.