Meraki

Community

vMX's in Azure and AWS - eBGP routes

dwief
New here
yesterday
yesterday

vMX's in Azure and AWS - eBGP routes

We have deployed 2x 2 vMX pairs in Azure and AWS for a customer, all in concentrator mode. At the Azure side we are using an Azure Route Server (ARS) for the routing part, in AWS the 'Cloud WAN tunnel-less connect' setup is used.

 

All is working fine for the Auto-VPN spoke sites, they can access the Azure and AWS subnets perfectly. Since more and more services are moved to Azure, we now ran into the issue that we can't reach AWS subnets from Azure and Azure subnets from AWS. 

 

The AWS vMX's do have routes for the Azure subnets in their route table and the Azure vMX's do have the routes for the AWS subnets in their route table. Unfortunately these routes are not distributed to the Azure Routes Server or the AWS 'Cloud WAN Tunnel-less connect' solution. In short: eBGP learned routes are not distributed to other eBGP peers.

 

Meraki support confirmed this, and advised to change the vMX's to NAT/Routed mode instead of concentrator mode. With the limited NAT mode which is currently available in version 18.211.5, this is not an option due to the full tunnel requirement described in Meraki documentation.

 

Were are now considering to upgrade to the stable release candidate version 19.1.7 but it is hard find correct information if this version offers a solution for our case (searched in documentation and release notes). We were promised that this version would offer the same functionality like the physical MX counterpart. 

 

  • Can we upgrade from the current version to 19.1.7 and will the LAN NIC pop-up in the VM? Or should we deploy a new vMX?
  • Anyone who ran into the same issue, and maybe found a solution?
  • Anyone already running 19.1.7? (Already read the 19.1 POC post of user ShaunB93)
0 Kudos
2 Replies 2
Mloraditch
Head in the Cloud
yesterday
yesterday

In Azure the extra NIC on the VM is a new option during the deployment wizard. If it was available and you included it when deploying I would think it would show up, if not you would have to redeploy as you can't edit that sort of thing. I can't speak to AWS but if there is an extra nic already attached to the VM you should be able to see that hardware on the cloud side.

The upgrade to 19.1.7 shouldn't affect your current operations (outside of the momentary outage from the upgrade reboot) so its worth a shot doing the upgrade to see if it will show up if the NIC is present or you aren't sure

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
yesterday
yesterday

I don't know.  This sounds related.  It sounds like it would only work if using iBGP.

 

https://documentation.meraki.com/MX/Networks_and_Routing/Border_Gateway_Protocol_(BGP)#Route_Adverti...

 

"A VPN concentrator will advertise local networks which are not directly connected and are configured on the site-to-site VPN settings page via iBGP, but not via eBGP to external peers."

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2025 Cisco Systems, Inc.