design question regarding redundant voip setup

sebas
Getting noticed

design question regarding redundant voip setup

Hi, I got a design question.

 

We have the following setup:

2 MX in warm spare connected to internet providers

 

2 MS250 in a stack connected to the MX's with a trunk for a transit vlan and vlan 1 for management.

This stack provides L3 connectivity for access vlans.

 

Several MS250 access switches connected to the MS250 stack with LACP providing the vlan's.

 

Now we have a new VOIP provider and i am trying to design a good setup.

The provider has 2 separate modem/routers each connected to its own uplink.

Those modems run DHCP with the correct options for our VOIP phones.

The provider has no solution for failover between these 2 links.

 

I was thinking of some options:

 

1. configuring a separate access voice vlan at our MS250 stack with a DHCP forwarder pointing to both modems. Problem with this setup is that the modems are unaware of the uplink status to the provider.

With Cisco i could use IP SLA to have the uplink status monitored, but the MS250 does not support that.

Also the MX supports route injection depending on next hop or host icmp response, the MS does not have that option.

 

2. Place both modems in one vlan, whatever DHCP request gets served first will be used for the phone.

With this option still, when one line fails there is no automatic failover.

 

3. Using the MX ?

I did not find an uplink check for other interfaces than the WAN interfaces ?

I did find the option to insert a route depending on a next hop ping response or host response. So that would be an option. 

However, i am confused on how the VLAN's and interfaces on a MX work. As there are only OUTBOUND or INBOUND rules but not like the ASA rules depeding on an Interface or Zone.

 

So is it possible to have different access-list setups for separate interfaces on the MX ?

 

Any other options or setups that i am missing ?

 

The provider modems do not support routing protocols or FHRP's.

 

Thanks !

meraki setup.jpg

 

meraki network layout 2.PNG

 

6 Replies 6
hoempf
Getting noticed

Hi

First, awesome question and thanks for including diagrams, this helps us helping you 🙂

Soo I still have a few questions though:

* Is the VoIP Cloud completely separate, meaning it's a dedicated circuit, not a service over the Internet (OTT)?
* You said the provider does not provide FHRP and/or failover between the two links. Why do they provide you with two CPEs then? Is there perhaps a documentation from the provider explaining how you're supposed to use his service?

I would go for option 1, but if there is a bit of documentation from the provider that'd be better. There must be a reason why he provides you with two CPEs so clearly some concept of redundancy went into it (from the provider's side). It could also be that you have to do it yourself (as you said via IP SLA) but then Meraki is probably not the best solution.


Cheers!
sebas
Getting noticed

Hi, 

 

It is a complete separate environment.

 

They did not offer a redundant setup, but we wanted perse redundant devices/lines. 

At this moment they can only deliver 2 modems with lines 🙂 without any failover interaction or routing.

 

So that having said, one of their solutions in case of issues was to manually switch lines 🙂

The other one was to change all port vlans to the second vlan 🙂

 

Of course that is nowhere near what we would like, we want an automatic failover with techniques available in the networking business.

 

Documentation of the provider is what i am still waiting for, like subnets, are we free to choose ip ranges e.t.c.

 

I know i can do some tricks with Cisco (for example we have some ASR 1001-X), but i am exploring the Meraki options.

 

 

hoempf
Getting noticed

I see 🙂 An easy option would be to go for additional MXes, depending on traffic and number of phones/devices in the voice vlans and set them up in a warm spare fashion like the current MX just in a different network in the dashboard. You then statically route the provider‘s PBX subnet(s) on the MS250 over a transit VLAN to the new MX pair.

Depending on the provider‘s setup you would need to do 1:1 NAT etc.

This only works if the provider is also providing Internet access over those lines (for the MXes to connect to the Meraki cloud).

Is purchasing additional MXes even an option?
PhilipDAth
Kind of a big deal
Kind of a big deal

An option that is lower cost but not automatically bullet proof in all cases:

 

You have a pair of MX's in warm spare mode.  Do they have a spare WAN port each?

 

If so, plug the VoIP providers routers into the second WAN port on each of your MXs.  Create a flow preference to direct your VoIP VLAN to the second WAN port.

 

A bullet proof option:

Buy an extra pair of MX's.  Plug both of its WAN1 ports into the first VoIP router.  Plug both of its WAN2 ports into the second VoIP router.

sebas
Getting noticed

Hi Philip, 

No we also have a redundant internet provider uplink, so both WAN1 and 2 on both MX's are already in use.

 

I think i will stick to our ASR 1001-X.

 

Too bad, i had hoped Meraki would have had more flexible configurations possible.

sebas
Getting noticed

haha that would be a total disqualification of Meraki 😉 Just buy extra firewalls... The ASA has much more options. Why does the MX even has that much interfaces ?
Not an option indeed 😉
Get notified when there are additional replies to this discussion.