Meraki Insight

Uberseehandel
Kind of a big deal

Meraki Insight

Hi

 

I watched the presentation about this new product. It looks really useful.

 

All the servers we use are Cloud-located, or nebulous, as one cynic pointed out. We also have MS Exchange as a service, Office365, and a number of DB and analytic services spread across a number of different data centre services suppliers and quite a lot of cross-site backup and replication activity. So identifying the origins of perceived performance issues is really important.

 

In the UK most ISPs are reliant upon BT (old British Telecom that was the original state run  Post, Telegraph and Telephone service). On an ongoing basis, BT adversely adjusts the SNR on users' connections, without reason as far as the user is concerned.

 

To check that this is what has happened, first I have to drop the entire network and then connect a workstation to the modem and directly access the modem's web interface. This isn't good as far as users are concerned, but has to be done so that when having a "crisp" conversation with the BT call centre, I can tell them how the SNR has been adjusted, this causes an escalation that results in the problem being fixed within 24 hours rather than getting tossed around for up to a week.

 

Other networking equipment suppliers allow access to the web interface on the modem that the WAN port is connected to, and it can be really simple as far as configuration goes - 

 

 ethernet eth0 {
        address 192.168.2.100/24
        description "Internet (PPPoE)"
        duplex auto
        mtu 1508
        pppoe 0 {
            default-route auto
            firewall {
                in {
                    name WAN_IN
                }
                local {
                    name WAN_LOCAL
                }
            }
            mtu 1500
            name-server auto
            password BT
            user-id bthomehub@btbroadband.com
        }
        speed auto
    }

Having done this, all that is required is the addition of a static route 

ip route add <LAN address> <subnet mask> <interface address on uplink to modem>

 

Unless Meraki Insight enables this feature, one of the most important real world WAN problem analysis tools is not available without dropping the entire network.

 

As far as I can tell, outside London and a handful of test locations, we are going to be stuck with FTTC (as opposed to FTTP) for the indeterminate future, so this is a problem that is not going to go away, any time soon.

 

So please, pretty please, Meraki Insight Developers can you implement this functionality so users can diagnose a common problem more quickly and without dropping their local network.

What's not to like?

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
12 REPLIES 12
PhilipDAth
Kind of a big deal
Kind of a big deal

Why can't you browse the modem interface directly from a machine behind the MX?

 

This is definitely something I do with clients in my country ...


@PhilipDAth wrote:

Why can't you browse the modem interface directly from a machine behind the MX?

 

This is definitely something I do with clients in my country ...


@PhilipDAth

Because I was told I couldn't (put an IP address on the uplink) I'd be very interested in learning how you configure the WAN port (and some kind of fixed route?).

 

The MX uplinks to a Vigor 130 configured PPPoE/PPPoA in bridge mode. This is what Draytek recommends if running multicast TV.

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel

Ahh - so the Vigor has no actual IP address on it?

 

When I have done it the outer modem has an IP address on it (and is not bridging).  Consequently, we can just browse to its IP address to configure/manage it.

@PhilipDAth

 

The modem has a default IP of 192.168.2.1/24

 

However, a ping times out. How would I configure a static route from VLAN 111 (192.168.111.0/24) to the uplink which terminates at the modem? Draytek's own routers allow connections through to the web interface on the modem, and the configuration above is for a device that originally ran Vyatta and allows a direct connection to the web interface.

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel

Alas you can not configure a route via a WAN port.

 

The most you could do is configure a static IP address on the WAN port, such as 192.168.2.2 and a default route of 192.168.1.1 (assuming you can route to the Internet circuit this IP address).


@PhilipDAth wrote:

Alas you can not configure a route via a WAN port.

 

The most you could do is configure a static IP address on the WAN port, such as 192.168.2.2 and a default route of 192.168.1.1 (assuming you can route to the Internet circuit this IP address).


I've tried using the local connection to the MX and the dashboard. Whenever I attempt to give the WAN port an IP, it changes the dynamic external IP address supplied by the network. Similarly, whenever I try and change the DNS addresses, it changes the external address DNS servers. I'm using MX 14.17 - I tried 15.4 but that introduced more problems than it solved.

 

I'm uncertain if I'm doing something wrong or if there is a documentation/firmware version mismatch.

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
MRCUR
Kind of a big deal

Is the device in front of your MX doing NAT? If you're seeing the public IP change, it sounds like the device in front of the MX is a bridge and so you're essentially setting the public IP of the MX directly on the WAN interface (so changing it to a private IP would break Dashboard connectivity). 

MRCUR | CMNO #12
Uberseehandel
Kind of a big deal


@MRCUR wrote:

Is the device in front of your MX doing NAT? If you're seeing the public IP change, it sounds like the device in front of the MX is a bridge and so you're essentially setting the public IP of the MX directly on the WAN interface (so changing it to a private IP would break Dashboard connectivity). 


The Draytek Vigor 130, in the UK, and some other European markets, is configured as a modem that automatically configures itself to handle the services, including VoIP and multicast TV, offered by the various different ISPs that exist in the different markets. So, no, it does not do NAT.

 

And yes the ISP provides a dynamic WAN IP address, the alternative is IPv6 which is "wash your mouth with soap and water" in Meraki MX speak.

 

Other routers and "security appliances" manage to cope with multiple IP addresses being configured on a port.

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
MRCUR
Kind of a big deal

I'm confused because you say this device acts as a modem (which doesn't really mean anything in terms of NAT or not) and are implying that is does NOT do any NAT. But earlier you mentioned that the modem has a private IP, which implies that it is indeed doing NAT. 

MRCUR | CMNO #12
Uberseehandel
Kind of a big deal


@MRCUR wrote:

I'm confused because you say this device acts as a modem (which doesn't really mean anything in terms of NAT or not) and are implying that is does NOT do any NAT. But earlier you mentioned that the modem has a private IP, which implies that it is indeed doing NAT. 


 

This model is a modem :

From the web-site - 

  • ADSL & VDSL2 (FTTC/BT Infinity) Ethernet Modem
  • Bridge (pass) a single IP address or a whole public subnet
  • Ideal device for any vendor's Ethernet WAN firewall
  • IPv6 and IPv4 Compatible
  • Ethernet Connection for client device (router, PC etc.)
  • Support for MTU1508 (Jumbo Frames)
  • PPPoA/PPPoE Bridging compatible with ISPs running IPv6
  • Line Stats now displayed in Vigor router web interface

If checking the specification, use the UK/Ireland Draytek site as the same product is configured as a router in some other jurisdictions.

 

DSL line information is displayed in the router's own web interface, alongside any built-in DSL interface stats. In the example below, WAN1 is a Vigor2860's built-in modem but WAN2 is a connected Vigor 130:

v2862_v130_modeminfo[1].png

This information is obtainable on other security devices. Having access to the SNR values is more than helpful.

 

 

 

 

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel

I know this is an older thread, but just in case is there a reason you cant put a switch in between the MX and the modem so you can connect more than one device at a time?
PhilipDAth
Kind of a big deal
Kind of a big deal

If you are using PPPoE no.  If you are using provider based DHCP, no.  If you are using a CPE doing DHCP, yes.  If you are using a provider fibre circuit and have a block oi IP addresses (such as a /29) using native Ethernet encapsulation, yes.

 

So the answer is - it depends.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.