Setup 2 wan interface but when using Flow References no internet traffic coming out on wan2

Solved
GelC
Conversationalist

Setup 2 wan interface but when using Flow References no internet traffic coming out on wan2

Hi

 

I have a concern regarding mx100. we have 2 wan interface. my primary link is wan1. Both wan1 and wan2 are working and tested then each link have different isp provider.

 

Now here's my concern, I was told that if i want to send a certian ip or subnet to have internet traffic go out to wan2 i just need to set it up on the Flow References -> Internet Traffic. So I did, but unfortunately the internet traffic still goes out to wan1 even if when I check public ip and speedtest.net its showing the wan2 details. The Internet traffic only go out to wan2 when i change the primary link to wan2.   

 

 

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal

The preferred uplink only takes affect for new flows.  When you change it you need to make sure the MX has gotten the new config first, and then quit the browser and open it again it make sure it is a new flow.  Even then it might still use a cached flow for the next 10 minutes or so.

View solution in original post

31 Replies 31
alemabrahao
Kind of a big deal
Kind of a big deal

If you are testing with ICMP it's normal, check the note:

 

alemabrahao_0-1648741352242.png

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
GelC
Conversationalist

Hi Alemabrahao. Im not testing icmp. I'm actually sending a certain ip/subnet using Flow References -> Internet Traffic to wan2. Then after saving my changes still my internet traffic goes outside wan1 even if i do a speedtest the internet speed reflect on wan1. 

alemabrahao
Kind of a big deal
Kind of a big deal

I'm confused, because you sad  "even if when I check public ip and speedtest.net its showing the wan2 details"

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal
Kind of a big deal

On speed test which IP is shown to you from wan1 or wan 2? Check It:

 

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Load_Balancing_and_Flow_Preferen...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
GelC
Conversationalist

My load balancing is disable. I dont need the traffic to be spread across both uplink.

GelC
Conversationalist

Oh sorry for the confusion. So if i use Flow References -> Internet Traffic then sent a certain ip/subnet on wan2 then check using whatsmyip and do a speedtest it will show my wan2 public ip but the internet speed still reflect on wan1. 

alemabrahao
Kind of a big deal
Kind of a big deal

Speed test is based on ICMP 🙂

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
GelC
Conversationalist

So how do i know or how do i check if my my changes on Flow References -> Internet Traffic is successful if speedtest, traceroute, packet capture is still showing my wan1 ?

alemabrahao
Kind of a big deal
Kind of a big deal

If the speed test is showing the WAN2 IP It's ok, all those tests are based on ICMP.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
GelC
Conversationalist

I think its not ok if I'll tell a client that i already sent his ip to wan2 but the result is still showing of a wan1 speed result. 

alemabrahao
Kind of a big deal
Kind of a big deal

So, you should open a case with Meraki team support to check It. 🙂

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
GelC
Conversationalist

yeah i think i'll do this if i still cant figure this out. thank you Alemabrahao

alemabrahao
Kind of a big deal
Kind of a big deal

@GelC , Did you open a similar case 6 hours ago? 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
RaphaelL
Kind of a big deal
Kind of a big deal

No..... 


It's TCP based

alemabrahao
Kind of a big deal
Kind of a big deal

No, ICMP, speed test servers with ICMP. 🙂

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal
Kind of a big deal

  • Testing to the same server. Speedtest automatically selects a server to test to based on ping, but you can also select a server to test to.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
RaphaelL
Kind of a big deal
Kind of a big deal

I get what you are saying. 


The selection is based on ICMP yes.  But the actual test is done on TCP. 

 

That being said. Since the selection is based on ICMP and ICMP is not subjected to trafic shaping / flow preference , the server will always be selected on WAN1.  

 

A better test to troubleshoot your flow selection would be to use another website / service. CNN , something like that.

alemabrahao
Kind of a big deal
Kind of a big deal

Nope, I'm rigth. 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
GelC
Conversationalist

Hi Raphael. Noted on this. will check on this. Thank you

alemabrahao
Kind of a big deal
Kind of a big deal

https://www.speedtest.net/about/knowledge/faq

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
RaphaelL
Kind of a big deal
Kind of a big deal

Have you tried to reboot the MX ? There is probably a flow table that won't get updated until the flow times out / expires. 

alemabrahao
Kind of a big deal
Kind of a big deal

@RaphaelL , I think that is not the case. check my answer above.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
RaphaelL
Kind of a big deal
Kind of a big deal

I had seen your answer. OP didn't mention anything about ICMP... 

GelC
Conversationalist

Hi Raphael, Yes already did reboot the MX. still same issue. It only change when i set the primary link to wan2. 

ww
Kind of a big deal
Kind of a big deal

You are not using autovpn  with a default route ?

 

What if you run a packet capture on wan2 with filter "port 53". And then start a nslookup to cisco.com froma client.  

Do you see this in the capture?

GelC
Conversationalist

Hi @ww  will try this one and update you on my finding. thank you for the idea

PhilipDAth
Kind of a big deal
Kind of a big deal

Can you post a screenshot of the flow preference you have created, and the internal IP address you are using.

GelC
Conversationalist

Hi @PhilipDAth here is the screenshot. sorry but i need to shade the internal ip address. My scenario is that when i send the machine ip to the secondary link my internet traffic still go outside to the primary link. but when i check whatsmyip or do a speedtest via speedtest.net or fast.com it is showing my secondary public ip then the speed result is showing on my primary link. 

GelC_0-1648847241624.png

 

alemabrahao
Kind of a big deal
Kind of a big deal

Your preferred link is configured for the WAN 1 🤔

 

alemabrahao_0-1648849616440.png

 

How is configured your uplink configuration and uplink selection? Take a look at those examples:

 

alemabrahao_1-1648849762571.png

 

alemabrahao_2-1648849791654.png

 

 

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PhilipDAth
Kind of a big deal
Kind of a big deal

The preferred uplink only takes affect for new flows.  When you change it you need to make sure the MX has gotten the new config first, and then quit the browser and open it again it make sure it is a new flow.  Even then it might still use a cached flow for the next 10 minutes or so.

GelC
Conversationalist

Hi @PhilipDAth. Noted on this Thank you for you help. 

Get notified when there are additional replies to this discussion.