Meraki

Community

Setup 2 wan interface but when using Flow References no internet traffic coming out on wan2

Solved
GelC
Conversationalist
‎Mar 31 2022 8:38 AM
‎Mar 31 2022 8:38 AM

Setup 2 wan interface but when using Flow References no internet traffic coming out on wan2

Hi

 

I have a concern regarding mx100. we have 2 wan interface. my primary link is wan1. Both wan1 and wan2 are working and tested then each link have different isp provider.

 

Now here's my concern, I was told that if i want to send a certian ip or subnet to have internet traffic go out to wan2 i just need to set it up on the Flow References -> Internet Traffic. So I did, but unfortunately the internet traffic still goes out to wan1 even if when I check public ip and speedtest.net its showing the wan2 details. The Internet traffic only go out to wan2 when i change the primary link to wan2.   

 

 

0 Kudos
1 Accepted Solution
In response to GelC
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 1 2022 6:07 PM
‎Apr 1 2022 6:07 PM

The preferred uplink only takes affect for new flows.  When you change it you need to make sure the MX has gotten the new config first, and then quit the browser and open it again it make sure it is a new flow.  Even then it might still use a cached flow for the next 10 minutes or so.

View solution in original post

0 Kudos
31 Replies 31
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 31 2022 8:42 AM
‎Mar 31 2022 8:42 AM

If you are testing with ICMP it's normal, check the note:

 

alemabrahao_0-1648741352242.png

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
GelC
Conversationalist
‎Mar 31 2022 8:49 AM
‎Mar 31 2022 8:49 AM

Hi Alemabrahao. Im not testing icmp. I'm actually sending a certain ip/subnet using Flow References -> Internet Traffic to wan2. Then after saving my changes still my internet traffic goes outside wan1 even if i do a speedtest the internet speed reflect on wan1. 

0 Kudos
In response to GelC
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 31 2022 8:52 AM
‎Mar 31 2022 8:52 AM

I'm confused, because you sad  "even if when I check public ip and speedtest.net its showing the wan2 details"

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 31 2022 8:57 AM
‎Mar 31 2022 8:57 AM

On speed test which IP is shown to you from wan1 or wan 2? Check It:

 

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Load_Balancing_and_Flow_Preferen...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
GelC
Conversationalist
‎Mar 31 2022 9:00 AM
‎Mar 31 2022 9:00 AM

My load balancing is disable. I dont need the traffic to be spread across both uplink.

0 Kudos
In response to alemabrahao
GelC
Conversationalist
‎Mar 31 2022 8:58 AM
‎Mar 31 2022 8:58 AM

Oh sorry for the confusion. So if i use Flow References -> Internet Traffic then sent a certain ip/subnet on wan2 then check using whatsmyip and do a speedtest it will show my wan2 public ip but the internet speed still reflect on wan1. 

0 Kudos
In response to GelC
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 31 2022 9:01 AM
‎Mar 31 2022 9:01 AM

Speed test is based on ICMP 🙂

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
GelC
Conversationalist
‎Mar 31 2022 9:04 AM
‎Mar 31 2022 9:04 AM

So how do i know or how do i check if my my changes on Flow References -> Internet Traffic is successful if speedtest, traceroute, packet capture is still showing my wan1 ?

0 Kudos
In response to GelC
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 31 2022 9:07 AM
‎Mar 31 2022 9:07 AM

If the speed test is showing the WAN2 IP It's ok, all those tests are based on ICMP.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
GelC
Conversationalist
‎Mar 31 2022 9:13 AM
‎Mar 31 2022 9:13 AM

I think its not ok if I'll tell a client that i already sent his ip to wan2 but the result is still showing of a wan1 speed result. 

0 Kudos
In response to GelC
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 31 2022 9:16 AM
‎Mar 31 2022 9:16 AM

So, you should open a case with Meraki team support to check It. 🙂

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
GelC
Conversationalist
‎Mar 31 2022 9:19 AM
‎Mar 31 2022 9:19 AM

yeah i think i'll do this if i still cant figure this out. thank you Alemabrahao

0 Kudos
In response to GelC
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 31 2022 9:48 AM
‎Mar 31 2022 9:48 AM

@GelC , Did you open a similar case 6 hours ago? 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
RaphaelL
Kind of a big deal
Kind of a big deal
‎Mar 31 2022 9:05 AM
‎Mar 31 2022 9:05 AM

No..... 


It's TCP based

0 Kudos
In response to RaphaelL
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 31 2022 9:06 AM
‎Mar 31 2022 9:06 AM

No, ICMP, speed test servers with ICMP. 🙂

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 31 2022 9:08 AM
‎Mar 31 2022 9:08 AM

  • Testing to the same server. Speedtest automatically selects a server to test to based on ping, but you can also select a server to test to.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
RaphaelL
Kind of a big deal
Kind of a big deal
‎Mar 31 2022 9:08 AM
‎Mar 31 2022 9:08 AM

I get what you are saying. 


The selection is based on ICMP yes.  But the actual test is done on TCP. 

 

That being said. Since the selection is based on ICMP and ICMP is not subjected to trafic shaping / flow preference , the server will always be selected on WAN1.  

 

A better test to troubleshoot your flow selection would be to use another website / service. CNN , something like that.

0 Kudos
In response to RaphaelL
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 31 2022 9:11 AM
‎Mar 31 2022 9:11 AM

Nope, I'm rigth. 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to RaphaelL
GelC
Conversationalist
‎Mar 31 2022 9:18 AM
‎Mar 31 2022 9:18 AM

Hi Raphael. Noted on this. will check on this. Thank you

0 Kudos
In response to alemabrahao
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 31 2022 9:18 AM
‎Mar 31 2022 9:18 AM

https://www.speedtest.net/about/knowledge/faq

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
RaphaelL
Kind of a big deal
Kind of a big deal
‎Mar 31 2022 8:45 AM
‎Mar 31 2022 8:45 AM

Have you tried to reboot the MX ? There is probably a flow table that won't get updated until the flow times out / expires. 

0 Kudos
In response to RaphaelL
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 31 2022 8:47 AM
‎Mar 31 2022 8:47 AM

@RaphaelL , I think that is not the case. check my answer above.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
RaphaelL
Kind of a big deal
Kind of a big deal
‎Mar 31 2022 8:51 AM
‎Mar 31 2022 8:51 AM

I had seen your answer. OP didn't mention anything about ICMP... 

0 Kudos
In response to RaphaelL
GelC
Conversationalist
‎Mar 31 2022 8:50 AM
‎Mar 31 2022 8:50 AM

Hi Raphael, Yes already did reboot the MX. still same issue. It only change when i set the primary link to wan2. 

0 Kudos
ww
Kind of a big deal
Kind of a big deal
‎Mar 31 2022 10:10 AM
‎Mar 31 2022 10:10 AM

You are not using autovpn  with a default route ?

 

What if you run a packet capture on wan2 with filter "port 53". And then start a nslookup to cisco.com froma client.  

Do you see this in the capture?

0 Kudos
In response to ww
GelC
Conversationalist
‎Apr 1 2022 2:30 PM
‎Apr 1 2022 2:30 PM

Hi @ww  will try this one and update you on my finding. thank you for the idea

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 31 2022 11:38 AM
‎Mar 31 2022 11:38 AM

Can you post a screenshot of the flow preference you have created, and the internal IP address you are using.

0 Kudos
In response to PhilipDAth
GelC
Conversationalist
‎Apr 1 2022 2:18 PM
‎Apr 1 2022 2:18 PM

Hi @PhilipDAth here is the screenshot. sorry but i need to shade the internal ip address. My scenario is that when i send the machine ip to the secondary link my internet traffic still go outside to the primary link. but when i check whatsmyip or do a speedtest via speedtest.net or fast.com it is showing my secondary public ip then the speed result is showing on my primary link. 

GelC_0-1648847241624.png

 

0 Kudos
In response to GelC
alemabrahao
Kind of a big deal
Kind of a big deal
‎Apr 1 2022 2:51 PM
‎Apr 1 2022 2:51 PM

Your preferred link is configured for the WAN 1 🤔

 

alemabrahao_0-1648849616440.png

 

How is configured your uplink configuration and uplink selection? Take a look at those examples:

 

alemabrahao_1-1648849762571.png

 

alemabrahao_2-1648849791654.png

 

 

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to GelC
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 1 2022 6:07 PM
‎Apr 1 2022 6:07 PM

The preferred uplink only takes affect for new flows.  When you change it you need to make sure the MX has gotten the new config first, and then quit the browser and open it again it make sure it is a new flow.  Even then it might still use a cached flow for the next 10 minutes or so.

0 Kudos
In response to PhilipDAth
GelC
Conversationalist
‎Apr 3 2022 8:56 PM
‎Apr 3 2022 8:56 PM

Hi @PhilipDAth. Noted on this Thank you for you help. 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.