Aaron Willette has posted a good design guide for doing an Active/Active AutoVPN deployment.
http://www.willette.works/active-active-meraki-sd-wan-headends/
I wouldn't mind knowing a bit more about how active/active VPN returns traffic to branch sites. We have had sites send traffic through WAN1 and returning it over WAN/Internet2 which for us can impact performance if WAN/Internet2 has failed over to LTE (NBN with LTE backup). Support offered to turn active/active VPN off to resolve the issue but couldn't tell us what in Meraki says traffic should come back over WAN/Internet2.
The design looks great, but it only shows what the branches would look like not the hubs. I'm currently implementing (2) MX250 devices with local networks added plus OSPF enabled. During testing we are having issues with both hubs trying to distribute the traffic even when the spoke is set for say hub 1. The traffic will also try to route through hub 2.
Don't use OSPF. It is too retarded - for exactly the reasons you have given.
Use BGP instead. Open a ticket with support and ask them to enable the BGP support for you.
https://documentation.meraki.com/MX/Networks_and_Routing/BGP
Althought the above web page says the feature is in "beta" it has been in beta for a very long time, and is used quite a bit (aka it is quite stable). I personally suspect we will see this feature released for everyone this year.
@PhilipDAth wrote:Don't use OSPF. It is too retarded - for exactly the reasons you have given.
Use BGP instead. Open a ticket with support and ask them to enable the BGP support for you.
https://documentation.meraki.com/MX/Networks_and_Routing/BGP
Althought the above web page says the feature is in "beta" it has been in beta for a very long time, and is used quite a bit (aka it is quite stable). I personally suspect we will see this feature released for everyone this year.
@PhilipDAth Hate to necro a thread lol, but now i'm curious
I"m using Active-Active (single MX250 in DC1 and another MX250 in DC2) type of setup. Spoke sites have DC1 at the top of the list.
Both MX are advertising 10.0.0.0/8 and participating in OSPF.
The DC1 MX setup with Cost 1 and DC2 MX setup with Cost 2
Seems to be working fine so far, and failover worked fine when we did testing. Is that not a good design?
>Seems to be working fine so far, and failover worked fine when we did testing. Is that not a good design?
It workls because your use case is simple. One of the retarded aspects of the OSPF AutoVPN implementation is that it can only advertise routes, but not receive them.
The BGP implementation is a full two way system. You can make one DC preferred for some routes and not others. You can more easily integrate with a larger network.
Does anyone know if eBGP will still only be available in 1-armed concentrator mode, or if it will also be available in NAT mode moving forward as well?
I just finished a POC using MX600's, Nexus edge device, and BGP. I'd be happy to answer questions if anyone has them. The lack of documentation on BGP available raised alot of questions for me so I lab'd it.
Our support engineer is in the process of enabling the BGP feature. Do you happen to have a diagram on what you lab'd out for the BGP and 2 opf the MX600's?