cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Auto VPN over MPLS and loss of Internet

SOLVED
Highlighted
Getting noticed

Auto VPN over MPLS and loss of Internet

Hi All,

 

Quick question that came to mind over night.

 

In a hub and spoke environment where the spokes are only hanging off a MPLS link back to the data centre with no internet and rely on accessing Meraki cloud via the hubs (data centres) internet, what happens if the hub's internet was to fail and go down? 

 

Would the AutoVPN stay up considering the hub and spokes are still connected via the private MPLS addressing? 

 

Is there anytime out whereby the hub and or the spokes would eventually tear down the AutoVPN due to loss of communication to the cloud?

 

Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions
Kind of a big deal

Re: Auto VPN over MPLS and loss of Internet

The existing VPNs would continue to work until the IPSec SA timers expire.  I believe that timer is 8 hours, so on a 50% average, you should expect things to keep working for 4 hours (some sites will drop off sooner, others will stay up longer).

https://documentation.meraki.com/MX-Z/Site-to-site_VPN/IPsec_VPN_Lifetimes

 

New VPNs would not be able to be formed, because the VPN registry would not be contactable.

 

A good reason for 4G backup huh?

3 REPLIES 3
Kind of a big deal

Re: Auto VPN over MPLS and loss of Internet

The existing VPNs would continue to work until the IPSec SA timers expire.  I believe that timer is 8 hours, so on a 50% average, you should expect things to keep working for 4 hours (some sites will drop off sooner, others will stay up longer).

https://documentation.meraki.com/MX-Z/Site-to-site_VPN/IPsec_VPN_Lifetimes

 

New VPNs would not be able to be formed, because the VPN registry would not be contactable.

 

A good reason for 4G backup huh?

Getting noticed

Re: Auto VPN over MPLS and loss of Internet

Hi Philip,

 

Interesting idea, I might look into dual carrier diversity rather than 4G for the data centre. 

 

It sounds like Meraki are doing work around the MPLS situations and may have some nice features to accommodate. 

 

Thanks!

Kind of a big deal

Re: Auto VPN over MPLS and loss of Internet

A common solution I use in a DC is a premium internet circuit and a cheap "domestic" circuit, with the plan to never use the domestic circuit except in an emergency.

 

 

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.