Meraki

Community

Auto VPN over MPLS and loss of Internet

Solved
benny
Getting noticed
‎Jan 15 2018 3:02 PM
‎Jan 15 2018 3:02 PM

Auto VPN over MPLS and loss of Internet

Hi All,

 

Quick question that came to mind over night.

 

In a hub and spoke environment where the spokes are only hanging off a MPLS link back to the data centre with no internet and rely on accessing Meraki cloud via the hubs (data centres) internet, what happens if the hub's internet was to fail and go down? 

 

Would the AutoVPN stay up considering the hub and spokes are still connected via the private MPLS addressing? 

 

Is there anytime out whereby the hub and or the spokes would eventually tear down the AutoVPN due to loss of communication to the cloud?

 

Thanks!

Labels:
0 Kudos
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 15 2018 3:28 PM
‎Jan 15 2018 3:28 PM

The existing VPNs would continue to work until the IPSec SA timers expire.  I believe that timer is 8 hours, so on a 50% average, you should expect things to keep working for 4 hours (some sites will drop off sooner, others will stay up longer).

https://documentation.meraki.com/MX-Z/Site-to-site_VPN/IPsec_VPN_Lifetimes

 

New VPNs would not be able to be formed, because the VPN registry would not be contactable.

 

A good reason for 4G backup huh?

View solution in original post

3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 15 2018 3:28 PM
‎Jan 15 2018 3:28 PM

The existing VPNs would continue to work until the IPSec SA timers expire.  I believe that timer is 8 hours, so on a 50% average, you should expect things to keep working for 4 hours (some sites will drop off sooner, others will stay up longer).

https://documentation.meraki.com/MX-Z/Site-to-site_VPN/IPsec_VPN_Lifetimes

 

New VPNs would not be able to be formed, because the VPN registry would not be contactable.

 

A good reason for 4G backup huh?

In response to PhilipDAth
benny
Getting noticed
‎Jan 15 2018 4:06 PM
‎Jan 15 2018 4:06 PM

Hi Philip,

 

Interesting idea, I might look into dual carrier diversity rather than 4G for the data centre. 

 

It sounds like Meraki are doing work around the MPLS situations and may have some nice features to accommodate. 

 

Thanks!

0 Kudos
In response to benny
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 15 2018 7:32 PM
‎Jan 15 2018 7:32 PM

A common solution I use in a DC is a premium internet circuit and a cheap "domestic" circuit, with the plan to never use the domestic circuit except in an emergency.

 

 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.