Meraki

thomasthomsen · ‎Jun 14 2024

I just started using BGP in an AutoVPN setup, with a couple of HA MX's in a DC (with external BGP towards DC switches / routers).

First of all, it works 🙂 - But I got a little confused about a couple of things.

1 : Do i need to enable iBGP on all my AutoVPN spokes ?

(My answer right now is "no" because It (spoke) seems to get routes through iBGP from the DCs eBGP.

Other spoke networks are learned with : "Meraki VPN: VLAN".

My guess is that the only time you would need to enable BGP on more then one MX is in a multi DC (eBGP) scenario ? - am I right ? - The question might have arrived in my brain because I read some old documentation on BGP and MX at some point :-

2: Just a note. It surprised me that a 0.0.0.0/0 route learned through eBGP on the DC MX was actually installed, and prefered on the spoke MX AutoVPN enabled networks, even though "IPv4 default route" was not enabled towards the DC Hub.

On the "MX Routing Behavior" documentation, it does state that all routes are prefered over "NAT*"

"*If no routes are defined, then the traffic is NATed and sent out an active Internet interface. This only occurs while the MX is configured in Routed mode."

But it still surprised me that it would install the learned 0.0.0.0/0 route when "default route" was not enabled.

(We filtered the route towards the DC MX, so no worries).

3: Something annoying and somewhat confusing.

On the DC MX, the route table has both the "Meraki VPN: VLAN" and "Internal BGP" for a specific Spoke network installed in its routing table. This just seems strange to me. Whats "worse" (Depending on your definition here) is that it seems that "stat" for 2 out of 4 networks are green for the iBGP route, and the other 2 are green for the "Meraki VPN: VLAN". This is really confusing "pick a lane" 🙂 (see attached picture of the route table for the DC MX for one of the spokes)

If someone could explain this behaviour ... it would be great 🙂

That was just 3 things when "throwing" yourself into BGP with AutoVPN on the MX. As mentioned , it works 🙂 , but there are a couple of questions, that I cant quite seem to find covered in documentation.

Anyone else out there got any experience one should be aware of ?

Thanks

Thomas

ww · ‎Jun 14 2024

1. Yes it talks ibgp automatic to the spokes.

"My guess is that the only time you would need to enable BGP on more then one MX is in a multi DC (eBGP) scenario" <- yes, but it now also support routed mode bgp, so when you run mx/sdwan + lan switch/router with bgp support you could mode layer3 to lan and exchange dynamic routes. (imo Better the 1 way ospf)

2. It advertises anything it learns to the spokes, also default route. The same is when you have a spoke and you set a default route to the lan side, and advertise it into autovpn that route is also used by any spoke

3, the route table always have been a mess. Especially with bgp

View solution in original post

ww · ‎Jun 14 2024