cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

BGP Configuration on MX

SOLVED
Here to help

BGP Configuration on MX

I would like to know if BGP is fully supported on MX,

I have gone through the Meraki documentation and it addresses the VPN setup.

Share some insights

1 ACCEPTED SOLUTION

Accepted Solutions
Kind of a big deal

Re: BGP Configuration on MX

If you open a support case you can request to go on the BGP beta program.  The BGP is intended to be used for iBGP - such as to your network core - and not eBGP such as to ISPs.

View solution in original post

16 REPLIES 16
Kind of a big deal

Re: BGP Configuration on MX

If you open a support case you can request to go on the BGP beta program.  The BGP is intended to be used for iBGP - such as to your network core - and not eBGP such as to ISPs.

View solution in original post

Here to help

Re: BGP Configuration on MX

Hi Philip,
Thanks for the information, i will open a case.
For my case i was looking forward for eBGP
New here

Re: BGP Configuration on MX

Can you confirm that eBGP is still not available?  I didn't see any updates or newer resposnes which indicate it is.. and all the documentation I've found are in line with this thread.

Uplink provider to private network requires BGP routing.  I don't think the Meraki will work well for this scenario.

New here

Re: BGP Configuration on MX

I was hoping that this had a better solution since originally opened but looks like the MX only supports eBGP when configured in One-Armed concentrator mode.

 

NAT Mode

  • iBGP establishes relationships over autovpn and will establish and exchange routes between:
    • A BGP peer acting as a One-Armed Concentrator in the DC and-
    • A NAT mode MX.
  • eBGP peer relationships are not available for MXs operating as NAT mode VPN concentrators and are only supported on One-Armed Concentrators.

 

https://documentation.meraki.com/MX/Networks_and_Routing/BGP

Getting noticed

Re: BGP Configuration on MX

Question though ... will it support eBGP for upstream to provider with only taking default routes from those ISP's?  I completely understand it's not going to handle full tables from a couple of upstreams 🙂

 

Or, same upstream ISP connected through private AS for purposes of load balancing connections?

 

Thanks,

Paul

Kind of a big deal

Re: BGP Configuration on MX

I don't see why Cisco Meraki would add eBGP support like that.  The MX already supports load balancing and can already detect path failure.  eBGP in this case adds a lot of complication with no benefits.

Highlighted
Getting noticed

Re: BGP Configuration on MX

Well there is clearly benefits to doing eBGP to upstream provider.  Load a loopback address on the Meraki MX with two upstream connections and you have an "always reachable" destination for inbound traffic that may be forwarded to things like mail servers etc.

Kind of a big deal

Re: BGP Configuration on MX

You can already do that - but better.  Connect two different upstream providers to the two WAN ports.

 

BGP advertising a default route only verifies connectivity between you and the ISP is working.

The MX verifies connectivity all the way back to the Meraki cloud - so an issue within an ISP or their upstreams will now be detected.

 

Using email as an example, you can point the DNS at the pair of IP address (one from each provider).

Getting noticed

Re: BGP Configuration on MX

Ah I see what you mean ... I work on the ISP side of things primarily so think like an ISP 😉    How would that work for web though .... use the dynamic hostname as a CNAME for inbound web traffic?  Thanks 

Kind of a big deal

Re: BGP Configuration on MX

Not many customers host actual web sites themselves any more ... but that CNAME option sounds great.

 

I tend to use Amazon Route 53 for my DNS.  If you use a service like this you can create a health check.  This only includes an IP in the DNS response if it is actually up and responding.  The service is very cheap.

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html

 

Getting noticed

Re: BGP Configuration on MX

In our case we have quite a number of customers that host their own SSL-VPN (hence the web question) and we host DNS for them (which has been more reliable than other solutions for them).  thanks again.

New here

Re: BGP Configuration on MX

the capability to learn routes is powerful
Here to help

Re: BGP Configuration on MX

Hi Philip,

for the purposes of extra public IP, floated through the P2P IPs, BGP will be fine for the IPs to failover 

Re: BGP Configuration on MX

Hi, in my mind eBGP would be good for resiliency for example in a scenario where you have two VMX-100's deployed in two different Microsoft Azure regions and BGP peering configured with community values and local preference for certain prefixes residing in Microsoft Azure i,e, not load balancing but active/standby for redundancy.

Kind of a big deal

Re: BGP Configuration on MX

Azure does not support running BGP to a VM hosted inside of Azure.

New here

Re: BGP Configuration on MX

I would say this is a quick response to a loaded question. There are LOTS of benefits of eBGP with a MX and yes you could work a round this with round robin DNS or load balancing, etc.. but there are big benefits to BGP too.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.