Hi Philip,
Thanks for the information, i will open a case.
For my case i was looking forward for eBGP

Can you confirm that eBGP is still not available?  I didn't see any updates or newer resposnes which indicate it is.. and all the documentation I've found are in line with this thread.

Uplink provider to private network requires BGP routing.  I don't think the Meraki will work well for this scenario.

I was hoping that this had a better solution since originally opened but looks like the MX only supports eBGP when configured in One-Armed concentrator mode.

 

NAT Mode

• iBGP establishes relationships over autovpn and will establish and exchange routes between:
  • A BGP peer acting as a One-Armed Concentrator in the DC and-
  • A NAT mode MX.
• eBGP peer relationships are not available for MXs operating as NAT mode VPN concentrators and are only supported on One-Armed Concentrators.

 

https://documentation.meraki.com/MX/Networks_and_Routing/BGP

eBGP is working

Question though ... will it support eBGP for upstream to provider with only taking default routes from those ISP's?  I completely understand it's not going to handle full tables from a couple of upstreams 🙂

 

Or, same upstream ISP connected through private AS for purposes of load balancing connections?

 

Thanks,

Paul

I don't see why Cisco Meraki would add eBGP support like that.  The MX already supports load balancing and can already detect path failure.  eBGP in this case adds a lot of complication with no benefits.

Well there is clearly benefits to doing eBGP to upstream provider.  Load a loopback address on the Meraki MX with two upstream connections and you have an "always reachable" destination for inbound traffic that may be forwarded to things like mail servers etc.

You can already do that - but better.  Connect two different upstream providers to the two WAN ports.

 

BGP advertising a default route only verifies connectivity between you and the ISP is working.

The MX verifies connectivity all the way back to the Meraki cloud - so an issue within an ISP or their upstreams will now be detected.

 

Using email as an example, you can point the DNS at the pair of IP address (one from each provider).

Ah I see what you mean ... I work on the ISP side of things primarily so think like an ISP 😉    How would that work for web though .... use the dynamic hostname as a CNAME for inbound web traffic?  Thanks 

Not many customers host actual web sites themselves any more ... but that CNAME option sounds great.

 

I tend to use Amazon Route 53 for my DNS.  If you use a service like this you can create a health check.  This only includes an IP in the DNS response if it is actually up and responding.  The service is very cheap.

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html

 

In our case we have quite a number of customers that host their own SSL-VPN (hence the web question) and we host DNS for them (which has been more reliable than other solutions for them).  thanks again.

the capability to learn routes is powerful

Hi Philip,

for the purposes of extra public IP, floated through the P2P IPs, BGP will be fine for the IPs to failover 

Hi, in my mind eBGP would be good for resiliency for example in a scenario where you have two VMX-100's deployed in two different Microsoft Azure regions and BGP peering configured with community values and local preference for certain prefixes residing in Microsoft Azure i,e, not load balancing but active/standby for redundancy.

Azure does not support running BGP to a VM hosted inside of Azure.

I would say this is a quick response to a loaded question. There are LOTS of benefits of eBGP with a MX and yes you could work a round this with round robin DNS or load balancing, etc.. but there are big benefits to BGP too.

Oh yeah, let‘s see the first customer pull in the full internet routing table on MX64! 😋

You would need to size accordingly, just like any other technology. You wouldn't pull in full BGP routes on a 4321, would you?

BGP on MX appliances is only meant to import the routes of a site or datacenter into SD-WAN and vice versa to have site subnets available to BGP peers in a HQ or Datacenter site.