BGP Configuration on MX

Solved
The_Livingstone
Here to help

BGP Configuration on MX

I would like to know if BGP is fully supported on MX,

I have gone through the Meraki documentation and it addresses the VPN setup.

Share some insights

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal

If you open a support case you can request to go on the BGP beta program.  The BGP is intended to be used for iBGP - such as to your network core - and not eBGP such as to ISPs.

View solution in original post

20 Replies 20
PhilipDAth
Kind of a big deal
Kind of a big deal

If you open a support case you can request to go on the BGP beta program.  The BGP is intended to be used for iBGP - such as to your network core - and not eBGP such as to ISPs.

The_Livingstone
Here to help

Hi Philip,
Thanks for the information, i will open a case.
For my case i was looking forward for eBGP
jsurles
Here to help

Can you confirm that eBGP is still not available?  I didn't see any updates or newer resposnes which indicate it is.. and all the documentation I've found are in line with this thread.

Uplink provider to private network requires BGP routing.  I don't think the Meraki will work well for this scenario.

ph2001
New here

I was hoping that this had a better solution since originally opened but looks like the MX only supports eBGP when configured in One-Armed concentrator mode.

 

NAT Mode

  • iBGP establishes relationships over autovpn and will establish and exchange routes between:
    • A BGP peer acting as a One-Armed Concentrator in the DC and-
    • A NAT mode MX.
  • eBGP peer relationships are not available for MXs operating as NAT mode VPN concentrators and are only supported on One-Armed Concentrators.

 

https://documentation.meraki.com/MX/Networks_and_Routing/BGP

Jerjiang
Comes here often

eBGP is working

pstewart
Getting noticed

Question though ... will it support eBGP for upstream to provider with only taking default routes from those ISP's?  I completely understand it's not going to handle full tables from a couple of upstreams 🙂

 

Or, same upstream ISP connected through private AS for purposes of load balancing connections?

 

Thanks,

Paul

PhilipDAth
Kind of a big deal
Kind of a big deal

I don't see why Cisco Meraki would add eBGP support like that.  The MX already supports load balancing and can already detect path failure.  eBGP in this case adds a lot of complication with no benefits.

pstewart
Getting noticed

Well there is clearly benefits to doing eBGP to upstream provider.  Load a loopback address on the Meraki MX with two upstream connections and you have an "always reachable" destination for inbound traffic that may be forwarded to things like mail servers etc.

PhilipDAth
Kind of a big deal
Kind of a big deal

You can already do that - but better.  Connect two different upstream providers to the two WAN ports.

 

BGP advertising a default route only verifies connectivity between you and the ISP is working.

The MX verifies connectivity all the way back to the Meraki cloud - so an issue within an ISP or their upstreams will now be detected.

 

Using email as an example, you can point the DNS at the pair of IP address (one from each provider).

pstewart
Getting noticed

Ah I see what you mean ... I work on the ISP side of things primarily so think like an ISP 😉    How would that work for web though .... use the dynamic hostname as a CNAME for inbound web traffic?  Thanks 

PhilipDAth
Kind of a big deal
Kind of a big deal

Not many customers host actual web sites themselves any more ... but that CNAME option sounds great.

 

I tend to use Amazon Route 53 for my DNS.  If you use a service like this you can create a health check.  This only includes an IP in the DNS response if it is actually up and responding.  The service is very cheap.

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html

 

pstewart
Getting noticed

In our case we have quite a number of customers that host their own SSL-VPN (hence the web question) and we host DNS for them (which has been more reliable than other solutions for them).  thanks again.

TGTELVT
New here

the capability to learn routes is powerful
The_Livingstone
Here to help

Hi Philip,

for the purposes of extra public IP, floated through the P2P IPs, BGP will be fine for the IPs to failover 

IrtepOthelirouv
New here

Hi, in my mind eBGP would be good for resiliency for example in a scenario where you have two VMX-100's deployed in two different Microsoft Azure regions and BGP peering configured with community values and local preference for certain prefixes residing in Microsoft Azure i,e, not load balancing but active/standby for redundancy.

PhilipDAth
Kind of a big deal
Kind of a big deal

Azure does not support running BGP to a VM hosted inside of Azure.

TGTELVT
New here

I would say this is a quick response to a loaded question. There are LOTS of benefits of eBGP with a MX and yes you could work a round this with round robin DNS or load balancing, etc.. but there are big benefits to BGP too.
CptnCrnch
Kind of a big deal
Kind of a big deal

Oh yeah, let‘s see the first customer pull in the full internet routing table on MX64! 😋

MattGear
Meraki Employee
Meraki Employee

You would need to size accordingly, just like any other technology. You wouldn't pull in full BGP routes on a 4321, would you?

GIdenJoe
Kind of a big deal
Kind of a big deal

BGP on MX appliances is only meant to import the routes of a site or datacenter into SD-WAN and vice versa to have site subnets available to BGP peers in a HQ or Datacenter site.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels