I would like to know if BGP is fully supported on MX,
I have gone through the Meraki documentation and it addresses the VPN setup.
Share some insights
Solved! Go to solution.
If you open a support case you can request to go on the BGP beta program. The BGP is intended to be used for iBGP - such as to your network core - and not eBGP such as to ISPs.
If you open a support case you can request to go on the BGP beta program. The BGP is intended to be used for iBGP - such as to your network core - and not eBGP such as to ISPs.
Can you confirm that eBGP is still not available? I didn't see any updates or newer resposnes which indicate it is.. and all the documentation I've found are in line with this thread.
Uplink provider to private network requires BGP routing. I don't think the Meraki will work well for this scenario.
I was hoping that this had a better solution since originally opened but looks like the MX only supports eBGP when configured in One-Armed concentrator mode.
https://documentation.meraki.com/MX/Networks_and_Routing/BGP
eBGP is working
Question though ... will it support eBGP for upstream to provider with only taking default routes from those ISP's? I completely understand it's not going to handle full tables from a couple of upstreams 🙂
Or, same upstream ISP connected through private AS for purposes of load balancing connections?
Thanks,
Paul
I don't see why Cisco Meraki would add eBGP support like that. The MX already supports load balancing and can already detect path failure. eBGP in this case adds a lot of complication with no benefits.
Well there is clearly benefits to doing eBGP to upstream provider. Load a loopback address on the Meraki MX with two upstream connections and you have an "always reachable" destination for inbound traffic that may be forwarded to things like mail servers etc.
You can already do that - but better. Connect two different upstream providers to the two WAN ports.
BGP advertising a default route only verifies connectivity between you and the ISP is working.
The MX verifies connectivity all the way back to the Meraki cloud - so an issue within an ISP or their upstreams will now be detected.
Using email as an example, you can point the DNS at the pair of IP address (one from each provider).
Ah I see what you mean ... I work on the ISP side of things primarily so think like an ISP 😉 How would that work for web though .... use the dynamic hostname as a CNAME for inbound web traffic? Thanks
Not many customers host actual web sites themselves any more ... but that CNAME option sounds great.
I tend to use Amazon Route 53 for my DNS. If you use a service like this you can create a health check. This only includes an IP in the DNS response if it is actually up and responding. The service is very cheap.
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html
In our case we have quite a number of customers that host their own SSL-VPN (hence the web question) and we host DNS for them (which has been more reliable than other solutions for them). thanks again.
Hi Philip,
for the purposes of extra public IP, floated through the P2P IPs, BGP will be fine for the IPs to failover
Hi, in my mind eBGP would be good for resiliency for example in a scenario where you have two VMX-100's deployed in two different Microsoft Azure regions and BGP peering configured with community values and local preference for certain prefixes residing in Microsoft Azure i,e, not load balancing but active/standby for redundancy.
Azure does not support running BGP to a VM hosted inside of Azure.
Oh yeah, let‘s see the first customer pull in the full internet routing table on MX64! 😋
You would need to size accordingly, just like any other technology. You wouldn't pull in full BGP routes on a 4321, would you?
BGP on MX appliances is only meant to import the routes of a site or datacenter into SD-WAN and vice versa to have site subnets available to BGP peers in a HQ or Datacenter site.