Comcast Cellular Failover and MX

JohnT
Getting noticed

Comcast Cellular Failover and MX

Hi Everyone

 

We are opening a retail/restaurant space in Portland and I'm curious about everyone's thoughts on how to setup an MX67 with Comcast's Business cellular fail-over (Connection Pro) Essentially, they have a Cradlepoint added to the mix that provides the cellular fail-over.  In our other locations we have done this with dual wired ISP's and this is the first one that we will be using cellular for backup.  I could leave it "as is" and let Comcast handle the fail-over as designed.  Although it makes me wonder if there is a better way to set this up.  As I see it, here are my options.  Please chime in if you have an opinion

 

  1. Don't mess with it, just plug in the Comcast WAN link to your MX67 and let them handle the fail-over as designed.
  2. Plug the CradlePoint into the 2nd WAN link and let the MX handle the failover
  3. Purchase a MX67C and remove the sim card from the CradlePoint and insert it into the MX67C
  4. Get rid of the Comcast cellular and purchase it from another provider, then set it up like #2 or #3

 

Thanks everyone!

 

-John

18 REPLIES 18
JohnT
Getting noticed

I just realized this got posted in the wrong forum. Can we get this moved. Thanks!
NolanHerring
Kind of a big deal


@JohnT wrote:
I just realized this got posted in the wrong forum. Can we get this moved. Thanks!

@CarolineS  or @MeredithW can move it to the MX forums 😃

Nolan Herring | nolanwifi.com
TwitterLinkedIn
CarolineS
Community Manager
Community Manager


@JohnT wrote:
I just realized this got posted in the wrong forum. Can we get this moved. Thanks!

Done!

Caroline S | Community Manager, Cisco Meraki
New to the community? Get started here
NolanHerring
Kind of a big deal


@JohnT wrote:

 

  1. Don't mess with it, just plug in the Comcast WAN link to your MX67 and let them handle the fail-over as designed.
  2. Plug the CradlePoint into the 2nd WAN link and let the MX handle the failover
  3. Purchase a MX67C and remove the sim card from the CradlePoint and insert it into the MX67C
  4. Get rid of the Comcast cellular and purchase it from another provider, then set it up like #2 or #3

1 - If you leave it as is, does the cellular auto kick in on their end so its transparant to you? WAN 1 will still be up on your side?

 

2 - Looks like maybe you have the option to connect the cradle point, does this action break the fail-over process on the comcast side? It could give you benefit of allowing more SD-WAN benefits, but if its strictly fail over only, not sure its worth the bother if option 1 is true

 

3 - This is doable but I'm not sure if your going to gain much except added cost. Plus Cradle Points are (correct me if i am wrong) 'more technically capable' as far as cellular performance goes?

 

4 - This is a cost question to me, so the answer lays inside the dollars

Nolan Herring | nolanwifi.com
TwitterLinkedIn

I'm in a different state, and I may be able to get down there towards the end of October to fully test how this all works.  I was hoping to be prepared to test some scenarios when I get down there.

 

1. Yes, I believe this is how it is supposed to function.  If the cable network goes down, the cellular takes over automatically.

2. Yes, if I connect the Cradlepoint directly to the MX it will effectively dismantle the Comcast setup.  However, I don't know if they have anything upstream that would prevent this from working.

3. This was my thought as well, but I didn't know if there was some added benefit to doing this.

4. True.  Although maybe someone has had a bad experience with the Comcast fail-over and would recommend against using it.

NolanHerring
Kind of a big deal

At this point I think most of your questions would be better answered if you do onsite testing, and see how the fail-over works / doesn't work.

I'd be curious to see how long the fail-over takes with the Comcast solution, because if its noticeable (minutes) then you might want to go out of your way to move the fail-over onto the MX as it should be much quicker and more seamless.
Nolan Herring | nolanwifi.com
TwitterLinkedIn

Curious, how quickly does the MX usually failover to cellular?
NolanHerring
Kind of a big deal

Shameless self-plug, but scroll down and you can see some testing I did with the internal cellular models.

https://nolanwifi.com/2018/10/25/you-down-with-l-t-e-yeah-you-know-me-raki/
Nolan Herring | nolanwifi.com
TwitterLinkedIn

If your using Ethernet (WAN1 and WAN2) then see here:

 

 
Note: If the MX is using the non-preferred uplink as the primary and the preferred uplink comes back online, the MX will wait about 15 seconds before switching the primary uplink to the preferred one. This is to prevent the primary connection from flapping in the event of intermittent failure or an unreliable link. 
Nolan Herring | nolanwifi.com
TwitterLinkedIn
JohnT
Getting noticed

Great blog post, thank you @NolanHerring 

PhilipDAth
Kind of a big deal
Kind of a big deal

I'm not going to answer your question.  I'm just going to give you further info to think about.

 

When you have an active circuit plugged into WAN2 it will generate about 100MB of traffic if it only ever runs in standby mode.

For some clients with small data plans this can be an issue.  Many people don't factor in this cellular usage.

 

When you have an Internet circuit plugged into WAN1 and WAN2 you can enable SD-WAN fully and create traffic classes.  For example if you have a light weight but critical traffic (such as POS) that needs to go back to a DC, you can use SD-WAN, define a latency and loss critiera, and then fail over just that traffic if the primary WAN1 degrades but does not actually fail.

 

If you plug in a USB cellular modem (or use an MX67C with a SIM card) the cellular connection is kept offline until the primary ISP circuits fail.  So it does not use any traffic.  You can't use these backup circuits for SD-WAN (except strictly in the sense of failover).  You do get a second set of cellular firewall rules so you can easily say things like block access to guest WiFi when operating on cellular data.

 

Then there are the management aspects.  Do you want someone else to manage the failover, or would you like to have visibility and control of it?  Both answers are correct.

@PhilipDAth All good points you make there.  I think the next step is to head down to the remote location and just start unplugging and testing how this fail-over actually works.  It sounds like ideally I would let the MX handle fail-over, but I'm unclear if that is an option.  As soon as I do some testing I'll report back to the forum with my findings.

 

 


@PhilipDAth wrote:

 

If you plug in a USB cellular modem (or use an MX67C with a SIM card) the cellular connection is kept offline until the primary ISP circuits fail.  So it does not use any traffic.  You can't use these backup circuits for SD-WAN (except strictly in the sense of failover). 



Hi @PhilipDAth ,

 

We have an offering on the table for MX67C using LTE as a Primary for SD-WAN with no WAN links - I note that the datasheet supports LTE as a failover only. The FAQ also says this is not to be used for SD-WAN.

 

From the FAQ at:

MX67_and_MX68_Overview_and_Specifications#FAQ 

Is this SD-WAN over LTE?

No.


Can LTE be used as the primary uplink?

No, LTE is currently only supported as a fail-over link and should only be primary during a temporary WAN failure event.

 

The offering seems to be an unsupported design. Would like to know your thoughts (and Meraki technical - if they see this) .

 

Thanks

Cheers

>We have an offering on the table for MX67C using LTE as a Primary for SD-WAN with no WAN links - I note that the datasheet supports LTE as a failover only. The FAQ also says this is not to be used for SD-WAN.

 

Before you can use the LTE as a primary you have to plug it into a fixed-line connection to allow a firmware upgrade.  Despite what the documentation says, you can use it only with LTE after that.  It will form AutoVPN connections without issue.


Thanks @PhilipDAth ,

Will Meraki support this setup where there are no primary connections in WAN1 & WAN2? I know Cradlepoint has external devices that can use LTE and present a wired WAN links (Where Cradlepoint handles the failover) - Would this be a more supported approach?
@PhilipDAth wrote:

>We have an offering on the table for MX67C using LTE as a Primary for SD-WAN with no WAN links - I note that the datasheet supports LTE as a failover only. The FAQ also says this is not to be used for SD-WAN.

 

Before you can use the LTE as a primary you have to plug it into a fixed-line connection to allow a firmware upgrade.  Despite what the documentation says, you can use it only with LTE after that.  It will form AutoVPN connections without issue.

 

 


 

>Will Meraki support this setup where there are no primary connections in WAN1 & WAN2?

 

Yes.

 

If you are really worried, then use an MG21 and an MX67 (instead of an MX67C).  This also gives you the flexibility to put the MG21 at a place with good cellular reception rather than where the MX67 is located.

https://meraki.cisco.com/products/cellular/mg21

Netwow
Building a reputation

I have a similar issue where a 4g cradlepoint is between the MX and the cable modem. We are unable to establish 3rd party VPN tunnels due to this issue. The DHCP address for the MX comes from the cradlepoint not the cable modem. If we connect it to the secondary WAN port we run the risk of incurring charges. Is there a solution ?

Bruce
Kind of a big deal

@Netwow if you are using any form of Wireless WAN router/modem that has an Ethernet hand-off then you will need to connect it to a WAN port on the MX, which will mean you will have some charges on it. These charges come from the fact that every WAN port on a MX will constantly connect to the Meraki cloud to ensure it has connectivity - this will be in the region of about 100MB a month (from what I've seen) - and you can't disable it.

 

You can stop the MX from forming AutoVPN tunnels on all interfaces by going to Security & SD-WAN -> SD-WAN & Traffic Shaping and disabling the 'Active-Active AutoVPN' option. This will mean that the AutoVPN tunnel will only be formed on the primary link unless it fails, so keeping the traffic to a minimum.

 

The only way to have a true failover function (where there is an absolute minimum of traffic on the 4G circuit) is to have a USB connected modem, or to use a MX model with the in-built 4G/LTE modem.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels