Hi all, I'm having some issues understanding how to configure my hub/spoke network with OSPF as the documentation is a bit... inconsistent.
At the hub I have two MXs (routed with vlans disabled) connected to my core switch. At the 3 remote sites I also have MXs (routed with vlans disabled) and one cisco switch downstream. Am I able to use OSPF to connect everything (from the core switch to the cisco switches at the remote sites)?
My understanding is that I'll need to use a default static route at the hub MX pass traffic to the core. Is that correct?
Any help will be appreciated. Thanks!
Solved! Go to solution.
@Mikekaleny wrote:
My understanding is that I'll need to use a default static route at the hub MX pass traffic to the core. Is that correct?
Hey @Mikekaleny.,
Not a default, but you will need a static. The way Meraki has implemented OSPF on the MX allows it to _advertise_ AutoVPN learned routers via OSPF, but it cannot _learn_ routes via OSFP. This means that no matter what LSA's the MX has in its LSDB it will never, ever install an OSPF route (I suspect it doesn't even run Dijkstra... But that's just a guess). So to allow your MX to reach networks in the core you need to add a static route (you also add this route into AutoVPN so your spokes can reach the core).
You should avoid using a default route as this will cause inconsistent behavior with the default route on the WAN port used to reach the Meraki cloud.
@Mikekaleny wrote:
My understanding is that I'll need to use a default static route at the hub MX pass traffic to the core. Is that correct?
Hey @Mikekaleny.,
Not a default, but you will need a static. The way Meraki has implemented OSPF on the MX allows it to _advertise_ AutoVPN learned routers via OSPF, but it cannot _learn_ routes via OSFP. This means that no matter what LSA's the MX has in its LSDB it will never, ever install an OSPF route (I suspect it doesn't even run Dijkstra... But that's just a guess). So to allow your MX to reach networks in the core you need to add a static route (you also add this route into AutoVPN so your spokes can reach the core).
You should avoid using a default route as this will cause inconsistent behavior with the default route on the WAN port used to reach the Meraki cloud.
Thank you for explaining!
One more question, does the MX have to run as a vpn concentrator at the hub or can I configure it using Routed/NAT mode? Will it have any impact on the AutoVPN routes in OSPF reaching the hub?
You can configure OSPF in either routed or concentrator mode, but you must have VLANs disabled.
https://documentation.meraki.com/MX/Site-to-site_VPN/Using_OSPF_to_Advertise_Remote_VPN_Subnets
So OSPF on the MX will work the same way whether the hub is configured as a concentrator or routed (with VLANs disabled), correct? Sorry if I didn't phrase my question correctly the first time.
Thank you very much!