cancel
Showing results for 
Search instead for 
Did you mean: 

Data centre SD-WAN VPN concentrator design with MPLS and Internet

SOLVED
Conversationalist

Data centre SD-WAN VPN concentrator design with MPLS and Internet

Hi,

 

quick question on how to design and deploy this, when you have a VPN concentrator in a DC, and each branch and the data centres have an MPLS and an Internet link each, do you still configure the VPN concentrator with 1 uplink interface, then it will form 2 tunnels to each branch over this 1 interface, or do you configure 2 interfaces (ie one for internet tunnel and one for MPLS tunnel)

 

seems to me only 1 is required, but just want some confirmation.

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Kind of a big deal

Re: Data centre SD-WAN VPN concentrator design with MPLS and Internet

Both options are valid.

 

Cisco Meraki's recommend design uses the single interface at the DC.

I personally do my deployments using 2 interfaces so I have greater control over SD-WAN functionality at the DC end.

 

You are most likely interested in this design:

https://documentation.meraki.com/MX/Site-to-site_VPN/Configuring_Site-to-site_VPN_over_MPLS

4 REPLIES 4
Kind of a big deal

Re: Data centre SD-WAN VPN concentrator design with MPLS and Internet

Both options are valid.

 

Cisco Meraki's recommend design uses the single interface at the DC.

I personally do my deployments using 2 interfaces so I have greater control over SD-WAN functionality at the DC end.

 

You are most likely interested in this design:

https://documentation.meraki.com/MX/Site-to-site_VPN/Configuring_Site-to-site_VPN_over_MPLS

Highlighted
DN
Here to help

Re: Data centre SD-WAN VPN concentrator design with MPLS and Internet

Agreed with @PhilipDAth  , I would go for the same option in this case .

Getting noticed

Re: Data centre SD-WAN VPN concentrator design with MPLS and Internet

If you have many subnets to advertise from your data center, one arm concentrator  mode is useful. After all, you will run OSFP and form neighbors between MX and your edge firewall. 

Kind of a big deal

Re: Data centre SD-WAN VPN concentrator design with MPLS and Internet

Note that OSPF in one armed mode can not listen or learn OSPF routes.  It can only advertise AutoVPN routes.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.