I have over 400+ sites that I intend to roll-out MX devices to, and have come up against an issue which I cannot find a workaround or fix for.
I like the auto subnetting, however how can that be incorporated into an existing routable MPLS network?
Using the template instead of configuring 400+ devices is clearly the way to go, but how to incorporate existing routable MPLS subnets is what is leaving me puzzled....any ideas / experience / tips greatly received.
MPLS provider should provide a static routable IP on each site - you must need to configure it manually on each MX.
We have recently rolled out 200+ MX for one client and below procedure is based on my experience:
- Get list of IP addresses for each site from service provider. For us it was PPPoE credentials.
- Prepare a worksheet columns with: MX name (i.e. site name), IP subnet (we did use /27 for each site within class B), fixed IP on LAN, WAN IP
- Engage one technician to configure those MX one by one. Same procedure, 400 times for you. But on the same desk.
- You should define MX name (i.e. site name) from dashboard, each site will be one network with same name.
- Deployment would be much easy - plug & play.
I agree with @MijanurRahman With regard to existing addressing and new addressing - you will have to manually check each assigned subnet to make sure it does not conflict with existing addressing. Either that or just manually assign each subnet.
Your next choice is weather to run AutoVPN over MPLS. This is my preferred solution, because it means you can detect a failure inside of the MPLS provider, and [if sites have a backup circuit] failover automatically. If you use this method you will want a stub network from the MPLS provider (such as a /30 or a /29) and the MPLS provider does not need to know about your site addressing. I prefer to use /29's because if you want to put in dual MX's at a site for HA you can. Sometimes the important of a site changes at a later point in time, and this makes upgrading it to HA easy.
The other approach is to use a tracked router This is where you ping something [like the next hop] and then choose to use the MPLS as the primary interface [by selecting routes based on the track result] and something else for a backup interface. This method is easy, but it can't handle detecting a failure inside the MPLS cloud.
@stroighne if you're question was related to the automated VLAN IP assignment in the MX template and retrofitting that into your existing, per-site IP addressing scheme then you can still use the "unique IP" template option. Just make sure you select the appropriate prefix for each VLAN (ex. 192.168.0.0/24). Then once the network is bound to the template, it will inherit a random, available subnet that fits within the prefix in the template. Important thing is that the /mask matches.
Once bound to the template, it's just a 1-time effort to go back into the local MX network and edit the subnet to match your existing deployment.
We're doing what you've described here. An MPLS connection with a /30. Trying to use Auto VPN over this and a public internet connection.
The ISP is trying to use our LAN address as the next hop but when they do this it breaks our routes to the concentrator at our core. In this instant, what should the ISP user as the next hop on the MPLS?
Solved it myself. Nexthop is the CE. We just didnt have internet access for that IP so it couldnt access the Meraki VPN registry. Once we gave it internet access we were all good.
One tip to point out, make sure you have redundancy on your internet. Once the MX's loose connectivity to the cloud the AutoVPN tunnels between branch and DC over MPLS will dropout.
It would be good if Meraki could allow MPLS type AutoVPN's to have a longer timeout or set to infinite.