Meraki

Community

Direct Connect vs vmx100

mscotto
Getting noticed
‎Oct 22 2020 7:44 AM
‎Oct 22 2020 7:44 AM

Direct Connect vs vmx100

Hello, 

 

I have a site to site vpn from the local office mx going to AWS VPC.  I was looking into setting up AWS direct connect so I can do BGP however, would adding a vMX accomplish the same goal or is that completely separate?  I guess I am looking for the difference between the two.  Thanks!

0 Kudos
5 Replies 5
GreenMan
Meraki Employee
Meraki Employee
‎Oct 22 2020 12:40 PM
‎Oct 22 2020 12:40 PM

If you use vMX in your AWS instance, the VPN between the two is Meraki <-> Meraki AutoVPN, so it's much easier to configure.   It will also build overlay tunnels across both WAN uplinks from the branch MXs (spokes) - if the branch MXs have two.   The MXs now closely monitor the performance of both these end-to-end paths (packet loss, latency and jitter).   As well as load balancing, you can then also make use of SD-WAN policy and performance rules to manage traffic across those two available paths - this includes the ability to fail over specific applications between the paths, if the monitored performance doesn't meet the criteria you configure for them.

The non-Meraki VPN to any other IPSec device virtualised at your cloud provider provides a secure tunnel connecting the two and not that much else.

In response to GreenMan
mscotto
Getting noticed
‎Oct 22 2020 2:17 PM
‎Oct 22 2020 2:17 PM

Got it thanks so it sounds like the vmx100 makes more sense than going the direct connect route?

0 Kudos
In response to mscotto
GreenMan
Meraki Employee
Meraki Employee
‎Oct 23 2020 12:59 AM
‎Oct 23 2020 12:59 AM

Well...   what benefits were you hoping to get from using BGP?

 

Also:  I missed the reference to Direct Connect.  I must admit;  I’m not massively familiar with it, but I understand it’s a dedicated link between your site and an AWS DC.  AWS pushes the pros here: https://aws.amazon.com/directconnect/ but it will probably have all the usual pros and cons associated with something ‘dedicated’   - It will probably be more expensive (you’ll need to run the numbers for your scenario though) but maybe more dependable - and how will it scale, if you need to connect more locations to your AWS instance?

0 Kudos
In response to GreenMan
mscotto
Getting noticed
‎Oct 23 2020 4:58 AM
‎Oct 23 2020 4:58 AM

This would be just one location.  So if I understand correctly, I go wirth the vmx100 and that is a cloud mx that sits in my VPC and then I can do more meraki to meraki configurations?  I assume this will sit at the edge of the vpc and route all incoming and outgoing traffic?

0 Kudos
In response to mscotto
GreenMan
Meraki Employee
Meraki Employee
‎Oct 23 2020 5:43 AM
‎Oct 23 2020 5:43 AM

Almost...   You have to tell AWS what traffic to send to the vMX:  all the IP subnets that you want to be able to access your AWS resources,  at the sites on the other end of the AutoVPN tunnels.   You don't want all your AWS traffic going out through the vMX - it will be a one-armed VPN Concentrator, not a firewall to protect your AWS instance.   Of course, those subnets might still mean all the traffic...

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.