Diverse WAN Failover with Dark Fiber connection between two sites

Solved
timbeck2
Conversationalist

Diverse WAN Failover with Dark Fiber connection between two sites

Hey There,

 

I'm working with a client who has a relatively simple design on paper, but is proving to be fairly difficult to design with Meraki, I wondered if anyone had any creative ideas on this. 

 

Here's the situation. 

 

Client has two separate Locations, each with their own internet connection. The two locations are also connected with a dedicated fiber run between each location. One of the locations has an MX64, the other has an MX68- so Warm spare is out. Each location has MS250 switches in their core, where the fiber between locations connect. We are running OSPF on the MS250's between the two locations for routing.

 

The location with the MX68 will have a substantially faster internet connection and we would want for it to be the primary way out to the internet most of the time. However, in the event of a failure, they would like automatic failover of both locations to redirect traffic to the alternate ISP at the other location. 

 

With traditional cisco gear I would accomplish this with a couple of floating static routes and some SLA tracking, but Meraki switches don't support host status monitoring for a route, and MX's don't advertise any routes into OSPF other than their VPN connections.

 

I'm trying to come up with some creative solutions here, but am coming up short. 

 

Any ideas? 

 

Thanks! 

1 Accepted Solution
BrandonS
Kind of a big deal

If I understand correctly I have just done this exact thing for a customer on a small campus with fiber connecting two buildings and full stack Meraki.  Building A had been primary and building B was just switches and wireless sharing building A internet via the fiber link.  Then they added dedicated internet for building B so I added a MX and put that new internet in WAN 1.  Then I created a dry VLAN on the switch and connected WAN 2 of building B MX into an access port with that VLAN (say VLAN 999). I made sure VLAN 999 was tagged and trunked back to building A.  Back at building A an access port with VLAN 999 was plugged into another "regular" switch port that would provide DHCP and internet access).

 

They did not care to do the opposite for building A to ever fail to building B, but I see no reason I could not have done that too.

 

Does that track with what you are trying to do and make sense?

- Ex community all-star (⌐⊙_⊙)

View solution in original post

4 Replies 4
BrandonS
Kind of a big deal

If I understand correctly I have just done this exact thing for a customer on a small campus with fiber connecting two buildings and full stack Meraki.  Building A had been primary and building B was just switches and wireless sharing building A internet via the fiber link.  Then they added dedicated internet for building B so I added a MX and put that new internet in WAN 1.  Then I created a dry VLAN on the switch and connected WAN 2 of building B MX into an access port with that VLAN (say VLAN 999). I made sure VLAN 999 was tagged and trunked back to building A.  Back at building A an access port with VLAN 999 was plugged into another "regular" switch port that would provide DHCP and internet access).

 

They did not care to do the opposite for building A to ever fail to building B, but I see no reason I could not have done that too.

 

Does that track with what you are trying to do and make sense?

- Ex community all-star (⌐⊙_⊙)
timbeck2
Conversationalist

Brandon! 

 

This is actually a great idea! And creative- I appreciate this. 

 

We still needed to figure out some of the details on the routing internally, but because of your idea I think we have a pretty solid solution that can accomplish what they want. 

 

I appreciate your input! 

 

Thanks,

-Tim

PhilipDAth
Kind of a big deal
Kind of a big deal

You have a dedicated fibre run between the locations - so you can run as many VLANs over it as you like.

 

You absolutely can run in warm spare mode.  Just put the Internets circuits at each site into a VLAN, and trunk that to both sites.  Ditto with the MX LAN connection.

 

Meraki simple.

ww
Kind of a big deal
Kind of a big deal

@PhilipDAth he has a mx64 and mx68

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels