Dynamic Routing Protocol on LAN side of MX and Z3 devices.

JamesMutie
Getting noticed

Dynamic Routing Protocol on LAN side of MX and Z3 devices.

Is it possible to have Dynamic routing Protocol Like BGP or OSPF peering with Cisco IOS Router through the LAN ports of an MX or Z3s in NAT mode.?

 

 

I have a client who would like to achieve the above set up for all the branches running as spokes and at the same time would like to implement seamless failover to SD WAN over internet incase MPLS is down.

 

So the connections to the branch will be MPLS on LAN port 3 and Internet LINK on WAN Port 1.  and VPN Concentrator located in the Data Centre

 

But I can find a documentation on meraki saying it is possible to achieve dynamic routing through LAN ports of MX and Z3s.

 

10 REPLIES 10
KarstenI
Kind of a big deal

Yes, but it only has a specific use-case and is quite limited.

Without VLANs configured you can announce AutoVPN learned subnets through OSPF. Thats all.

You should also look into the route-tracking that can be used on the MX. With that you can add a static route that is only active while the next-hop or a host in the destination is reachable.

@KarstenI So it is possible to to have OSPF neighborship between MX and  a cisco router on LAN. I know it is possible on MS switches but not sure on MX devices

ww
Kind of a big deal
Kind of a big deal

Yes.

But mx does not learn routes from the ospf neighbor. 

rymiles
Meraki Employee

Assume you’re asking due to your proposed design of landing MPLS on a MX LAN port. While you can land MPLS on LAN that route is then primary and only upon failure will it take the internet/autovpn path. 

You should consider landing the MPLS connection on a WAN port. Then you get SDWAN and autovpn over the MPLS path. 

There are a number of docs that cover the topic both on our site as well as user sites like this one 

@rymiles Thanks a lot.  I would propose the same.

 

But I would like to know if the client use case can actually work. Since the Branch MXs will be in NAT mode, is it possible to  have CE-PE routing protocol being BGP or OSPF  peering on the LAN Port of the MX/Z3 in NAT mode.? and have the  MX/Z3 as the gateway for LAN user traffic

JamesMutie
Getting noticed

@wwThanks . Have seen it is possible to do OSPF when the MX is put on VPN mode.

 

 

 

But the client needs to have the branch MX/Z3s in NAT mode, have the gateways here for LAN traffic and at the same time route the LAN traffic to Data Centre via MPLS CE-PE routing protocol being either OSPF of BGP. is this achievable?

Yes, but not using the design you are proposing.  You need to use one of the Meraki designs.

 

This is the simplest design offering the least SD-WAN capabilities but will achieve your ultimate goal.

https://documentation.meraki.com/MX/Deployment_Guides/MPLS_Failover_to_Meraki_Auto_VPN 

 

A more difficult but more sophisticated design that exposes more SD-WAN capabilities is:

https://documentation.meraki.com/MX/Site-to-site_VPN/Configuring_Site-to-site_VPN_over_MPLS 

@PhilipDAth Thanks.  Have checked on several MXs in NAT mode and have observed below.

 

             1. On the uplink section(Internet port 1 and 2) it only has options for static assignment.

              2.On the IP addressing section cant see anywhere to configure  either BGP or OSPF.

 So in summary this means the clients requested design is not achievable not unless we do the routing over Auto VPN? 

> So in summary this means the clients requested design

 

Correct.  They are not using a workable design for a Cisco Meraki solution.  They should use a Cisco Meraki validate design instead (such as the ones I have posted a link to).

@PhilipDAth  Thanks Understood. The document you have shared  have also explained it pretty well.  To use MPLS as primary and failover to AutoVPN will only work  with static routing  with MPLS link connected on the LAN port of MX.

 

But since static routing will mean they do some redistribution of the static routes within the MPLS network, This makes the design complicated and the better option will be Meraki Validated design.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels