cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Failover both Uplink and Metro-E network

Highlighted
Here to help

Failover both Uplink and Metro-E network

We currently have MPLS connecting 6 locations. Routing is done by our ISP. Each location has a MX appliance in NAT mode.

We are moving away from MPLS and recently starting to implement Metro-E at our locations.
Each location has a designated cheap uplink. Currently I am using each location's core L3 switch to do failover routing for both MPLS/Metro-E and uplink ( I wanted it to use MX auto-vpn if MPLS/Metro-E goes down and if local uplink goes down, send default route to MPLS/Metro-E). Ultimately I want to move all these routes to MX, so I only need to manage local L3 routing on Core switch.

 

I attempted to setup this configuration, https://documentation.meraki.com/MX-Z/Site-to-site_VPN/Configuring_Site-to-site_VPN_over_MPLS, on our sites, but branch keeps forming autovpn over its own uplink instead of over Metro-E.

 

Did anyone figured this out? 

 

By the way, the HQ has two uplinks and Metro-E connection. site to site vpn is hub and spoke. Metro-E network is formed with /29 network.

8 REPLIES 8
Highlighted
Kind of a big deal

Re: Failover both Uplink and Metro-E network

To use AutoVPN over Metro-E you would plug the Metro-E circuit into a WAN port on the MX, not directly into your L3 switch.

Highlighted
Here to help

Re: Failover both Uplink and Metro-E network

That's how we set it up at one of our branch office. We connected Metro-E on WAN2, then setup traffic shaping to set WAN2 as primary uplink without load balancing, but the according to vpn status, it's forming an auto-vpn with WAN1 instead of WAN2.

WAN2 connection is setup to set gateway to HQ metro-e ip address.

 

HQ mx has metro-e on LAN port because its WAN1 and WAN2 has separate uplink ISP. 

Highlighted
Kind of a big deal

Re: Failover both Uplink and Metro-E network

What is providing the Metro-E circuit access to the Internet?

Highlighted
Kind of a big deal

Re: Failover both Uplink and Metro-E network

I see now.

 

The HQ MX also needs its WAN port connected to the Metro-E.  You would need to use an additional device to provide the Metro-E circuit access to the Internet.

 

You could use this approach instead:

https://documentation.meraki.com/MX-Z/Deployment_Guides/MPLS_Failover_to_Meraki_Auto_VPN

Highlighted
Here to help

Re: Failover both Uplink and Metro-E network

I thought about that design, where it provides backup internal route through auto-vpn. This scenario works with metro-e connected to MX's lan port on both branch and HQ site.

 

But with this scenario, doesn't it only provides failover to metro-e? 

What if my branch's uplink 1 goes down, and it does not have WAN2, can I setup static default route to go to HQ metro-E?

Highlighted
Kind of a big deal

Re: Failover both Uplink and Metro-E network

It does the opposite.  Metro-E is the primary circuit, and it only fails over to AutoVPN if the Metro-E circuit fails.

Highlighted
Here to help

Re: Failover both Uplink and Metro-E network

So with our setup, we cannot have a backup route to internet if branch's WAN goes down?

Highlighted
Kind of a big deal

Re: Failover both Uplink and Metro-E network

Only if you have the Metro-E circuit connected to a WAN port.  And you need to add a tracked route for every remote route.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.