Failover to MPLS if no route in AUTOVPN

Kiwirotc
New here

Failover to MPLS if no route in AUTOVPN

Hi hoping you be able to confirm if what I’m thing is correct or to suggest a better way of doing things.  

We currently have a full MPLS network which we are about to terminate we’re moving to a full SD-wan solution with autovpn, with dual isps at each site. 

At the DC we are going to have a MX250 which is going to terminate the autovpns and a MX84 that is going to be used as the default route out to the internet. 

the plan is to set the MX250 as the default route out for the network. Then a default route will then point traffic to the MX84 if no route is found via autovpn

 

at the MX84 my idea is to then set a 0.0.0.0/0 route to the MPLS for the networks that don’t and will never exist via Autovpn. Flow preference is setup to direct internet traffic out WAN1

 

Do you think this would work or would I be best to define static routes on the MX250 to the routes that exist on the MPLS but still have the default route set to the mx84 as I want that to be the route out to the Internet.. 

thanks in advance!!

3 REPLIES 3
UCcert
Kind of a big deal

Re: Failover to MPLS if no route in AUTOVPN

From what I understand here is that your MX250 will be your one-armed concentrator in the DC and your MX84 is your route out to the internet?

 

Your MX250 isn’t your default route, that’s your route out to your edge sites so should you not add a route to the MX250 to reach all your edge sites.  Keep your default route to the MX84.

Darren O'Connor | uccert.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
Kiwirotc
New here

Re: Failover to MPLS if no route in AUTOVPN

Yes you’re correct the MX84 is going to be the default route out to the Internet, traffic shaping rules, bandwidth limits have been set etc

 

the mx250 is in routed mode as it’s directly connected to the internet

 

 If I set the 84 as the default route for the network I’d have to set static routes on it for all the other edge sites if my thinking is correct?

UCcert
Kind of a big deal

Re: Failover to MPLS if no route in AUTOVPN

Hi @Kiwirotc 

 

Please take a read through the below:

 

https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/...

 

Your MX250 should be in concentrator mode with the recommended design being it sat behind a firewall or in a DMZ

 

 

Darren O'Connor | uccert.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.