Meraki

Community

Full mesh topology

Solved
MerakiLover
Here to help
‎Sep 7 2018 12:26 AM
‎Sep 7 2018 12:26 AM

Full mesh topology

Hi all, 

 

I've customer with 300 sites with VendorX where he has a hub and spoke topology. 

He has MPLS for some traffic (see voip) where this traffic can reach every other site directly. 

 

We want to move this network to Meraki Sd-wan... So finally topology is hub&spoke with DSL + MPLS (over wan interfaces of course). 

 

Customer is worried about going to a scenario where traffic from a branch to another has to pass via the hub, always. 

 

Is there any workaround for this ? (of course we want to avoid the real hub-hub scenario, otherwise we would have tons of connections for each site). 

 

Thanks

0 Kudos
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 7 2018 12:40 PM
‎Sep 7 2018 12:40 PM

Lets consider MPLS a little bit further.  For the "customer" view it virtually looks like a full mesh.

 

Physically however it is quite different. Your have the CE router on the customer premise, which then connects to a providers PE router, and then to the providers code.  When site A talks to site B it goes CE->PE->Core->PE->CE.  The important bit to note is that it traverses the providers core.  It isn't actually physically a full mesh.  The traffic does not magically physically jump from one branch CE to another branch CE (there is no actual physical mesh).

 

The provider core is essentially the same as your Meraki Hub.

 

Just like the service providers core network - you need to make sure your Hub environment has plenty of bandwidth and redundancy and processing capacity to ensure that their are no issues.

 

 

I have run a 300 site Meraki network off a pair of MX's as a hub and it runs great.  If your deployment is spread over over a large geographic area (such as multiple countries) you could also consider using multiple hubs - a pair for each area.  That way traffic within from site to another in the same geographic area will not leave that geographic area.

View solution in original post

3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 7 2018 12:40 PM
‎Sep 7 2018 12:40 PM

Lets consider MPLS a little bit further.  For the "customer" view it virtually looks like a full mesh.

 

Physically however it is quite different. Your have the CE router on the customer premise, which then connects to a providers PE router, and then to the providers code.  When site A talks to site B it goes CE->PE->Core->PE->CE.  The important bit to note is that it traverses the providers core.  It isn't actually physically a full mesh.  The traffic does not magically physically jump from one branch CE to another branch CE (there is no actual physical mesh).

 

The provider core is essentially the same as your Meraki Hub.

 

Just like the service providers core network - you need to make sure your Hub environment has plenty of bandwidth and redundancy and processing capacity to ensure that their are no issues.

 

 

I have run a 300 site Meraki network off a pair of MX's as a hub and it runs great.  If your deployment is spread over over a large geographic area (such as multiple countries) you could also consider using multiple hubs - a pair for each area.  That way traffic within from site to another in the same geographic area will not leave that geographic area.

In response to PhilipDAth
MerakiLover
Here to help
‎Sep 10 2018 2:34 AM
‎Sep 10 2018 2:34 AM

Thanks Philip.. you are right and it makes sense. 

The fact that traceroute does not show the real traffic path hop-by-hop does not mean that there is an hub or that is a full mesh. 

Thanks for your help

0 Kudos
In response to MerakiLover
Netwow
Building a reputation
‎Nov 13 2018 1:11 PM
‎Nov 13 2018 1:11 PM

Question: without using a pair of hubs, couldn't the same topology be achieved if you added a group policy to block the undesired routes? I am trying to avoid adding an additional mx . 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.