Help with HA MX design

Lukef
Here to help

Help with HA MX design

Hey Guys / Gals

I have a similar question to this thread https://community.meraki.com/t5/Security-SD-WAN/How-to-cable-MX-amp-MS-for-HA/td-p/22765  and after some assistance with HA design. We have a customer with a fibre service that we are going to be patching to two Meraki MX100's in a HA pair using the virtual IP option. We do not have a second fibre internet service, so for redundancy we are going to install a MG21E 4G service and thinking we could patch that into the secondary MX on WAN2.

cVKjyfE

 

I'm hoping from what I have read the it should fail over in the following order.

MX1 WAN1 - fibre virtual ip

MX2 WAN1 - fibre virtual ip

MX2 WAN2 (connected to MG21E)

 

From your information does this seem correct. My logic is if the main internet service fails, it will fail across to the second mx on the 4g service? I believe I could patch the MG21E into both MX's on WAN2, however if MX1 loses internet for some reason due to cabling issue, it will then fail to wan2 (4g) rather than to the spare mx WAN1 that may have a working fibre connection.

 

Looking for any guidance / assistance. 

 

Cheers

4 Replies 4
cmr
Kind of a big deal
Kind of a big deal

@Lukef that should work, failing over in the way you say.

Bruce
Kind of a big deal

On a slightly different point on your design - if you’ve got the ports available on the MS250 stack then it might be worth dual homing both the MXs to the stack. That way if the top MS in the stack fails you’ll maintain connectivity to the Primary MX, otherwise you’ll potentially lose the VRRP messages between the MXs (the MXs don’t pass VRRP messages on the WAN interface) and you will end up dual active with both MXs trying to use the virtual WAN IP.

A yes good point, plenty of free ports. 
thanks for pointing that out

Design updated, thanks for the feedback

 

B59Fs2M

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels