Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Hot Spare / HA Alternatives for non-identical MX Models

JE46
Conversationalist
yesterday
yesterday

Hot Spare / HA Alternatives for non-identical MX Models

Hello all,

 

Running into a bit of a tricky situation getting backup internet between two buildings. Here's the scenario.

 

Building A has its own ISP and an MX100. Building B has its own ISP and an MX67.

 

We've got a connection between the two buildings between two Catalyst switches hooked up to their respective MX hardware.

End goal is simple WAN redundancy using each buildings ISP as failover. Obviously warm spare and standard HA is not possible due to mismatching MX models..What are my options here? Is any kind of manual VRRP configuration even feasible in this scenario? Admittedly my networking knowledge is in the walking stages - so forgive any ignorance on potentially obvious solutions. I'm truly confused what my next steps should be here with my current scenario.

 

Thanks for any suggestions.

0 Kudos
Subscribe
5 Replies 5
KarstenI
Kind of a big deal
Kind of a big deal
yesterday
yesterday

This is quite limited. You need to make sure that the rest of the network routes traffic to the best exit point in your network. Without an IGP on the MX, it is likely some IP SLA on the L3-switches in front of the MX to determine if the primary connection is alive. If not, the internal routing gets manipulated to route the traffic to the other buildings infrastructure.

Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
14 hours ago
14 hours ago

>End goal is simple WAN redundancy

 

It is not going to be simple.  It will be complex.

 

The simply option would be to get a second Internet connection for each site.  🙂

Subscribe
GIdenJoe
Kind of a big deal
Kind of a big deal
12 hours ago
12 hours ago

If you are routing your internal VLAN's on those MX'es then that design will not work at all.

If you have routing on an L3 switch you could have an option with a floating static route.  However with the mandatory default static route Meraki switch routing has this could be an issue to.  So in this case I would recommend a Catalyst based switch where you optionally use Meraki monitoring.

You can have a Catalyst based switch that as a floating static pointing to the secondary MX exit and have a primary route that is dependent on an IP SLA or just line protocol status.  You could even throw in some VRF's to segregate VLAN's that must traverse an MX for policies.

0 Kudos
Subscribe
Dunky
A model citizen
10 hours ago
10 hours ago

I encountered a similar situation recently.

Given there was a LAN connection between the 2 buildings and there was no technical reason for them to be separate, I merged into a single LAN (with VLANs etc where necessary), which allowed me to put an MX95 in each building and configure HA.

Don't get me wrong, it wasn't a simple task and required some detailed planning, but in essence that's what I did.

Is this an approach you could take and get 2 MX's of the same model to give you the redundancy you need?   If you kept existing subnets then you could even route each building over its existing ISP but have the backup of the ISP connection in the other building.

0 Kudos
Subscribe
Crocker
A model citizen
4 hours ago
4 hours ago

This is *probably* way over-simplifying things, but we ended up with a similar situation at a couple sites. The way we handled it was using two unused VLANs to stretch the ISP connection from building A to building B, and vice-versa. Talked to the provider(s) to have them widen the subnet a smidge to handle 2 active devices, set IP's on WAN2 on both devices.

 

So, we have ISP auto-failover for both buildings, but not warm/spare in the event we lose one of the MX's; The idea being that one of our regional spares could be easily swapped with the 'dead' MX if/when needed.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.