I have an MX64 that is configured as a spoke (192.168.95.0/24) to two hubs:
HUB1 is a MX64 that only has its local LAN (192.168.93.0/24)
HUB2 is my core MX400 from here I advertise all private address spaces: (large MPLS network)
I want traffic sourced from the spoke(192.168.95.0/24) to go directly to the 192.168.93.0/24(HUB1) network. The problem is it is traversing HUB2 to get there.
When traffic is sourced from HUB1 to the spoke it works correctly.
I was assuming that the more specific route would be chosen? That 192.168.93.0/24 would take priority over 192.168.0.0/16. I also have HUB1 listed first. Not sure what I am missing here...
All routes are green in the route table.
Also, a simpler question: Not having a default route selected will dump all public traffic out the local internet connection, correct? I don't want to move that traffic across a VPN.
Thanks in advance for you help.
On your Spoke go "Security Appliance/Route Table".
That will show you how it is going to route the traffic back to the hubs. Is the routing table correct her for traffic going to HUB1?
Another twist you could try is making this single spoke a hub and see if that has any impact.
My personal guess is that the spoke will only connect to the primary hub, and wont connect to the second hub unless the primary is down.
How about trying the following?
Look at the following red square. If you specify one device to be your default route, all traffic will be routed there by default.
As for getting your internet traffic over the WAN internet interface, perhaps the following Allow ACL list would fix that:
How about setting up the spoke site as a hub. If you only have 3 sites then the only reason to have a spoke is to force internet traffic over the SD-WAN to the hub. As you want it to go out of the WAN port directly, changing the spoke to a hub fixes that as well.