Meraki

Community

Installing and configuring a Warm Spare to a diverse routed WAN

Solved
Steve-Potter
Getting noticed
‎Jun 28 2022 9:39 AM
‎Jun 28 2022 9:39 AM

Installing and configuring a Warm Spare to a diverse routed WAN

Currently I have a simple network, BT Fibre + vDSL  to a MX85 and a MS Switch Stack

 

Our ISP is upgrading us to a diverse routed pair of fibre connections via a pair of routers with VRRP terminating in a L2 switch (actually a Meraki Go 24 port switch)

 

I am also adding a MX85 warm spare (was going to be much later on but was delivered early)

Is it best just to follow the configuration guides and connect to the switch on both ports of each MX85 to the L2 switch and Lan ports to the Switch Stack

With the new fibre install I have 3 IP's per subnet, and I would lose another 1 of each subnet if I went the virtual IP VRRP method with the MX's

 

Is there a way to miss out the L2 switch and go direct from routers to MX's?

anyone suggest the best way to do this, (or simplest as I am by no means expert)

New Broadband Network.jpeg

 

0 Kudos
1 Accepted Solution
Brash
Kind of a big deal
Kind of a big deal
‎Jun 28 2022 11:08 AM
‎Jun 28 2022 11:08 AM

This looks pretty sound. You could look at stacking the L2 switch on the WAN side to avoid the single point of failure but other than that it looks about right.

You also have some options of removing the L2 WAN switch and plugging direct to the MX, or removing VRRP and having a single access on the ISP edge, each of which would come with advantages and disadvantages.

View solution in original post

10 Replies 10
Brash
Kind of a big deal
Kind of a big deal
‎Jun 28 2022 11:08 AM
‎Jun 28 2022 11:08 AM

This looks pretty sound. You could look at stacking the L2 switch on the WAN side to avoid the single point of failure but other than that it looks about right.

You also have some options of removing the L2 WAN switch and plugging direct to the MX, or removing VRRP and having a single access on the ISP edge, each of which would come with advantages and disadvantages.

PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 28 2022 11:54 AM
‎Jun 28 2022 11:54 AM

Does the OneAccess router have a four-port switch built into it?  If so, you could plug each MX directly into each OneAccess router and avoid the ISP switch (and the single point of failure).

 

It is not compulsory to use a VIP for the MX WAN interfaces.  I would say I use a VIP address maybe 50% of the time.  You'll want a VIP address if:
* You are using non-Meraki VPNs

* You want fast failover of client VPN

* You want outbound traffic to the Internet to appear to be coming from a single public IP address

Otherwise, there is no need for a VIP address.

In response to PhilipDAth
cmr
Kind of a big deal
Kind of a big deal
‎Jun 28 2022 4:08 PM
‎Jun 28 2022 4:08 PM

We use a different reseller's version of Openreach R02, which is what I believe BT Diverse Plus is based on.  In our case the equivalent of the One Access router is an ADVA where each service is handed off on a single port.  What we do is use an unmanaged 5 port switch to split each WAN to the two MXs.  Works well, is cheap and removes the single point of failure.  It looks like you might be using the BT MPLS solution as managed BGP failover is mentioned, or is this a direct internet access circuit?

If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to cmr
Steve-Potter
Getting noticed
‎Jun 29 2022 1:33 AM
‎Jun 29 2022 1:33 AM

isn't the 5 port switch a single point of failure? or have you two one for each router? 

The Internet is by Gamma using OpenReach diverse Plus fibre routes and they own up to the ports of the OneAccess routers.

 

 

 

0 Kudos
In response to Steve-Potter
cmr
Kind of a big deal
Kind of a big deal
‎Jun 29 2022 1:42 AM
‎Jun 29 2022 1:42 AM

@Steve-Potter we have two, one for each router.  I'd ask Gamma if the OneAccess routers can present the service on 2 ports as @PhilipDAth said, our ISP cannot, but it may well be different for you.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to cmr
Steve-Potter
Getting noticed
‎Jun 29 2022 2:40 AM
‎Jun 29 2022 2:40 AM

Thanks all for the info and help

Just had info back from Gamma, each has two ports as per diagram. (they) say the L2 switch is required for the VRRP packets, but I wonder if they couldn't just use an interconnect between each for VRRP... something I will discuss with their tech support.

 

Still I guess I can add another L2 switch and link them together across two ports each letting STP stop the loop. 

0 Kudos
In response to PhilipDAth
Steve-Potter
Getting noticed
‎Jun 29 2022 1:25 AM
‎Jun 29 2022 1:25 AM

Not sure on the OneAccess routers yet as they haven't been delivered, BT are outside blowing the new fibre in as we speak..

The supplier is Gamma and its their network & BGP. I think the only time we need a specific ip address outbound is for access to our website management portal but I think we could add the second IP to that access list.

 

0 Kudos
In response to Steve-Potter
cmr
Kind of a big deal
Kind of a big deal
‎Jun 29 2022 1:43 AM
‎Jun 29 2022 1:43 AM

It looks like you only get one circuit or the other, is that the case, we use ours as active-active which helps with the ever growing bandwidth requests!

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to cmr
Steve-Potter
Getting noticed
‎Jun 29 2022 2:41 AM
‎Jun 29 2022 2:41 AM

Yes same here active/active only 200Mb on each but scope to go to 2GB

 

0 Kudos
Steve-Potter
Getting noticed
‎Jun 29 2022 5:06 AM
‎Jun 29 2022 5:06 AM

Is this the correct method, or one of them. 

New Broadband Network 2.jpeg

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.