MPLS Failover to non-auto VPN

ChrisDonkelaar
Conversationalist

MPLS Failover to non-auto VPN

Goodday,

 

We have the following situation. Our customer is connecting it's MX84 to our DC over MPLS. Besides the MPLS it has a normal fibre internet connection for traffic going outside. Since the company is located in a high density city area where huge infrastructure work is beginning with a lot of digging, they want to secure themselves for being cut off when the work hits some fibre. So, they are wondering if they can use 4G Cellular as a backup for there MPLS line. I'm referencing to the MPLS Failover to Meraki Auto VPN, but since there is no MX in our DC but an other VPN solution, my question is if this is still possible?

 

So, to be short, is it possible to use a Meraki-to-non-Meraki VPN over 4G as a possible failover for the MPLS connection?

 

 

Best regards,

 

Chris Donkelaar

7 Replies 7
AjitKumar
Head in the Cloud

Hi Chris

I may be completely wrong.

4G connectivity is ideal for Cloud Management I do not see them as an alternate for MPLS.

 

However if we can have public static ip and desired ports open on 4G service we may configure site to site vpn with a Non Meraki peer.

 

Note : I have never tried this configuration though.  Lets wait for more inputs from community members.

 

 

Regards,
Ajit
AjitsNW@gmail.com
www.ajit.network
ChrisDonkelaar
Conversationalist

Thanks for your reply Ajit. I completely agree with you about possibilities with 4G. For now it's more that we have static routes set up in the MX for the networks in the DC. So, there need to be multiple static routes to the same destination, that can be used when the MPLS connection fails (As in the MPLS Failover to Meraki Auto VPN article). And I'm wondering if that's possible with the VPN being non-auto, to non-Meraki peer.

jdsilva
Kind of a big deal

Yup, this should work. If you have multiple routes to the same destination they are used in the following order:

 

https://documentation.meraki.com/MX/Networks_and_Routing/MX_Routing_Behavior#Route_Priority

 

So in your case a static that routes traffic over the VPN will take precedence over the non-meraki VPN learned route. The last point to make here is that you should use the "Active" field in the MPLS static route so the route is withdrawn when connectivity to the next hop fails. This will help detect a failure in the MPLS cloud (as opposed to a direct loss of link on the interface) and fail the traffic to the non-Meraki VPN properly.

ChrisDonkelaar
Conversationalist

Thank you for your aswer and that extra article @jdsilva, explains a lot and is extremely usefull for future reference. I'll set up a PoC to make sure it works as intended, and will give you the Kudo's once it does 😉

 

Regards,

 

Chris

 

 

PhilipDAth
Kind of a big deal
Kind of a big deal

4G circuits usually have dynamic IP addresses.  Building a non-Meraki VPN where one end is using a dynamic IP address will probably make life difficult.

ChrisDonkelaar
Conversationalist

@PhilipDAthNot at all if the VPN setup would allow local and/or peer identifiers...

 

So, now the question is: does the MX allow you to set up identifiers on the VPN?

PhilipDAth
Kind of a big deal
Kind of a big deal

>So, now the question is: does the MX allow you to set up identifiers on the VPN?

 

No.

Get notified when there are additional replies to this discussion.