cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MPLS Failover to non-auto VPN

Conversationalist

MPLS Failover to non-auto VPN

Goodday,

 

We have the following situation. Our customer is connecting it's MX84 to our DC over MPLS. Besides the MPLS it has a normal fibre internet connection for traffic going outside. Since the company is located in a high density city area where huge infrastructure work is beginning with a lot of digging, they want to secure themselves for being cut off when the work hits some fibre. So, they are wondering if they can use 4G Cellular as a backup for there MPLS line. I'm referencing to the MPLS Failover to Meraki Auto VPN, but since there is no MX in our DC but an other VPN solution, my question is if this is still possible?

 

So, to be short, is it possible to use a Meraki-to-non-Meraki VPN over 4G as a possible failover for the MPLS connection?

 

 

Best regards,

 

Chris Donkelaar

7 REPLIES 7
Head in the Cloud

Re: MPLS Failover to non-auto VPN

Hi Chris

I may be completely wrong.

4G connectivity is ideal for Cloud Management I do not see them as an alternate for MPLS.

 

However if we can have public static ip and desired ports open on 4G service we may configure site to site vpn with a Non Meraki peer.

 

Note : I have never tried this configuration though.  Lets wait for more inputs from community members.

 

 

Cheers
Ajit
ajitsnw@gmail.com
https://www.linkedin.com/in/ajitkumarverma/
Conversationalist

Re: MPLS Failover to non-auto VPN

Thanks for your reply Ajit. I completely agree with you about possibilities with 4G. For now it's more that we have static routes set up in the MX for the networks in the DC. So, there need to be multiple static routes to the same destination, that can be used when the MPLS connection fails (As in the MPLS Failover to Meraki Auto VPN article). And I'm wondering if that's possible with the VPN being non-auto, to non-Meraki peer.

Kind of a big deal

Re: MPLS Failover to non-auto VPN

Yup, this should work. If you have multiple routes to the same destination they are used in the following order:

 

https://documentation.meraki.com/MX/Networks_and_Routing/MX_Routing_Behavior#Route_Priority

 

So in your case a static that routes traffic over the VPN will take precedence over the non-meraki VPN learned route. The last point to make here is that you should use the "Active" field in the MPLS static route so the route is withdrawn when connectivity to the next hop fails. This will help detect a failure in the MPLS cloud (as opposed to a direct loss of link on the interface) and fail the traffic to the non-Meraki VPN properly.

Conversationalist

Re: MPLS Failover to non-auto VPN

Thank you for your aswer and that extra article @jdsilva, explains a lot and is extremely usefull for future reference. I'll set up a PoC to make sure it works as intended, and will give you the Kudo's once it does 😉

 

Regards,

 

Chris

 

 

Kind of a big deal

Re: MPLS Failover to non-auto VPN

4G circuits usually have dynamic IP addresses.  Building a non-Meraki VPN where one end is using a dynamic IP address will probably make life difficult.

Conversationalist

Re: MPLS Failover to non-auto VPN

@PhilipDAthNot at all if the VPN setup would allow local and/or peer identifiers...

 

So, now the question is: does the MX allow you to set up identifiers on the VPN?

Kind of a big deal

Re: MPLS Failover to non-auto VPN

>So, now the question is: does the MX allow you to set up identifiers on the VPN?

 

No.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.