cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MPLS failover to Meraki auto-vpn

Highlighted
Here to help

MPLS failover to Meraki auto-vpn

Silly question time...

 

Currently have a pair of MX600's in Passthrough mode acting as the VPN concentrater. I am advertising the 'local subnets' as the 3 RFC1918 IP blocks .

 

My question is, should the static routes for my branch sites (which have the MPLS connected via the MX LAN port) match the local subnets advertised from the MX600? so that I see '2 routes' in the branch mx routing table? 

 

OR

 

Should the static routes be more specific (say 172.16.0.0/13 & 172.24.0.0/13) at the branch site

 

OR does it not matter?

 

Many Thanks

10 REPLIES 10
Highlighted
Kind of a big deal

Re: MPLS failover to Meraki auto-vpn

MX's will use the available routes in the following order:

 

https://documentation.meraki.com/MX/Networks_and_Routing/MX_Routing_Behavior#Route_Priority

 

  1. Directly Connected
  2. Client VPN
  3. Static Routes
  4. AutoVPN Routes
  5. Non-Meraki VPN Peers
  6. NAT

 

More coming.... The forum is throwing an error on me... Standby

Highlighted
Kind of a big deal

Re: MPLS failover to Meraki auto-vpn

image.png

 

@CarolineS @MeredithW  Any idea what's going on here ^^

Highlighted
Community Manager

Re: MPLS failover to Meraki auto-vpn

@jdsilva - WEIRD. Let me check our filters.

Caroline S | Community Manager, Cisco Meraki | @merakicaroline
New to the community? Get started here
Community Manager

Re: MPLS failover to Meraki auto-vpn

Hm, @jdsilva - I found (and adjusted) one filter that may have had some overly-aggressive wildcards. Try again?

Caroline S | Community Manager, Cisco Meraki | @merakicaroline
New to the community? Get started here
Highlighted
Kind of a big deal

Re: MPLS failover to Meraki auto-vpn

image.png

 

Slightly different error, but still no dice 😞

Highlighted
Kind of a big deal

Re: MPLS failover to Meraki auto-vpn

In addition, for any device that routes, not just Meraki, the longest matched prefix will always be used for a given decision. E.g. if you have a packet with destination of 192.168.1.1 and there's 2 routes in the routing table of 192.168.1.0/24 and 192.168.0.0/23 the /24 will be used to route the packets as it has a longer prefix (is more specific).

Highlighted
Kind of a big deal

Re: MPLS failover to Meraki auto-vpn

@jdsilva works for me ;).

Highlighted
Kind of a big deal

Re: MPLS failover to Meraki auto-vpn

@CarolineS ! What the heck is this?!?!? You're censoring me and not @BrechtSchamp ?!?!

 

I DEMAND TO BE TREATED EQUALLY!!!

 

😉

Highlighted
Community Manager

Re: MPLS failover to Meraki auto-vpn

Oh SHOOT you figured it out, @jdsilva! We thought we were so sneaky with our censorship. :-P.

 

Sorry about the troubles posting!! My best guess about that 2nd error message is that it's related to our spam-flood controls - if you were editing & re-posting rapidly, that mechanism could be triggered.

 

Apologies for hijacking this thread w/ community-posting issues. Hopefully they are resolved now! 

Caroline S | Community Manager, Cisco Meraki | @merakicaroline
New to the community? Get started here
Highlighted
Kind of a big deal

Re: MPLS failover to Meraki auto-vpn

In addition, for any device that routes, not just Meraki, the longest matched prefix will always be used for a given decision. E.g. if you have a packet with destination of 192.168.1.1 and there's 2 routes in the routing table of 192.168.1.0/24 and 192.168.0.0/23 the /24 will be used to route the packets as it has a longer prefix (is more specific). 

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.