MPLS failover to Meraki auto-vpn

stroighne
Here to help

MPLS failover to Meraki auto-vpn

Silly question time...

 

Currently have a pair of MX600's in Passthrough mode acting as the VPN concentrater. I am advertising the 'local subnets' as the 3 RFC1918 IP blocks .

 

My question is, should the static routes for my branch sites (which have the MPLS connected via the MX LAN port) match the local subnets advertised from the MX600? so that I see '2 routes' in the branch mx routing table? 

 

OR

 

Should the static routes be more specific (say 172.16.0.0/13 & 172.24.0.0/13) at the branch site

 

OR does it not matter?

 

Many Thanks

10 REPLIES 10
jdsilva
Kind of a big deal

MX's will use the available routes in the following order:

 

https://documentation.meraki.com/MX/Networks_and_Routing/MX_Routing_Behavior#Route_Priority

 

  1. Directly Connected
  2. Client VPN
  3. Static Routes
  4. AutoVPN Routes
  5. Non-Meraki VPN Peers
  6. NAT

 

More coming.... The forum is throwing an error on me... Standby

jdsilva
Kind of a big deal

image.png

 

@CarolineS @MeredithW  Any idea what's going on here ^^

CarolineS
Community Manager

@jdsilva - WEIRD. Let me check our filters.

Caroline S | Community Manager, Cisco Meraki
New to the community? Get started here
CarolineS
Community Manager

Hm, @jdsilva - I found (and adjusted) one filter that may have had some overly-aggressive wildcards. Try again?

Caroline S | Community Manager, Cisco Meraki
New to the community? Get started here
jdsilva
Kind of a big deal

image.png

 

Slightly different error, but still no dice 😞

In addition, for any device that routes, not just Meraki, the longest matched prefix will always be used for a given decision. E.g. if you have a packet with destination of 192.168.1.1 and there's 2 routes in the routing table of 192.168.1.0/24 and 192.168.0.0/23 the /24 will be used to route the packets as it has a longer prefix (is more specific).

@jdsilva works for me ;).

@CarolineS ! What the heck is this?!?!? You're censoring me and not @BrechtSchamp ?!?!

 

I DEMAND TO BE TREATED EQUALLY!!!

 

😉

CarolineS
Community Manager

Oh SHOOT you figured it out, @jdsilva! We thought we were so sneaky with our censorship. :-P.

 

Sorry about the troubles posting!! My best guess about that 2nd error message is that it's related to our spam-flood controls - if you were editing & re-posting rapidly, that mechanism could be triggered.

 

Apologies for hijacking this thread w/ community-posting issues. Hopefully they are resolved now! 

Caroline S | Community Manager, Cisco Meraki
New to the community? Get started here
jdsilva
Kind of a big deal

In addition, for any device that routes, not just Meraki, the longest matched prefix will always be used for a given decision. E.g. if you have a packet with destination of 192.168.1.1 and there's 2 routes in the routing table of 192.168.1.0/24 and 192.168.0.0/23 the /24 will be used to route the packets as it has a longer prefix (is more specific). 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels