Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX-105 BGP deployment as Edge(y) device

Solved
StephenSureau
Conversationalist
‎Feb 2 2024 8:49 AM
‎Feb 2 2024 8:49 AM

MX-105 BGP deployment as Edge(y) device

Hi,

 

I work for a state agency where we must procure our WAN connections via another state agency that handles a lot of services for the state. We also aren't allowed to roll our own vpn or SD-WAN due to this regulation which seems like it may be a sticking point for using the MX. The rest of my network infrastructure is comprised of Meraki switches so I looked into the MX when I needed to replace the cisco layer 3 switch providing our connection to their network and our WAN connection. CDW assured me it would work for my situation and so I purchased some for our different office locations. It looks like routed mode would be best for my situation but I read that this would cause the MX to NAT traffic to it's WAN connection interface which wouldn't be good. I'm a bit lost as how to proceed and will be opening a ticket with Meraki but thought I would ask here as well. 

 

My topology will be mx.JPG

0 Kudos
Subscribe
1 Accepted Solution
In response to alemabrahao
Ryan_Miles
Meraki Employee
Meraki Employee
‎Feb 2 2024 1:52 PM
‎Feb 2 2024 1:52 PM

Routed mode BGP is new in 18.2 and does support peering on the WAN and LAN. Still basically in beta and requires Support to enable it today.

 

Some design examples are shown here https://documentation.meraki.com/MX/Networks_and_Routing/Border_Gateway_Protocol_(BGP)#Scenario_4:_R...

 

I'd recommend you talk through the design requirements/goals with your Meraki SE. From what I gather from this thread I'm not sure you were given proper guidance from the partner or perhaps they didn't understand your requirements. 

View solution in original post

Subscribe
8 Replies 8
alemabrahao
Kind of a big deal
Kind of a big deal
‎Feb 2 2024 8:53 AM
‎Feb 2 2024 8:53 AM

Here is some information.

 

  • Mixed operation of MX14 and MX15/16 networks is NOT supported
  • IPv6 is currently only supported in One-Armed Concentrator mode
  • To enable routed mode BGP there are two requirements:
    • MX must be running MX 18.205 or higher firmware, 
    • You will also require the MX to be put into No-NAT mode, please reach out to support to have this enabled. 

https://documentation.meraki.com/MX/Networks_and_Routing/Border_Gateway_Protocol_(BGP)

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
In response to alemabrahao
StephenSureau
Conversationalist
‎Feb 2 2024 9:34 AM
‎Feb 2 2024 9:34 AM

Thanks so much for the info on the No-NAT mode! That is very helpful I appreciate it. Luckily not running ipv6 so that isn't an issue for this deployment. I'll be running one MX-105 at our main office and MX-85s at our satellite offices. We also have two data centers and Azure which we connect to as well just for context. Any ideas on how to configure this on the MX to work as I wish?

0 Kudos
Subscribe
In response to StephenSureau
StephenSureau
Conversationalist
‎Feb 2 2024 9:35 AM
‎Feb 2 2024 9:35 AM

Specifically I was wondering about the Auto-VPN portion that needs to enabled in order to use BGP. Is there a way to leverage this without actually routing any traffic to the vpn? Also if the vpn tunnels goes down will BGP also go down for the rest of the routing? Thanks

0 Kudos
Subscribe
In response to StephenSureau
alemabrahao
Kind of a big deal
Kind of a big deal
‎Feb 2 2024 9:40 AM
‎Feb 2 2024 9:40 AM

The documentation has some scenarios, have you checked them out?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
StephenSureau
Conversationalist
‎Feb 2 2024 9:52 AM
‎Feb 2 2024 9:52 AM

Yes I've been over them and all the documentation I could find but none of the scenarios seem that close to mine. I see that the routed mode scenario 4 is likely the closest to my scenario but I won't be using the vpn at all. My LAN will be connected via one of the LAN ports and all that traffic needs to route through the MX device. All the LAN traffic will be routed to the MX via our Palo Alto on site. The WAN connection will be connected to 4 BGP peers for our uplink/WAN. So really all the MX needs to do is have a static route to the Palo Alto for all 10.2.0.0/16 (LAN space) and handle route distribution on the WAN connection. I may introduce more features later on if the MX handles the traffic as I expect it should but I need to get it's main function operational.

0 Kudos
Subscribe
In response to StephenSureau
alemabrahao
Kind of a big deal
Kind of a big deal
‎Feb 2 2024 10:02 AM
‎Feb 2 2024 10:02 AM

To be honest, as far as I know, just like OSPF, BGP is just for routing traffic within SD-WAN, so I believe that MX will not meet what you want.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
Ryan_Miles
Meraki Employee
Meraki Employee
‎Feb 2 2024 1:52 PM
‎Feb 2 2024 1:52 PM

Routed mode BGP is new in 18.2 and does support peering on the WAN and LAN. Still basically in beta and requires Support to enable it today.

 

Some design examples are shown here https://documentation.meraki.com/MX/Networks_and_Routing/Border_Gateway_Protocol_(BGP)#Scenario_4:_R...

 

I'd recommend you talk through the design requirements/goals with your Meraki SE. From what I gather from this thread I'm not sure you were given proper guidance from the partner or perhaps they didn't understand your requirements. 

Subscribe
In response to Ryan_Miles
Ryan_Miles
Meraki Employee
Meraki Employee
‎Feb 7 2024 12:43 PM
‎Feb 7 2024 12:43 PM

Wanted to clarify one bit. BGP on the LAN side of the MX doesn't require Support involvement. With firmware 18.2 on a supported hardware model this BGP can be enabled. BGP on the WAN side is what requires Support enablement at the moment.

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.