MX 250 HA cable connection and network design

ken88
Just browsing

MX 250 HA cable connection and network design

hello, 

I have an old MX250 for several years. now I purchased another MX250 for reduntancy only in case of this MX250 HW failure.

 

I have two ISP dedicated internet connection, and I am using two lines at the same time with load balance policy.  and each ISP just give me one public IP address only. 

 

 

so Maybe I just connect ISP's incoming cable connection to one of my switch, and then connect my WAN port to the switch,and Can the MX250 auto switch to use the only one public IP address  automatically ?

 

If WAN1 or WAN2 failed, still use the old MX.

if OLD MX failed, then dashboard can switch to the new MX, WAN1 and WAN2 in the new MX will re-use those ISP public address.

 

Can this kind of design  work ?   

 

Thanks

 

 

4 REPLIES 4
cmr
Kind of a big deal
Kind of a big deal

Not really, it you want HA you need at least 2 IPs per ISP

KarstenI
Kind of a big deal
Kind of a big deal

As @cmr mentioned, for a clean HA-design you need a /29 subnet from the ISPs. But if this is completely out of possibility (really? Have you asked the ISPs?) then you could put two Ethernet-routers with NAT in front of the MXes. These routers handle the NAT to the outside and provide private IP networks to the inside so that both MXes can have IP addresses. In this case I would let the support enable the "nat-exemption" and configure static routes on the external routers just to avoid the double NAT. It will typically work with double NAT, but I would consider that a really dirty implementation that I personally do not like.

ken88
Just browsing

Thanks@karstenl and  @cmr ,   that's very bad of meraki's HA solutions.

I setup HA just in case of old MX250 broken.  I don't want to introduce another router for NAT (between MX and ISP)to make network more complex, our MX250 act as NAT gateway already, double NAT is really bad.

 

If connect the same cable together, put the new MX250 into disable state, once the old MX250 broken and we received the alert email,  we enabled the new MX250 from the dashboard, and disabled the old MX250.  Is this kind of solutions OK?   we can accept one or two hours network interrupt in our office.

KarstenI
Kind of a big deal
Kind of a big deal

Here I would probably prefer a cold standby setup. If the first one fails, the MX is just taken out of the network and the new one is inserted. The config gets fetched from the dashboard and you are online again.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels