cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX Gateway Sizing Questions

Highlighted
Getting noticed

MX Gateway Sizing Questions

Scenario 1:  For 2000 endpoints (Z3C's), will I be hitting a limit for the MX250 (HA) as the gateway?  Don't believe will have room to grow.  Maybe better to go with the MX450?

 

Scenario 2:  For 6000 endpoints (Z3C's), should be ok with MX450 (HA) as the gateway? 

 

Appreciate the help with this due diligence.

1 REPLY 1
Highlighted
Getting noticed

Re: MX Gateway Sizing Questions

Scenario 1:  For 2000 endpoints (Z3C's), will I be hitting a limit for the MX250 (HA) as the gateway?  Don't believe will have room to grow.  Maybe better to go with the MX450?

 

Well, it depends.

According to MX Sizing Guide, MX250 could accept maximum 3000 concurrent VPN tunnels. So 2000 endpoints are about 60% of capacity, so it could be ok. But you must consider how much VPN traffic will occur. If 1000 endpoints are generating more than 1Gbps, MX250 will max out even concurrent VPN tunnels are way below it's capacity. Therefore, if 2000 endpoints generates more that MX250's VPN throughput, you have to consider going to MX450.

 

 

Scenario 2:  For 6000 endpoints (Z3C's), should be ok with MX450 (HA) as the gateway? 

 

Might be okay, but I recommend to use two MX450 HA sets.

Although you use HA pair, only primary MX will do everything. That means all 6000 tunnels will be handled by single MX450, and it's about 20% more than MX450's maximum capacity. Therefore, use two MX450 and connect 3000 endpoints per one MX. (I'm using this method one of my organizations with one MX100 pair and one MX84 pair to split traffic that MX have to deal with.)

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.