MX HA with Multiple Downstream Customers

JEdwards-Etex
Conversationalist

MX HA with Multiple Downstream Customers

As an ISP, we are installing 2 MX-450 Firewalls in HA to connect various managed WiFi networks.  These mostly consist of outdoor WiFi installations for RV parks where there's not a convenient place on-site to host the router.  In this scenario, we are taking a 1G ethernet handoff with associated VLANs for the customer's network and trunking them through our network to the customer premise, connect at the end through our Calix, ring protected access gear.

 

My current concern is that if just LAN3 drops on the Active MX, we would not see the Passive MX transition to Active, either in whole or just for the VLANs on LAN3.

 

Does anyone have an understanding of the expected behavior if only 1 Interface or subset of VLAN drops?  If I need to add more description to the diagram, please advise.

 

MX-450 VRRP.png

3 Replies 3
RaphaelL
Kind of a big deal
Kind of a big deal

Hi ,


Your diagrams are clear. To my understanding the whole MX would flip to the failover. 

 

Upon reading the documentation : https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair and https://documentation.meraki.com/MX/Networks_and_Routing/Routed_HA_Failover_Behavior#VRRP_Mechanics_...  I don't see failover per-Vlan or Vlan based.  Also you can't do a failover per-vlan in the dashboard so I don't think it is possible.

 

I will let the MX guru correct me If I'm wrong. 

I could also test it in a lab. You would have to prune the vlans on the downstream swich so that the heartbeats on said vlan don't reach the other MX.

JEdwards-Etex
Conversationalist

If it were failover were to occur when 1 VLAN goes down, I would be ok with this "all-or-nothing" scenario.  But if it is -all- VLANs have to stop responding before a failover, I may have to reassess.

 

What is concerning to me is the following quote from documentation.  Do I read this as "any VLAN" meaning any one or as all?  Immediately my brain reads it as all VLANs have to fail before a failover even occurs.  But I can also convince myself that a failover will occur if any one fails.

 

(https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair).  I know I could also manually force failover if needed.

 

"LAN failover: The two appliances share health information over the network via the VRRP protocol. These VRRP heartbeats occur at layer two and are performed on all configured VLANs. If no advertisements reach the spare on any VLAN, it will trigger a failover. When the warm spare begins receiving VRRP heartbeats again, it will relinquish the active role back to the primary appliance."

Ryan_Miles
Meraki Employee
Meraki Employee

VRRP is sent on all configured VLANs on the LAN ports (in NAT routed mode). So, it does mean all VRRP  packets (on all/any VLANs) would need to stop being seen by the MXs in order to transition the master role.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels