MX Sizing - Total Number of Users or Total Bandwidth Allocated?

Bjron
Comes here often

MX Sizing - Total Number of Users or Total Bandwidth Allocated?

Hi Experts,

I am new to Meraki, and confused about selection of Models of our multiple branches.

We are planning to select SEC licenses with proper firewall/security feature implementations. 

 

We have approx. two types branches, 

  1. Type1: Users approx. 500 or Less with Internet BW between 50Mbps to ~150Mbps
  2. Type2: Users approx. 500 to 1000 with Internet BW between 100Mbps to ~250Mbps

Local partner suggest that for

 

  1. Type1 users, Meraki MX68 or by Maximum MX75 is sufficient for handling the load of ~500 users, because allocated internet bandwidth is on lower side here w.r.t MX68/MX75. And there will be not performance impact. But the official document says, MX95 is right choice for 500 users. 
  2. Type2 user, Meraki MX95 or by maximum MX105 is sufficient for handling the load of ~1000 users, because allocated internet bandwidth is on lower side here w.r.t MX95/MX105. And there will be no performance impact. But the official document says, that MX250 should be right choice for 2000 user...

 

Question: 

  1. For performance benchmarking, Meraki appliance take care of total number of active users? or internet bandwidth terminated on MX-Appliance?
  2. If internet bandwidths are on lower side, MX-Appliance can handle the load of higher users than its capacity mentioned in sizing guide?

 

Regards,

Bjron

6 REPLIES 6
DHAnderson
Head in the Cloud

I am not sure how you company capitalizes equipment, but it is probably over 5 years.  So, if you are expecting any type of growth over 5 years, it is better to start a bit larger than undersized.  Also, while today's internet speed is not reasonably priced Gigabyte in many places now, in 5 years that could be a different story.

 

One additional thought.  I don't know how much of your traffic is to cloud based applications and services.  Again, 5 years from now, that could change dramatically.

 

- Dave

Dave Anderson
ww
Kind of a big deal
Kind of a big deal

It also depends how your traffic  will flow.

 

 If you using vlans on the mx to use security and fw rules between vlans then i would look at the active user count. And then you maybe want 10Gbit connection to the lan side

 

If you just want to use it as internet router and most flows never leave you  switches. Then you can consider using a bit lower model. But dont cheap out to much and design for the future like @DHAnderson says

Bruce
Kind of a big deal

You mention a lot about expected internet bandwidths, but not much about WAN? One of the primary use cases we see with the MX is for SD-WAN. Are you going to be using them for SD-WAN (now or future), or is your use case only for internet perimeter? Do you have a WAN at the moment, is it MPLS-based, could you make savings moving to SD-WAN?

 

At the end of the day, as everyone else has said I wouldn’t be skimping on the MX sizing. I’d be very reluctant to use an MX68 or MX75 for a site of 500 users (I also find it hard to believe 500 users could only require ~150Mbps of bandwidth (but I don’t know your use case). Think carefully about your traffic flows and where your VLAN Layer 3 interfaces are. Although some of the figures in the sizing guide may be applicable to only traffic heading out the WAN port (e.g. Max throughput
with all security features enabled), others will have an impact on inter-VLAN traffic if your Layer 3 interfaces are hosted on the MX (e.g. Max stateful (L3) firewall throughput in NAT mode).


The other parameters which will impact performance, and which Meraki don’t provide figures around, is the number of concurrent sessions across the device, and the rate that these are established and torn down. This is in line with the ‘simple’ approach Meraki uses, and I’d imagine is encompassed in the recommended client count.

 

I’d suggest making use of the free trial gear through your local Meraki rep if you can, and do some performance testing to make sure you get the right size - in this instance it will be the only way to be sure.

cmr
Kind of a big deal
Kind of a big deal

@Bjron looking at the load on our MXs I don't think you'll get a good experience with the smaller models you are hoping to use. 

 

For the <500 user site I would go with an MX85 as an absolute minimum and prefer an MX95 if you are going to use the advanced license.  WIth Meraki, new features are introduced all the time and they do increase the load on the MX so you don't want to start right on the edge.  The recent change from 15.42 to either 15.43+ or 16.x increases the utilisation spikes by as much as 50% depending on what features you have enabled and how many client floes need to be identified by NBAR etc.

 

For the 1000 user site I would spec an MX250 as the minimum, I wouldn't go below that if you are using the advanced license and to be honest with that many users I'd recommend an MX250 even on the enterprise license.

 

Nobody appreciates an overloaded firewall!

DHAnderson
Head in the Cloud

I agree with @cmr.. I would go with the MX95 and the MX250.

 

- Dave

Dave Anderson
PhilipDAth
Kind of a big deal
Kind of a big deal

This is the Meraki MX sizing guide (so you can come to your own conclusions).

https://meraki.cisco.com/product-collateral/mx-sizing-guide/?file 

 

The MX needs to track the state of every device flowing through, and this requires a bit of RAM and CPU grunt.

 

Only get an MX68 if you like having crashes, intermittent outages, lots of grief and no support from Meraki because you haven't followed the sizing guide.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels