MX WAN Failure

ganeshjadhav
Here to help

MX WAN Failure

I have Cisco Meraki MX95 and we have have two ISP now both are are working, Once my primary ISP link goes down then Secondary ISP take over but its took some time like 5-10 minutes, We wants to ISP link failover within a second.

We need to resolve this issue take over within a second. What we need to change in MX ?

2 Replies 2
ww
Kind of a big deal
Kind of a big deal

GreenMan
Meraki Employee
Meraki Employee

This is expected behaviour:   https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Connection_Monitoring_for_WAN_Failo...


If you are operating with MX to MX AutoVPN tunnels then you can use SD-WAN policies to shuffle important tunnelled sessions across to the secondary WAN link very quickly (seconds).  https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/SD-WAN_and_Traffic_Shaping#SD-WAN_p...
For Internet-bound traffic, you can use SD-Internet policies to ensure that new flows are generated, originating from the secondary WAN link, more quickly (c. 30 seconds after the primary fails ) https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/...
The SD-WAN+ MX license is required for this feature (required for all MXs in the Dashboard Organization)

   

Remember that untunnelled traffic flows are NATed to the outside address of the MX.   This session must therefore change source IP address to use the secondary WAN, so must be entirely re-initiated - thus seamless failover is not an option, regardless of configuration.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels