MX Warm Spare HA 1 ISP

PerezCarlos1
Comes here often

MX Warm Spare HA 1 ISP

Hi experts

 

I have a question regarding the architecture of Warm Spare with the MX,
I share with you my small diagram that I have, they are more AP's but I have simplified it as understandable as possible. I also tell you that I only have 1 ISP and I am close to hiring a 2nd ISP (in the future)

 

An additional MX was recently purchased from the company for redundancy and I saw that no license is required, I tried to configure it following the video by Francisco Tello (Meraki SE), attached Link


https://www.youtube.com/watch?v=UHfr90en9As

 

I tried to replicate this configuration on my network, of course with the vlans that I have on my network, but I had problems, my network goes down, maybe I'm forgetting something,

 

I don't know if they have configured it that way or if something additional has to be done. I will wait for your valuable comments.

 

PerezCarlos1_0-1718556256185.png

 

16 Replies 16
alemabrahao
Kind of a big deal
Kind of a big deal

Yes you can have only one ISP, but you need at least 2 IPs, one for each MX,  and 3 if you are considering use the VIP.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal
Kind of a big deal

Take a look at the recommended topologies l.

 

https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PerezCarlos1
Comes here often

Hi alemabrahao
Thank you for responding. If I review the document you indicate, in the attached document I only see topologies or designs with 2 ISPs, 2 MX and 2 Switches. Not with 1 Switch, 1 ISP and 2 MX.

 

What would be the step by step to follow? Because when I add the additional MX to the dashboard it automatically reads it from Warm spare, I tell you the steps I do

 

- I connect the 2nd MX Internet port directly to the ISP Router and it does not go out to the Internet even though I configure an internal IP of the internal network segment.
- Connect the LAN port of the MX to the switch and it is not recognized as L2 either.
- by no means does it recognize the 2nd MX with internet access.

 

Maybe I am making some mistake in the physical part? That's why I wanted a guide with 1 ISP, 2MX and 1 SW, to know what configuration to apply.

ww
Kind of a big deal
Kind of a big deal

Its like this but with 1 isp. It should be up and running in like 5 minutes

https://community.meraki.com/t5/Security-SD-WAN/NAT-Mode-Warm-Spare-NAT-HA-Meraki-MX-can-t-switch-Ma...

PerezCarlos1
Comes here often

It is not entirely clear, they mention that they have 2 ISPs

alemabrahao
Kind of a big deal
Kind of a big deal

The logic is the same, just disregard one of the ISPs and one of the SWs in the examples.

 

Practice leads to perfection.

 

The only thing to pay attention to is if you are using a trunk port for the LAN ports, disable the native VLAN and create a new VLAN for the warm spare, configure an MX port as an access mode in this VLAN and connect the MX ports directly.

 

Example port 4 of MX1 with port 4 of MX2.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
RaphaelL
Kind of a big deal
Kind of a big deal

I don't understand. Why would you connect both MX directly and why would you create a new vlan for that ? I'm just curious

alemabrahao
Kind of a big deal
Kind of a big deal

I've seen a few times in practice that when the port is in trunk mode with the native vlan configured, the VRRP presents instabilities.

 

The only way to solve it was to create a specific VLAN, not configure the native VLAN on the trunk and make a direct connection between the MXes.

 

I believe connecting to switches should work too.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PerezCarlos1
Comes here often

Hi 

 

Connect the MXs together, I have not seen that in any configuration guide, do you have something that details that,

The other thing that happens is that the MX (the secondary one) does not go out to the internet, I think I will first make it have a connection to the dashboard directly, without doing HA. I did the following activities

What I did were the following steps:
- I connected the 2nd MX directly to the internet port (with my ISP router) giving it a LAN IP so that it goes to the internet without any success. (for that the main MX disconnects it from the network)
- I connected the 2 MXs to my switch that I have, configured them in a vlan
- I connected the 2 MX together in the LAN ports (As if it were a switch) and I did not access the internet either

 

VRRP support MX and only switch MS120 ??

PhilipDAth
Kind of a big deal
Kind of a big deal

Each MX can use a different ISP, but this does impact some HA functionality (such as inbound NAT).

 

What type of connection do you have?  A routed /29, PPPoE, or something else?

PerezCarlos1
Comes here often

Hi

I only have one ISP, as I drew it in my topology

But I want to know how the second MX would enter, what the physical connection that I would have to make would be, the tests I did were unsuccessful according to what I described,

That's why I was looking for a guide with 1 ISP (1 public IP) - 2 MX and 1 Switch

Has anyone made a similar configuration?

 

In other forum posts I saw that at some point they connected the MXs to each other for the HA but there were STP problems. And it was not advisable to do that.

 

PerezCarlos1_0-1718576705005.png

 

PerezCarlos1
Comes here often

I have an ISP modem from the provider, it must be /30, I still launched the query and below I have the current MX

Shubh3738
Building a reputation

Hi @PerezCarlos1 , You can use below topology:

 

Shubh3738_0-1718628566979.png

 

PerezCarlos1
Comes here often

Hi Shubh3738

current topology

 

PerezCarlos1_0-1718640384979.png

Regarding this, could you tell me what changes to make in my network,? 😞 

Shubh3738
Building a reputation

Its looking good, but for HA you need two MX and 2 Switches( Meraki /Non-meraki).

 

Physical connection already mention in above given diagram.

Shubh3738
Building a reputation

Also, 2 ISP's with minimum 3 public ip addresses.( 1 for primary,2nd for Secondary one for Virtual)

 

Additionally, for best practice we required one more public ip address from each ISP for the ISP switch(meraki switch)  i.e need to install above Firewall).

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels