Been taking on a few bigger projects since one of our Network Engineers took a position with another company. Not complaining, actually enjoying. Learning a lot.
Project I have now is to swap a single MX80 with a setup of two MX100s in HA pair.
Questions I have:
I'm looking out laying out the IP addresses. Currently only one ISP involved. Am I correct that I need 4 public IPs for this setup?
One IP for WAN1 which will be the networks public IP
Two more Public IPs. One for each port on the MX devices.
One for the Virtual IP that is shared between both MX devices.
Do the IPs for the ports and for the virtual IP need to be public IPs?
Thanks in advance for any help. Didn't realize this was going to a HA setup until the hardware arrived today.
https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair
Solved! Go to solution.
If you use 3 IPs, one for the virtual one that moves between the devices then you should be fine, there is minimal packet drop during this. If you use only two IPs then they don't migrate and you will have issues for what you are trying to achieve.
You need a minimum of 1 public IP for each MX - so two to make a workable config.
Ideally if you can get 3 public IPs in the same subnet then you can enable the "virtual IP" feature (which is shared by the MXs), but this is not a compulsory requirement.
Hey @Jwiley78,
You need a minimum of 3, max of 4.
These don't need to be public, but they do need reachability to the Internet, and should all be in the same subnet.
The physical WAN IP's are so each MX can maintain a connection to the Meraki Cloud. The optional VIP is used to provide stateful NAT failover. If you do not require statful NAT failover then you can omit this IP and just go with the IP for each physical WAN port.
I need to ensure that if failover occurs that the public IP does not change due to some NAT configured on the devices.
Currently, I have 4 available public IPs but would like to figure out how to do it with as minimal as possible. We will be rolling this out to other locations soon and I don't think I will have that many available IPs at all locations.
If you use 3 IPs, one for the virtual one that moves between the devices then you should be fine, there is minimal packet drop during this. If you use only two IPs then they don't migrate and you will have issues for what you are trying to achieve.
Okay, it's been a crazy couple weeks with my other network engineer leaving the company. I'm finally getting around to working on the HA failover setup. I think I have it mostly done. Quick question:
The WAN IP will be your public IP while on the network correct? The VIP is just a failover IP.
I also realized since I only have 1 ISP right now it looks like I only need two public IP addresses. One for the shared IP and the WAN IP.
@Jwiley78 the virtual !P is the one you will appear to be coming from to the rest of the world. The other two required IPs are one for each box and are used for failover management
Okay, so I had it backwards. The virtual IP is the public one. I also see now that I need to configure both MX devices with a WAN IP.
@Jwiley78 yes, perfect, and the great thing is that is all there really is to do, it just gets on with it after that 😀
Cool, so I think I have it configured. One last thing.
So Comcast fiber will only give me one port on the modem to use. I have two thoughts on this:
Get a unmanged Gbps swith to split it into two links so I can have an internet link on both MX devices.
Another would be to use the current switches and create a VLAN for this traffic and then back to the MX from there.
I think I like the first option mostly because it keeps the ISP link away from the interior network and seems less complex.
Thoughts?
Option 1 every time 😎