MX100 vs. router

brenda_wolfe
Conversationalist

MX100 vs. router

Here's a simple one for which I'm sure you guys have better ways of explaining it than I do. What do you say to a customer who has an MX100 but is saying "but it's not a router."?

 

9 Replies 9
PhilipDAth
Kind of a big deal
Kind of a big deal

It's not a router.  It is a security appliance.

brenda_wolfe
Conversationalist

I understand that. But it has functionality that does just about everything a router can do, yes?

 

PhilipDAth
Kind of a big deal
Kind of a big deal

Well, yes it does have basic routing.

 

It doesn't have any advanced general routing capability like OSPF, EIGRP, BGP, etc (yes it has some functionality related to AutoVPN but only in that special case).

It doesn't really have general policy routing capabilities.

It doesn't have any IPv6 capabilities except in pass-through mode.

 

But if you just want to route between two directly connected VLANs, then it will be fine.

brenda_wolfe
Conversationalist

Thank you so much. That really helps provide me with a good explanation for the customer.

GreenMan
Meraki Employee
Meraki Employee

A couple of other things to add to the good points made already:

 

Excepting LTE capabilities (via dongle or, in the case of relatively recently released MX67C and MX68CW models, direct SIM) MXs connect using Ethernet connections only - mainly 'RJ-45' copper, but fibre options on 'larger' models.   Many routers traditionally offer flexibility for different link connection types  (e.g. ADSL, serial, ATM etc.)

 

Currently, if you pass traffic out of an MX WAN interface OUTSIDE a VPN tunnel (unencrypted) the source IP address will be source NATed to the IP address assigned to that interface.  This would be expected behaviour of a security appliance.   A router, by default, would leave the IP addressing native.   NB - Meraki is working to make the router's 'no-NAT' approach an option for the future.

brenda_wolfe
Conversationalist

All good information. Thank you

brenda_wolfe
Conversationalist

Just fyi I think some of your info may be out of date (or maybe a matter of perception). I got this answer from our Meraki rep:

 

Yes it does have basic routing…

 

It doesn't have any advanced general routing capability like OSPF, EIGRP, BGP, etc (yes it has some functionality related to AutoVPN but only in that special case).

False – we support BGP (both eBGP and iBGP) internally.

It doesn't really have general policy routing capabilities.

False- SD WAN support policy routing

It doesn't have any IPv6 capabilities except in pass-through mode.

True.

 

PhilipDAth
Kind of a big deal
Kind of a big deal

>False – we support BGP (both eBGP and iBGP) internally

Only if you join the BGP beta, which I understand is closed, and not accepting anyone new.  There are limitations with with regard to eBGP.  For example, you can not use eBGP to an ISP.  The eBGP support is for exchanging AutoVPN routes only.  It is far more limited than a router.  Also the BGP doesn't support more complex things like communities, AS path filtering, route prepending (it does prepending but you have no control over it).

https://documentation.meraki.com/MX/Networks_and_Routing/BGP

"

  • iBGP establishes relationships over autovpn and will establish and exchange routes between:
    • A BGP peer acting as a One-Armed Concentrator in the DC and-
    • A NAT mode MX.
  • eBGP peer relationships are not available for MXs operating as NAT mode VPN concentrators and are only supported on One-Armed Concentrators."

It doesn't really have general policy routing capabilities."

False- SD WAN support policy routing"

This is supported over AutoVPN tunnels, but in general, such as between VLANs (like you can do on a router).

 

 

GreenMan
Meraki Employee
Meraki Employee

Hi Brenda - I just wanted to reinforce @PhilipDAth 's cautions;

 

BGP is only used to exchange routes in and out of Meraki AutoVPN (e.g. at a Data Centre) - you couldn't, for example, use it to peer with MPLS CPE routers, to push all your branch subnets into the MPLS cloud from each branch.   While we're on that subject, OSPF could also be used for the same use-case as BGP, but the exchange is one-way only (branch subnets into the DC).  OSPF has been available for ages, in Stable firmware.

 

Note too that, while it is indeed a Beta feature and you do have to call the Support team to enable it, I wouldn't myself describe BGP as closed, these days;  Support will happily enable it for you, once they've had a little look at your general setup and with appropriate cautions.  With the move of r14 firmware to Stable Release Candidate status, I would recommend that this version be used for any BGP setups.

 

Policy Routing relates only to traffic hitting MX WAN/Internet ports (it's part of the SD-WAN functionality).   You can't policy route traffic between different LAN ports.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels