cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX100 vs. router

Highlighted
Conversationalist

MX100 vs. router

Here's a simple one for which I'm sure you guys have better ways of explaining it than I do. What do you say to a customer who has an MX100 but is saying "but it's not a router."?

 

9 REPLIES 9
Kind of a big deal

Re: MX100 vs. router

It's not a router.  It is a security appliance.

Conversationalist

Re: MX100 vs. router

I understand that. But it has functionality that does just about everything a router can do, yes?

 

Kind of a big deal

Re: MX100 vs. router

Well, yes it does have basic routing.

 

It doesn't have any advanced general routing capability like OSPF, EIGRP, BGP, etc (yes it has some functionality related to AutoVPN but only in that special case).

It doesn't really have general policy routing capabilities.

It doesn't have any IPv6 capabilities except in pass-through mode.

 

But if you just want to route between two directly connected VLANs, then it will be fine.

Conversationalist

Re: MX100 vs. router

Thank you so much. That really helps provide me with a good explanation for the customer.

Meraki Employee

Re: MX100 vs. router

A couple of other things to add to the good points made already:

 

Excepting LTE capabilities (via dongle or, in the case of relatively recently released MX67C and MX68CW models, direct SIM) MXs connect using Ethernet connections only - mainly 'RJ-45' copper, but fibre options on 'larger' models.   Many routers traditionally offer flexibility for different link connection types  (e.g. ADSL, serial, ATM etc.)

 

Currently, if you pass traffic out of an MX WAN interface OUTSIDE a VPN tunnel (unencrypted) the source IP address will be source NATed to the IP address assigned to that interface.  This would be expected behaviour of a security appliance.   A router, by default, would leave the IP addressing native.   NB - Meraki is working to make the router's 'no-NAT' approach an option for the future.

Conversationalist

Re: MX100 vs. router

All good information. Thank you

Conversationalist

Re: MX100 vs. router

Just fyi I think some of your info may be out of date (or maybe a matter of perception). I got this answer from our Meraki rep:

 

Yes it does have basic routing…

 

It doesn't have any advanced general routing capability like OSPF, EIGRP, BGP, etc (yes it has some functionality related to AutoVPN but only in that special case).

False – we support BGP (both eBGP and iBGP) internally.

It doesn't really have general policy routing capabilities.

False- SD WAN support policy routing

It doesn't have any IPv6 capabilities except in pass-through mode.

True.

 

Kind of a big deal

Re: MX100 vs. router

>False – we support BGP (both eBGP and iBGP) internally

Only if you join the BGP beta, which I understand is closed, and not accepting anyone new.  There are limitations with with regard to eBGP.  For example, you can not use eBGP to an ISP.  The eBGP support is for exchanging AutoVPN routes only.  It is far more limited than a router.  Also the BGP doesn't support more complex things like communities, AS path filtering, route prepending (it does prepending but you have no control over it).

https://documentation.meraki.com/MX/Networks_and_Routing/BGP

"

  • iBGP establishes relationships over autovpn and will establish and exchange routes between:
    • A BGP peer acting as a One-Armed Concentrator in the DC and-
    • A NAT mode MX.
  • eBGP peer relationships are not available for MXs operating as NAT mode VPN concentrators and are only supported on One-Armed Concentrators."

It doesn't really have general policy routing capabilities."

False- SD WAN support policy routing"

This is supported over AutoVPN tunnels, but in general, such as between VLANs (like you can do on a router).

 

 

Meraki Employee

Re: MX100 vs. router

Hi Brenda - I just wanted to reinforce @PhilipDAth 's cautions;

 

BGP is only used to exchange routes in and out of Meraki AutoVPN (e.g. at a Data Centre) - you couldn't, for example, use it to peer with MPLS CPE routers, to push all your branch subnets into the MPLS cloud from each branch.   While we're on that subject, OSPF could also be used for the same use-case as BGP, but the exchange is one-way only (branch subnets into the DC).  OSPF has been available for ages, in Stable firmware.

 

Note too that, while it is indeed a Beta feature and you do have to call the Support team to enable it, I wouldn't myself describe BGP as closed, these days;  Support will happily enable it for you, once they've had a little look at your general setup and with appropriate cautions.  With the move of r14 firmware to Stable Release Candidate status, I would recommend that this version be used for any BGP setups.

 

Policy Routing relates only to traffic hitting MX WAN/Internet ports (it's part of the SD-WAN functionality).   You can't policy route traffic between different LAN ports.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.