MX64 Flow Preferences - Internet traffic rules not work

radw62
Here to help

MX64 Flow Preferences - Internet traffic rules not work

Hello Meraki Community:

  1. I have a MX64 version MX 12.26 with two connections to different ISP, Internet (WAN1) and LAN4 (WAN2). I want to send all traffic from two VLANs to 0.0.0/6 via WAN2 uplink (any SRC and DST port), but when I created on Traffic Shapping – Flow Preferences - Internet traffic that rule, all traffic and tracerutes to 52.0.0.0/6 still goes out via WAN1
  2. I have load balancing disabled (because I don’t want load balancing between ISPs yet, and doc and dashboard description both confirm that flow preferences will precede load balancing preferences: https://documentation.meraki.com/MX-Z/Firewall_and_Traffic_Shaping/MX_Load_Balancing_and_Flow_Prefer...) , however, even enabling it and tuning different WAN1/WAN2 ratios, traffic still goes to WAN1, and the Flow Preference Rule that I want don’t work , and I have no other choice than force WAN2 to be the Primary Uplink

Regards

8 Replies 8
PhilipDAth
Kind of a big deal
Kind of a big deal

Are you sure me mean 0.0.0/6?  That is not valid CIDR.

 

Can you post a screenshot of your preferences.

 

The change takes affect for new flows, not existing cached flows.  You can power cycle your MX64 to speed it up.

 

And lastly, I would change to using 13.28 - but this is not related to your issue.

radw62
Here to help

Hello, here are the traffic shapping screenshots:

 

mx64_tshaping_18012018_p2.JPGmx64_tshaping_18012018_p3.JPG

 


@PhilipDAth wrote:

 

 

The change takes affect for new flows, not existing cached flows.  You can power cycle your MX64 to speed it up.


 

I performed a MX65 reboot after re-create rule but still not work.

 

 


@PhilipDAth wrote:

Are you sure me mean 0.0.0/6?  That is not valid CIDR. 

 


Sorry, maybe copy-paste not worked (I defined flow preferences to 52.0.0.0/6 from beginning)

 

Regards

PhilipDAth
Kind of a big deal
Kind of a big deal

Does WAN2 show as "up" in the Appliance Status - like WAN1?  It should display the detected public IP address next to WAN2 if it is.

PhilipDAth
Kind of a big deal
Kind of a big deal

What source IP address where you doing the traceroute from?

PhilipDAth
Kind of a big deal
Kind of a big deal

I have made one giant assumption.  How do you know your traceroute is going via WAN1?

radw62
Here to help

Hello, my answers:

 

@PhilipDAth wrote:

Does WAN2 show as "up" in the Appliance Status - like WAN1?  It should display the detected public IP address next to WAN2 if it is.

 Yes, it does show as "up":

 

mx64_tshaping_21012018_p0.JPG

 

 

@PhilipDAth wrote:

What source IP address where you doing the traceroute from?

 

@PhilipDAth wrote:

I have made one giant assumption.  How do you know your traceroute is going via WAN1?

 

I do the traceroute from a host on 192.168.128.32/28. From this host the trace exits over the WAN1 next hop (192.168.100.1), not WAN2 next hop (192.168.1.1😞

 

 

mx64_tshaping_21012018_p1.JPG

 

 

 

PhilipDAth
Kind of a big deal
Kind of a big deal

I'm not completely convinced traceroute will produce the most accurate result, due to the way it reduces the TTL to determine the next hop.

 

Lets try one more test.  Lets use a web site like:

https://www.whatismyip.com/

Find out what the IP address is for this from your location.  Then create a rule to route this out WAN2.  Then visit the web site.  Does it come up with the public IP address for WAN1 or WAN2?

radw62
Here to help


@PhilipDAth wrote:

 

Lets try one more test.  Lets use a web site like:

https://www.whatismyip.com/

Find out what the IP address is for this from your location.  Then create a rule to route this out WAN2.  Then visit the web site.  Does it come up with the public IP address for WAN1 or WAN2?


Hello, I tried this config, and it worked (It shows WAN2 ISP address as my Public IP according to flow preferences policy). Thanks for the hint.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels