MX64 Mesh VPN and Site to Site Limits

ArpTableCorrupt
Here to help

MX64 Mesh VPN and Site to Site Limits

  • Does the 50 Site to Site VPN limits on the MX64 Appliance apply to the Mesh VPN topology also ? 
  • For Example you have 75 Locations with MX64's installed.  They are Setup with a Mesh VPN in-between each other & One Site to Site Meraki Non Peer back to the Datacenter. 
  • Would only 50 Sites be able to talk to each other & how would it choose which ones.
  • If so I could see how they would have to be setup more like a Hub / Spoke & let the main Firewall at the Datacenter create all of the translation for the networks to all speak to each other.
4 REPLIES 4
PhilipDAth
Kind of a big deal
Kind of a big deal

>Does the 50 Site to Site VPN limits on the MX64 Appliance apply to the Mesh VPN topology also ? 

 

Yes, and if it has dual WAN circuits and is using SDWAN, then two VPNs are actually created.

 

 

 

If you want to use MX64's at the branches don't create a full MESH.  Run everything via the DC.

I thought that too.  Its strange I'm seeing all of the Remote VPN Participants even though there is supposed to be a 50 limit.  However I have not gone through and tested each network that all the remote mesh participants are in.


@ArpTableCorruptwrote:

  However I have not gone through and tested each network that all the remote mesh participants are in.


50 nodes - n*(n-1)/2 connections is 1225, at one minute per connection, that is three days work, a 100 connections is over two weeks . . . 

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
Uberseehandel
Kind of a big deal

Think how congested it would be if every mobile phone was its own exchange (it has been done) and negotiated with each other phone independently. There are times when hubs make sense.

 

What you describe sounds like a candidate for an exchange, or hub.

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels