MX67 with internet and metro Ethernet connection

mvalpreda
Getting noticed

MX67 with internet and metro Ethernet connection

Have an internet connection and a layer-2 metro Ethernet connection. The metro Ethernet is purely a layer 2 - no routing, VLANs, etc. Currently there are 3x SonicWALLs connected and each one has 10.1.1.1, 10.1.1.2, and 10.1.1.3 for their IP addresses. Would a Meraki MX67 be configured the same way?

 

I would want the internet connection to be auto-VPN and I'm sure that is not an issue. Would I think be able to do auto-VPN on the metro Ethernet? Or is that even needed? Since there is voice and data going over these connections, I would love to utilize SD-WAN.

 

 

4 Replies 4
cmr
Kind of a big deal
Kind of a big deal

We run a load balanced dual connected SD-WAN over our two private WAN networks.  One is a layer 2 metro Ethernet and the other is a routed MPLS network.  You could do the same with direct internet connection replacing our MPLS WAN.  In order that the MXs find the cloud you'll either need to have the internet as the primary WAN (for management, the L2 can be primary for the SD-WAN traffic) or have an extra MX as a concentrator at the main site to then route to the internet.

 

As the edge MXs will have an internet connection you'll be better off with the advanced license.  You would use the same IP address concept as you have for the WAN port of the MXs that is on the L2 network.  We have a single class C network with all our MXs on it.  The default gateway is set as the main datacenter in our case as we have a central concentrator there.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
mvalpreda
Getting noticed

Thanks @cmr I did figure WAN1 would be internet and the Metro-E would be WAN2. So WAN2 can still keep the Metro-E with a single subnet shared across the 3x different MXs and the MX will figure out all the SD-WAN bits?

 

Always buy Advanced licenses too 🙂

cmr
Kind of a big deal
Kind of a big deal

@mvalpreda that is exactly correct, as long as the MX on site 1 can see the internet on WAN1 and the MX on site 2 can also see the internet, they will form a connection (A).  If MX1s WAN2 can see MX2s WAN2 then they will form a connection (B).

 

You can then set whether A or B are used as a failover pair, or are load balanced (from each end for outbound traffic).

 

As the internet and the Metro-Ethernet have no direct knowledge of each other then you also end up being able to choose the port the traffic comes in on (by setting where it goes out of at the other end).

 

Remember to set the bandwidth on each WAN port (both up and down if different) if you are using load balancing as it uses those values.

 

You can also set traffic class rules to, for example, send VoIP traffic over the lowest loss / jitter link and file server traffic to prefer the link over the internet.

 

 

If my answer solves your problem please click Accept as Solution so others can benefit from it.
mvalpreda
Getting noticed

The Metro-E is carrying voice, and the internet connection stinks.....so I'll set up rules accordingly.

 

I just wanted to make sure the MX will do what I was thinking it would do on the Metro-E side. If that can route VoIP and other traffic between the sites, that will be great.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels