Hi we have a network setup like this:
ISP setup:
Our setup:
Here is our network diagram.
My question is do you need to have 2 active internet lines for the warm failover to occur? Would breakout switches between the MX75s and the 2 lines help here?
Think i read on another post that each MX must be able to reach the internet via its own internet line. The secondary MX cannot reach the internet through the primary MX. Is that correct? - this would explain why it won't show up in meraki dashboard.
Cheers in advance.
Joshua
Both mx need to reach the internet. So both need to connect the active router.
It would be better to have two separed routers (not vrrp) with both own ip space.
And then connect both mx to both routers
Thanks for the reply. This seems like the easiest and more cost effective option.
Hi Joshua,
yes, you are right, both MX need their own active Internet connection. They don't sync their configuration over LAN.
Breakout switches between the MX75 and the Internet connections would solve your problem, with both Internet uplinks and both MX WAN 1 in the same VLAN.
With this setup you also would be able to use the virtual IP feature for seamless failover.
But make sure your internet switches are not creating any single point of failure.(For example, what happens if primary Juniper port 2 fails?)
Greetings,
Marvin
Thanks for the reply Marvin. That's super helpful.
Ah so that confirms my suspicions. Does the breakout switch need to be a managed layer 3 switch for this to work? I did try using a dumb layer 2 switch but i think it started causing loops.
Then I am unsure if I understood your ISP setup right.
Placing a dumb L2 swich between both MXes and the ISPs routers should not create loops. At least not on MX side, as the broadcast domains of the MX WAN ports are separated.
But placing a single switch between your network and the ISP is creating a single point of failure.
In my opinion, you could use two spanning tree capable L2 switches, to make this setup redundant.
The cabling could look like this:
Juniper 1 -> WAN-Switch 1
Juniper 2 -> WAN-Switch 1
Juniper 1 -> WAN-Switch 2
Juniper 2 -> WAN-Switch 2
WAN-Switch 1 -> MX 1
WAN-Switch 2 -> MX 2
WAN-Switch 1 -> WAN-Switch 2
Yes, i think you're right Marvin. That also sounds like the most redundancy. Though i'm fairly certain it's going to cost more to purchase more switches than get our ISP to give us 2 active lines.