Meraki

Community

Meraki MPLS private and public interfaces

Solved
TylerRocketIT
Conversationalist
‎Nov 14 2019 10:50 PM
‎Nov 14 2019 10:50 PM

Meraki MPLS private and public interfaces

We are setting up a Meraki SD-WAN across MPLS network. 

  • The spoke is attached to the MPLS with interface IP (172.16.10.10) which gets NATed to a public IP (100.100.100.100)
  • The hub is running in one-armed concentrator mode with MPLS attached. Hub interface IP is (172.16.1.1) and the IP is NATed to a different public IP (200.200.200.200).

My question is, in this case, will there be tunnels built over the public IP or interface IP, or both? If both, which one has a higher priority?

 

I have done lots of reading on this but haven't found a concrete answer. The Meraki doc only says the private IP will be used if both ends use the same public IP. 

Annotation 2019-11-15 174515.png

Many thanks!

0 Kudos
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 14 2019 11:31 PM
‎Nov 14 2019 11:31 PM

Because the two AutoVPN nodes present to the Internet using different public IP addresses it will build AutoVPN over the Internet - or between those two public IP addreses.

 

Only nodes that present using the same public IP address will build AutoVPN between those private IP addresses.

View solution in original post

3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 14 2019 11:31 PM
‎Nov 14 2019 11:31 PM

Because the two AutoVPN nodes present to the Internet using different public IP addresses it will build AutoVPN over the Internet - or between those two public IP addreses.

 

Only nodes that present using the same public IP address will build AutoVPN between those private IP addresses.

In response to PhilipDAth
TylerRocketIT
Conversationalist
‎Nov 17 2019 3:59 PM
‎Nov 17 2019 3:59 PM

Thanks for the response.

 

In this case, I can see this is a flaw in Meraki as this will lead to traffic using less-optimal paths when you have two sites connected to each other perfectly over MPLS but tunnels are built over Internet due to different public IPs. It would be nice if admins are given the freedom to choose how the tunnels are built.

In response to TylerRocketIT
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 17 2019 4:12 PM
‎Nov 17 2019 4:12 PM

Touche.  The network design does not meet the Meraki guidelines.  You can't expect it to work optimally if you don't follow the manufacturer design guides.  🙂

 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.