Meraki

Community

Meraki MX HA Route mode over WAN in two different DC with L2 links

PabloR
Conversationalist
‎Jul 31 2021 11:26 AM
‎Jul 31 2021 11:26 AM

Meraki MX HA Route mode over WAN in two different DC with L2 links

- Is it possible to separate one pair of Meraki MX HA Route mode over the WAN having redundant L2 links among them?
- Which is the maximum latency required to separate Meraki MX HA over WAN?
- Assuming that the VRRP heartbeat is sent from the active MX to a warm spare MX every second, could I assume the maximum latency must be less than one second?
 
A pair of MX in an HA configuration will use VRRP advertisements to monitor the status of the current active. In a working state, the active MX will send VRRP advertisements out to the LAN every second. 
 
 
- Considering the followings requirements and best practices, Is It possible to install in two different DC the Meraki MX HA Route mode, if there is more than one hop considering the WAN links?
 
The two MXs should be connected to each other through a downstream switch (or, ideally, multiple switches) on the LAN to allow for passing VRRP heartbeats.
There should be no more than one additional hop between them, and they must be able to communicate on all VLANs.
 
Labels:
0 Kudos
3 Replies 3
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Jul 31 2021 1:59 PM
‎Jul 31 2021 1:59 PM

I haven't tested VRRP with such high latencies.  I would believe for stability you really need a solid connection between the DC's.  It would be completely illogical to have latencies higher than 150 ms between DC's since you could have alot of delay in your applications if you would have a server crossing to the failover MX.

 

If you have more than one hop, or excessive delays in your DC interconnect, you should consider using VPN concentrator mode instead.

But if you insist on routed mode consider following:
All VLAN's must be allowed between DC's, so it's a layer 2 connection between the two.
If you want to use virtual WAN IP you need to stretch the WAN subnet between DC's (this is usually possible if you have failover routers in front of the MX'es.  If your WAN IP's will be different then you can't use vIP.  Failover will take longer.

PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 1 2021 1:46 PM
‎Aug 1 2021 1:46 PM

>- Is it possible to separate one pair of Meraki MX HA Route mode over the WAN having redundant L2 links among them?

 

Yes.

 

>- Which is the maximum latency required to separate Meraki MX HA over WAN?

 

I don't know the answer.  Check out this article:

https://documentation.meraki.com/MX/Networks_and_Routing/Routed_HA_Failover_Behavior 

The heartbeats are sent every second.  After 3s a failure is declared.

 

If you wanted 100% headroom for safety you would want a maximum latency of 1500ms.  Personally, I would not want to run it this high.

A latency under 1000ms would be better, as that is less than the VRRP polling frequency.

A latency under 500ms would be really nice, as that is half the polling interval and gives plenty of room for little issues and self-recovery.

 

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 1 2021 1:47 PM
‎Aug 1 2021 1:47 PM

ps.  I would not use VIP mode unless you really really had to.  With this turned off and if you had a split-brain develop more parts of the system will remain working.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.