Meraki

Community

Meraki MX connecting to Azure via ExpressRoute and Catalyst 9300s

dcatiller
Getting noticed
‎Jun 8 2023 5:30 PM
‎Jun 8 2023 5:30 PM

Meraki MX connecting to Azure via ExpressRoute and Catalyst 9300s

I've just installed an ExpressRoute between our data center and Azure. The ExpressRoute replaced a VPN tunnel between my MX250 HA pair in the data center and a vMX in Azure. Remote sites are connected to the data center MX250 pair hub and spoke VPN. I have a redundant pair of Cat 9300 switches in the same data center for the ExpressRoute, using a private ASN for Azure (private access only, nothing public). I'm trying to figure out if I can turn on BGP on my MX250 pair and peer with my Cat 9300 switches to get rid of the static routes, but the documentation I can find is VPN specific. I'm going to get a window to do some testing, but wanted to throw it out there to see if this is possible. I'm checking in advance because I wanted to use OSPF like this (then redist with BGP), but found that OSPF on the Meraki is really not full featured. Can I get my MX to iBGP peer with my Catalyst pair to extend BGP routing this last step? 

If I can do that, I'd probably want to turn it on to the remote sites too at some point when needed. 

Is there a gotcha with BGP on the Meraki I'll run into or should this work?

Labels:
0 Kudos
1 Reply 1
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Jun 11 2023 2:23 AM
‎Jun 11 2023 2:23 AM

Hey, the Meraki design is as follows.
The MX250's inside your Datacenter need to be in concentrator mode to be able to use BGP.
So if you're using NAT mode right now you will need to have a big change.  That also means if you want your servers inside that datacenter to breakout to the internet they will need a separate router/firewall.

 

Once your DC's have concentrator mode MX'es they will peer using iBGP to the branch locations but they will use eBGP to peer with the router or switch in the datacenter.  The design is like this so you can use AS-prepending for the secondary datacenter so traffic needs to go to the primary datacenter.   And you can even load balance some branch offices via DC-A and others via DC-B.

 

The whole setup is explained here: https://documentation.meraki.com/MX/Networks_and_Routing/Border_Gateway_Protocol_(BGP)

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.