Meraki MX64 Uplink Selection and SD-WAN Policies

aq2
New here

Meraki MX64 Uplink Selection and SD-WAN Policies

Hi All,

I have been playing with Meraki SD-WAN policies to sort out some of the VOIP issues that we face from time to time.

I have a quick question, Under SD-WAN and Traffic shaping settings if we have WAN 1 as the primary uplink with load balancing disabled (in global preference) and we were to add a VPN traffic preference under SD-WAN policies to send our SIP traffic via VPN over WAN2 provided that it meets VOIP performance class would that override the global preference of primary uplink WAN1 and SIP traffic would flow over WAN2? Our local Etisalat carrier is much better for voice traffic but we have limited bandwidth from them hence WAN2.

 

I am following this KB -  https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Load_Balancing_and_Flow_Preferen...

The reason for asking this question is that I have run captures on the secondary WAN and it appears that the traffic is still going over the WAN1. There is no local breakout at the site, All traffic must go to the remote hub for break out to the internet which is an MX450 appliance in our DC.

I also have a subsequent question, are the VPN traffic preferences executed in the order from top to bottom? Similar to firewall rules?

 

Thanks, Abdul

3 REPLIES 3
ww
Kind of a big deal
Kind of a big deal

That should work. Can you take a look at the uplink decisions to see why it still choose wan1

https://documentation.meraki.com/MX/Monitoring_and_Reporting/SD-WAN_Monitoring#Overview

alemabrahao
Kind of a big deal
Kind of a big deal

If it is traffic that must go via VPN, then everything you configure giving preference to WAN2 must go through that link.

As far as I remember the documentation does not have this information, but theoretically the order is top-down.

 

Can you show your rule?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
GreenMan
Meraki Employee
Meraki Employee

Can you confirm that the traffic involved is 'in-VPN'?    The source VLAN needs to be VPN enabled in the Spoke MXs Addressing & VLANs config and the destination for the traffic needs to lie within a range of addresses advertised from (or via) one of the VPN Hubs.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels