Meraki

Community

Meraki hub and spoke over MPLS

Solved
S_bk97
Comes here often
‎Sep 11 2020 2:16 AM
‎Sep 11 2020 2:16 AM

Meraki hub and spoke over MPLS

We are currently running a Hub and Spoke model using internet connectivity at remote sites directly but we are going in a contract with an MPLS provider and would like to follow the model as shown below. Is it possible to run this as the internet will only be provided via the HUB.

IMG-20200911-WA0009.jpg

0 Kudos
1 Accepted Solution
MerakiDave
Meraki Employee
Meraki Employee
‎Sep 11 2020 6:09 AM
‎Sep 11 2020 6:09 AM

@S_bk97  Not sure if I followed the architecture plan, but yes, standard AutoVPN can work in this scenario, meaning that you can have the MX WAN interface of a spoke site connect upstream through the LAN side of another intermediate MX, and have that same spoke MX connect back to a different VPN Concentrator beyond the intermediate MX.  However it looks like the plan here is to have that connectivity nested multiple times, so there would be multiple NAT boundaries to consider and there are also sizing issues to consider on the "intermediate" sites.  The intermediate MX appliances would accumulate the traffic/throughput from downstream spokes. 

 

I have this running in my own home lab, it's Ethernet based, not MPLS, but I do have a hub & spoke AutoVPN running through an intermediate MX, and that whole thing is all sitting behind my Internet-facing MX.  I would suggest trying this in a lab first, or get a few trial units to do a quick proof of concept.  Sorry if I misunderstood the plan. 

View solution in original post

2 Replies 2
MerakiDave
Meraki Employee
Meraki Employee
‎Sep 11 2020 6:09 AM
‎Sep 11 2020 6:09 AM

@S_bk97  Not sure if I followed the architecture plan, but yes, standard AutoVPN can work in this scenario, meaning that you can have the MX WAN interface of a spoke site connect upstream through the LAN side of another intermediate MX, and have that same spoke MX connect back to a different VPN Concentrator beyond the intermediate MX.  However it looks like the plan here is to have that connectivity nested multiple times, so there would be multiple NAT boundaries to consider and there are also sizing issues to consider on the "intermediate" sites.  The intermediate MX appliances would accumulate the traffic/throughput from downstream spokes. 

 

I have this running in my own home lab, it's Ethernet based, not MPLS, but I do have a hub & spoke AutoVPN running through an intermediate MX, and that whole thing is all sitting behind my Internet-facing MX.  I would suggest trying this in a lab first, or get a few trial units to do a quick proof of concept.  Sorry if I misunderstood the plan. 

PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 12 2020 11:23 PM
‎Sep 12 2020 11:23 PM

Check out these two design guides.

https://documentation.meraki.com/MX/Site-to-site_VPN/Configuring_Site-to-site_VPN_over_MPLS 

 

https://documentation.meraki.com/MX/Deployment_Guides/MPLS_Failover_to_Meraki_Auto_VPN 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.