Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Pass iSCSI traffic through MX?

LucianTheDivine
Comes here often
‎Mar 2 2023 10:37 AM
‎Mar 2 2023 10:37 AM

Pass iSCSI traffic through MX?

Hey everyone,

 

I'm trying to eliminate the last standard Cisco switch in my environment. I need to find 8 10gbps ports to do so. I have 6 available on my core stack of MS250s but that's it. My MX250, which the core stack is connected to, has 6 open SFP+ ports on it now though.

 

Is there any reason not to connect, say, ESXi hosts to the firewall directly with a static route to just forward all of the traffic to the core stack one hop away? Is that dumb even if it would work?

0 Kudos
Subscribe
3 Replies 3
Brash
Kind of a big deal
Kind of a big deal
‎Mar 2 2023 11:59 AM
‎Mar 2 2023 11:59 AM

It could potentially work but I personally wouldn't do it. The MX is a security appliance and and traffic that runs through it will undergo checks/filters (depending on what's enabled). I wouldn't want to risk the increased latency on iscsi traffic.

 

My rule of thumb for iscsi is always:

  • Use separate switches from the rest of the network
  • Separate A and B side traffic onto 2 physically separate switches
  • Avoid multiple hops where possible

 

Subscribe
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Mar 2 2023 1:07 PM
‎Mar 2 2023 1:07 PM

You're better off buying an extra MS switchstack with enough SFP+ ports in the access layer towards your iSCSI hosts and uplink those to your MS250 Core than to try to fit a device that is supposed to be at the edge in the center of your network.

 

Although you're not technically forwarding over VLAN's, so you're not subjecting the traffic to a routing step the traffic it (as Brash said) will probably undergo inspections which are pure software on an MX.  You should let your MX do it's just forwarding traffic towards your WAN, not between your VLAN's if you are doing some heavy stuff.  It's a waste of resources and ultimately money.

Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 2 2023 4:25 PM
‎Mar 2 2023 4:25 PM

As long as you put all the ports in the same VLAN, I don't see why it wouldn't work.  The silicon will be switching it rather than the CPU.

 

I would give it a bit of a stress test before using it in production.  You might find the MX doesn't have much buffering, but if everything is 10Gbe, you shouldn't need much.

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.