Meraki

suneq · ‎Jun 10 2021

Hi,

I have a pair of MX configured in HA routed mode. All 4 uplinks are configured with public IP addresses + 2 public VIP addresses as shown in the below diagram.

I have a few questions:

1. Technically, is it possible to use private IP in this case? I have quite limited knowledge of ISP devices but I suppose that as my home Internet modem, they support DHCP and the MX could be configured with private IP?

For example:

MX-1 uplink 1: 192.168.1.1/24

MX-2 uplink 1: 192.168.1.2/24

VIP : 192.168.1.3/24

Default gateway = ISP1 device : 192.168.1.254/24

MX-1 uplink 2: 192.168.2.1/24

MX-2 uplink 2: 192.168.2.2/24

VIP : 192.168.2.3/24

Default gateway = ISP2 device : 192.168.2.254/24

2. If the answer is yes, why do we use public IP ? Is there something we can do with public IP but cannot with private IP?

Thanks a lot for your help.

Paul_H · ‎Jun 10 2021

Hey @suneq

Thanks for the inquiry!

Keep in mind the basics!!! Routing/internet/IEEE rules still apply to Meraki 😉

Having said that, there will need to be a device between your internet and Meraki that will do some sort of NAT translation. So, while yes, you can use private addresses on the MX for what you mentioned (and a LOT of people do!) you will need something UPSTREAM between you and the internet that would NAT to a publicly routable address!

Also, keep in mind, both MX appliances require individual WAN uplink IP addresses for independent cloud access and uplink monitoring. (See Connection Monitor Doc) Using a /29 or larger WAN IP mask allows for three addresses on the shared segment to each provider.

ALSO, this is a bit dated, but the info is STILL great! Check out this HA guide by one of our own employee's blog: https://www.willette.works/mx-warm-spare/

Good luck!

View solution in original post

Paul_H · ‎Jun 10 2021

Hey @suneq

Thanks for the inquiry!

Keep in mind the basics!!! Routing/internet/IEEE rules still apply to Meraki 😉

Having said that, there will need to be a device between your internet and Meraki that will do some sort of NAT translation. So, while yes, you can use private addresses on the MX for what you mentioned (and a LOT of people do!) you will need something UPSTREAM between you and the internet that would NAT to a publicly routable address!

Also, keep in mind, both MX appliances require individual WAN uplink IP addresses for independent cloud access and uplink monitoring. (See Connection Monitor Doc) Using a /29 or larger WAN IP mask allows for three addresses on the shared segment to each provider.

ALSO, this is a bit dated, but the info is STILL great! Check out this HA guide by one of our own employee's blog: https://www.willette.works/mx-warm-spare/

Good luck!

Bruce · ‎Jun 10 2021

@suneq, we often use the design that you show with private IP addresses between ISP devices and the MXs. This is because in Australia there are very few (if any) carriers that will provide a /29 as the link, they'll only provide a /31 or /30, sometimes it has to be PPPoE. (They'll provide a /29 over the top of the link, but not as the link IP addresses themselves).

So the public /31 or /30, or PPPoE termination, sits on the ISP device with a /29 private IP address range between the ISP devices and MXs exactly as you state. The ISP devices also do a NAT from the private IP addresses to the public as @Paul_H stated. The only downside of using private IP addresses is the NAT, it can make things a little more complicated (sometimes) and can impact the performance of the ISP device (depending on that device).

KarstenI · ‎Jun 10 2021

@Bruce We use TPG in Australia. If I remember right they bought the "low-cost" AAPT business and provide a /29 for a more or less reasonable price.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

suneq · ‎Jun 11 2021

Thanks all for your great help. It's nice to hear feedback from the field.

Meraki

Community

Public vs private IP

Public vs private IP