In the diagram of the MPLS Failover to Meraki Auto VPN document, there are two router symbols on the MPLS cloud indicator with last octect numbers of .249. I'm not clear where those .249 interfaces would be configured. Would that be VLAN interfaces on each router at the other end of the MPLS circuit with VLANs trunked between the two sites over the MPLS connection?
Solved! Go to solution.
Correct, they would be VLAN interfaces on the MX on either side of the MPLS circuit. In some scenarios those routers don't exist, and the subnet is the same on both sides of the private circuit.
Those routers look to be the PE routers in an L3VPN service.
That is just a random IP they picked for the MPLS provider, which generally you don't have a huge amount of control over.
They are just sort of making the assumption that each MPLS site is using an IP convention for tracking and simplicity. So in this case, all MPLS routers will have a .249 address.
Site 1: 1.x.x.249
Site 2: 2.x.x.249
Site 3: 3.x.x.249
etc
The configuration you would have to worry about is setting up the static route on the MX and making sure that you plug into the LAN side for MPLS.
I ran it this way for a few months until the remainder of my MPLS contract was up, then finished switching my offices to higher speeds while saving a few grand every month, justifying the cost of the MX HA pairs at each site.
Correct, they would be VLAN interfaces on the MX on either side of the MPLS circuit. In some scenarios those routers don't exist, and the subnet is the same on both sides of the private circuit.
Sorry @ScottWinCO, the .249 addresses are not on the MXes. I think you've interpreted that incorrectly.
EDIT: To clarify, that diagram shows L3VPN. If we have a VPLS service then the second part of your statement is correct and they would not exist.
Right. I amended my reply above for a VPLS (or other layer 2 MPLS service). In that case you're right and it's the same layer 2 domain on both sides.
That's how I'd interpret this in our case. The MPLS circuit is delivered to us as basically a layer 2 connection (a P2P connection). There's no IP communication with the provider.