cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SD-WAN Outside of Auto-VPN?

Highlighted
Getting noticed

SD-WAN Outside of Auto-VPN?

I haven't seen a topic for this yet, which either means we have a really unique use case, or I'm missing something. SD-WAN functionality currently is baked into the Auto-VPN, which is great, except when it isn't. We have moved entirely away from a managed MPLS network to simply giving our sites 'business-class' high-speed cable/DSL connections. With this, connections to our vendors (i.e. payment processing, VoIP, etc.), all route directly over the public Internet and not through our Auto-VPN tunnel.

 

The problem is that our cable/DSL connections are not reliable. We've thrown USB cellular at the MX's to combat this, however we really need control over the fail-over logic, because what's built-in is not working. Countless times over the past year we've had soft failures with the primary uplinks, but the MX chooses not to fail-over to the cellular uplink.

 

Has anyone else dealt with something similar? Is there a better way to handle this? I'm really not in favor of re-routing traffic over the Auto-VPN, only to send it back out to the public Internet from our DC.

2 REPLIES 2
Highlighted
Kind of a big deal

Re: SD-WAN Outside of Auto-VPN?

There's no way to dynamically route Internet bound traffic. You are limited to the regular failover logic used in the Internet connection monitor (should be up to 300 seconds to fail over, less to fail back). There's nothing exposed in the dashboard that lets you control this behavior, but you might be able to work with support and get the timers lowered to trigger a faster failover. 

 

If you are getting failures and the MX is not moving to another active connection then I'd chalk that up as a bug and get support looking at it. 

 

 

 

Highlighted
New here

Re: SD-WAN Outside of Auto-VPN?

We had this happen to us yesterday. I had to unplug the primary circuit to fail-over. The primary circuit was up with lots of lost packets and high latency. Having the ability to control internet fail-over would be a nice feature to have.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.