SD-WAN & traffic shaping

Solved
JeffHung
New here

SD-WAN & traffic shaping

I have a Meraki 84 connects 2 WANS,  WAN2 is CHT 500M and WAN1 is FarEasten 500M  , Primary uplink we are using WAN2

 

I would like to add a rule for Salesforce.com going to WAN1, what can I do? Thanks

 

 

JeffHung_0-1694405542729.png

 

1 Accepted Solution
Chema-Spain
Getting noticed

Hi, Salesforce is mainly a public SaaS service (unless you are talking about private connect Salesforce) hence its traffic is not taking the SDWAN overlay. The rule you're are showing applies to SDWAN VPN traffic so it has nothing to do with internet traffic.

 

Every MX sends non VPN traffic as Local Break Out over the underlay path when it has no vpn route to destination. It then takes the default route present in the underlay table. In your case you have two wan interfaces (I supposed both are internet access circuits). Provided your primary uplink is uplink2, then by default Salesforce would take wan2 uplink. In order  to force this traffic to take uplink1 underlay, you should configure the proper rules in the table you can see above the one you are showing, up in the same pane. Table: Flow preference/Internet traffic.

 

The problem here is you should configure one rule per each Salesforce prefix you could be using based in your geography. This table does not support domain names but only IP prefixes.

 

HTH.

Regards,

Chema.

View solution in original post

4 Replies 4
KarstenI
Kind of a big deal
Kind of a big deal

The screenshot is for the SD-WAN traffic. Internet traffic is controlled at the top of the page under “flow preferences”. They work based on IP addresses and not FQDNs.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
ww
Kind of a big deal
Kind of a big deal

Or, if you would have the sdwan+ license.  You get a list off applications(including salesforce) you can steer to wan1 or wan2

JeffHung
New here

Thank you.

Chema-Spain
Getting noticed

Hi, Salesforce is mainly a public SaaS service (unless you are talking about private connect Salesforce) hence its traffic is not taking the SDWAN overlay. The rule you're are showing applies to SDWAN VPN traffic so it has nothing to do with internet traffic.

 

Every MX sends non VPN traffic as Local Break Out over the underlay path when it has no vpn route to destination. It then takes the default route present in the underlay table. In your case you have two wan interfaces (I supposed both are internet access circuits). Provided your primary uplink is uplink2, then by default Salesforce would take wan2 uplink. In order  to force this traffic to take uplink1 underlay, you should configure the proper rules in the table you can see above the one you are showing, up in the same pane. Table: Flow preference/Internet traffic.

 

The problem here is you should configure one rule per each Salesforce prefix you could be using based in your geography. This table does not support domain names but only IP prefixes.

 

HTH.

Regards,

Chema.

Get notified when there are additional replies to this discussion.