Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SD-WAN over 1-armed concentrator

Nelosnc0
Conversationalist
‎Mar 9 2018 4:31 AM
‎Mar 9 2018 4:31 AM

SD-WAN over 1-armed concentrator

I have a customer that is trying to deploy SD-Wan using mpls, and DIA circuits. To do so they are using the 1-armed concentrator. Since this only has a single link how do you define the shaping rules on which vpn tunnel to send traffic over? 

0 Kudos
Subscribe
4 Replies 4
Adam
Kind of a big deal
‎Mar 9 2018 7:01 AM
‎Mar 9 2018 7:01 AM

I think I recall someone mentioning that one of the later firmware's helps alleviate this.  But if the connection is not a true Internet/WAN connection then the traffic shaping rules won't apply.  We have this same issue at some of our sites and had to convert many of our connections to internet connections instead of private connections.  

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 9 2018 3:04 PM
‎Mar 9 2018 3:04 PM

1-armed mode is really only intended for AutoVPN - and relies on something else to do the routing smarts at the DC.  You can only tell the remote branches which circuit to prefer (using SDN).  They then connect to HQ over either the MPLS or the Internet.

 

 

Personally - I would not use 1-armed mode if you want to be able to use dual uplinks at the DC/HQ.  I have avoided 1-armed mode because of this.  I would do an AutoVPN deployment over MPLS, like this:

https://documentation.meraki.com/MX-Z/Site-to-site_VPN/Configuring_Site-to-site_VPN_over_MPLS

HOWEVER - the key difference is you treat the HQ/DC the same as a branch - it is simply another node of the network.

0 Kudos
Subscribe
In response to PhilipDAth
Nelosnc0
Conversationalist
‎Mar 9 2018 3:08 PM
‎Mar 9 2018 3:08 PM

Phil, the document you linked to also shows the 1 arm approach?

0 Kudos
Subscribe
In response to Nelosnc0
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 9 2018 3:19 PM
‎Mar 9 2018 3:19 PM

It does - which is why I put "however" in bold on the next line.  🙂

 

Just treat the DC/HQ as another branch, and then you get full SDN functionality with dual uplinks everywhere.

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.