Separate ISPs for dedicated upload and download bandwdiths

SOLVED
Lock007
Comes here often

Separate ISPs for dedicated upload and download bandwdiths

Hi Team,

 

I current have a MX100 with two ISP. The primary ISP is doing up 15Mbps upload/download and the secondary ISP is doing 60Mbsp download and 4Mbps upload. As you can see the 2nd ISP does not have enough upload speed. I need something like 15Mbps. My question: Is it possible to have dedicated upload and download links over the two ISP. I want the primary ISP to do purely uploads and the secondary ISP to do mainly downloads. Can i achieve this with an MX100?

1 ACCEPTED SOLUTION
Bruce
Kind of a big deal

@Lock007 this isn’t something you can do with the Meraki MX. And I doubt you could do with any device, especially across two ISPs - the IP protocol was designed to return traffic to the address where it originated, so if it’s sent from WAN1, it will be returned to WAN1.

View solution in original post

8 REPLIES 8
Bruce
Kind of a big deal

@Lock007 this isn’t something you can do with the Meraki MX. And I doubt you could do with any device, especially across two ISPs - the IP protocol was designed to return traffic to the address where it originated, so if it’s sent from WAN1, it will be returned to WAN1.

Lock007
Comes here often

@Bruce Yes thanks for confirming that much. I initial thought it will not be possible. However i just thought i might ask just in case i can be proven wrong. Im glad im wrong. Seems its not possible.

Inderdeep
Kind of a big deal
Kind of a big deal

@Lock007 : You want the return traffic asymmetric but over the AutoVPN it uses the same path up and down and as @Bruce said its not possible over the tunnel.  

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com

@Inderdeep Thanks for confirming. Is there a documentation the explains what you saying? its not that i don't believe you but documentation helps if i can refer to it.

Inderdeep
Kind of a big deal
Kind of a big deal

@Lock007 : Let me rephrase that, If you have two uplinks on your MX, Auto VPN as a component of SD-WAN allows you to decide the flow preferences within the VPN tunnel under Security & SD-WAN > Configure > SD-WAN & Traffic Shaping page > Uplink Selection > Active-Active Auto VPN. Active-active Auto VPN allows you to create a VPN tunnel with flow preferences over both the uplinks. 

Ref: https://documentation.meraki.com/MX/Site-to-site_VPN/Meraki_Auto_VPN_-_Configuration_and_Troubleshoo... 

 

Active-active Auto VPN : https://www.willette.works/active-active-meraki-sd-wan-headends/ 

 

Note: This above case when you want to use both links. If active-active Auto VPN is disabled, the tunnel will be formed over the primary WAN link and will failover to the secondary if the primary fails.

 

Best Practices : https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/...

 

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
PhilipDAth
Kind of a big deal
Kind of a big deal

Starlink?

KarstenI
Kind of a big deal
Kind of a big deal

As already mentioned, IP does not work the way you want to have it. But there is a workaround that is not very elegant and is some initial work, but could improve the situation if there is no budget to increase the bandwidth:

1) Try to find out which users are needing a better uplink to the internet and which users are fine with a low uplink and a high downlink.

2) make sure that these users have fixed IPs or DHCP reservations

3) configure Flow-preferences (under Security & SD-WAN -> SD-WAN & Traffic Shaping) to steer the users to the optimal uplink.

Lock007
Comes here often

@KarstenI Thanks for the information. I have done that. Right now flow preferences are based on the which applications need the most bandwidth. Otherwise one of my other ISP is supposed to give me 15Mbps upload speed but due to some network issues they can only give me 4.5Mbps for the time being.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels