Sizing MX's

Mike_Robo_SK
Here to help

Sizing MX's

I've only ever used bandwidth as the criteria to suggest MX models... IE, up to 300mbps aggregate, the 67;  300-600mbps aggregate, the 100, etc.

 

A potential cx (who's pretty savvy) balked at the MX67, despite bandwidth being about 150/30 across both WAN ports, based on workload... throwing the "max of 50 clients for the MX67" at me.

 

Sure enough, the MX67 data sheet lists 50 max clients.  Like, dayum!

 

What I can't find a definition for is what kind of clients?  VPN clients?  Wifi clients?  Simultaneous internet users being PAT'ed?  Surely not 50 people using the MX for a blend of all of the above, and just using routing, right?  Anyone found a meraki doc that elaborates on who the 50 are, and why the number is so small (and is it a guideline at best, and, say, 100 is the theoretical "max")?

 

Otherwise, the cx will need to bump to the MX84 (max of 200 clients) for no other reason.

 

Thanks kindly.

Mike

8 REPLIES 8
cmr
Kind of a big deal
Kind of a big deal

It depends on what features you have enabled and how many of those the clients are using.  We have small MXs (64/65/67) for our public internet connections and they cope with 200 or so concurrent users who are just accessing the internet with only the enterprise feature set and a basic set of filters.  The devices cope just fine and can even go to 400 or so without issues.  The most bandwidth any of them has is 120Mb across two circuits.

So is the 50-max that Meraki has posted assuming ALL security features are enabled, all 50 clients are using a remote-access client VPN, are therefore all using the internet at the same time, and 300mbps of aggregate bandwidth is being used by those 50 clients??? Must be, right? How else would they have come up with so low a number?

Any chance you came across any documentation I can leverage to show that the 67 is sufficient for 100-200 or more users (I haven't found any)... cause otherwise the cx is using meraki documentation better than I am.
cmr
Kind of a big deal
Kind of a big deal

Sorry @Mike_Robo_SK I haven't seen any documentation regarding it, I have simply observed that they can easily handle that number of clients in real life (with only the basic feature set enabled).  We had to change the DHCP scope for public users to a class B network (well a /19 as the MX will not issue more addresses than that) due to us regularly having more than 250 users within the 1 hour lease time, since then the numbers listed have been seen live at one time.

NolanHerring
Kind of a big deal

I have several MX84's handling 500-1000 clients
CPU utilization only ever goes to 25%
Never had any noticeable issues
Nolan Herring | nolanwifi.com
TwitterLinkedIn
PhilipDAth
Kind of a big deal
Kind of a big deal

>Sure enough, the MX67 data sheet lists 50 max clients.  Like, dayum!

>

>What I can't find a definition for is what kind of clients?  VPN clients?  Wifi clients? 

 

Any kind of client, more specifically any kind of device.  Each MX has a limited amount of RAM and CPU.  All of that device tracking doesn't come for free.  Security features like IPS and AMP use a lot of CPU.  Client VPN requires a lot of CPU for encryption.

 

I always size based of the Meraki MX sizing guide.  I wouldn't want to put a solution into a customer, have an issue, and then have support telling me I am exceeding the recommended guidelines and leaving me to it.

https://meraki.cisco.com/lib/pdf/meraki_whitepaper_mx_sizing_guide.pdf 

Issues you may run into include stability problems (the MX crashing when running too low on RAM) and performance issues.

 

I've personally been asked to assist with a case where a customer was having issues with their MX - and it was purely because the MX being used was too small for the job.

The customer had a hard time accepting they had bought a unit too small for the job.  They kept quoting throughout figures (sound familiar?).  In their case it was stable, and performance was fine with a small number of users but as the number of users increased to their maximum the overall performance dropped.

DarrenOC
Kind of a big deal
Kind of a big deal

You have to stick to what’s in the datasheets purely for the reason that @PhilipDAth @state’s. Hit an issue further down the road and support will literally throw the ticket out due to the device not being sized correctly. An expensive error.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

I guess I should clarify, using mine as a simple gateway/firewall. No features enabled other than some content filtering, for guest networks etc. So no VPN/IDS/IPS/AMP etc.
Nolan Herring | nolanwifi.com
TwitterLinkedIn
MerakiDave
Meraki Employee
Meraki Employee

@Mike_Robo_SK the earlier answers are spot on regarding the MX Sizing Guide.  The three primary factors are 1) how many clients, 2) how much bandwidth, and 3) how many tunnels (if running an AutoVPN solution for example).  And the data sheet numbers are not meant to be "drag strip" numbers, but realistic values with ADV SEC features enabled.

 

https://meraki.cisco.com/lib/pdf/meraki_whitepaper_mx_sizing_guide.pdf

 

The clients count is a generic 50 simultaneous clients for those MX6x platforms, and can be the typical mix of wired, wireless and VPN clients on the typical variety of client devices.  There is no stated "theoretical" max number of clients and 50 is not a hard limit, like you said the sizing guide specifies guidelines, not maximums.  I've seen deployments with a mix of 100 simultaneous clients run just fine through an MX65W for example, but it depends on the deployment and applications in use, and obviously which advanced features are enabled.

 

If the customer is only going to have perhaps 150/30 Mbps throughput requirements but also have on the otder of a hundred users, then yes, I'd go to the MX84.  However if their application traffic footprints/requirements are relatively light, and you're not turning on heavier hitters like AMP/IPS for example, and if it's price sensitive, you could perhaps use an MX67. 

 

But as a best practice, I'd never recommend intentionally under-sizing the platform, the application and performance requirements only tend to grow.  As a rule of thumb, size the platform based on the largest of all 3 factors (clients, throughput, tunnels) and work your way back from there (if needed, to justify a smaller appliance) by considering the specifics of the use case, applications in use, and features enabled.

 

Hope that helps!

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels