Spoke to Spoke communication is asymmetric with multiple HUB scenario

Solved
shekharmore003
Conversationalist

Spoke to Spoke communication is asymmetric with multiple HUB scenario

We are planning to build network topology with multiple HUBs and just checking the spoke to spoke traffic flow. Looks like as per the Meraki architecture Spoke to spoke communiction will be assymetric.

Our example topology is as follows


2 HUBs

1. HUB1
2. HUB2

 

2 Spokes

1. Spoke1
2. Spoke2

 

Spoke1 and spoke2 are connected via AutoVPN with both the HUBs.
For Spoke1, HUB1 is highest priority and HUB2 at second priority.
For Spoke2, HUB2 is highest priority and HUB1 at second priority

 

When Spoke 1 originate the traffic towards Spoke2, the flow will be as follows

Spoke1->HUB1->Spoke2

 

While the return path from Spoke2 to SPoke1 will be as follows

Spoke2->HUB2->Spoke1


So The traffic flow will be asymmetric where from Spoke1 traversing via HUB1 to reach Spoke2 and return path is via HUB 2 as per the Meraki HUB priority rule.

 

Does the traffic flow will be as above and this is the Meraki design? Or Spoke2 will see the existing connection and while returning the traffic it will use the same connection and return to spoke1 via HUB1 (like Cisco ASA stateful firewall)?

If this is the Meraki design then will it impact Meraki firewall L3 access rules?

 

 

1 Accepted Solution
ww
Kind of a big deal
Kind of a big deal

You can find answers here.

https://community.meraki.com/t5/Security-SD-WAN/Meraki-AutoVPN-asymmetric-routing-probability/m-p/19...

 

Also note that the normal L3 firewall does not work for vpn traffic. Only the site-to-site vpn firewall rules

View solution in original post

1 Reply 1
ww
Kind of a big deal
Kind of a big deal

You can find answers here.

https://community.meraki.com/t5/Security-SD-WAN/Meraki-AutoVPN-asymmetric-routing-probability/m-p/19...

 

Also note that the normal L3 firewall does not work for vpn traffic. Only the site-to-site vpn firewall rules

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels