Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Static Route / Metro E

Solved
Sarv
Getting noticed
‎Jun 19 2023 1:06 PM
‎Jun 19 2023 1:06 PM

Static Route / Metro E

 

I am looking at a solution for the following scenario:


Customer has a private Metro-Ethernet connection between HQ and DC. Customer also has MX's in both locations, Customer has 2 ISP's at both locations (HQ and DC), both WAN ports at each location are used by the Primary/Secondary ISP

 

What we would like to do:

 

Metro-E connection terminates at both MX's LAN port (HQ and DC)


Enable all DC VLANs/Subnets over AutoVPN

 

Setup up Static Route on MX's to route traffic over Metro-E (assuming static route will take precedence over VPN route)

 

if the Metro-E fails between HQ and DC, would like the traffic to flow across VPN.

 

Is this possible by using static route on MX with condition (use route while device on the other side pings)

 

Thanks

Sarvjit

 

 

0 Kudos
Subscribe
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 19 2023 1:34 PM
‎Jun 19 2023 1:34 PM

You are going to need some extra kit.  I think the easiest option will be a layer 3 switch stack at both sites.  A minimum of MS250.  Each site needs to be using its local MS250 stack for all layer 3 routing.  The Metro-Ethernet circuit needs to go between the two switches.  The switches need to be running OSPF between over the Metro-Ethernet circuit.

Normally inter-site traffic will only flow between the switches, and the MXs will never see it.

 

Each switch stack needs a stub link to its local MXs.  The MXs will have static routes for the L3 interfaces on the MS250s.  These static routes will be re-distributed into AutoVPN.

 

If your Metro-Ethernet circuit fails, OSPF will forget about all the routes it has learned, and fall back on its default route to the MXs, which will then send the traffic using AutoVPN.

 

 

Another option you could use is to get a second Metro-Ethernet circuit between the switch stacks, and use that for your HA instead.

View solution in original post

Subscribe
6 Replies 6
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jun 19 2023 1:11 PM
‎Jun 19 2023 1:11 PM

I don't know if I understand correctly, but maybe Source-based default routes is an option.

 

https://documentation.meraki.com/MX/Networks_and_Routing/Source_Based_Default_Routing

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
Sarv
Getting noticed
‎Jun 19 2023 1:23 PM
‎Jun 19 2023 1:23 PM

I don't think source based route will work in this scenario (internet traffic still needs to go out the local ISP at HQ). Basically, we want all DC subnet traffic to use AUTOVPN  as secondary route to the DC if primary route fails (Metro-Ethernet).

 

Thanks


Sarvjit

0 Kudos
Subscribe
In response to Sarv
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jun 19 2023 1:32 PM
‎Jun 19 2023 1:32 PM

Take a look at this:

 

 

 

https://documentation.meraki.com/MX/Site-to-site_VPN/Configuring_Site-to-site_VPN_over_MPLS

 

https://documentation.meraki.com/MX/Networks_and_Routing/Integrating_an_MPLS_Connection_on_the_MX_LA...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
Sarv
Getting noticed
‎Jun 19 2023 1:42 PM
‎Jun 19 2023 1:42 PM

I suspect it will be a hybrid of those 2 approaches above. I will do some testing in our lab. Thanks

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 19 2023 1:34 PM
‎Jun 19 2023 1:34 PM

You are going to need some extra kit.  I think the easiest option will be a layer 3 switch stack at both sites.  A minimum of MS250.  Each site needs to be using its local MS250 stack for all layer 3 routing.  The Metro-Ethernet circuit needs to go between the two switches.  The switches need to be running OSPF between over the Metro-Ethernet circuit.

Normally inter-site traffic will only flow between the switches, and the MXs will never see it.

 

Each switch stack needs a stub link to its local MXs.  The MXs will have static routes for the L3 interfaces on the MS250s.  These static routes will be re-distributed into AutoVPN.

 

If your Metro-Ethernet circuit fails, OSPF will forget about all the routes it has learned, and fall back on its default route to the MXs, which will then send the traffic using AutoVPN.

 

 

Another option you could use is to get a second Metro-Ethernet circuit between the switch stacks, and use that for your HA instead.

Subscribe
Sarv
Getting noticed
‎Jun 19 2023 1:45 PM
‎Jun 19 2023 1:45 PM

Thanks

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.