Solved: Re: Tag-Based IPsec VPN Failover

Fabian1 · ‎02-21-2022

Hi everyone,

does this still work? https://documentation.meraki.com/MX/Site-to-site_VPN/Tag-Based_IPsec_VPN_Failover

I'm struggling with the point that I have to use a backup tag that doesn't exist on a network yet. I added two tags to the network with "primary up" and "backup down", but the documentation says I need to add the tag "backup up" to the vpn availability. How do I do that, because I can only add a tag that is already tagged on a network.

Thanks

Fabian

Fabian1 · ‎03-02-2022

The solution is a bit dirty

You have to add the tag <location_backup_up> to a network. Next you use that tag on the availability of the backup VPN.

Now you can remove the tag from the network again. The availability on the VPN will be blank, but if you use the script it will change the tag <primary_up> to down and <backup_down> to up. That will make the tag appear on the VPN and primary_up will disappear.

Added the script with some changes to an AWS Lambda, works great!

View solution in original post

Ryan_Miles · ‎02-22-2022

If I'm not mistaken the script is renaming the tag from whatever its default state is. So, the backup_up tag for example wouldn't normally exist until the script creates it based on detected loss.

Fabian1 · ‎03-02-2022

The solution is a bit dirty

You have to add the tag <location_backup_up> to a network. Next you use that tag on the availability of the backup VPN.

Now you can remove the tag from the network again. The availability on the VPN will be blank, but if you use the script it will change the tag <primary_up> to down and <backup_down> to up. That will make the tag appear on the VPN and primary_up will disappear.

Added the script with some changes to an AWS Lambda, works great!

Bilbo007 · ‎04-03-2022

Hi @Fabian1, any chance you could share your AWS Lambda script for Meraki tag based failover? Thanks

Fabian1 · ‎04-03-2022

Here is the code. I simplified some of it. You need an S3 bucket to save the network and an EventBridge to call the script every minute. You can set the Meraki key in the parameters of the lambda function.

from encodings import utf_8

import requests, boto3, os, json

def lambda_handler(event, context😞

api_key = os.environ['Meraki_Key']

url = 'https://api.meraki.com/api/v0/organizations/[ORG ID]/uplinksLossAndLatency'

header = {"X-Cisco-Meraki-API-Key": api_key, "Content-Type": "application/json"}

response = requests.get(url,headers=header)

s3 = boto3.client('s3')

bucket='[S3 BUCKET]'

key = 'networklist.txt'

for network in response.json():

if network['ip'] != '8.8.8.8' and network['uplink']=="wan1":

print(network['networkId'])

print(network['ip'])

loss=False

for iteration in network['timeSeries']:

if int(0 if iteration['lossPercent'] is None else iteration['lossPercent']) >= 30:

loss=True

network_info = requests.get("https://api.meraki.com/api/v0/networks/"+network['networkId'], headers=header)

print(network_info.json()['name'])

tags = network_info.json()['tags'].split(' ')

if "_primary_down" in tags[1] or "_primary_down" in tags[2]:

print("VPN already swapped")

break

else:

#Ändern der Tags

print("Need to change VPN, recent loss - "+str(iteration['lossPercent']))

if "_primary_up" in tags[1]:

tags[1] = tags[1].split("_up")[0]+"_down"

if "_primary_up" in tags[2]:

tags[2] = tags[2].split("_up")[0]+"_down"

if "_backup_down" in tags[1]:

tags[1] = tags[1].split("_down")[0]+"_up"

if "_backup_down" in tags[2]:

tags[2] = tags[2].split("_down")[0]+"_up"

payload = {'tags': tags[2]+" "+tags[1]}

#Setzen der Tags

new_network_info = requests.put("https://api.meraki.com/api/v0/networks/"+network['networkId'], data=json.dumps(payload), headers=header)

#betroffenes Netzwerk wird in S3 Bucket geschrieben

s3.put_object(Body=s3.get_object(Bucket=bucket, Key=key)['Body'].read().decode('utf-8') + "\n" + network['networkId'], Bucket=bucket, Key=key)

break

#Tags werden zurückgesetzt wenn Loss wieder auf 0 zurück geht

if loss==False and network['networkId'] in s3.get_object(Bucket=bucket, Key=key)['Body'].read().decode('utf-8'😞

print("Primary VPN healthy again..swapping back")

network_info = requests.get("https://api.meraki.com/api/v0/networks/"+network['networkId'], headers=header)

tags = network_info.json()['tags'].split(' ')

if "_primary_down" in tags[1]:

tags[1] = tags[1].split("_down")[0]+"_up"

if "_primary_down" in tags[2]:

tags[2] = tags[2].split("_down")[0]+"_up"

if "_backup_up" in tags[1]:

tags[1] = tags[1].split("_up")[0]+"_down"

if "_backup_up" in tags[2]:

tags[2] = tags[2].split("_up")[0]+"_down"

payload = {'tags': tags[1]+" "+tags[2]}

#Setzen der Tags

new_network_info = requests.put("https://api.meraki.com/api/v0/networks/"+network['networkId'], data=json.dumps(payload), headers=header)

#Netzwerk wird von S3 Bucket gelöscht

s3.put_object(Body="", Bucket=bucket, Key=key)

print("Sleeping for 30s...")