Trafic Shapping for VPN and Local Breakout

JonasResende
Here to help

Trafic Shapping for VPN and Local Breakout

Hi all,

 

When I create a Traffic Shaping Rules will it take effect for both VPN traffic and local Internet breakout, or just for VPN Traffic?

 

5 Replies 5
Inderdeep
Kind of a big deal
Kind of a big deal

JonasResende
Here to help

@Inderdeep However in case for vpn exclusion rules (local breakout), it's not possible to setup how amount of bandwidth allocate for each application, right?

Bruce
Kind of a big deal

@JonasResende what outcome are you looking for? The traffic shaping rules apply to both VPN traffic and internet traffic, any should also apply to traffic using Full Tunnel Exclusion (note that application based Full Tunnel Exclusion requires the SD-WAN Plus license). So, you can create some basic limitations on maximum traffic bandwidth using the shaping rules. If you can use the MX16 firmware (the beta firmware) then you will get many more applications available in your rules as it uses the Cisco NBAR engine.

JonasResende
Here to help

Hello @Bruce , thanks for your reply. My doubt was really this one, if the traffic shaping rules would apply also over Local internet breakout traffic, because I have read on this link https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/SD-WAN_and_Traffic_Shaping that traffic shaping rules is applied only over Meraki Auto-VPN tunnels, what made me confused.

 

JonasResende_0-1624569195566.png

 

Bruce
Kind of a big deal

@JonasResende, yes the Traffic Shaping rules do apply to local internet breakout (I have set this up in my lab and seen the DSCP bits be set based on applied Traffic Shaping rules - both for SD-WAN traffic and internet breakout).

 

What that document refers to is traffic in a VPN tunnel to a third party peer (e.g. non-Meraki firewall) not having shaping rules applied. Traffic in a Meraki AutoVPN will be shaped as will internet breakout traffic.

 

I expect the reason internet breakout is not mentioned is that the document is about SD-WAN, which implies AutoVPN traffic, although it would be 'nice' if it was a little clearer.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels