Using MX instead of Layer 3 switch as Default Gateway

Solved
Chris-12
Conversationalist

Using MX instead of Layer 3 switch as Default Gateway

I'm trying to decide if I should use my MX250 as my default gateway for multiple subnets instead of a Layer 3 switch that would subtend off of the MX.  In the past I have used a Layer 3 switch as the default gateway because of it's ability to route packets fast.  Can the MX route packets on the LAN interface as fast as a layer 3 switch (MS-350)?

 

Any thoughts or opinions would be much appreciated.

 

 

Thanks,

 

 

CM

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal

The MX can only apply per user group policies when it is layer 2 adjacent to the users (so basically the VLAN has to terminate on the MX).

Also when the VLAN is configure on the MX you can configure per-VLAN group policies.

 

A L3 switch will out perform an MX for pure routing performance.

 

So if you want high-intervlan routing performance - do the routing on the L3 switch.  If you want lots of visibility and controls, configure the VLANs on the MX instead.

View solution in original post

7 Replies 7
PhilipDAth
Kind of a big deal
Kind of a big deal

The MX can only apply per user group policies when it is layer 2 adjacent to the users (so basically the VLAN has to terminate on the MX).

Also when the VLAN is configure on the MX you can configure per-VLAN group policies.

 

A L3 switch will out perform an MX for pure routing performance.

 

So if you want high-intervlan routing performance - do the routing on the L3 switch.  If you want lots of visibility and controls, configure the VLANs on the MX instead.

Chris-12
Conversationalist

Thanks!  Where do I find the performance of the inter-vlan routing on the MX?  I looked at the spec sheets but nothing is listed.

 

 

Thank you!

 

KayodeT
Conversationalist

Chris,

This is my exact Dilema. I want more visibility into my network traffic using SolarWinds to collect NetFlow info, but i have the MS425 Aggregate switches for high performance interVLAN routing.

 

- If i want more visibility i would move my VLANs to the MX, but i dont know, cant find and Meraki cant answer what is the throughput on the MX for interVLAN.

 

There would be a easier way to get more visibility if Meraki just implements NetFlow on their MS switches ( or even just the MS425)

 

We Need Meraki to provide us with this data, not even their engineers could give me a straight answer, this was what they said " You could setup the VLANs on your MX and then do a throughput test" smh

 

Come on Meraki do better!!!!

PhilipDAth
Kind of a big deal
Kind of a big deal

>- If i want more visibility i would move my VLANs to the MX, but i dont know, cant find and Meraki cant answer what is the throughput on the MX for interVLAN.

 

I don't know the answer for sure.  I can tell you that IPS still runs on inter-vlan traffic.  Based off the sizing guide and assuming you have IPS enabled that would mean the throughput would be 2Gb/s.

https://meraki.cisco.com/lib/pdf/meraki_whitepaper_mx_sizing_guide.pdf

 

Personally, I think the throughput would be considerably higher.  Small flows are harder to process and will give this kinda of result.  If your data consisted of big flows such as SMB file sharing etc then I could easily see the throughput being double this.

KayodeT
Conversationalist

I recently asked if Meraki had NetFlow on their MS Switches road map i was told that currently NO, do you think this would be difficult (I am assuming Meraki needs some flow monitoring for the dashboard to be populated with usage data)

 

How would i be able to Get NetFlow on Meraki MS Switches road map? @PhilipDAth 

PhilipDAth
Kind of a big deal
Kind of a big deal

Meraki already provide a comprehensive monitoring platform for the MS.  It is all cloud based, and requires no extra servers or infrastructure.

 

I've never had anyone else ever asked about Netflow for the MS.

 

I'm thinking there is little chance of it making it onto a roadmap.

CptnCrnch
Kind of a big deal
Kind of a big deal

Well, Netflow would make perfect sense even or especially on MS thinking about Stealthwatch. Guess integration has not gotten that far within the Meraki PM team (unfortunately).

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels