I am in the midst of proposing a solution to a customer using Meraki Appliances. To give some context, customer requires HA setup for appliance and also connectivity and customer initially wants an isolated connectivity for their data replication purposes on top of their current connectivity requirement. However, i am trying to explore whether can we ride on the same connectivity instead of isolating the connectivity for data replication in order to save some cost. Can the solution in the diagram attached works?
1) Data replication needs to be running all the time in 15 minutes interval with data upload of 3GB
2) At the same time, using the same connectivity for branch networking and file/web server access between two locations via AutoVPN.
Yes, you can run multiple applications simultaneously over IPsec tunnels between two MX appliances. What those applications are is largely irrelevant.
Given that your customer feels the need to have a separate connection for their data replication I would point out that using Traffic Shaping rules on the MX you can give priority to that application ensuring it gets preferential treatment in the queues.
Some more thoughts;
Have you considered using a stacked pair of MS210's instead of an MS120 for increased redundancy?
You have two Internet circuits plugged into each MX450. You could dedicate one of those Internet circuits for replication and use the other for all your branch traffic. In the event of either circuit failing everything would run off the one remaining circuit.
By my calculations a 100Mb/s circuit would be a good match for your replication traffic.
Why not move the servers to the Cloud?
We know it works, it would greatly simplify the resultant network, and scales better than networks that spread servers around the terminal nodes. A failure at a specific site need not affect other sites.
Yes, due to the fact that data replication has to be isolated, we have decided to dedicated one of those internet links purely on data replication. However i am limited with a certain budget from the customer if i were to replace MS120 with MS210.
Thanks for the input!
Yes, i agree, what those appliacations are largely irrelevant. However i have limited visibility from the customer's end, whether are they using any other equipments to do data replication and also the actual traffic utilization they are using for data replication and other applications they are running.
We have decided to dedicated one of those internet links to manage the data replication. Due to the limited information we have received from the customer, we will conduct a POC to assess this solution.
Thanks for the input!
@zulhilmizubir If I may, what happens if the Internet link you dedicate to the backup experiences transient issues such as a spike in loss? I would suggest that dedicating one of the links purely for one function might not be the best solution. Given that Meraki MX appliances have some SD-WAN features why not take advantage of them?
Create a Performance Class with values that make sense for the replication traffic, and then apply that PC with a Flow Preference. Sure, you can set it to prefer one link, but by using a PC you can have the replication traffic use the best link at any given moment. If one Internet link has issues the MX will move the flows to the other ensuring the best possible service for the replication traffic.
You can also add a traffic shaping rule to ensure that the replication traffic has guaranteed bandwidth regardless of which link it's being sent across.