Hi All
Can anyone tell me how the VRRP fails over on a Meraki MX device.
1.If we have say 3 vlans configured on each Meraki, if one of the vlans goes down on one of them, does this trigger a failover? if not why can't they have it like a normal Cisco switch so you can have individual gateways active on different vlans?
2.What if say we have 2 physical interfaces configured on each Meraki, both in different networks, in what scenario would a failover occur? as long as the Meraki sees at least one heartbeat on 1 network, does the primary always stay active?
cheers
VRRP will only failover should the secondary not receive a response from the primary. So in your scenario won’t failover if a single vlan fails
I'm not sure on this - but I think if VRRP fails on any VLAN it causes a failover - but I am not confident about this.
Surely not @PhilipDAth ! What if an Admin shut down/deleted a VLAN interface on an MX the devices wouldn’t reload?
It would shut down on both in a warm spare pair.
A failover does not cause an MX reboot. It is just a question of how is the VRRP master. Whatever is the primary MX is the VRRP master for all VLANs. So if it can not be the VRRP master for even one VLAN, a failover has to happen so that the other unit can take over the role for all VLANs.
Just like Darren said : https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair
LAN failover: The two appliances share health information over the network via the VRRP protocol. These VRRP heartbeats occur at layer two and are performed on all configured VLANs. If no advertisements reach the spare on any VLAN, it will trigger a failover.
I'm wondering what could cause a VLAN to fail? (as opposed to a link or a device)
Let's say you have 2 MXs connected to a switch and someone remove that specific vlan on the allowed vlans on one of the trunks. I think that could be one case.
OK but that would be a reconfiguration, not a failure (which is what such setups are designed to protect against). In that example, VRRP packets would continue to be received via the other (allowed) VLANs and there'd be no failover.
@GreenMan , are you saying that Meraki devices aren’t Layer8 proof?
Well - we do try very hard, along those lines! But it's a bit of a moving target... 😁