Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Warm Spare Uplink Choices

meraki-newbie
Here to help
2 weeks ago
2 weeks ago

Warm Spare Uplink Choices

When applying warm spare on MX, there are two choice of Uplink IPs, :

 

  1. Use MX uplink IPs
  2. Use virtual uplink IPs

 

merakinewbie_0-1713930831713.png

 

there are some questions in my head, what is the difference from those two options? what is difference of behavior between those two options ?

0 Kudos
Subscribe
4 Replies 4
eastoscar
Here to help
a week ago
a week ago

Hi,

Use MX uplink IPs: When using this option, the current Active MX will use its distinct uplink IP or IPs when sending traffic out to the Internet. This option does not require additional public IPs for Internet-facing MXs, but also results in more disruptive failover because the source IP of outbound flows will change.

Use virtual uplink IPs: When using this option, both MXs will use a shared virtual IP (VIP) when sending traffic out to the Internet. This option requires an additional public IP per uplink but allows for seamless failover because the IP address the network is using to communicate with the Internet will be consistent. The VIP for each uplink must be in the same subnet as the IPs of the MXs themselves for that uplink, and the VIP must be different from both MX uplink IPs.

you will find more information in the documentation:
MX Warm Spare - High-Availability Pair - Cisco Meraki Documentation

Subscribe
cmr
Kind of a big deal
Kind of a big deal
a week ago
a week ago

Using a virtual IP means that all client traffic coming from, or going to the MX on the WAN interface will always use the same IP address.  The physical WAN addresses are only used for the management traffic.  This is useful if you host a server or if you are connecting to a remote system and you IP needs to be whitelisted (although if both physical could be then this is less of an issue). 

Subscribe
In response to cmr
meraki-newbie
Here to help
a week ago
a week ago

so it means, when using virtual uplink, it will much easier connect non-meraki vpn peer with, just peer with single VIP only ?

0 Kudos
Subscribe
In response to meraki-newbie
eastoscar
Here to help
a week ago
a week ago

I would't say easier, it's different. 😃
When you configure a regular IPsec peer you won't have a redundancy when using physical WAN addresses. When you use the VIP the IPsec tunnel can move to the secondary MX.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.