Meraki

Community

Warm Spare Uplink Choices

meraki-newbie
Getting noticed
‎Apr 23 2024 8:59 PM
‎Apr 23 2024 8:59 PM

Warm Spare Uplink Choices

When applying warm spare on MX, there are two choice of Uplink IPs, :

 

  1. Use MX uplink IPs
  2. Use virtual uplink IPs

 

merakinewbie_0-1713930831713.png

 

there are some questions in my head, what is the difference from those two options? what is difference of behavior between those two options ?

0 Kudos
4 Replies 4
eastoscar
Here to help
‎Apr 24 2024 1:02 AM
‎Apr 24 2024 1:02 AM

Hi,

Use MX uplink IPs: When using this option, the current Active MX will use its distinct uplink IP or IPs when sending traffic out to the Internet. This option does not require additional public IPs for Internet-facing MXs, but also results in more disruptive failover because the source IP of outbound flows will change.

Use virtual uplink IPs: When using this option, both MXs will use a shared virtual IP (VIP) when sending traffic out to the Internet. This option requires an additional public IP per uplink but allows for seamless failover because the IP address the network is using to communicate with the Internet will be consistent. The VIP for each uplink must be in the same subnet as the IPs of the MXs themselves for that uplink, and the VIP must be different from both MX uplink IPs.

you will find more information in the documentation:
MX Warm Spare - High-Availability Pair - Cisco Meraki Documentation

cmr
Kind of a big deal
Kind of a big deal
‎Apr 24 2024 4:08 AM
‎Apr 24 2024 4:08 AM

Using a virtual IP means that all client traffic coming from, or going to the MX on the WAN interface will always use the same IP address.  The physical WAN addresses are only used for the management traffic.  This is useful if you host a server or if you are connecting to a remote system and you IP needs to be whitelisted (although if both physical could be then this is less of an issue). 

If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to cmr
meraki-newbie
Getting noticed
‎Apr 24 2024 8:03 PM
‎Apr 24 2024 8:03 PM

so it means, when using virtual uplink, it will much easier connect non-meraki vpn peer with, just peer with single VIP only ?

0 Kudos
In response to meraki-newbie
eastoscar
Here to help
‎Apr 24 2024 11:45 PM
‎Apr 24 2024 11:45 PM

I would't say easier, it's different. 😃
When you configure a regular IPsec peer you won't have a redundancy when using physical WAN addresses. When you use the VIP the IPsec tunnel can move to the secondary MX.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.