Warm Spare VIP for only one of two Uplinks

Matthew-MOL
Just browsing

Warm Spare VIP for only one of two Uplinks

My setup includes two MX84's in Warm Spare configuration and we have two ISPs

 

Our primary ISP contains a /29 IP block and /30 gateway, meaning we can only configure one MX for this ISP.

 

Our secondary ISP contains a /29 IP block, so I have set up both WAN2 Uplinks with an IP from this block and want to set a VIP.

 

My Question is, if I want to set the VIP for the Secondary Uplink, can I leave the field blank for the Primary Uplink and have the VIP be 'ignored' for this Uplink? Or, once VIP is enabled, it has to be set for both Uplink sets (WAN1 and WAN2)?

6 REPLIES 6
CptnCrnch
Kind of a big deal

Re: Warm Spare VIP for only one of two Uplinks

I'm pretty sure you can't do that but I never tried it either.

ww
Kind of a big deal
Kind of a big deal

Re: Warm Spare VIP for only one of two Uplinks

When using vip

wan1 vip is required.

Wan2 vip is optional. 

 

 

"the secondary uplink virtual IP for a warm spare is an optional field. But if a warm spare is configured and the second uplink is enabled, and the virtual IP is not set, the security appliance will not behave correctly."

PhilipDAth
Kind of a big deal

Re: Warm Spare VIP for only one of two Uplinks

I would say I configure the VIP address for maybe 25% of the HA setups we do.

 

Is there a reason you feel you need to use VIP?

Matthew-MOL
Just browsing

Re: Warm Spare VIP for only one of two Uplinks

Thanks, is that quote from a documentation article? I believe it, just couldn't find it myself anywhere.

 

And interesting that it notes it as "optional but will not behave correctly without". Doesn't sound so optional to me, then.

Matthew-MOL
Just browsing

Re: Warm Spare VIP for only one of two Uplinks

Our public IP needs to remain static for scenarios with outside vendors, where they whitelist IP for connecting to their services (FTP, etc.)

PhilipDAth
Kind of a big deal

Re: Warm Spare VIP for only one of two Uplinks

If a vendor can whitelist one IP address they can whitelist two.  Just tell them this is our "primary" and this is our "DR".  I'd be surprised if they didn't when explained like that.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.