Hi Cummunity,
i have a MX VPN network with warm spare at all locations.
Now if the lan interface of the master mx goes down, the location loses its connection to the central site.
Would not have to take over the spare MX in this case? (swap)
thx
Andi
Solved! Go to solution.
The recommended topologies are shown in this document, https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair. However these don't cover the scenario with only a single LAN switch. I would suggest that you have two links from the switch to each of the MX, that way the failure of a single link won't cause a dual active scenario. You will need to ensure your LAN switch supports Spanning-Tree Protocol (STP) so that you don't end up with a Layer 2 loop.
Hi @Andi1, is there more to your network on the LAN side, like a switch or something? If you just have a link between the MXs then it’s not a recommended solution.
If you only have a single link to the primary MX I’m going to suggest that when this is failing you are getting a dual active scenario as both devices believe they should be active - i.e. neither is receiving a VRRP keep-alive from the other. Ultimately this is likely what is causing the issue, not sure exactly how, but guessing it’s likely to do with the VPN tunnels that are brought up and the routes that end up in the hub routing table.
Hi @Bruce , many thanks for your response and sorry for my bad picture.
Of course i have a switch behind my two MXs.
So if we have vrrp between the two mMXs and the LAN connection fails, the second would have to take over the virtual IP?
thx
Andi
They will be both active.
Turn off VIP on the WAN interface and it will work.
Hi all,
can anyone tell me what the recommended topology is in this case? (cabeling)
The recommended topologies are shown in this document, https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair. However these don't cover the scenario with only a single LAN switch. I would suggest that you have two links from the switch to each of the MX, that way the failure of a single link won't cause a dual active scenario. You will need to ensure your LAN switch supports Spanning-Tree Protocol (STP) so that you don't end up with a Layer 2 loop.