Warm Spare - lose connection when lan interface goes down

SOLVED
Andi1
Comes here often

Warm Spare - lose connection when lan interface goes down

Hi Cummunity,

i have a MX VPN network with warm spare at all locations.

Now if the lan interface of the master mx goes down, the location loses its connection to the central site.

Would not have to take over the spare MX in this case? (swap)

Andi1_0-1627308299625.png

 

thx

Andi

1 ACCEPTED SOLUTION
Bruce
Kind of a big deal

The recommended topologies are shown in this document, https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair. However these don't cover the scenario with only a single LAN switch. I would suggest that you have two links from the switch to each of the MX, that way the failure of a single link won't cause a dual active scenario. You will need to ensure your LAN switch supports Spanning-Tree Protocol (STP) so that you don't end up with a Layer 2 loop.

View solution in original post

7 REPLIES 7
Bruce
Kind of a big deal

Hi @Andi1, is there more to your network on the LAN side, like a switch or something? If you just have a link between the MXs then it’s not a recommended solution.

 

If you only have a single link to the primary MX I’m going to suggest that when this is failing you are getting a dual active scenario as both devices believe they should be active - i.e. neither is receiving a VRRP keep-alive from the other. Ultimately this is likely what is causing the issue, not sure exactly how, but guessing it’s likely to do with the VPN tunnels that are brought up and the routes that end up in the hub routing table.

Andi1
Comes here often

Hi @Bruce , many thanks for your response and sorry for my bad picture.

Of course i have a switch behind my two MXs.

 

So if we have vrrp between the two mMXs and the LAN connection fails, the second would have to take over the virtual IP?

 

thx

Andi

 

ww
Kind of a big deal
Kind of a big deal
PhilipDAth
Kind of a big deal
Kind of a big deal

Turn off VIP on the WAN interface and it will work.

Andi1
Comes here often

Hi @PhilipDAth!

I don't use a VIP on the WAN. I'm using the MX uplink IPs.

Andi1
Comes here often

Hi all,

 

can anyone tell me what the recommended topology is in this case? (cabeling)

 

Bruce
Kind of a big deal

The recommended topologies are shown in this document, https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair. However these don't cover the scenario with only a single LAN switch. I would suggest that you have two links from the switch to each of the MX, that way the failure of a single link won't cause a dual active scenario. You will need to ensure your LAN switch supports Spanning-Tree Protocol (STP) so that you don't end up with a Layer 2 loop.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels