advertise summary routes on selective MX VPN peers

hmc250000
Getting noticed

advertise summary routes on selective MX VPN peers

Can you advertise summary routes that are turned on in the VPN in a hub site to on only selective MX VPN peers? What can you do if you do not want all meraki spoke/hub sites and non meraki peers to send traffic to a summary route that is advertised?

 

Thanks.

8 Replies 8
oldroo
Getting noticed

if you don't want devices to send traffic via a known summary route, you put a more specific route in your route table for that device and point it to the next hop you want it to use.

 

You can also modify route metrics to influence routes as well

hmc250000
Getting noticed

Please explain in more detail how to do that? I don't see an option of route metrics.And if you now turn on a more specific route would that not also advertise to other VPN peers? Maybe an example would help me understand it better. 

PhilipDAth
Kind of a big deal
Kind of a big deal

No.

 

All MXs share the same route table.

hmc250000
Getting noticed

Ok. So all the sites in an organization that participate in site to site VPNs will join the mesh. We intend to have a small number of regional hubs. IS it possible to have some of the MX's in spoke sites not join this mesh and just have a single site to site connection to one hub? 

PhilipDAth
Kind of a big deal
Kind of a big deal

Yes.  As soon as you select spoke, you have to explicitly configure the hub(s) that it connects to.

 

Spokes never build an AutoVPN to another spoke.

hmc250000
Getting noticed

Good info. In the mesh can you have one route advertised by 2 or multiple hubs? For instance I would like to advertise a summary route 172.16.0.0/16 on at least two of our hubs. I've tried this but get an error.

PhilipDAth
Kind of a big deal
Kind of a big deal

>In the mesh can you have one route advertised by 2 or multiple hubs?

 

Yes.  They can not be directly connected to the hub(s) though.  You need to have the hub(s) connected via a transit network (such as to a layer 3 switch).

hmc250000
Getting noticed

Just found this 

Routed Mode and AutoVPN

You can only advertise the same subnet from more than one appliance if all appliances advertising that subnet are in Passthrough or VPN Concentrator mode. All subnets advertised from an appliance in Routed mode must be unique within the AutoVPN topology.

 

 

https://documentation.meraki.com/MX/Networks_and_Routing/MX_Routing_Behavior

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels