vMX Deployment into Azure as a Hub

SOLVED
UmutYasar
Here to help

vMX Deployment into Azure as a Hub

We have a working Meraki Hub and Spoke Network. Spokes are going to HUb to access DC servers, Head office users also using Hub to access DC servers and the internet. We plan to move the DC servers to Azure Cloud. I plan to deploy Azure Firewall and vMX into Azure and Peer the Azure servers to the vMX that is configured as Hub. I need to create sdwan between Hub and vMX and Spokes and vMX. But the problem is vMX will learn Spoke prefixes both from HUB and from Spokes this time. Then this design will not work. I am assuming I need to turn the Hub to the Spoke and vMX will be transit Hub at this time for Spoke to Spoke communication.

 

Is there a way to connect Hub and Spokes to the vMX that is configured as Hub without issue?

1 ACCEPTED SOLUTION

>Then return traffic to a spoke from vMX Hub will go directly to this spoke since it has one hop (shorter path),

 

Correct.  As long as you tell the spoke to connect to both of your hubs.

View solution in original post

7 REPLIES 7
Inderdeep
Kind of a big deal
Kind of a big deal

@UmutYasar : Well as you say and what i get it from your statement you required single data center and two active/active hubs, If yes please go through the below link and check for example 1 there 

 

https://www.willette.works/active-active-meraki-sd-wan-headends/ 

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com

@Inderdeep I'll check it, but I think my case might be different. One hub connected to the DC for only IP-PBX and spoke-to-spoke communication. The other Hub will be vMX in Azure and connected to servers. I am concerned about return traffic from Azure servers to the Spokes and Hub.

Connect the spokes to both hubs (Azure and on-premise).

 

They will use the shortest path to get to the destination.

@PhilipDAth , Do you think I can connect on-premise Hub to Azure vMX Hub? On-premise Hub also has users connected need to go to Azure servers. My concern is return traffic from Azure Servers to Spokes in this case. I assume on-premise Hub will send Spokes' subnets to vMX Hub and Spoke themselves will send their subnets to it as well, and it'll not work in this case. What do you think?

>Do you think I can connect on-premise Hub to Azure vMX Hub?

 

Yes, all hubs automatically form a connection to all other hubs.

 

Obviously, each site (including Azure) needs to have unique IP subnets.

@PhilipDAth, yes, all have unique subnets.

Then return traffic to a spoke from vMX Hub will go directly to this spoke since it has one hop (shorter path),

Not through to the on-premise Hub like vMX -> on-premise Hub -> Spoke.

>Then return traffic to a spoke from vMX Hub will go directly to this spoke since it has one hop (shorter path),

 

Correct.  As long as you tell the spoke to connect to both of your hubs.

Get notified when there are additional replies to this discussion.