vpn concentrator OSPF

SOLVED
Lukef
Here to help

vpn concentrator OSPF

Hey Team,

We are in the process of designing a datacentre solution for an existing Meraki network. The customer would like dynamic routing between the datacentre and head office.

We are going to be using OSPF to get the routes from the Meraki kit but wondering, Do you use a separate area for the meraki concentrators or do you put it all on area 0.

 

https://imgur.com/X4xu9y4 

 

1 ACCEPTED SOLUTION
MyHomeNWLab
Getting noticed

First, I'll talk about the premise information.

 

In normal Meraki MX behavior (without BETA function), SD-WAN fabric routes are always advertised by OSPF.
Strictly speaking, Meraki MX does not track Auto VPN Peer state. Therefore, routes will always continue to be advertised in OSPF.
And, Meraki MX cannot learn OSPF routes. In effect, it only uses OSPF to advertise Auto VPN Peer routes.
This behavior reduces the likelihood of Auto VPN Route flapping within the OSPF area.

 

In my opinion, I think that if there are no circumstances to divide an area, it can be set to area 0.

View solution in original post

4 REPLIES 4
MyHomeNWLab
Getting noticed

First, I'll talk about the premise information.

 

In normal Meraki MX behavior (without BETA function), SD-WAN fabric routes are always advertised by OSPF.
Strictly speaking, Meraki MX does not track Auto VPN Peer state. Therefore, routes will always continue to be advertised in OSPF.
And, Meraki MX cannot learn OSPF routes. In effect, it only uses OSPF to advertise Auto VPN Peer routes.
This behavior reduces the likelihood of Auto VPN Route flapping within the OSPF area.

 

In my opinion, I think that if there are no circumstances to divide an area, it can be set to area 0.

Thanks, And providing we advertise both mx's at a different cost, if at least the link between the sites break, the secondary site will still have availability to the datacentre via the SD-WAN. If we lose internet connectivity at the DC, it should also fail over to the secondary mx as the primary will be offline.

 

 

PhilipDAth
Kind of a big deal

I'd be tempted to change that single Gbe link to a resident pair of Gbe links, and then join them together using LACP.

 

Then make the two MXs a warm spare pair.  Only one will be active at a time (so you can just use a static route to get to everything over SD-WAN).  Note that both sites will only use one of the MXs Internet connections at a time.  So if the primary MX was at the DC, the head office would use the DC Internet link over the dark fibre.

Thanks Philip, Would be nice but a bit cost prohibitive at the moment.

Appreciate your feedback as it is not something we have thought of in the design as an option.

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels