Meraki

Community

Internet/WAN to MX HA pair best practices

SKSVFD
Here to help
‎Feb 5 2018 12:11 PM
‎Feb 5 2018 12:11 PM

Internet/WAN to MX HA pair best practices

I'm fairly new to Meraki and my networking is a little rusty. Here's my scenario I could use some help with:

 

I have a Comcast fiber connection with a connection to the internet, and a connection to the WAN. I also have 2 MX 100's that are going to be configured in a HA pair. I've got the Internet connection going to port 1 on the MX, and the WAN connection going to port 3. For HA to work right I'll need the same internet connection going to port 1 on the spare MX and the WAN connection going to port 3 on the spare MX, right? 

 

At this point getting another Comcast router and connection is not in the budget so how do I "split" the two connections from the Comcast to get a pair to each MX? My first thought was a couple of 5 port gig switches. 1 switch for the internet connection, 1 switch for the WAN connection, but those wouldn't be manageable and if one goes down I won't have the alerting that I do with the Meraki equipment. 

 

I do have an 8 port Meraki switch (MS220) that I could also use, but this gives me a single point of failure and I find it silly to add one device that could fail to connect to a pair of MX's to get failover there. 

 

I spoke with my Comcast rep to see if they could activate 2 of the SFP ports on the Ciena to mirror the other ports and she almost seemed offended that I was asking for free service, which I wasn't. 

 

So, what's the best option? I'm currently leaning towards plugging in our Comcast cable connection to port 2 on both, then if the MX dies I'll just go into the server room and unplug everything in MX a and plug it into MX b...

 

Scott

0 Kudos
10 Replies 10
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 5 2018 12:18 PM
‎Feb 5 2018 12:18 PM

Hoe does Comcast present their connection?  PPPoE?  Static routed range?  DHCP?

0 Kudos
In response to PhilipDAth
SKSVFD
Here to help
‎Feb 6 2018 11:35 AM
‎Feb 6 2018 11:35 AM

I've got static connections with a block of IP addresses. 

0 Kudos
In response to PhilipDAth
Keval
Here to help
‎Mar 2 2021 11:05 PM
‎Mar 2 2021 11:05 PM

Hi @PhilipDAth ,

 

Hybrid locations where we have HA Meraki devices, in case we keep one of the links as Broadband it is an PPPOE connection they are only giving a single public ip address. In such cases, we won't get /29 public ip address pools for seamless failover tracking. In that case, it is difficult for us to use broadband at small locations which is a cost-effective option??

 

Thank you. 

 

 

keval parsaniya
0 Kudos
In response to Keval
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 3 2021 11:33 AM
‎Mar 3 2021 11:33 AM

If it is a small location - do you need to use dual MXs?  What about using a small MX with the PPPoE going straight into it?

0 Kudos
In response to PhilipDAth
Keval
Here to help
‎Mar 3 2021 9:32 PM
‎Mar 3 2021 9:32 PM

Yes, so we have many other plants where the ISP provider is denying to give /29 public IP pool. so in that condition what will the topology for use PPPOE internet lines connect with dual MX?

keval parsaniya
0 Kudos
In response to Keval
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 4 2021 11:26 AM
‎Mar 4 2021 11:26 AM

If you don't have inbound NAT, you could instead plug the two MXs into an ISP router.

 

My preference - get an MG21, and plug the Internet2 ports on the two MX into the MG21.  Then you have real HA.  🙂

DCooper
Meraki Alumni (Retired)
Meraki Alumni (Retired)
‎Feb 5 2018 12:32 PM
‎Feb 5 2018 12:32 PM

At the very minimum your going to need two IP addresses to get this to work on both comcast and your WAN. Do you have this? If you can get additional IPs I would recommend getting an additional two per connection. You cabling is also incorrect but without the IPs there is no reason to cable this up. If you can get the IPs it would be best to put a switch between comcast/WAN and the two MX's.

 

If you cannot get this your going to be stuck with a manual failover. Let us know and we can help with the diagram of what it would look like either way.

0 Kudos
In response to DCooper
SKSVFD
Here to help
‎Feb 6 2018 11:40 AM
‎Feb 6 2018 11:40 AM

Thank you for the response. We do have a block of static IP addresses. My concern with putting the switch in between the Ciena and the MX's is that I now have another device to manage and still a single point of failure after the Ciena. I only see that as being a real benefit to doing firmware upgrades on the MX to reduce downtime. 

 

I've been told that the Ciena and can be configured with a virtual IP over 2 ports, or a failover between 2 ports but that Comcast doesn't like to program them to do that, they would rather sell you a complete other connection.

 

At this point I am leaning towards the manual failover as I work right next to the server closet, and only live a couple miles away so I could perform a manual failover pretty quickly. We are a fire department with a lot of backup manual processes available. If the network were to ever go down we'd still be able to roll out our equipment. 

 

Scott

0 Kudos
In response to SKSVFD
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 6 2018 11:53 AM
‎Feb 6 2018 11:53 AM

I would either use a small switch and plug your Internet circuit and two MX's into, or use a VLAN on an existing switch.  At least you'll have automated failover if the MX has an issue.

 

Yes it is an additional point of failure, but unless you invest in dual Internet circuits that is always going to be an issue.

 

You could also consider getting a cheap consumer grade Internet circuit for a backup - but note this will only protect outbound web browsing.

0 Kudos
MRCUR
Kind of a big deal
‎Feb 7 2018 4:41 PM
‎Feb 7 2018 4:41 PM

Given your current Comcast handoff setup, you'd need to put a switch in front of the MXen as mentioned by @PhilipDAth. I don't think you'll ever talk Comcast into setting up a second port on the Ciena in the same VLAN as your current handoff port. I've never seen them do this and they're particular about standardization on EDI handoffs. 

 

If you do put a switch in front of the MXen, you will need a /29 handoff from Comcast so each MX can have an IP and you can have a third IP to act as the WAN VIP. This is also something I've never seen Comcast do for EDI...

MRCUR | CMNO #12
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.