Hello everyone,
I'm seeking advice on best practices to set up a robust network at our branch office to minimize downtime.
Here's our current setup:
Could anyone advise on the best configuration practices using these components to ensure reliable connectivity and seamless failover? Any insights or recommendations would be greatly appreciated.
Thank you!
Solved! Go to solution.
If at all possible if both ISP's use devices (routers or modems) with multiple ports try to connect your MX devices directly.
If this is not possible due to remote location you can use switches to split the connection.
I recommend using a separate switch for each ISP. Or separate switches in a stack where ISP 1 with both MX WAN-1 ports is on one switch and the other ISP router with both MX'es is on the second switch. This way if one switch dies or needs to go into service you don't lose both ISP's at the same time.
Due to client tracking issues it might be a good idea to use non Meraki switches or Meraki switches in a different dashboard network so the WAN IP's don't mix and have some adverse effects on your clients page.
I like the idea of using a separate switch for each ISP with non meraki switches.
Do you recommend having a direct link between the two MX devices for the HA ?
Yes, we do have that effect on the client dashboard with public IPs.
Thank you for your advice.
I would not run a direct link between the MXs, as it can cause spanning tree issues.
If you can't buy a second switch, you can also just run the secondary ISP into WAN2 on the primary MX.
I tend to keep the ISP/WAN switches in a dedicated Network, outside of the site's network. Otherwise, the Application Visibility has a tendency to show skewed data.
Thank you Karstenl for sharing this.
I particularly like Option 6: Two MX, two ISPs (4), which ensures that there is a backup for each component (FAI, Switch and MX)
Pros:
- redundancy and reliability.
- minimum single point of failure.
Cons:
- Requires physical intervention if a switch fails, as the ISP connection needs to be moved manually from the damaged switch to the working one.
- Having two links from the ISP is not common and may not be feasible for all setups.
Despite these potential drawbacks, I believe the added redundancy makes this option the best choice.