Meraki Community

So helpful thank you so much 😂

It's just sincerity, if you are not satisfied with Meraki change vendor. 😉

It's easy to pop on a chat board with somebody trying to work out how to fit into their hardware and tell them to put up or shut up. I think the thing you aren't acknowledging is that I'm already quite invested in Meraki, I have an excellent ranking on this forum, so clearly I love the gear. It's not like Im just here to complain. If you are such a big deal yourself you know that there is a lot that goes into how much work the MX does moment to moment, client to client. So instead of snarky flexing, maybe consider using all your knowledge to actually assist and offer helpful information about how to squeeze as much capacity as I can out of what I have, as others on this thread are doing. Just depends on who you want to be.

Eloquently put @RumorConsumer . 

I don't think I'm better than anyone in this community, but you yourself said that you're thinking of replacing it with another vendor.

Meraki is not perfect (in fact there is no such thing as a perfect vendor). In your case, it is clear that this model no longer serves, so the ideal is to upgrade to a larger model.

I said I was thinking about it, but as you can see, there are plenty of valid suggestions for how to bring down utilization that are absolutely applicable to my use case as described. It works great most of the time, so I would not say it's close to clear that it doesn't work. In fact the most knowledgable member of the forum is on here saying the issues Im facing dont make sense to him. Don't worry about it. Thanks for coming back. 

Do you think disabling AMP is valid? I mean, do you think it's worth the risk despite not showing up at the events?

I think security is never too much, so I don't know if it's a valid option.

But it does make sense, if you have more simultaneous clients than the device supports, you are expecting high processing, I have seen this in practice.

Another thing I can say is the 18.x version has some problems and Meraki doesn't seem to be taking any action to solve them.

I do think disabling AMP is absolutely valid. My users are 99% Apple and they are savvy enough to know not to install something strange from the internet. Im not worried about them and if PC users are on my network without virus protection thats a serious issue that I am not here to counterbalance. So yeah, I dont care at all about AMP. It is literally malware scanning, right? I still have the advanced intrusion protection on. High processing is fine, but the thing has been running for 2 years without failure. 
Good to know about the firmware. Maybe Ill see about rolling ti back.

Yeah I would. A couple Synology NAS units that aren't accessible from outside the network at all and run DSM which is basically Linux. AMP seems to be mainly pointed at protecting Windows clients which I could care less about doing. The retreat will probably fluctuate to the 200s. It's so weird because it had been fine for so long. 

Yes, I do. 250/250 fiber line with 120 limit to all devices.

120 each device? I wouldnt give a guest more then 8Mbps each.  Most high device utilization i see is related to throughput

great to know. I will review that and ramp down guest network allowances.

I've had the same issue at some of my sites, although not as bad. 

Definitely bring the per-client limit down and disable AMP if you truly don't need it. Also, for IDP/IPS, I've set mine at Prevention/Balanced and this seems to be a sweet spot for the smaller MX devices. I would also look at limiting any L7 FW rules and content filtering if you can. Any load you can remove from the smaller MX will bring the utilization down. 

Excellent thank you very much. I have the same settings. 

And as far as the isolation idea - yes I have them on a Meraki DHCP guest WLAN. Works great. I have about 25 people who are there year round who need to be on a standard LAN so those are the ones who are mild users with the relatively high speed limit. I will take them all down 1/3 and see what happens.

Hey man thanks for writing as usual. You've a mensch. Yes, that was what I was thinking as well. Generally, when the issue is "happening", It lasts for about 2-3 weeks then crashes, then is fine for another period. Running stable only. 

Wow. What a Gonzo problem! This actually makes a lot of sense. My device would NEVER hit high levels of utilization in the past even with 200 clients. Literally never had this issue so it's been very strange to try and troubleshoot it. This feels like it might be it. So far so good with AMP off, and my utilization is back at a very low hum. I'll keep an eye on it but this is so so good to know. @PhilipDAth does this resonate?

It's possible - it is a resource being utilised.

I spoke to support about this and whether I was affected and they said looking at my logs I was not affected, but was running the affected firmware. So.. we'll see.

idling along quite nicely then @RumorConsumer 

Indeed. I will have as large a group as I'll ever have coming in the next few weeks. I'll see how we fare. Thanks to everybody for your help here.

Just as long as you're not pushing it constantly above the 80+ % utilization mark you're good 😉

As @PhilipDAth states though if it happens again in a cyclical manner you could have a resource leak.

Yeah it's been well below. I'll keep you all informed. 

Have you checked the event log for this period? It may have been an IDS rules update.

Have you had a look at this update

https://community.meraki.com/t5/Security-SD-WAN/New-MX-18-107-4-Stable-Release-fixes-for-advanced-fe...

I had not. Very interesting. Meraki says not available for MX68 at least not yet

17.10.9 now also has the IDS/IPS CPU overload fix.  Hopefully you can see that?

Im on firmware v 18.107.2 which is stable and I see the 18.107.4 that has this fix. Lets find out. 

@PhilipDAth 

Well done for figuring it out!

I can definitely correlate the high utilization to these file transfers. It's possible thats what it's been all along but Im not sure this account for all of it. Maybe. Definitely I was able to affect the utilization score this time around. I wish there was an alarm I could trigger at certain utilization thresholds so I could investigate.

The two APs on the POE+ ports winked out again. Everything else seems normal. I decided to say screw it and put those APs on ports 5 and 6 on the MX68 with injectors. Just bypass the built in POE+ ports altogether. I had seen this before on the other hardware I had and I figure it must be something related to the firmware if it's happening on both units. Hopefully this will be the end of it.