Ivy Consultants Inc.

Consulting Services for Security, Networking, Wi-Fi and Windows Server

You Are Here

Networking

Meraki – MPLS to Auto VPN Failover Lab Testing

no Comments

This article details the testing topology, methodology, configuration, testing and validation of the solution.

This article pertains to deployment scenarios where MPLS is used as the primary connection between sites for internal traffic and additional redundancy is required to provide for failover of routes from MPLS VPN to the Meraki auto-VPN over the internet. In case, if MPLS VPN link goes down for some reason, the traffic can be sent over the site-to-site VPN to maintain connectivity and availability.

Lab Test Equipment

  1. 2x MX 67
  2. Cisco 3750 layer 3 switch
  3. Internet Connection

Test Topology

This section outlines the topology of this test lab. In the Test topology shown below, two MX security appliances (Two separate networks) are connected over MPLS and internet (site-to-site VPN). The MPLS links are connected to LAN 1 interfaces to prevent NATing of traffic and allow for static routes. The Network SB Home is configured as a Hub location whereas the Network GS home is the Spoke location.

Traffic is configured to utilize the MPLS connection, until a failure occurs, in which case the traffic will be sent over the Meraki auto-VPN. In the above setup the customer will not require any changes to be made to its existing MPLS service.

Methodology

The following methodology was used to setup the above topology:

  • Logon to the Meraki Dashboard
  • Create two networks (SB home and GS Home) under one organization (Bell – Meraki Connect)
  • Onboard the MX devices and licenses
  • Connect the Internet connection to the WAN 1 interface on both the MX devices
  • Connect the MPLS connection to the LAN 5 interface on both the MX’s (can use any interface from 2 to 5)
  • Power up a layer 3 switch and configure the ports as follows:
  • SB Home network
  • Port 1 – VLAN 101, interface SVI 101with IP address of 10.10.11.1, connect to SB Home MX LAN 1 interface
  • GS Home network
  • Port 2 – VLAN 102, interface SVI 102 with IP address of 10.10.12.1, connect to GS Home MX LAN 1 interface

Don’t forget to enable IP routing.

Configuration of Hub Site (SB Home Network)

As the configuration of the MX’s is done via the Meraki Dashboard, below screenshots show the configuration used for this setup:

Under Network/Security & SD-WAN/Addressing and VLANs

Under site-to-site VPN

Under the Route table

Make sure by clicking on the row that you see 2 routes to the destination 10.10.12.0 network.

As shown above, currently the Active route is the MPLS link and the Internet link is on the standby.