MPLS on the LAN: Failover to Meraki Auto VPN – MX SD-WAN Best Practices – Cisco Meraki

With Meraki, you can easily use an existing MPLS circuit to connect sites while adding an additional layer of failover redundancy by utilizing Meraki Auto VPN to provide a secure alternate route between sites in the event the MPLS link fails. In this scenario, failover from the MPLS link to the Auto VPN tunnel is achieved simply by configuring both sites with a local static route pointing over the MPLS link to the remote subnet(s), while on the remote side enabling Auto VPN participation for the same local subnet(s).

Pro Tip

A floating static default route is also an acceptable option to consider for your design.

The key to the operation and simplicity of this deployment is the ability to configure the local static route to be active only when a defined destination actively responds to ICMP ping requests. By configuring a known destination IP that is reachable through the same static route pointing across the MPLS link, the MX will now mark that route as active only if the MPLS link is up and the remote site is reachable. After configuring this on both sites, the internal routing priority of the route available over Auto VPN is less than that of the local static route pointing over the MPLS circuit, so traffic flows over the MPLS link in normal operation. However, if the MPLS connection fails and the sites lose the ability to ping across the MPLS link, the static route would be marked as Inactive and traffic would be routed over the Auto VPN route between sites, as shown in Figure 6-14. Once connectivity over the MPLS link is restored, new traffic flows will be routed back over the MPLS link until, gradually, all related traffic has moved back to traversing the MPLS link.

Figure 6-14 Topology Diagram Showing Two Sites That Can Use Meraki Auto VPN as a Failover for an Existing MPLS Circuit

This type of deployment allows for Meraki Auto VPN and SD-WAN to complement an existing MPLS deployment by providing a well-tuned, high-quality backup link for critical traffic in the event the traditional MPLS service becomes unusable. When combined with a more traditional MPLS deployment, Meraki’s SD-WAN solution ensures that business-critical traffic is always able to traverse the most reliable path available, even when that path requires going out over the open Internet.