Meraki SD-WAN provides dynamic path selection and performance-based routing for overlay traffic. This is great for any traffic tunneled from one MX to another for applications hosted in private data centers or cloud applications. However, a local Internet breakout typically provides the best performance for SaaS applications like Office 365, Google services, or cloud-based VoIP services like Cisco Webex or Zoom. There are multiple reasons to consider steering SaaS traffic to direct Internet links. These include the increasing availability of reliable, faster, and cheaper Internet circuits and improved SD-WAN capabilities that can choose an optimal path based on the type of traffic without requiring a dedicated piece of hardware on the remote end.
To enable SD-Internet, also referred to as SD-WAN Internet Policies, on your MX, your Dashboard is required to have the SD-WAN tier of licensing applied and a supported firmware and device model deployed. For documentation on the supported MX models and other details regarding SD-Internet, read the “SD-WAN Internet Policies (SD-Internet)” article on https://documentation.meraki.com.
Once the prerequisites are met and the feature enabled, you will see the changes in the Internet Traffic section under SD-WAN Policies, as shown in Figure 6-12.
Figure 6-12 SD-Internet Policy Section of the SD-WAN Policies Page on the Dashboard
The SD-Internet configuration facilitates creating SaaS application-level policies that excludes the traffic from traversing the VPN and any associated overhead, and creates a more efficient local-breakout path. With this, you are still able to define custom performance classes for each application, similar to the other SD-WAN policies. SD-Internet policies are able to use the same custom performance classes that are available for VPN traffic.
Pro Tip
It is advisable to add additional destination IP addresses for WAN uplink monitoring that are related to any SD-Internet applications. For example, add the IP of a SaaS/IaaS endpoint, or add the IP of the Cisco Umbrella DNS server (shown in Figure 6-13).
Figure 6-13 Custom Uplink Monitoring Destinations Being Used to Help Monitor Link Quality to a Given Endpoint
Pro Tip
SD-Internet policies apply only to newly created flows and will not modify existing flows based on WAN performance changes.