Meraki employs separate traffic identification methodologies for overlay SD-WAN and SD-Internet. Beginning with MX 16 firmware, Meraki devices now use an implementation of extended NBAR2 for overlay-based SD-WAN that can currently detect around 600 different types of application traffic. For Internet-based SD-WAN (i.e., SD-Internet), Meraki has implemented a custom solution that uses signature-based recognition to identify application traffic from many of the most commonly used applications. At some point, both these methodologies will merge and use only the full protocol packs of NBAR2. For more information on SD-Internet, visit https://documentation.meraki.com and access the article SD-WAN Internet Policies (SD-Internet).
The Dashboard comes with over 20 categories of predefined traffic entries that cover many of the most common traffic types, such as Office 365, SharePoint, and Webex, to allow for easy traffic identification when creating SD-WAN policies. This provides a quick and simple option to configure SD-WAN policies for many of the most commonly used applications without having to manually define individual application ports and IPs or domains.
In addition to the predefined traffic filters, the Meraki Dashboard also enables you to create custom traffic definitions to use for uplink selection, similar to custom performance classes. This allows for custom uplink selection policies that can be as generic as ANY source (within the scope of MX networks associated with Auto VPN), ANY destination, or any protocol. Alternatively, custom uplink selection policies can be configured for specific protocols, source IPs and subnets, destination IPs and subnets, domains, or any combination of these to allow for extremely granular traffic selection.
Pro Tip
“ANY” is capitalized here as a hint that the source or destination values can be configured with a logical ANY operator.
When destination domains are configured, the MX will snoop for the related DNS record and cache the results for the time to live (TTL) of the record to expedite future queries for the same domain.
Pro Tip
Make sure the DNS record for the domain configured returns an A record in the response. CNAME records will not yield proper identification of traffic.
You can configure custom traffic filters for uplink selection policies on the Dashboard by navigating to Security & SD-WAN > SD-WAN & Traffic Shaping > SD-WAN Policies > Add Preference and clicking the Add button (see Figure 6-3). Figure 6-4 shows in example of a custom traffic filter.