When working with an existing environment that utilizes OSPF for routing, it’s important to be aware that Meraki’s MX security appliances, at the time of writing, only support a limited OSPF implementation. Specifically, MX devices only support OSPF in the following configurations:

• Routed mode with only a single LAN

• Passthrough or Concentrator mode

Additionally, it’s important to be aware that an MX is not able to learn routes advertised by any OSPF neighbors; it is only able to advertise available Auto VPN routes to OSPF neighbors. Because of this, when deployed in a topology that utilizes OSPF and Auto VPN, any MX utilizing OSPF on the LAN will require matching static routes be configured for any locally advertised OSPF subnets to allow those routes to be advertised into the Auto VPN topology.

For more detail about Meraki’s OSPF implementation for MX devices, visit https://documentation.meraki.com and search using the keyword OSPF.

BGP

Unlike OSPF, Meraki offers a robust BGP implementation with the MX and Z-series of devices and is able to both learn and advertise routes through BGP. For example, all MX and Z-series devices utilize iBGP to exchange routes over the Auto VPN topology. All devices configured in Passthrough or Concentrator mode (or Routed mode devices running compatible firmware) are also able to advertise and learn routes via configured eBGP neighbors.

To configure BGP, navigate to the Security & SD-WAN > Routing page on the Dashboard. An MX will learn or advertise routes to eBGP or iBGP peers under the following conditions:

• A VPN spoke will learn routes advertised to it by other Auto VPN peers via iBGP.

• An MX in Passthrough or Concentrator mode will learn routes advertised to it by other Auto VPN peers and re-advertise these iBGP-learned routes to available eBGP peers.

• An MX in Passthrough or Concentrator mode will learn routes advertised to it by its eBGP peers and re-advertise these eBGP-learned routes to other Auto VPN peers via iBGP.

• An MX in Passthrough or Concentrator mode will advertise local networks that are not directly connected and are configured on the Site-to-Site VPN page via iBGP, but it will not advertise via eBGP to external peers.

Outside these Meraki-specific route advertisement behaviors, Meraki’s BGP implementation is fairly standard and is intended to integrate seamlessly with nearly any existing deployment utilizing BGP.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Hub Prioritization – MX and MG Best Practices – Cisco Meraki

Meraki has worked to ensure that deploying Auto VPN is as simple as possible while still ensuring that you are able to perform more advanced configuration to fine-tune the deployment

Syslog – Automating the Dashboard – Cisco Meraki

Similar to using webhooks, you can use syslog messages to trigger outside automation based on network events and alerts. The primary differences between using webhooks and syslog for automation are

Network-wide Multicast Topology – Building a Scalable Foundation with Dashboard – Cisco Meraki

For networks that have multicast routing enabled, you can configure the Layer 3 Topology page to show the current multicast topology as an overlay on top of the existing Layer