How to deploy a Cisco Meraki vMX100 into Microsoft Azure

Recently, I was involved into a project where we had to deploy a Cisco Meraki vMX100 into Microsoft Azure cloud and build site-to-site and clients VPNs. The setup process on Azure is relatively simple, however, I lost quite a lot of time on basic issues because the documentation provided by Cisco is not 100% accurate. Here are some tips and tricks to save you time.

Read More...

BGP full-routes vs partial-routes vs default-route

Image from https://www.cidr-report.org/

The IPv4 full BGP table size is at around 725000 prefix now. This may cause problems for companies who do not have the resources to update or upgrade their edge routers. But, except for Internet transit providers, who does really need to get the full IPv4 BGP table today? And what are the alternatives? Let’s see that in details with some use-cases.

Read More...

BGP load sharing and unequal cost load sharing

On Cisco routers, by default the BGP protocol will not do load-sharing – and even less unequal cost load-sharing – across multiple links, for traffic to the same eBGP destination with different AS-path. Let’s see how we can change this. We can configure the command: “maximum-paths n”, but it only works if the weight, local-pref. and AS-path attributes are the same across the different uplinks. So how can we do load sharing if we are multihomed to different ASes? In that case, we must use the BGP command: “bgp bestpath as-path multipath-relax”. VIRL lab…

Read More...

Cisco Flexible Netflow configuration

Netflow

Recently, a customer called me to configure Netflow on these routers because he just installed NetFlow Analyzer software from ManageEngine. This software is an “all in one” NetFlow collector, database, WebUI software, able to build pretty nice reports. In my opinion, Netflow is one of the absolutely required software to have a good visibility when you operate a network.

Read More...

Cisco Meraki MX Static IP assignment via Dashboard

This morning, I received a notice about a Cisco Meraki MX firmware upgrade planned for a security appliance I have in my lab.   The message lists the new features: Layer 7 traffic classifications for VPN flow preferences Syslog export of AMP events Added support for using FQDNs in L3 firewall rule destination Threat Grid support for the MX60(W), MX64(W), MX65(W), MX80, MX90, MX84, and MX100 appliances Content filtering improvements Static IP assignment via Dashboard (via Appliance Status page) Device utilization reporting (via the new Summary Reports page) Performance, stability,…

Read More...