Meraki began as a company providing mesh WiFi services including hardware and software through a simplified user interface. Over time as Meraki became more popular, they were acquired by Cisco, though they still operate mostly autonomously, and newer product lines and capabilities were introduced, including video cameras, network switches and security appliances.
Each of the product lines are managed centrally with the Meraki cloud-based controller. This simplified management model eventually led to the development of Meraki’s SD WAN offering which has become an important part of Meraki’s overall networking strategy and continues to push the company forward.
With Meraki’s SD WAN, you can easily set policies to have your network traffic directed as desired, or just let the sensible built-in default policies make the routing decisions for you. We will detail the components of the Meraki SD WAN solution and how to obtain a demonstration.
Evolution of Meraki and introduction of SD WAN
Due to Meraki’s origins as a managed cloud/controller-based network architecture solution, they were in a prime position to be one of the first companies to offer an SD WAN solution. Meraki’s SD WAN evolved out of their Auto VPN technology. Since all of the Meraki MX edge appliances are managed through your centralised customer portal, the controller knows about each of your locations and how to reach them. This presents an opportunity for orchestration whereby your sites can be automatically connected to each other, or in specific ways that you can define, through site to site IPsec VPN tunnels.
The default Auto VPN topology is full mesh, which is actually a collection of
individual site to site tunnels that are managed automatically through the cloud controller. All Meraki MX appliances are capable of utilising a second uplink connection to the Internet. SD WAN capabilities are achieved by combining the
underlying cloud-based orchestration engine with the second uplink to make policy-based decisions on how your traffic should be routed through the various VPN tunnels. The SD WAN technologies also constantly monitor the uplinks and react based on changing network conditions through the entire path.
Meraki provides different forms of product demonstration
One of the unique aspects of Meraki as compared to other companies is that they make it extremely easy to get a hands on demonstration of their hardware and software. For many years, Meraki has offered to send you a physical appliance with a three-year license for free if you attend one of their webinars and meet certain criteria. The criteria specify that the free appliance opportunity is designed for end customers, not equipment resellers or Meraki partners. As the consumer of the Meraki technology, it is easy to receive hardware for free so you can become familiar with the Meraki environment and the way they manage and monitor your network.
Meraki offers many different webinars that revolve around product lines, specific use cases, market verticals, and regional considerations along with presentations in languages other than English. Live webinars are scheduled in advance, and always contain the most current information about product lines and provide great visual demonstrations of the controller-based configuration and operation. Through the webinars, you can see how easy Meraki makes it to set up your own SD WAN configuration. The presenter walks through several use cases and demonstrates how different types of configurations may be appropriate for your organisation. You can also view previous webinars through Meraki’s YouTube channel.
There are two other ways to receive a demonstration of Meraki’s capabilities and how the overall solution works. You can request a free set of trial gear to place into your current environment which is a great way to perform Proof of Concept (PoC) testing with a few of your sites to see how well the Meraki solution will work for you. This is a highly recommended approach for any enterprise environment that is serious about deploying an SD WAN solution since each vendor’s product line is a little different. By performing a free PoC test, you can be sure that Meraki is right for your company before investing further.
You can also request instant access to a live demonstration of the Meraki dashboard that is pre-populated with devices and statistical data to get a feel for how the Meraki SD WAN solution works. The demonstration dashboard lets you configure different aspects and shows you how easy Meraki is to work with. This is a great way to quickly become familiar with Meraki and can serve as a good first step to considering the Meraki SD WAN solution. Once you become comfortable with how Meraki works, it is recommended to follow through with a PoC trial at a few of your locations.
SD WAN VPN topologies
Part of the flexibility of Meraki’s SD WAN solution is that the dashboard interface makes it extremely easy to configure your sites to participate in SD WAN using the topology you desire. The default setting is an automatic full mesh between all of your locations. Each site will automatically establish a site to site IPsec VPN tunnel to every other site for direct connectivity.
However, if you have many locations you wish to connect to the Meraki SD WAN service, you may want to create alternative topologies based on hardware constraints or traffic flow patterns. For example, if most of your network traffic remains within regional boundaries, you could designate a few critical sites, such as very large branch offices or datacentres, as regional hubs which still connect directly to each other in a full mesh of VPN tunnels.
The surrounding locations would be spoke sites off of these regional hubs, where the spoke sites create automatic site to site IPsec VPN tunnels to the hubs only, with one hub designated as primary, and one or more hubs designated as backup. The spoke sites do not establish direct connectivity with each other, but instead transmit all traffic through the hub. This allows for less costly appliances to be placed at the spoke sites to help keep overall costs down.
You can also specify that a particular site will not participate in the Auto VPN service. Likewise, you can specify that particular spoke sites can connect directly to other specific spoke sites, but not necessarily all sites as in the full mesh topology. This flexibility and simplicity of configuration helps reduce the overall operational costs as you do not need expert-level staff to operate and maintain the network configurations both during and after deployment.
How Meraki SD WAN routes and controls network traffic
SD WAN uses multiple uplinks to make routing decisions that are best for the particular network traffic to be transmitted based on policy. Meraki simplifies this decision-making processing by including default policies based on typical network usage patterns, though you can also create very specific traffic policies as well. One of the most popular built-in uplink selection policies offered by Meraki is the “Use the uplink that’s best for VoIP traffic” policy which continuously monitors both uplinks and automatically selects the currently best-performing uplink that meets the traffic criteria for transmitting voice traffic such as having low latency and jitter.
You can also define different traffic shaping rules that can make your overall WAN architecture provide better performance. For instance, you could define network traffic that should be considered bulk, such as packets coming from or destined to particular IP addresses or containing a particular quality of service (QoS) tag, and act upon the traffic by limiting its throughput levels so that it does not overrun your uplinks and take up too much bandwidth. You can also set the QoS markings on these packets so that they do not interrupt the flow of more important traffic, such as voice.
While the built-in simply rules will work for most situations, you can get extremely granular with your traffic policy definitions to control traffic exactly as you wish. For example, you could define a policy that ensures traffic for a specific application can be load balanced over both links, but only if the individual link meets certain performance characteristics, in which case traffic automatically uses the other link and is not load balanced while one of the links is underperforming.
Within the Meraki dashboard you can view a table of Uplink Decisions where a record is maintained of traffic flows. This table shows you the VPN peer, the application-related information such as protocol, traffic source and destination, which uplink was chosen for the traffic and the reason why, such as a specific policy being triggered or a particular uplink not performing adequately enough.
Meraki SD WAN provides detailed visibility into your network traffic
Another major benefit of SD WAN is the new reporting capabilities and network visibility provided within the Meraki controller portal. You can view the overall VPN connectivity status along with gathered historical statistics of each link within your organisation that goes through a Meraki MX appliance. Includes are charts and graphs detailing minimum, maximum and average link latencies, bandwidth utilisation, and per-peer traffic visibility for your site to site Auto VPN tunnels across the Meraki SD WAN.
Having this kind of visibility allows you to perform traffic baselining and evaluate your overall network for issues. It will become readily apparent if certain locations are having repeated issues with the attached WAN links or if you need more bandwidth available for your applications. For example, if you turn up a new file server at a location that previously did not perform any WAN-accessible file hosting, you will most likely see a dramatic increase in bandwidth usage for that site.
The graphs and statistics generated by Meraki will clearly show you how each site is affected from a WAN standpoint and even show you if the location is affected only at certain times of the day, such as first thing in the morning when everyone is logging into their computers. You can even drill down the traffic statistics to reveal specific clients or individual applications on the network. Perhaps you have a new database application that is drawing in a lot of transactional network traffic and you’d like to determine the best site to place the majority of the load. The built-in network reporting capabilities can help you determine this.
The Meraki MX series SD WAN hardware appliances
Meraki SD WAN is enabled through the MX series of hardware appliances. There are different models in the MX series to accommodate several use cases and network designs. There are models centred strictly around high-performance routing, and other models that include built-in wireless access point technology. Some models feature 4G/LTE modems built-in supporting different SIM cards for multiple carriers. There are also MX appliances that feature several Power over Ethernet (PoE) ports which enables “branch in a box” functionality where you can have routing, switching, and potentially WiFi all in a single enterprise-class appliance instead of having to maintain separate appliances and associated licensing to achieve the same functionality.
All MX series appliances support firewalling and several security capabilities along with the ability to utilise two uplinks for SD WAN. One of the advantages of Meraki is that new capabilities can be introduced strictly in software. For example, the MX 64 and MX 65 series appliances were developed before Meraki’s SD WAN solution was introduced. However, after Meraki started supporting SD WAN features, this functionality was included at no additional charge and supported existing appliances such as the MX 64 and MX 65. This is one of the ways that Meraki helps lower the total cost of ownership (TCO) over the lifetime of its products.
Meraki as a wholistic enterprise networking solution
Meraki has come a long way from its mesh wireless network roots and is fairly unique within the realm of enterprise networking in that all of their offerings are very powerful, yet simple to configure and use. A lot of details are hidden from the default views, but are accessible when needed, such as when defining granular traffic policies. Over time, SD WAN has become a very important part of their overall strategy, and Meraki makes it very easy to get a demo of their hardware and software. You can easily define custom VPN topologies and get great visibility into what is happening inside your network. Finally, as new software features are introduced, you do not necessarily need to replace your existing hardware to take advantage of the new capabilities, which makes Meraki a good choice for investment protection.