Cisco Meraki SD-WAN Configuration | SD-WAN Hands-On | SD-WAN Traffic Shaping | Meraki MX Firewall

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] [Applause] hello this is Andy here this is one of the multiple videos in the Schism Cisco Meraki you I'm gonna show Marathi Estevan configuration how to do the Estevan configuration if you have multiple links connecting to your core router or directly to the me rocky device so I have a demo firewall here which is life however I don't have the two van connection directly connecting to the the Meraki box as of now I have only van one enable if you see this one too it's is not connected but however I can show you how to do the traffic shaping what all options we have in HD van to configure okay so let's assume I have van one connection connected to one of the internet circuit and van two connection connected to the other Internet circuit or else it can be your MPLS as well so there there are different deployment methods you can go to this Cisco Meraki Estevan documentation where you can see how the Estevan device can be configured it can be directly circus connecting to your miracle device or it can be the one arm setup okay so you can go through this documentation it's a very good documentation which shows the high level topology and the possible deployment of Jamiroquai Estevan so we assume a simple method where we have two circuits directly connecting to a Moratti device one is on van one and the other one on back to so once this links are up you need to go to the security and Estevan go to the SD van and traffic shaping so in this you have multiple options we will go one by one so startingly have uplink configuration so this is the you know it shows van 100 Mbps and the van to 400 Mbps so the maximum available throughput is what is the maximum available throughput for this device so it depends on the what model you are using so based on the throughput it will give an option you to select this starting from zero to the maximum available rate so in this case it is 500 Mbps so you need to define the values here saying that let's say like van 1 is the primary circuit and 1 2 is the secondary circuit so you have more reliability on van 1 so we will keep the traffic priority to the van 1 and we will also use van to but there will be 2 case like if the van one goes down your entire traffic should go to the van 2 however based on the I mean like you can do active active kind of some of the traffic goes to van 1 and the van to some of the traffic so in I mean like you can do a load balancing kind of know the traffic shaping as well so you know I'm assuming my van 1 length is when one link is more reliable and it has good SLA so I'm keeping one one as a 500 Mbps and van - I am making it as let's say 100 Mbps so we don't have cellular network here so just ignore this one and for the uplink statistics so you can anyway like for example this has given box needs to be monitored whether the which are plink is up and if in case it goes down how it will come to know so you just need to write one rule here so there is one rule already saying that you keep on checking the the Internet static the Internet connectivity by pinging this IP so what he will do is he will continuously ping this IP and if he's receiving the response from the Google on this IP so he will assume this circuit is up ok so you can add one more or else you can add any of your any other specific IP of your own public your own public IP ok so that also you can do but the best is okay whatever is best you can make it as a default now the uplink selection so this is the global preference where you will give which uplink is best suited for your traffic so let's say yep so for in our case the van one is the the more reliable one so we will select van one and okay you need to yeah as I said like if you want to do a load balancing you just need to enable this so the traffic will be separated across both up links based on the portion specified above so based on the portion he will do the load balancing and the management traffic will by default use the primary link okay so the primary link is whatever you are selecting here because the management traffic is always so what management here management in the sense like the we are using cloud dashboard to configure the Meraki right so all this cloud dashboard and the firmware upgrade whatever configuration is getting pushed from the cloud to the maratti devices it will use the the more priority link so you can disable as well okay that based on the so as of now just ignore this one this is the auto VPN kind of deployment you can go through the documentation so we are not you know keep it as a enable now the flow flow preference for example if any of the traffic okay you want this specific link to be chosen for that traffic flow you can do it here so let me add one use case so let's say you have some of the servers in Azure cloud okay so let's say you have some servers in on public cloud and this is the public cloud IPA given to you starting from zero slash 24 let's take slash twenty nine slash 24 is a big move okay so yeah you want to allow HTTP your traffic to this source and the destination to your network make it any and you want to allow 443 so allow for fourteen and what preferred link you want for this flow so I'm selecting van one okay let's say I have a sure cloud as well okay yeah I'm assuming this is the public IP of the azure cloud and I want to allow [Music] say TCP and we want to allow SSH here or else any specific port customized for let's say five five five five and I want to allow to all my public segments on the same so I want to select the van to link for this kind of traffic flow because it's based on your decision and you know you need to talk to the server guys and find out what is the the priority for you so let's say if most of the azure traffic I am sending on one van one so most of the time this will be in utilized so I don't have much traffic flow on Van - so I want to make this traffic coming choosing the preferred link as a van - so in this way you can add a preference to D your Internet traffic and yep so let's create some SD van policies for the VPN and this has applications so the very cool the good feature about the SD van it is application of air okay so it knows what application needs what kind of the SLA and which application needs to be given a priority in the traffic flow so those kind of rules you can write here so I already have some of the rules here let me delete yeah I want to add a rule for my voice traffic okay yeah before that let's use the inbuilt values let's say video and music so all video and all music so it's enough so all the applications are already inbuilt so most of the Estevan boxes has more than 2,000 plus application awareness where you don't need to mention specific values for or you don't need to create SLA for those application it is all already inbuilt you just need to select it so let's select video and all video and music because all the video traffic is important for our office assuming that we are into the video domain let's say if email that is again important so in the email you can see it has all windows gmail so all if you select the all email it will cover everything and what I will do let's create a separate rule for video and the separate rule for the application so yep so I'm creating a video a selected video what is the preferred one so here for video you want to do load balance you can select the load balance okay and if you want the van one should be the prefer one so obviously when one is the preferred for us okay because that is the more we are making it as a primary failover if the or if if it is if let's say if there is a poor performance for the video traffic and the music so what link should it it should do a failover so on what basis if the uplink is down so the if you select the uplink is down it will do a failover only in case of uplink down but in this case we will choose poor performance so if the van one link is if there is congestion if there is poor performance on the van one link it will automatically switch the traffic to the secondary ok so again once it's sees that the performance on the van one is good it will do a rollback okay so you don't need to worry about that and we will select the the predefined performance class so performance class is nothing but on what SLA the SD van fibrates should decide that this link is performing poor so you can define your own custom values we will in another rule we will define our own custom values so as of now I am selecting the the predefined one so that is the Y okay that's all so now all the video traffic in your network once it comes to the this reaches to the SD van box what he will do you will identify a this is the video and this is the audio so I need to send it to the van one okay so the the beauty about this policies is you need not to tell the box that this is the subnet belongs to the video this is the subnet belongs to the audio so that thing is not happening here so in in in the traditional method where core routers okay but not aware of the application layer visibility so they we used to do a traffic shaping based on the subnets so let's say the ten dot subnet belongs to the voice 192 subnet belongs to the data so based on the subnets we used to do some policy based routing so but however in the SD van that is the the main feature of SD van which has an application awareness which has an application visibility how the application requires the performance so based on that it will do the traffic shaping for you so let's create some custom values for us let's say I have an application let's say we have an internal application it's n we can say like application let's say XY said you have an XYZ internal application and you know the what is the values and what is the best values required for your application to run on the Internet let's say you need the maximum latency of around five let's say the application is a video conferencing application so you don't need the latency is 10 is the optimal dokie for the the video traffic and you need very less jitter and the loss you cannot afford any loss in this traffic so let's say 0 let's create one more application let's say application XY said it's an data traffic and in this you can allow the latency up to 30 milliseconds jitter can be up to 10 because so normally the data is on a TCP base so it's okay I mean even if there is congestion the TCP can do I mean if there is any loss or something congestion or something it can initiate this session the once again and the loss is allowed around let's say five percent loss so in short for all the applications which are not inbuilt which which are not popularly low known on the internet you need to create such kind of SLS okay let's say I will create one more application let's say we have n voice conferencing application so in that also you need same in this jitter is five and the loss can be allowed for two percent [Music] that's okay so I will add the rule [Music] custom expressions so you can so you know like from which data center that traffic is coming from so let's say a 50/50 let's say 20 20 20 0 / 24 and this is traffic coming on port number five five five five coming to any not an expression no your you need to select one one your performance on what SLA okay let's doesn't shows I think I need to do is see if so yeah I have rectified the values so I have one application which has video traffic and one application which has data traffic so in the video traffic we cannot afford any loss the jitter can be up to five okay and the latency can be up to 20 milliseconds whereas in now let's let's make it 10 because 20 is more for video so in case of data I can afford the latency up to 20 milliseconds so it based on the application so you need to check with the application team what exact how what we can say how much congestion is allowed for their application so if there is any more congestion on the application so it depends on know the over the period of time you need to define these values but in case of data it is always TCP so you no need to worry about job the the much difference in the values so based on the over the period of time you can improve this values so I have created this let me do changes okay so this to the SLS are created custom preference classes now I will bind this to the specific traffic let's say [Music] I had an expression so any traffic coming from this public IP to your network preferred link will be van one failover on the basis of poor performance and so what is the poor performance here so you need to select the class video that's it so you can see this rule is added so whenever this application your own applications which are not available over the Internet and which are not known to the the pre predefined classes so you can create your own class now okay yeah this is global bandwidth limits speed burst allows user to temporarily execute the bandwidth limit for up to 5 seconds and still keeping them under the bandwidth limit over time this option towards the better experience to the user browsing the web while not slowing down the network if they are transferring large amount of data so it's kind of speed burst to the users if he is trying to access any the Internet traffic which requires more deep bandwidth so he will be given that speed for 5 seconds so that there should be no disruption so this is a good feature you can enable it now the the one more traffic shaping you can do here so this traffic policy is what we created is for our VPN traffic let's say you have the VPN between the multiple data centers let's say as we saw in this diagram right so let's say you have multiple data centers in two different locations and in this sd1 fie break you have any VPN connectivity so in that VPN traffic flow this policies will be enabled okay so this policies will come in picture when it is a VPN traffic so let's do the the traffic shaping for the applications this has applications okay so let's say I'm enabling this default rule for so there is a default rule for the voice and other website like software updates online backups and all so this is using the predefined DHCP tag so if if you know the DHCP tag which are the the quality of service predefined tag so based on those values so we already have default rules created but if you want you can create your own custom rules as well so let's say add a new rule let a video and sports let's say your your office so need the access to these four channels so based on the know the project requirements so you can enable this one let's select add sports all sports yeah I'm not sure why it's not allowing this one yep there you go so all sports and you need to if you want to do any bandwidth limit choose a limit ignore network per limit so this is unlimited okay so the client will get whatever bandwidth in he wants priority for this traffic is I and the DHCP tag so let's select high throughput latency insensitive there should be an multimedia streaming yep hi okay so you can select the predefined DHCP Todd yes okay that's all just save it that's all so for any of these pores related traffic it will be given a high priority here so the priority is again based on this uplink selection and caching you can ignore this one so Save Changes that's all guys so based on this the the VPN policies and based on your traffic shaping for the Internet traffic so based on this your SD van will forward the traffic to the Internet in between the van and van to [Music] [Music]

Info

Channel: Andy G

Views: 5,381

Rating: 4.9000001 out of 5

Keywords: SD-WAN, SD WAN, SDWAN, Meraki SDWAN, Cisco SDWAN, Traffic shaping, SDWAN Class, SDWAN benefits, SDWAN configuration, SDWAN Hands on

Id: _139hcMVZic

Channel Id: undefined

Length: 27min 49sec (1669 seconds)

Published: Tue Apr 21 2020