Skip to main content

 

Cisco Meraki Documentation

IPv6 Support on MX Security & SD-WAN Platforms - Routing

Routing

There are several routing decisions that MX perform:

Uplink Selection 

This option determines which uplink should be the primary connection (IPv4 only). VPN traffic and management traffic to the Meraki Dashboard use the primary uplink. If load balancing is disabled, all traffic will use the primary uplink unless an uplink preference is configured specifying otherwise. For IPv6 traffic, regardless of the primary uplink and load balancing selections, flows will be routed via the source origin. During a failover event, the MX will use NAT and NPTv6 to forward traffic via the active interface.

Configuration:

  • Browse to Security & SD-WAN > Configure > SD-WAN & Traffic Shaping > Uplink selection > Primary uplink > select WAN

Dashboard UI  SD-WAN & Traffic Shaping > Uplink selection > Primary uplink > selected WAN1 as an example

Dynamic Routing for VPN Concentrator mode

As part of MX 18.1 firmware updates we are introducing a new “Routing page”.  The eBGP and OSPF configuration from the Site-to-site VPN page will now be located in this new page going forward.  With this introduction we are also adding support for IPv6 peering and route distribution with eBGP and OSPF using version 3.

eBGP Configuration

As part of MX 18.1 firmware updates we are introducing a new “Routing page”.  The eBGP and OSPF configuration from the Site-to-site VPN page will now be located in this new page going forward.  With this introduction we are also adding support for IPv6 peering and route distribution with eBGP and OSPF using version 3.

Configure eBGP

  • Browse to Security & SD-WAN > Configure > Routing
  • Toggle button to Enable
  • Configure BGP VPN AS and iBGP VPN Holdtimer
  • Click on +Neighbor and configure the desired IPv4 or IPv6 neighbor
  • Click Save changes

    Dashboard UI Routing Enabled with BGP configured including example values for VPN AS, iBGP VPN Holdtimer and IPv4 or IPv6 neighbors

OSPF Configuration

As part of MX 18.1 firmware updates we are introducing a new “Routing page”.  The eBGP and OSPF configuration from the Site-to-site VPN page will now be located in this new page going forward.  With this introduction we are also adding support for IPv6 peering and route distribution with eBGP and OSPF using version 3.

Configure OSPF

  • Browse to Security & SD-WAN > Configure > Routing
  • Toggle button to Enable
  • Configure OSPF Mode “IPv4, IPv6 or IPv4 and IPv6”
  • Configure Router ID (Note this is a 32 bit decimal in IP address notation and is shared by IPv4 and IPv6 configuration)
  • Configure the remaining OSPF settings
  • Click Save changes

    Dashboard UI Routing Enabled with OSFP configured in IPv4/6 mode including example values for Router ID, Area ID, Cost Hello/Dead timers, Authentication is disabled

Static Routes

MX supports IPv4 and IPv6 static routes. With IPv6, you can configure a static route using a Global or Link-Local IPv6 address.

Configuration:

    • From the Security & SD-WAN > Configure > Addressing & VLANs page click Add Static Route button

    • Select IPv6 for the IP version and configure the IPv6 Prefix and Next Hop IP

Dashboard UI Addressing & VLANs showing static route config using an example Global IPv6 address, the IPv6 Prefix, Next Hop IP

  • Click the update button and Save the changes to commit the configuration

Note: The Next hop IP must belong to an already configured prefix on the LAN/VLANs configuration.

    • From the Security & SD-WAN > Configure > Addressing & VLANs , click Add Static Route button

    • Select IPv6 for the IP version and configure the IPv6 Prefix and Next Hop IP

    • When a Link-Local IP is used, the MX will prompt for a “Next hop VLAN”

Dashboard UI Addressing & VLANs showing static route config using an example Global IPv6 address, the IPv6 Prefix, Next Hop IP and Next Hop VLAN

  • Select the appropriate VLAN where the downstream next hop Link-Local IP address belongs to and click update

  • Save the configuration to commit the change made

 

Refer to the main KB: IPv6 Support on MX Security & SD-WAN Platforms [Core Fundamentals]

  • Was this article helpful?