MultiWAN

Last updated
Save as PDF

Overview

MultiWAN enables more than two functional uplinks on supported models with more than two dedicated WAN links. This guide covers all that relates to the Multi-WAN feature, including configuration and troubleshooting.

Multi-Uplink is supported from MX / IOS firmware 26.1+.
Backup Uplink is supported from MX firmware 18.2 to 19.2.

MultiWAN Multi-Uplink Feature

This enhancement of MultiWAN support enables up to a fourth link on supported platforms. All WAN interfaces can be prioritized or denoted as backup via "Cellular/Metered" carrier type.

Note: With this enhancement, Paired Interfaces and MultiWAN Backup Uplink are not supported from firmware 26.1 for Multi-Uplink capable platforms.

Prerequisites

i. This feature requires MX 26.1 firmware or higher

ii. This feature is supported on C8121-G2-MX, C8455-G2-MX

Multi-Uplink support by platform

Platform

Uplinks Supported

Port to WAN mapping

WAN → LAN conversion

Cellular Support

C8121-G2-MX

port1 → WAN1

port2 → WAN2

port3 → WAN3

port4 → WAN3

port3
port4

Fixed WAN only:

port1
port2

Integrated Cellular backup is supported.

C8455-G2-MX

port11 → WAN1

port10 → WAN2

port9 → WAN3

port8 → WAN4

port10
port9
port8

Fixed WAN only:

port11

N/A

Use case

Third and Fourth Internet link: In places with disparate service reachability, multiple ISPs are often used to increase availability in failover and backup scenarios by mixing traditional Ethernet/fiber, cellular, and low earth orbit satellite connectivity.

How to enable this feature

i. Ensure you have a supported device

ii. Upgrade your MX network to 26.1+ firmware

iii. View WAN status information in the Uplink tab on the Appliance Status page.

Uplink Priority

By default, additional WAN 3 and WAN 4 will operate with similar behaviors to that of WAN 1 and WAN 2, and can be prioritized on the SD-WAN and traffic shaping page.

Cellular Carrier Type

If the carrier type is defined as "Cellular", that uplink will only become active once all other WAN uplinks have failed the Connection Monitoring Test Process, and will not be included in Uplink priority for global preferences.

MultiWAN Backup Uplink (2 Active + 1 Backup link) Feature

This iteration of MultiWAN support enables a third link as a backup link on supported platforms; it can not be the dedicated primary uplink, rather it is a backup link. The third link mimics the failover behavior of the embedded cellular feature on supported MX(C) Appliances - which means the third link remains in standby mode until both primary and secondary uplinks are down. The third link uses the same shared firewall rules which govern WAN 1 and WAN 2.

Paired interfaces are not supported with the MultiWAN feature. Once MutiWAN is enabled, interface pairs are disabled, all WAN interfaces become independent interfaces. For more information see Paired interfaces

Enabling MultiWAN disables port pairing between SFP/RJ45 ports, and causes all WAN interfaces to reinitialize for approximately one minute. Therefore, it is recommended to enable MultiWAN during a maintenance window.

Configuration of WAN3 via configuration templates and local template overrides is not supported at this time

Prerequisites

i. This feature requires MX 18.2 to MX 19.2 firmware

ii. This feature is only supported on MX75, MX85, MX95, MX105

Caveats

On the MX75 - The Third physical port is the designated backup port. Physical ports 1 & 2 become designated WAN 1 and WAN 2 ports.
On the MX85, MX95 & MX105 - The Fourth physical port is the designated backup port. Physical ports 1 & 2 become designated WAN 1 and WAN 2 ports.
On the MX85, MX95 & MX105 - the Third physical port is disabled and unusable once MultiWAN is enabled
The designated backup port cannot be changed to a different physical port
SFP modules (fiber or copper) are required for physical ports 1 & 2
IPv6 is not supported on the Backup WAN uplink
Not all NAT features are supported such as Port Forwards, 1:1 NAT and 1:Many NAT

Use case

Third Internet link as backup: Configuration of a tertiary link to serve as backup in case the primary and secondary links fail.
Meraki Cellular Gateway MG as wireless WAN backup: Connecting an MG for wireless WAN backup use cases without sacrificing a hardwired connection.

How to enable this feature

i. Ensure you have a supported MX model e.g. MX75/85/95/105

ii. Upgrade your MX network to 18.2+ firmware

Configuration

To enable MultiWAN:

On Dashboard, navigate to Security & SD-WAN > Monitor > Appliance Status

Select the Uplink tab, Click “Enable Backup WAN”

Enable backup WAN option in the Dashboard

Once enabled, the third link will remain in standby mode until both WAN1 and WAN 2 have failed.

Uplink information will be reported for the backup link similar to WAN 1 and WAN 2

MX uplink live and historical data graphs that include WAN3

High Availability failover behavior

Even though the MultiWAN Backup Uplink feature mimics the primary, to secondary, and tertiary failover behavior of cellular, It differs from failover behavior of cellular when the MX is in High Availability mode. In HA mode, unlike with Cellular, all links including the backup link must fail before Spare MX takes over as the Primary MX.

Failback behavior

While the third backup link is active, the MX uses the same Connection Monitoring Test Process to determine when to failback to WAN 1 or WAN 2 would be appropriate. Failing back can either be Immediate or Graceful.

These options are selected by navigating to Security & SD-WAN > Configure > SD-WAN & Traffic Shaping.
Under the Uplink Selection section, select the dropdown menu for WAN failover and failback behavior, and choose either Immediate or Graceful.

Traffic shaping Uplink selection and failback options

VPN behavior

AutoVPN

AutoVPN tunnels will not form on WAN 3 if WAN1 or WAN2 are active.
If Multi-Uplink AutoVPN is enabled, only WAN1 and WAN2 will build tunnel by default. The backup uplink will only build a tunnel when the backup uplink is the only active/online link
If Multi-Uplink AutoVPN is disabled only the WAN port set as Primary uplink will build a tunnel.

AutoVPN tunnel over WAN3 will only form after WAN1 and WAN2 links are DOWN.

Client VPN & Non Meraki VPN

After WAN 1 and WAN 2 have failed, and WAN 3 is active, Client VPN and Non Meraki VPN tunnels will form on WAN 3. If either WAN 1 or WAN 2 is active, Client VPN and Non Meraki VPN will not form on WAN 3.

SD-WAN policies

This option appears after Multi-Uplink Auto VPN is enabled.

SD-WAN policies and load balancing policies do not apply to WAN3.

Troubleshooting

Troubleshooting for MultiWAN should be done similarly to troubleshooting for other uplinks on the WAN Appliance. In the Backup Uplink scenario, there is nothing different with the backup uplink, other than being disabled by default, whereas other uplinks that are enabled by default.