Solved: Setup 2 wan interface but when using Flow References no internet traffic coming out on wan2 - Page 2

GelC · ‎03-31-2022

Hi

I have a concern regarding mx100. we have 2 wan interface. my primary link is wan1. Both wan1 and wan2 are working and tested then each link have different isp provider.

Now here's my concern, I was told that if i want to send a certian ip or subnet to have internet traffic go out to wan2 i just need to set it up on the Flow References -> Internet Traffic. So I did, but unfortunately the internet traffic still goes out to wan1 even if when I check public ip and speedtest.net its showing the wan2 details. The Internet traffic only go out to wan2 when i change the primary link to wan2.

aleabrahao · ‎03-31-2022

No, ICMP, speed test servers with ICMP. 🙂

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

aleabrahao · ‎03-31-2022

Testing to the same server. Speedtest automatically selects a server to test to based on ping, but you can also select a server to test to.

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Raphael_L · ‎03-31-2022

I get what you are saying.

The selection is based on ICMP yes. But the actual test is done on TCP.

That being said. Since the selection is based on ICMP and ICMP is not subjected to trafic shaping / flow preference , the server will always be selected on WAN1.

A better test to troubleshoot your flow selection would be to use another website / service. CNN , something like that.

aleabrahao · ‎03-31-2022

Nope, I'm rigth.

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

GelC · ‎03-31-2022

Hi Raphael. Noted on this. will check on this. Thank you

aleabrahao · ‎03-31-2022

https://www.speedtest.net/about/knowledge/faq

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Raphael_L · ‎03-31-2022

Have you tried to reboot the MX ? There is probably a flow table that won't get updated until the flow times out / expires.

aleabrahao · ‎03-31-2022

@Raphletourn , I think that is not the case. check my answer above.

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Raphael_L · ‎03-31-2022

I had seen your answer. OP didn't mention anything about ICMP...

GelC · ‎03-31-2022

Hi Raphael, Yes already did reboot the MX. still same issue. It only change when i set the primary link to wan2.

ww^ · ‎03-31-2022

You are not using autovpn with a default route ?

What if you run a packet capture on wan2 with filter "port 53". And then start a nslookup to cisco.com froma client.

Do you see this in the capture?

GelC · ‎04-01-2022

Hi @jdb1 will try this one and update you on my finding. thank you for the idea

Philip D'Ath · ‎03-31-2022

Can you post a screenshot of the flow preference you have created, and the internal IP address you are using.

GelC · ‎04-01-2022

Hi @Philip D'Ath here is the screenshot. sorry but i need to shade the internal ip address. My scenario is that when i send the machine ip to the secondary link my internet traffic still go outside to the primary link. but when i check whatsmyip or do a speedtest via speedtest.net or fast.com it is showing my secondary public ip then the speed result is showing on my primary link.

aleabrahao · ‎04-01-2022

Your preferred link is configured for the WAN 1 🤔

How is configured your uplink configuration and uplink selection? Take a look at those examples:

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.