[c-nsp] Devil's Advocate - Segment Routing, Why?

Reuben Farrelly reuben-cisco-nsp at reub.net
Sat Jun 20 02:49:05 EDT 2020 


On 20/06/2020 4:14 pm, cnsp at marenda.net wrote:
> 
>> I've been told Merak is very nice...  if all you're interested in is "sell
> to
>> Enterprise customers and make lots of cash".
> 
> We asked the sales-person weather that meraki devices can handle ipv6
> (as customer traffic) and for the cloudy management access (in an ipv4 free
> world)
> But they did not know this, told us they will ask, but we did not get any
> answer yet ...

Meraki doesn't currently support IPv6 in any way, shape or form.

Some other things you'll find missing in Meraki products:

- Zone based firewalls - Meraki MX doesn't do zones
- Routing protocols for all but the most absolutely basic use cases
- Client side VPN.  More specifically it does PPTP but not so many 
people are sold on the security and NAT problems that come with PPTP
- Modern crypto - IPSec Auth is limited to MD5/SHA1 for example.
- Any sort of xDSL, they only have Ethernet models.  If you need xDSL 
you'll need a bridge modem for the carriage circuit
- Extremely limited NAT capabilities, no ALG, no ability to disable NAT 
between eg WAN and LAN ports which means it's almost useless for an MPLS 
circuit.  The lack of control over NAT also makes it impossible to run a 
publically addressable DMZ
- SSL decryption which makes content filtering a bit less useful
- Cellular is limited to not all 4G bands (notably does not support 
700MHz here in Australia) and Cell backup is not supported in an HA setup

And dare I say it, Segment Routing and MPLS definitely are not part of 
the featureset ;)

There are many good things about Meraki (eg dashboard, autovpn, updates, 
ease of provisioning), but in my recent experience with MX/MS products 
you have to spend as much if not more time working out what Meraki 
products *can not* do as what they *can* do - and know the product 
limitations before you design and deploy not during (don't assume anything).

Personally I would only recommend Meraki for a small business with very 
basic and well defined requirements.  Even then once you factor in the 
cost of licensing + hardware and compare it to a low end Cisco 
Enterprise product that does not have said limitations, you may find the 
cost is about the same over 3 or more years.

Reuben

More information about the cisco-nsp mailing list