Compare the SD-WAN Market

What are Meraki SD WAN's limitations?

What are Meraki SD WAN's limitations?

How our Compare the Market Quiz can help you find the best fit SD-WAN Vendors

  • Answer 10 questions to find our which SD-WAN solution fits your business
  • Learn why each solution is a match for your business
  • Used by companies including CDC, Permira, Square Enix, British Legion and more
  • Totally free to use without commitment

Compare the SD-WAN Market

Cisco Meraki is currently the undisputed market leader when it comes to simplicity and elegance with SD WAN deployments. The Meraki simplified cloud-based dashboard and automatic default full-mesh VPN capabilities enable extremely rapid Zero Touch Provisioning (ZTP) rollouts of an SD WAN across your enterprise, ensuring a smooth and relatively painless experience.

However, the Cisco Meraki solution is not necessarily appropriate for all situations and you must be aware of the limitations in both hardware and software that could affect your overall business decisions and associated network design.

How is Meraki licensed?

One of the largest criticisms of Cisco Meraki is their business licensing model. In addition to purchasing the hardware, you must also maintain licences to use their products. This in itself is nothing new as most hardware vendors operate this way. With most traditional hardware licensing models, if you let your licensing lapse, the hardware continues to operate, though you may be out of compliance. This could have its own potential legal ramifications. However, Meraki forces licence compliance by actually disabling the hardware if the licence subscriptions are not maintained. This means that unlike with other vendors, there is no permanent real grace period if your licensing lapses (though a small 30-day grace period is provided), so your accounting department must be aware of this. When you move to a managed SD WAN model, you do not have to take this issue into consideration because your Managed Services Provider (MSP) will handle it for you.

How Meraki uses Auto VPN technology?

Meraki’s SD WAN is enabled across their entire line of MX hardware and virtual appliances. This is based on their Auto VPN technology which automatically establishes private connectivity between all other MX appliances. Meraki’s SD WAN is currently limited to two uplinks being used simultaneously, with failover to a third 4G link in standby mode a possibility. For most enterprises, this will be adequate, especially for smaller branch offices. Unfortunately, this dual uplink limitation applies to the entire MX product line, including high-end devices that are meant to run in data centres. You may have to put more planning into your network design to work around this limitation if necessary. The good news is that this particular limitation could potentially be lifted at some point, just as the SD WAN feature itself was introduced through software without requiring hardware upgrades.

What is the throughput of Meraki SD WAN?

The hardware performance of Meraki MX appliances could also be a potentially limiting factor depending on your needs and network design for SD WAN. Meraki’s product line designed for small branch offices is limited to 100 - 200 Mbps of VPN throughput, depending on the model, and Meraki recommends no more than 50 client devices connecting through these appliances. The medium-size offerings make a fairly large jump in price and have a VPN throughput range of 250 - 500 Mbps. The high-end offerings meant for large branches, campuses, and data centres offer a maximum throughput of 2 Gbps. While this will certainly be good enough for most environments, bandwidth usage across your company will only continue to grow with time and this limitation may be too small if you have a very large environment or you need to distribute a lot of SD WAN traffic.

Directly related to the hardware performance is the VPN tunnel scaling limitations. This is not unique to Meraki as all SD WAN platforms have tunnel scaling limitations you must be aware of. With Meraki, though, the default design is for an automatic full mesh of VPN tunnels where every site establishes a tunnel with every other site. The MX appliances designed for small and branch offices support a maximum of 50 tunnels, while the high-end appliances support up to 5,000 tunnels. This is where a good network design strategy comes into play to help maximise performance and lower the Total Cost of Ownership (TCO).

If your network is sufficiently large (e.g. more than 50 sites), you should create a network design involving hubs and spokes with the MX appliances. This is all easily done through Meraki’s cloud-based interface. The hub and spoke design improves performance by limiting the number of SD WAN VPN tunnels that must be established on the spoke MX devices. The spokes only form tunnels with the hubs if configured to do so, instead of the default full mesh of tunnels established to all sites.

The limitation in this design model is that all traffic between spokes must traverse a hub, rather than the traffic going directly between the sites. For most enterprises, critical company data is centralised within regional data centres and branch sites rarely communicate directly with each other over the network. Meraki’s dashboard allows you to make exceptions and you can still establish individual spoke-to-spoke tunnels to eliminate traffic passing through the hub.

What are the limitations for smaller branch offices?

One perhaps surprising limitation is that none of the MX appliances designed for smaller branch offices feature an SFP port for optical fibre connectivity - it is not until you get into the higher-priced mid-range models that this option becomes available. This is surprising because, for many rural areas where branch offices may be located, broadband connectivity may not be an available option, but Direct Internet Access (DIA) delivered via fibre Ethernet may be all that you can get. Your options, in this case, would be to either upgrade to the larger MX appliance or place another device in front of the MX to convert the Ethernet handoff from fibre to copper.

What are Meraki HA limitations?

The other limitations to be aware of with Meraki SD WAN are high availability (HA) and failover times. HA is typically only used in large campuses and data centres where reliability is critically important. Meraki currently offers a “warm spare” active/standby model using the Virtual Router Redundancy Protocol (VRRP). This means that you can only use the forwarding capacity of a single appliance, not both as in an active/active model. Failover between the active and standby appliance could take up to 30 seconds. Additionally, there are failover and failback limitations for the AutoVPN tunnels and dynamic path selection where issues could be present for 30 - 40 seconds before action is taken. These kinds of limitations may not be acceptable for your particular environment and you should be aware of them.

Conclusion

Ultimately Cisco Meraki’s SD WAN platform covers the vast majority of enterprise use cases. The product is stable, elegant and extremely easy to operate which lowers your TCO because you do not necessarily need expert-level staff to operate and maintain the SD WAN. For many of the present limitations, you can enable workarounds through smart network design. Likewise, some limitations may be removed with future software releases that do not require replacing existing hardware which further protects your investment.

The 3 Tools You Need To Compare UK SD WAN Providers And Vendors.

  1. SD WAN Comparison Tool - Answer 10 questions to find your match.
  2. Read SD WAN Research - We've listed 25+ Solutions.
  3. Get the Guide - Top/Best SD WAN Vendors and Providers.

Suggested Posts

SD WAN Buyers Mindmap

Download the SD WAN Buyers Mind Map Feature Comparison Guide

Download the at-a-glance A3 PDF SD WAN Buyers Mindmap. Everything an IT decision making team need to consider when comparing vendors and managed service providers.

SD WAN Buyers Mind Map 2023

Your Mindmap is sent immediately. Complete the following information - check your junk folder if you do not receive the content within 2 minutes.

Download now

Explore Topics

Popular Article Topics

Find articles and helpful resources about any of the following:

Subscribe to Notifications

The Netify Learning Center

Learn more about comparison of SD WAN and SASE Cybersecurity with the Netify Learning Center.

See All Articles

Download the SD WAN Playbook

A comparison of SD WAN vendors & providers distilled into one page.

With the key features you should consider. And, build a vendor shortlist in less than 60 seconds with our comparison tool.