Extending your Meraki SDWAN fabric across mainland China and global
Internet censorship is a well-known term for many governments to control or suppress what can be accessed, published, or viewed on the Internet enacted by regulators.
China's Internet censorship is more comprehensive and sophisticated than any other country in the world, which has a much more significant implication on the traffic destined and/or sourced to/from mainland China. Some of those implications are:
· Increased latency
· Unreliable packet delivery
· Blockage of a list of services and websites
In 2017, the Standing Committee of the National People's Congress of China promulgated a cybersecurity law which among other things, requires network operations to store data locally within mainland China.
In response to all that, Cisco Meraki built a China service to serve better our customers who are located or have a presence in mainland China. China service is an exclusive instance of the Cisco Meraki dashboard located in mainland China and is separate from the global Meraki dashboard.
For global customers with a presence in mainland China, Cisco Meraki strongly advises to ensure the Cisco Meraki devices in mainland China are placed in Cisco Meraki's China service (https://dashboard.meraki.cn), which will require some extra considerations for the SDWAN deployment.
This blog will cover the solution and design considerations of building a Cross-border data connection over the Alibaba Cloud to connect the SDWAN fabric across the two instances of Cisco Meraki dashboards to offer better latency and more reliable packet delivery without the need to invest in expensive private network.
Create at least two Virtual Private Clouds (VPCs) within Alibaba organization. One hosted in a global Point of Presense, like Sydney, and other hosted withing Mainland China, like Shenzhen.
After completing this section, you should have Cisco Meraki vMXs up and running. Make sure to verify the public IPs used by each vMX and match it with Alibaba ECS instance.
There are at least four routing tables that will need adjustment to allow the cross-border communication, and it will split into 2 sections.
In the advanced settings, by click all the boxes, it will create 3 static routes for the RFC1918 subnets and direct the traffic to the transit router as the next hop
From any of the instances created in steps 3 or 4, select Cross-region connections
Overall, integrating Cisco Meraki SD-WAN with Alibaba Cloud Enterprise Networks enables organizations to create a unified and efficient network infrastructure that spans across different regions and meets their business needs. The integration provides a secure and reliable way to connect your branch offices or data centres in mainland China to other global locations, and allows you to optimize network traffic and improve application performance.