Meraki SDWAN 

Alibaba Cloud

Updated on 8 April 2023 by Fady Sharobeem


Extending your Meraki SDWAN fabric across mainland China and global

Use Case



Use Case

Internet censorship is a well-known term for many governments to control or suppress what can be accessed, published, or viewed on the Internet enacted by regulators.

China's Internet censorship is more comprehensive and sophisticated than any other country in the world, which has a much more significant implication on the traffic destined and/or sourced to/from mainland China. Some of those implications are:

·       Increased latency 

·       Unreliable packet delivery

·       Blockage of a list of services and websites

In 2017, the Standing Committee of the National People's Congress of China promulgated a cybersecurity law which among other things, requires network operations to store data locally within mainland China. 

In response to all that, Cisco Meraki built a China service to serve better our customers who are located or have a presence in mainland China. China service is an exclusive instance of the Cisco Meraki dashboard located in mainland China and is separate from the global Meraki dashboard.

For global customers with a presence in mainland China, Cisco Meraki strongly advises to ensure the Cisco Meraki devices in mainland China are placed in Cisco Meraki's China service (https://dashboard.meraki.cn), which will require some extra considerations for the SDWAN deployment.

This blog will cover the solution and design considerations of building a Cross-border data connection over the Alibaba Cloud to connect the SDWAN fabric across the two instances of Cisco Meraki dashboards to offer better latency and more reliable packet delivery without the need to invest in expensive private network.


Implementatio n

Create a new Meraki network

  • From Organization menu, select Create network 
  • Choose network name and select the network type to be either Combined hardware or Security appliance, then select the vMX from the inventory list.
  • Generate Authentication token - Meraki Authentication token will be valid within an hour from generating it and it's required to map the virtual MX hosted in the cloud vendors to correct Meraki organiztion/network.
  • Navigate to the vMX network and click on Security & SDWAN menu then Appliance status
  • The Meraki virtual MX will be in NAT mode by default and it's required to change the operating mode to passtrhough.
  • From Addressing & VLANs menu, choose Passthrough or VPN Concentrator mode instead of Routed
  • Make sure to build at least two vMXs, one hosted in the Meraki global dashboard (https://dashboard.meraki.com) and another instace hosted in Meraki service in China dashboard (https://dashboard.meraki.cn)

Alibaba Cloud Configuration

Create at least two Virtual Private Clouds (VPCs) within Alibaba organization. One hosted in a global Point of Presense, like Sydney, and other hosted withing Mainland China, like Shenzhen.

Building Virtual Private Cloud (VPC)

Alibaba5 Alibaba6 Alibaba7

Create Elastic Compute Service

Alibaba8 Alibaba9 Alibaba10

After completing this section, you should have Cisco Meraki vMXs up and running. Make sure to verify the public IPs used by each vMX and match it with Alibaba ECS instance.

Alibaba11 Alibaba12

Routing Adjustment across Domains

There are at least four routing tables that will need adjustment to allow the cross-border communication, and it will split into 2 sections.

Cisco Meraki Routing

Alibaba13 Alibaba14

Alibaba Routing

Alibaba15 Alibaba16 Alibaba17 Alibaba18 Alibaba19

In the advanced settings, by click all the boxes, it will create 3 static routes for the RFC1918 subnets and direct the traffic to the transit router as the next hop


From any of the instances created in steps 3 or 4, select Cross-region connections

Alibaba21 Alibaba22 Alibaba23 Alibaba24


Overall, integrating Cisco Meraki SD-WAN with Alibaba Cloud Enterprise Networks enables organizations to create a unified and efficient network infrastructure that spans across different regions and meets their business needs. The integration provides a secure and reliable way to connect your branch offices or data centres in mainland China to other global locations, and allows you to optimize network traffic and improve application performance.