Aruba Solution Exchange

Client State Sync with AP Fast Failover

Client State Sync with AP Fast Failover

 

Summary

The Aruba AP Fast Failover feature, introduced in Aruba OS (AOS) 6.3, minimizes the failover time in the event of a controller failure.  All controllers in the same redundancy domain need to share the same HA-Group profile.  
 
AP licenses, controller capacity, configuration synchronization between controllers, physical locations and type of networks connection of the controllers, licenses and etc should be considered in designing the HA group membership.
 
The HA roles supported are active, standby and dual. The solution template will build one HA group for a set of controllers deployed in an active / active model
 
New features introduce in Aruba OS 6.4
 
Client State Synchronization
State synchronization improves failover performance by synchronizing client authentication state information from the active controller to the standby controller, allowing clients to authenticate on the standby controller without repeating the complete 802.1X authentication process.This feature requires you to configure the high availability group profile with a pre-shared key. The controllers use this key to establish the IPSEC tunnels through which they send state synchronization information.
 
High Availability Inter-controller Heartbeats
The high availability inter-controller heartbeat feature allows faster AP failover from an active controller to a standby controller, especially in situations where the active controller reboots or loses connectivity to the network.

 

Configuration Notes

  • The design of master redundancy is independent of AP fast failover. Master redundancy needs to be configured to ensure the AP will be able to contact the Master controller upon reboot. Another option would be to configure VRRP between the master-local pairs to provide master redundancy.
  • When the HA roles of the controllers are set to dual, the active controller will be determined by the LMS-IP setting in the AP system profile and the standby controller will be selected from the list of controllers listed in the HA group in the round-robin fashion.
  • Multiple HA Groups can be defined but each controller can only be assigned to a single HA group.
  • The controller IP or switch IP of the controller must be used when defining the controller in the HA group profile.
  • The "ha group-membership" is a local command and needs to be executed on each local controller.
  • HA group membership is independent of the controller role. For example, AP Fast Failover could be setup between two masters, but the administrator needs to make sure that the configuration and relevant network configurations are similar between the two controllers.
  • The AP fast failover feature supports APs in campus mode using tunnel or decrypt-tunnel forwarding modes, but does not support campus APs in bridge mode. This feature is not supported on remote APs and mesh APs in any mode.  Legacy AP‑60 series and AP‑70series APs also do not support this feature.

  • Client state sync is only supported on a pair of controllers in a HA group.

Sample Lab Topology

 

Platform Tested

Aruba Mobility Controller 3600-US running AOS version 6.3.1.2.

 

Licensing

AP license

 

References

[1] Aruba OS 6.3 User Guide

Version History
Revision #:
1 of 1
Last update:
‎09-17-2014 01:23 PM
Updated by:
 
Contributors
Comments
Steffen

Is this feature only available on local controller in a Master/local setup?

or is it possible to implement it on master controller in an all-master deployment?

itispossible

Will Client-state sync work with captive-portal authenticated users(open SSID)? 

Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.