How do I configure VRRP for a multiple controller environment?

Aruba Employee

Product and Software: This article applies to the Aruba 5000, 6000, 3000, 2400, 800, and 200 Mobility Controllers and to ArubaOS 3.3.1.x and later.

In large campus deployments where all controllers share a common Layer 2 environment, VRRP is the configuration of choice for a multiple controller environment. This article will guide you around the pitfalls of such a configuration.

The following example is a setup that has master/master redundancy with a local/master fail over. This sample configuration prevents several pitfalls that will make the configuration unpredictable.

1)    Make sure that all VRRP interfaces are configured with preemption. Preemption ensures that the access point (AP) will fail back to the original local controller, if there is a network issue or the controller has been upgraded. The preemption option will also ensure that the primary master controller is always active. If preemption is not used, the role of the controllers and the home of the APs will not be predictable at the time of an upgrade.

2)    There is a myth that says you can only have one VRRP interface per VLAN. There is no need to create a VLAN for each VRRP interface.

3)    Tracking by master uptime will make the setup unpredictable. The timing of upgrades will flip the role of master controllers, if it is based on uptime. The following example will use tracking by vrrp-master-state. This will also prevent APs from forming GRE tunnel with the backup mater controller, and to insure that the GRE tunnels will only fail over to the active master.


VRRP 10 is used for master redundancy. (This interface will be shared between the master and backup master switch.)
VRRP 20 is used for local/master redundancy. (This interface will be shared between the master switches and local switch.)

********************************************************
ACTIVE MASTER SWITCH

Virtual Router 10:
Description
Admin State UP, VR State MASTER
IP Address 151.151.10.1, MAC Address 00:00:5e:00:01:0a, vlan 10
Priority 110, Advertisement 1 sec, Preemption Enable
Auth type NONE
tracking is not enabled

Virtual Router 20:
Description
Admin State UP, VR State BACKUP
IP Address 151.151.10.20, MAC Address 00:00:5e:00:01:14, vlan 10
Priority 100, Advertisement 1 sec, Preemption Enable
Auth type NONE
tracking type is vrrp-master-state, vrid 10, value 10
tracked priority 110
*******************************************************


BACKUP MASTER SWITCH

Virtual Router 10:
Description
Admin State UP, VR State BACKUP
IP Address 151.151.10.1, MAC Address 00:00:5e:00:01:0a, vlan 10
Priority 100, Advertisement 1 sec, Preemption Enable
Auth type NONE
tracking is not enabled

Virtual Router 20:
Description
Admin State UP, VR State BACKUP
IP Address 151.151.10.20, MAC Address 00:00:5e:00:01:14, vlan 10
Priority 100, Advertisement 1 sec, Preemption Enable
Auth type NONE
tracking type is vrrp-master-state, vrid 10, value 10
tracked priority 100
*********************************************************

LOCAL SWITCH


Virtual Router 20:
Description
Admin State UP, VR State MASTER
IP Address 151.151.10.20, MAC Address 00:00:5e:00:01:14, vlan 10
Priority 120 , Advertisement 1 sec, Preemption Enable
Auth type NONE
tracking is not enabled

********************************************************

Note:
Consider configuring a VRRP between a master and local controller, if the setup does not call for master/master redundancy. This configuration will provide a little more redundancy to "aruba-master" discovery. 

Version history
Revision #:
1 of 1
Last update:
‎06-30-2014 08:04 PM
Updated by:
 
Labels (1)
Contributors
Tags (2)
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: