How do configure HA AP fast fail over with Master Standby set up ?

Aruba Employee
Requirement:

Aruba OS tested version : 6.4.2.8

This article will talk about master standby setup.

HA Common Deployment Scenarios:

  • Master-Redundancy
  • Master-Local
  • Local-Local
  • Master-Master

Advantages of HA

  1. AP Fast Failover through pre-established IPSEC/GRE tunnels to Active and Standby controllers.
  2. AP does not turn its radio off, does not re-bootstrap nor re-download its configuration to fail-over.
  3. Failover takes place upon heartbeat or keep alive misses.

Controller roles:

  • Active
  • Standby
  • Dual

Note: HA works across L3 network as well.

Here is the topology sketch of master standby setup.

 

 



Solution:

HA master standby caveats

  • Inter-controller Heartbeats
    • detects peer failure within a sub-second
    • Not recommended if inter-controller latency is close to 100ms and/or risk of hbt packet loss
  • Client State Sync
    • speeds up dot1x authentication after failover by sync’ing the dot1x keys with the standby controller
  • Over-Subscription
    • extends the standby AP tunnels beyond the standby platform capacity
    • Failed-over APs are still limited by the platform capacity

Constraints and Points for master-standby set up.

  1. Use only Controller-ip in ‘ha group-profile’
  2. The lms-ip has to match one of the controller IPs listed in the ha group-profile

Best practices and facts:

  • Configure an lms-ip in the ap system profile
  • Use controller role ‘dual’ as much as possible.
  • Use bkup-lms to recover from a double failure (Controller and AP).
  • HA failover takes precedence over lms/bkup-lms failover.
  • APs that failed over to bkup-lms will not build a standby tunnel until it has moved back to its primary lms.
  • 11r & State-sync do not work because on a failover we deauth the client which makes the 11r client do a full dot1x.

Notes

  • Topology supported in 6.4 and beyond
  • Bkup-lms is required in case of double failure (controller failure and  ap reboot)
  • Inter-controller heartbeat is not needed/supported (IC-Hbt triggers failover in 0.5s while VRRP takes 3s )
  • HA Preemption and LMS Preemption are useless (one controller is active at any time)
  • VRRP preemption is ok, thanks to 2 mns timer on backup active master. (APs will have time to setup their GRE tunnels with preempting controller before getting kicked out by backup master)
  • HA-Mgr is aware of the VRRP role provided by CFGM
  • VRRP VIP should be used for the ap master discovery


Configuration:

Controller Config

-----------------------

 

Active Master

ap system-profile “primary"
  lms-ip 10.10.1.1
  bkup-lms-ip 10.10.1.2
!
ha group-profile "Cluster-A"
  pre-shared-key aruba2hp
  state-sync
  controller 10.10.1.1 role dual
  controller 10.10.1.2 role dual
!
ap-group "Cluster-A"
  ap-system-profile "primary"
!
ha group-membership Cluster-A

Backup Master

ha group-membership Cluster-A



Verification

 Below commands would verify the HA config.

 

  • show ap database (this command presents both active and standby ip config)
  • show ap database on standby (this command will represent "S" flag stating standby flag)
  • show ha group-profile 
  • show ha group-membership

 

Version history
Revision #:
2 of 2
Last update:
‎07-30-2015 05:56 AM
Updated by:
 
Labels (1)
Contributors
Comments
tarunklu

does HA fail-over with VRRP support in 6.3.1.18 code?

AOS 6.4

bs4284

does configuring HA require the AP's to reboot or rebootstrap to take the config?

or is there any other downtime associate with configuring HA in a production network?

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.