How does high availability/fast failover feature work and how to configure ?

Aruba Employee

AP redundancy solutoins (like a backup-LMS) put heavy load on the backup controller during failover, resulting in slower failover performance. If the number of Acces Points to failover is much more then unavailability of wireless downtime to users further increases. To avoid this, ArubaOS now supports redundancy through the High Availability:Fast Failover feature based upon the Virtual Router Redundancy Protocol (VRRP).

This WLAN redundancy solution allows a campus AP to rapidly fail over from a active to a standby controller without needing to rebootstrap. It significantly reduces network downtime and client traffic disruption during network upgrades or unexpected failures.

APs using the High Availability: Fast Failover feature regularly communicate with the standby controller, so the standby controllerr has only a light workload to process if an AP failover occurs. This results in very rapid failover times, and a shorter client reconnect period. This feature supports failover for campus APs in tunnel forwarding mode only. It does not support failover for remote APs or campus APs in bridge forwarding mode.

The High Availability: Fast Failover features work across Layer-3 networks, so there is no need for a direct Layer-2 connection between controllers in a high-availability group.When the AP first connects to its active controller, that controller sends the AP the IP address of a standby controller, and the AP attempts to connect to the standby controller.

APs using control plane security establish an IPsec tunnel to their standby controllers. APs that are not configured to use control plane security send clear, unencrypted information to the standby controller. An AP will failover to its backup controller if it fails to contact its active controller through regular heartbeats and keepalive messages, or if the user manually triggers a failover using the WebUI or CLI.
 

 

A controller using this feature can have one of three high availability roles – active, standby or dual.


Active controller:


An active controller serves APs, but cannot act as a failover standby controller for any AP except the ones that it serves as active.

Standby Controller:
 

A standby controller acts as a failover backup controller, but cannot be configured as the primary controller for any AP.
 

Dual Controller:
 

A dual controller can support both roles, and acts as the active controller for one set of APs, and also acts as a standby controller for another set of APs.

 

High Availability groups support the following deployment modes

  • Active/Active Deployment
  • 1:1 Active/Standby Deployment
  • N:1 Active/Standby Deployment


Active/Active Deployment:

 

In this model, two controllers are deployed in dual mode. Controller one acts as standby for the APs served by controller two, and vice-versa. Each controller in this deployment model supports approximately 50% of its total AP capacity, so if one controller fails, all the APs served by that controller would fail over to the other controller , thereby providing high availability redundancy to all APs in the cluster.

 

rtaImage.jpeg

 

1:1 Active/Standby Deployment model:
 

In this model, the controller in active mode supports up to 100% of its rated capacity of APs, while the other controller in standby mode is idle. If the active controller fails, all APs served by the active controller would failover to the standby controller.

 

rtaImage.jpeg

 

N:1 Active/Standby Deployment model:

In this model, each controller in active mode supports up to 100% of its rated capacity of APs, while one other controller is idle in standby mode is idle. If an active controller fails, all APs served by the active controller would failover to the standby controller.This model requires that the AP capacity of the standby controller is able to support the total number of APs distributed across ALL active controllers in the cluster.

In the cluster shown in the example below, two active controllers use a single higher-capacity standby controller.

 

rtaImage.jpeg

 

Configuring High Availability:Fast Failover

From WebUI:
 

  1. Navigate to Configuration>Advanced Services>All Profiles.
  2. In the Profiles list in the left window, expand "HA" and then select "HA group information"
  3. Mention a name to the group and click ADD
  4. In the left, click on the newly created group. Enter the IP address of each controller in the HA group, and assign a role to each controller.

NOTE:  The IP address of each controller must be reachable by APs, and must be the IP address that appears in the "show controller-ip" command on specific controllers

 

rtaImage.jpeg

 

Select the  Preemption  checkbox if an  AP  that has failed  over  to  a  standby should  attempt to  connect back to  its original  active  controller  once  that controller  is reachable  again. When  you  enable  this setting, the  AP  will wait for  the  time  specified  by the  lms-hold-down-period  parameter  in  the  ap  system  profile  before  the  AP attempts to  switch  back from the standby controller to  the  orginal  controller.

From CLI:
rtaImage.jpeg



Points to be noted:

 

  •  All active and backup controllers within a single high-availability group must be deployed in a single master-local topology.
     
  • The high availability: fast failover feature supports APs in campus mode using tunnel or decrypt-tunnel forwarding modes, but does not support campus APs in bridge mode.

     
  • This feature is not supported on remote APs and mesh APs in any mode.

     
  • Legacy AP-60 series and AP-70series APs also do not support this feature.

 

Version history
Revision #:
1 of 1
Last update:
‎07-01-2014 04:45 AM
Updated by:
 
Labels (1)
Contributors
Comments
itispossible

How do we enable debug to check the HA fast failover is working? 

#show datapath tunnel table | include <ip address of AP>

#show datapath session table | include <ip address of AP>

 

#logging level debugging system process ha_mgr

 

HA failover information:-

#show ap debug system-status ap-name <ap-name> 

When using active-active with fast failover, how do you monitor the number of active APs via SNMP?

 

.1.3.6.1.4.1.14823.2.2.1.1.3.1.0 seems to give all the APs, not just the active ones.

 

In other words, what is the SNMP equivalent to "show ap active"?

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.