Controller Based WLANs

How-to-enable-full-redundancy-with-HA-feature

AP Fast Failover does not provide redundancy for controllers or AP’s master discovery process, and hence customers using VRRP for controller redundancy should continue to use it. Also when a AP reboots it does not retain the information of the LMS. To provide full redundancy for a network which has a Master and Local controller, we need to configure VRRP, LMS/BKup LMS along with High Availability.

 

Prior to AOS 6.3, Aruba controllers only supported AP failover using two mechanisms- Backup-LMS and VRRP. In both these mechanisms, during failover, the APs are required to rebootstrap to a backup controller. This process involves considerable processing on the backup controller and the APs (AP needs to purge its config, kick out existing clients, connect to the backup controller and download the config before it can start serving clients again). In larger networks, this can cause an unacceptable delay in failover for the APs.
 
New backup mechanism allows:
·       AP establish simultaneous communication channel with both active and standby controller
·       During a failover, the load from the APs on a standby controller is minimal
·       During a failover, the APs do not turn their radios off and on, thus minimizing the RF outage experience for an end-user
·       The solution works across L3 networks. There is no need for direct L2 connection between HA controllers
·       Apart from 1+1 (active-standby), AP Fast Failover supports 1:1 (active-active), N:1 and N+1 models
 
Environment : This feature is introduced in 6.3 and further improvisation is done in 6.4.

When AP Fast Failover is enabled, it has higher precedence over legacy lms/backup-lms based failover. i.e, the APs will first attempt AP Fast Failover. 
 
Network Topology : 
 
Aps distributed among Master & Local controllers

Sample config
C1  - Master  10.17.168.69
C2 – Local     10.17.168.70
VRRP ip – 10.17.168.71 - Use option 43, 60 on DHCP server to discover Master ip or use DNS option
 
 
On the master controller
 
1. Create a ap system profile. LMS ip being - Master's physical ip address with Bkup LMS being Local's physical ip. Vice versa 
2. Map the AP system profile to ap group
3. Create HA profile with Master and Local in dual role
4. Map the group membership on both the controllers to the same profile.
 
(Master) (config) #ha group-profile HA
(Master) (HA group information "HA") #controller 10.17.168.69 role dual
(Master) (HA group information "HA") #controller 10.17.168.70 role dual
(Master) (HA group information "HA") #exit
 
(Master) (config) #ha group-membership HA
 
On the Local controller
(Local) (config) #ha group-membership HA
 
Sample config
ap system-profile "ArubaAP"
   lms-ip 10.17.168.69
   bkup-lms-ip 10.17.168.70
   lms-preemption   
!
ha group-profile "HA"
   preemption
   controller 10.17.168.69 role dual
   controller 10.17.168.70 role dual
!
ap-group "ArubaAPgroup"
   ap-system-profile "ArubaAP"    
!
 
ap system-profile "ArubaAP2"
   lms-ip 10.17.168.70 
   bkup-lms-ip 10.17.168.69
   lms-preemption   
!
ap-group "ArubaAPgroup2"
   ap-system-profile "ArubaAP2"    
!
ha group-membership HA
 
rtaImage (6).jpg
 
  • AP Fast Failover does not provide redundancy for controllers or AP’s master discovery process.
  • To provide full redundancy we need to have VRRP for controller redundancy 
  • AP Fast Failover can coexist with VRRP, as long as VRRP-IP is not used in ha group-profile and as LMS in AP system profile.
  • We can have vrrp ip on the dhcp server or DNS so the Aps can locate Aruba controller. 
  • Controller IP addresses configured in HA group profile must be IP address of vlan interface on which VRRP instance exists and also they should be switch ip-addresses.
  • Need to configure a backup LMS ip on the system profile.
Flow:-
  1. AP gets ip address and master ip from the DHCP server or DNS 
  2. Assuming we have vrrp ip as Master ip so even if one of them is down, the AP can still come up
  3. Aps will come up on the LMS ip
  4. Establish tunnels and perform HA failover if the LMS goes down
  5. If the LMS does not recover for a longer period, for the AP to survive a hard reboot, we need to configure backup LMS ip in the system profile.
  6. So when it reboots and finds out that LMS is not available it will try to use backup LMS ip. This is not HA rather legacy failover
(Master) (config) #show ap database
 
AP Database
-----------
Name               Group    AP Type  IP Address    Status     Flags  Switch IP     Standby IP
----               -----    -------  ----------    ------     -----  ---------     ----------
d8:c7:c8:c0:ba:d8  default  135      10.17.168.93  Up 6m:54s         10.17.168.69  10.17.168.70
 
 
(Local) (config) #show ap database
 
AP Database
-----------
Name               Group    AP Type  IP Address    Status     Flags  Switch IP     Standby IP
----               -----    -------  ----------    ------     -----  ---------     ----------
d8:c7:c8:c0:ba:d8  default  135      10.17.168.93  Up 7m:56s  S      10.17.168.69  10.17.168.70
 
 
when master goes down immediately it fails over to Local 
 
(Local) (config) #show ap active
 
Active AP Table
---------------
Name               Group    IP Address    11g Clients  11g Ch/EIRP/MaxEIRP  11a Clients  11a Ch/EIRP/MaxEIRP   AP Type  Flags  Uptime  Outer IP
----               -----    ----------    -----------  -------------------  -----------  -------------------   -------  -----  ------  --------
d8:c7:c8:c0:ba:d8  default  10.17.168.93  0            AP:HT:6/12/19        0            AP:HT:132+/22.5/22.5  135      Ada    8m:46s  N/A
 
 
Master is still down , and the AP is rebooted
 
                       
(Local) #show vrrp
 
Virtual Router 1:
    Description
    Admin State UP, VR State MASTER
    IP Address 10.17.168.71, MAC Address 00:00:5e:00:01:01, vlan 100
    Priority 100, Advertisement 1 sec, Preemption Disable Delay 0
    Auth type NONE ********
    tracking is not enabled
 
        Ap will find the right master ip - vrrp ip 10.17.168.71
                       
Getting an IP address...
10.17.168.93 255.255.255.224 10.17.168.65
Running ADP...Done. Master is 10.17.168.71
.........
AP rebooted Tue Sep 30 08:06:40 EST 2014; SAPD: Reboot requested by controller
shutting down watchdog process (nanny will restart it)...
 
        <<<<<       Welcome to the Access Point     >>>>>
                       
                       
The AP is supposed to come up using the bkup LMS ip since LMS is still down. 
 
Oct 7 20:41:25 :303022:  <WARN> |AP d8:c7:c8:c0:ba:d8@10.17.168.93 nanny|  Reboot Reason: AP rebooted Tue Sep 30 08:06:40 EST 2014; SAPD: Reboot requested by controller
Oct 7 20:43:02 :307016:  <WARN> |cfgm| Cannot heartbeat with the master.
Oct 7 20:44:52 :307016:  <WARN> |cfgm| Cannot heartbeat with the master.
Oct 7 20:46:42 :307016:  <WARN> |cfgm| Cannot heartbeat with the master.
Oct 7 20:48:32 :307016:  <WARN> |cfgm| Cannot heartbeat with the master.
Oct 7 20:50:22 :307016:  <WARN> |cfgm| Cannot heartbeat with the master.
Oct 7 20:52:12 :307016:  <WARN> |cfgm| Cannot heartbeat with the master.
Oct  7 20:53:07  KERNEL(d8:c7:c8:c0:ba:d8@10.17.168.93): RESTARTING ALL TX AP 
 
 
(Local) #show ap database
 
AP Database
-----------
Name               Group    AP Type  IP Address    Status     Flags  Switch IP     Standby IP
----               -----    -------  ----------    ------     -----  ---------     ----------
d8:c7:c8:c0:ba:d8  default  135      10.17.168.93  Up 28m:5s         10.17.168.70  0.0.0.0
 
 AP fails back to the LMS and establishes tunnel 
 
(MASTER) (config) # show ap database
 
AP Database
-----------
Name               Group    AP Type  IP Address    Status      Flags  Switch IP     Standby IP
----               -----    -------  ----------    ------      -----  ---------     ----------
d8:c7:c8:c0:ba:d8  default  135      10.17.168.93  Up 30m:26s         10.17.168.69  10.17.168.70
 
 
#show datapath tunnel table | include <ip address of AP>
#show datapath session table | include <ip address of AP>

#logging level debugging system process ha_mgr
 
HA failover information:-
#show ap debug system-status ap-name <ap-name> 
 
 
Version History
Revision #:
1 of 1
Last update:
‎04-07-2015 02:10 PM
Updated by:
 
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.