Product and Software: This article applies to all Aruba controllers and ArubaOS 2.5 and 3.0.
The basic architecture on the Aruba controller domain is proxy-mobile-IP, that is, each controller is acting as the home agent, foreign agent, and mobile client.
In ArubaOS 2.5.x, the master controller is the repository of the home agent table/map (HAT). The HAT shows which controller can handle which IP subnet. The master controller pushes the HAT to all local controllers so that every controller has the same view.
In ArubaOS 3.x, each controller has to build its local portion of the HAT and we support the "mobility domain" for subnets. You can then define a controller to participate in some mobility domains to have better control of whether you want roaming between controllers.
When a new user is landing on a controller (roamed from somewhere else), this controller starts processing the IP packets from the client. If the first packet has source IP belonging to the AP GRE tunnel VLAN, then the controller becomes the home agent of this user. On the other hand, if the user is sending a packet with src IP that matches one of the subnets from HAT, this controller becomes the foreign agent for the user and contacts the home agent switch. The foreign agent then captures all the user traffic and sends it across the inter-switch IP-IP tunnel to the home agent switch.
Policy is also handled at the home agent side. If the first packet is DHCP (which does not have valid src IP), this packet is handled by our proxy DHCP on the controller to assist the HAT lookup.
Note: IP-IP tunnel is built between home agent and foreign agent, which could be Local1 and Local2.