Controller-less WLANs

How does L3 Mobility work in Instant AP?

by on ‎05-18-2016 01:17 PM - edited on ‎05-28-2016 02:09 AM by Guru Elite Guru Elite

Requirement:

This article applies to Instant APs starting from version 6.2.1.0 - 3.3.0.0.

This kind of design in an Instant AP deployment is to make wireless client roam seamlessly across clusters on the same SSID.

 

 

If the IP address changes when a client roams, from one AP to the other AP, where SSID name is identical, it loses connectivity to the existing session that it has established and all TCP based sessions have to be restarted. So to avoid this, the aim of this wireless roaming system is to let the client retain its IP address upon a roam.

 



Solution:

This scenario needs configuration, where cluster B is informed about IP addressing on cluster A and which subnets are present on cluster A.

Notice that VLAN 10 is not present on cluster B. If a client roams, to it, based on DHCP requests the client sends on vlan 10, it determines, that it belongs to cluster A and creates a GRE tunnel to cluster A.

 

  • Client VLAN should not be sent across trunk port. It should be specific to each cluster.
  • APs VLAN in each cluster should be sent across trunk so that they get to know about each other when the L3 mobility is configured.
  • Client connecting to cluster A would get IP address from vlan 10.
  • When it roams to cluster B it remains its IP address and now you could see the GRE getting formed between two clusters in the #show datapath session output.
  • All other outputs with respect to L3 mobility can be verified here.



Configuration:

It is recommended that you configure all client subnets in the mobility domain. When client subnets are configured:


 If a client is from a local subnet, it is identified as a local client. When a local client starts using the IP address,
the L3 roaming is terminated.
If the client is from a foreign subnet, it is identified as a foreign client. When a foreign client starts using the
IP address, the L3 roaming is set up.

 

Please refer to the above sample topology

 

Configuration from both the APs.

 

AP1:

 

AP1# show l3-mobility config


Flags

-----

Type                       Value

----                       -----

Home Agent Load Balancing  disable

Virtual Controller Table

------------------------

Virtual Controller IP

---------------------

172.16.0.100      ------------   IP address of two Virtual controllers.

172.16.2.250

Subnet Table

------------

Subnet       Netmask        VLAN  Virtual Controller

------       -------        ----  ------------------

172.16.10.0  255.255.255.0  10    172.16.0.100          ------------------------------------ Two client subnets. 172.16.x.x is the client subnet on AP1 and 10.241.x.x is the client subnet that exist on AP2.

10.241.11.0  255.255.255.0  11    172.16.2.250

 

AP2:

 

AP2# show l3-mobility config


Flags

-----

Type                       Value

----                       -----

Home Agent Load Balancing  disable

Virtual Controller Table

------------------------

Virtual Controller IP

---------------------

172.16.2.250

172.16.0.100

Subnet Table

------------

Subnet       Netmask        VLAN  Virtual Controller

------       -------        ----  ------------------

172.16.10.0  255.255.255.0  10    172.16.0.100

10.241.11.0  255.255.255.0  11    172.16.2.250

 

Switch 1 where AP1 is connected:

 

show ip interface br


Flags: S - Secondary IP address

Interface                   IP Address / IP Netmask        Admin   Protocol   Flags

vlan 1                    172.16.0.250 / 255.255.255.0     Up      Up               

vlan 10                    172.16.10.2 / 255.255.255.0     Up      Up               

vlan 11                    10.241.11.1 / 255.255.255.0     Up      Down             

vlan 169                  10.20.25.254 / 255.255.255.0     Up      Down             

vlan 2                      172.16.2.2 / 255.255.255.0     Up      Up               

vlan 4094                172.16.94.254 / 255.255.255.0     Up      Down              

vlan 99                  172.16.98.254 / 255.255.255.0     Up      Down             


(ArubaS1500-12P) #show trunk


Trunk Port Table

----------------

Port     Vlans Allowed  Vlans Active  Native Vlan

----     -------------  ------------  -----------

GE0/0/0  1-2            1-2           1     ---------  only AP vlans are allowed across trunk so that each cluster knows information about other cluster.

GE0/0/5  1,10           1,10          1

 

Switch 2 where AP2 is connected:

 

show ip interface br


Flags: S - Secondary IP address

Probe: U - Up, D - Down, U/O - Up & Own IP, N/A - Not Applicable

Interface                   IP Address / IP Netmask        Admin   Protocol Probe  Flags

vlan 1                    172.16.0.150 / 255.255.255.0     Up      Up       N/A          

vlan 10                    172.16.10.1 / 255.255.255.0     Up      Down     N/A          

vlan 100                    10.100.0.1 / 255.255.255.0     Up      Down       N/A          

vlan 11                    10.241.11.2 / 255.255.255.0     Up      Up     N/A          

vlan 2                      172.16.2.1 / 255.255.255.0     Up      Up       N/A


(ArubaS1500-12P) #show trunk


Trunk Port Table

----------------

Port     Vlans Allowed  Vlans Active  Native Vlan

----     -------------  ------------  -----------

GE0/0/0  1-2            1-2           1

GE0/0/5  2,100          2,100         2

 

 



Verification

Steps to reproduce:
  1. When client connects to AP1 in “l3-mobility” SSID it gets IP address from vlan 10. Please note that the GRE tunnel is not formed as the client did not roam to the other cluster yet.
  2. Client roams from AP1 to AP2. Now AP2 identifies that the client subnet is not local to it and since L3 Mobility is configured it will look for the same subnet in the “subnet table” configured under L3 mobility.
  3. Since subnet is present, AP2 identifies that this client has roam from a different cluster. As the client wants to retain its IP address and does layer 3 communication using the same IP address, AP2 forms a GRE tunnel with the AP1. So the client would continue to pass the traffic through GRE tunnel via AP1.

 

 

Outputs to verify:
 
Output from AP1:
AP1# show l3-mobility datapath


L3 Mobility Datapath Home Table

-------------------------------

Client Index  Client MAC         Home Vlan  Destinaton Device Index

------------  ----------         ---------  -----------------------

00            5c:51:88:a7:a6:66  10         8464

L3 Mobility Datapath Foreign Table

----------------------------------

Client Index  Client MAC  Home Vlan  VAP Vlan  Destinaton Device Index  HAP IP  Virtual Controller IP  Packets Forwarded

------------  ----------  ---------  --------  -----------------------  ------  ---------------------  -----------------

L3 Mobility Datapath Tunnel Table

---------------------------------

Tunnel Device  Remote Protocol  Dest IP       Clients  Idle Time  Rx Packets  Tx Packets  Rx Mcasts  Tx Mcasts  ARP Proxy Pkts  Tx Jumbo  MTU   Rx HB  Tx HB  MTU Reqs  MTU Resps  HB Mismatch  IP Mismatch  Type    Vlan Translations

-------------  ---------------  -------       -------  ---------  ----------  ----------  ---------  ---------  --------------  --------  ---   -----  -----  --------  ---------  -----------  -----------  ----    -----------------

mip000         0x8800           172.16.2.254  1        29         2           4           0          0          0               1         1500  1      2      0         0          0            0            to-FAP  -


AP1# show datapath session | inc 47      --------------------- To verify if GRE is formed

172.16.0.254      172.16.2.254    47   0     0     0    0    0   0   local       26   FC    

172.16.2.254      172.16.0.254    47   0     0     0    0    0   0   local       26   F  

   

AP1# show l3-mobility status


Roaming Client Table

--------------------

Client MAC         Home Vlan  VAP Vlan  Tunnel ID  Status      Virtual Controller IP  Peer IP       Old AP IP  Device Name

----------         ---------  --------  ---------  ------      ---------------------  -------       ---------  -----------

5c:51:88:a7:a6:66  10         100       0          home,ready  172.16.2.250           172.16.2.254  0.0.0.0   

Tunnel Table

------------

Peer IP       Local Tunnel ID  Remote Tunnel ID  Use Count  Type

-------       ---------------  ----------------  ---------  ----

172.16.2.254  0                0                 1          to-HAP

Virtual Controller Table

------------------------

Virtual Controller IP  Type  HAP IP  Local Tunnel ID  Remote Tunnel ID

---------------------  ----  ------  ---------------  ----------------

172.16.0.100           C     -       -                -

172.16.2.250           C     -       -                -

Output from AP2:

 

AP2# show l3-mobility datapath


L3 Mobility Datapath Home Table

-------------------------------

Client Index  Client MAC  Home Vlan  Destinaton Device Index

------------  ----------  ---------  -----------------------

L3 Mobility Datapath Foreign Table

----------------------------------

Client Index  Client MAC         Home Vlan  VAP Vlan  Destinaton Device Index  HAP IP        Virtual Controller IP  Packets Forwarded

------------  ----------         ---------  --------  -----------------------  ------        ---------------------  -----------------

00            5c:51:88:a7:a6:66  10         100       8464                     172.16.0.254  172.16.0.100           2

L3 Mobility Datapath Tunnel Table

---------------------------------

Tunnel Device  Remote Protocol  Dest IP       Clients  Idle Time  Rx Packets  Tx Packets  Rx Mcasts  Tx Mcasts  ARP Proxy Pkts  Tx Jumbo  MTU   Rx HB  Tx HB  MTU Reqs  MTU Resps  HB Mismatch  IP Mismatch  Type    Vlan Translations

-------------  ---------------  -------       -------  ---------  ----------  ----------  ---------  ---------  --------------  --------  ---   -----  -----  --------  ---------  -----------  -----------  ----    -----------------

mip000         0x8800           172.16.0.254  1        21         2           4           0          0          0               1         1500  1      2      0         0          0            0            to-HAP  (10->100)


AP2# show datapath session | inc 47

172.16.0.254      172.16.2.254    47   0     0     0    0    4   1   local       c6   F     

172.16.2.254      172.16.0.254    47   0     0     0    0    0   1   local       c6   FC    


AP2# show l3-mobility status


Roaming Client Table

--------------------

Client MAC         Home Vlan  VAP Vlan  Tunnel ID  Status         Virtual Controller IP  Peer IP       Old AP IP     Device Name

----------         ---------  --------  ---------  ------         ---------------------  -------       ---------     -----------

5c:51:88:a7:a6:66  10         100       0          foreign,ready  172.16.0.100           172.16.0.254  172.16.0.254  aruba001

Tunnel Table

------------

Peer IP       Local Tunnel ID  Remote Tunnel ID  Use Count  Type

-------       ---------------  ----------------  ---------  ----

172.16.0.254  0                0                 1          to-FAP

Virtual Controller Table

------------------------

Virtual Controller IP  Type  HAP IP        Local Tunnel ID  Remote Tunnel ID

---------------------  ----  ------        ---------------  ----------------

172.16.2.250           C     -             -                -

172.16.0.100           C     172.16.0.254  0                0

Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.