What is Tunneled Node?

Aruba Employee

What is Tunneled Node?

Tunneled Node is the one of the key differentiators of Mobility Access Switch in the Enterprise access switch market. Previously known as MUX in earlier Aruba platforms and releases, the feature had been re-named as Tunneled Node. The Tunneled Node encapsulates incoming packets from end-hosts in GRE packets and forwards them to the Mobility Controller to be processed further.

The Mobility Controller, upon receiving the GRE packets, strips the GRE header and further processes the packet for additional purposes such as authentication, stateful firewall, and so on. This is how the Tunneled Node feature enables centralized security policy, authentication and access control.

To allow additional flexibility, the Tunneled Node feature is enabled per-port basis. Any traffic coming from non-Tunneled Node interfaces will be forwarded “normally” without being tunneled to a Mobility Controller.

Software Support

  • The minimum Mobility Access Switch AOS version is 7.1
  • The minimum Mobility Controller AOS version is 6.1.2.4.
  • The following Mobility Controllers support Tunneled Nodes:
    • 7000 Series
    • 3000 Series
    • M3 
    • 600 Series
  7240 7220 7210  M3 3600 3400 3200 650 620
Concurrent Users 32,768 24,576 16,384 8,192 8,192 4,096 2,048 512 256
# of Ports Tunneled 16,384 12,288 8,192 4,096 1,024 512 256 96 48
Firewall Throughput  40 Gbps  40 Gbps  20 Gbps  20 Gbps  4 Gbps  4 Gbps  3 Gbps  2 Gbps  800 Mbps
# of AP Licenses 2,048 1,024 512 512 128 64 32 16 8

Redundancy

To support Tunneled-Node controller redundancy, two Mobility Controllers can be configured under tunneled-node profile as shown below:

(ArubaS2500-48P-US) # show running-config | begin TUNNEL-TO-CTRL
Building Configuration...
interface-profile tunneled-node-profile "TUNNEL-TO-CTRL"
   controller-ip 172.16.50.60
   backup-controller-ip 172.16.180.10
   mtu 1300
!
<snipped for clarity>

You can also verify this configuration with the following command:

(ArubaS2500-48P-US) #show interface-profile tunneled-node-profile TUNNEL-TO-CTRL
 
Tunneled Node Server profile "TUNNEL-TO-CTRL"
---------------------------------
Parameter                     Value
---------                     -----
Controller IP Address         172.16.50.60
Backup Controller IP Address  172.16.180.10
Keepalive timeout in seconds  10
MTU on path to controller     1300
 
(ArubaS2500-48P-US) #

 

 

 

Version history
Revision #:
1 of 1
Last update:
‎07-16-2014 11:26 AM
Updated by:
 
Labels (1)
Contributors
Comments
DaveBourke

Hi

 

Are we saying here that on my 7220's I can terminate 12,288 tunneled node connections from accross the campus on each controller?  

The Campus switches are A3810's how many ports in a switch stack can I configure as tunneled node ports?

 

I already have this all working but I can't find a definitive of the capacities we can scale up to.

 

Cheers

 

DABk

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: