Wireless Access

Reply
New Contributor
Posts: 4
Registered: ‎11-22-2015

Anchor Controller HA via L3 DC interconnect

A common issue presented to my is Anchor controller HA being a manual failover process as opposed to automatic. 

 

Scenario:

> 2 DCs with an anochor controller within each DCs DMZ

> DCs seperated via L3 interconnect

> same VLAN number within each DC (for SSID) 

> different subnet for said VLAN within each DC

 

> local controller has 2 GRE tunnels, one to each Anchor controller

> local controller has same VLAN number within the same subnet as the "primary anchor controller"

> manual failover by having to change SVI IP address to bring up tunnel to secondary anchor controller

 

network diagram of a demo network attached

 

hoping to utilise the L3 GRE tunnel option available in 6.4 between the DCs

 

Thoughts?

Guru Elite
Posts: 20,811
Registered: ‎03-29-2007

Re: Anchor Controller HA via L3 DC interconnect

There is a "Tunnel Groups" feature where you can have a single configuration, where two tunnels are configured:  One active and one standby.  Both tunnels must have the same VLAN configured.  http://www.arubanetworks.com/techdocs/ArubaOS_64x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/Network_Parameters/Configuring_GRE_Tunnel_Group.htm?Highlight=tunnel groups

 

Your main issue is that since each site has different ip addressing, only new devices that come onto the network after failover will be able to pass traffic.  The devices that were on before the failover are not aware of the addressing at the new site, so they will not be able to pass traffic...  Tunnel groups only works if both sites are using the same ip addressing.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 4
Registered: ‎11-22-2015

Re: Anchor Controller HA via L3 DC interconnect

Yea thought as much - so I am pretty much stuck.

 

What is the recommended design for such an environment? Having different subnetting within each DC is not uncommon. 

 

I guess...You could create a different VLAN for each SSID on each site?

 

DC A:

VLAN 100

10.10.10.1

Guest SSID

 

DC B:

VLAN 101

10.10.20.1

Guest SSID

 

Local:

VLAN 100

10.10.10.2

Primary Guest SSID

 

VLAN 101

10.10.20.2

Secondary Guest SSID

 

Thoughts?

Guru Elite
Posts: 20,811
Registered: ‎03-29-2007

Re: Anchor Controller HA via L3 DC interconnect

Think about what is most likely to happen:

 

1- A DC blows up

2 - A controller loses power

 

#2 is probably more likely, so you should have dual controllers at the Anchor with a GRE tunnel pointing to a VRRP between them.

 

#1 is probably going to cause much more heartache and you probably have to work with someone to come up with a routing solution that deals with your issue.  Some people would use OSPF at the primary DC anchor controller that would fail over to the backup DC anchor controller for the same subnet.  Again, that is an advanced topic that depends on how your network is configured.  Like I said, #2 is probably more likely to happen.  When #1 happens, you might have more than the guest network on your mind, but with tunnel groups, new guest users will at least be able to get on, so it is not a complete loss..

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 4
Registered: ‎11-22-2015

Re: Anchor Controller HA via L3 DC interconnect

completely agree with your scenarios - i guess dealing with adopted environments produce certain challenges - and this is mine. 

 

Cheers for the input mate.

Search Airheads
Showing results for 
Search instead for 
Did you mean: