Wireless Access

last person joined: 23 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Campus Aruba WLAN : Tunnel the traffic via CTRL or Local Breakout ???

This thread has been viewed 0 times

  • 1.  Campus Aruba WLAN : Tunnel the traffic via CTRL or Local Breakout ???

    Posted Jun 06, 2017 12:08 PM

    Dear friends,

     

    I'm deploying a campus WLAN with 12 Buildings to cover (around 150 Access Points) with a 7210 Controller. I'd like to tunnel (GRE tunnel) the users traffic via the Controller, just as recommanded by Aruba, but can't convince the customer to do it. The customer says: "if we do the local breakout, we'll be able to use the access points and WiFi traffic when the CTRL fails; which is not possible if the traffic goes through the CTRL"

     

    Could you please help me with some arguments? I believe that even in local beakout case, we can't use the Access Points (they should be bought as a IAP in order to be able to do it).

     

    Please help.

    Thanks in advance.



  • 2.  RE: Campus Aruba WLAN : Tunnel the traffic via CTRL or Local Breakout ???

    EMPLOYEE
    Posted Jun 06, 2017 01:57 PM

    The biggest issue with local breakout is that every port that has an AP on it, has to be configured as a trunk and managed as such.  With traffic tunneled, the only place you have to configure that trunk is between the controller and the layer 3 switch that it is connected to.  You then plug in all of your APS, and they come up almost instantly, which means that your deployment and maintenence for traffic tunneled back would not require a network engineer to set a trunk before you deploy or replace an AP..

     

     Controller hardware is less expensive historically that you can put a second controller in the datacenter next to the first one and that will provide redundancy for the first.  Centralized licensing means that you would only pay for the physical hardware and not licenses for the second device.  

     

    Many statistics like AppRF, Voice Tracking, etc require that the traffic be tunneled back to a controller, anyways.



  • 3.  RE: Campus Aruba WLAN : Tunnel the traffic via CTRL or Local Breakout ???

    Posted Jun 07, 2017 09:25 AM

    Thanks a lot Joseph for your quick answer.

     

    What about broadcast domains? I heard that Tunnellizing the traffic enable us to use larger broadcast domains for data users. Do you have an idea on this?

     

    And one question I still have for Local beak-out design case: if the CTRL is down, can authenticated WiFi user still send/receive traffic?

     

    Thanks



  • 4.  RE: Campus Aruba WLAN : Tunnel the traffic via CTRL or Local Breakout ???

    EMPLOYEE
    Posted Jun 07, 2017 09:51 AM

    The broadcast domain size does not make a difference if you use tunnel instead of bridged.

     

    If the controller is down, users can only send and receive traffic if you configure the Virtual AP as persistent but only in limited circumstances.  In practice, the vast majority of users just get a second controller so that they don't have to manage the limitations of a persistent SSID.  http://www.arubanetworks.com/techdocs/ArubaOS_65x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/Remote_AP/Advanced_Configuration_O1.htm?Highlight=persistent

     

    If the customer is stuck on bridging traffic locally, they should get IAPs and skip the controller.