Wireless Access

Hello All,

We have a new setup for two corporate offices in two different locations connected via L3 links, the ultimate target in this design to be achieved is as following:

1. Maximum High Availability
2. Minimum user interruption

The proposed design is each controller will be installed in each location and will enable the fast Failover as Active/Active and each set of APs will be pointed to use their local site Controller as the active LMS and the other site controller as Standby LMS. The challenge is the VLAN and DHCP server location because the sites are connected via L3, therefore, if for Employee SSID tunnel mode the VLAN is 10 and the VLAN gateway in site A is 10.1.1.1 and the VLAN 10 gateway in site B is 10.1.2.1 then at a time of controller failure in site B for example, all APs in site B will point to Site A controller as Active and the tunnel will traverse the L3 WAN link from APs in site B to Controller in site A, therefore the employee VLAN 10 will exit from Controller A to Site A core switch as in the below image, and we assume that users will be pointed to VLAN 10 gateway in site A which is 10.1.1.1 and will lose their connectivity and request for a new IP. If this assumption is right, then the results might not be satisfying for the customer especially when implementing 802.1x as it adds more delay for authentication. Well, what about changing the whole proposed design to something different like installing both controllers in Site A and configure RAP in site B?

Based on the customer requirements and considering the Network as in the below image, what would be the best solution?

Using LMS-IP based Redundancy, the client will not request a new ip address when clients fail over, so unless you are using the same range and the client maintains the same ip address, it will not work unless both controllers are at the same site and clients are on the same layer 2 vlan.

Using High Availability Fast failover, the AP DOES deauthenticate the client upon failover, so you can have a different subnet at the failover controller:  http://www.arubanetworks.com/techdocs/ArubaOS_6_5_4_X_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/VRRP/HighAvFastFailover.htm%3FTocPath%3DArubaOS%2520User%2520Guide%2520Topics%7CVirtual%2520Router%2520Redundancy%2520Protocol%2520(VRRP)%7C_____5

Like you mentioned, the clients will have to disconnect and reauthenticate, but 802.1x is a very quick authentication mechanism, unless you have many many clients where your bottleneck would be how quickly your radius server can authenticate so many users.  Your applications will have to recover using a new ip address, yes.

As an aside: - the majority of customers implement redundancy at the same site site with two controllers, because it is more likely that a controller would fail, rather than the infrastructure.  Optionally if they chose to add another controller offsite to provide more redundancy, it is understood that something more catastrophic has occurred and that it would take time to fail over other pieces of infrastructure and getting a different ip address is acceptable.  In my experience, failing over to a different site is less likely.  Again, that is from personal experience.  Your current design goal may be different.

Thanks Colin for your reply. Well, we're so much in common understanding. Putting in mind that customer is looking for minimum interruption, what do you think of the following: installing the two controllers in site A and install RAPs in site B. This will also have the same result because if site A is down or WAN link between two sites is down the the RAP tunnel will get terminated to site A and users will lose their connectivity.

Well, in such scenario what could be the optimum design?

The question is, how big is each site?  If you have a site that is well under 100 access points, you can deploy instant to that site, instead.  Instant is distributed and does not depend on any single AP.

The number of APs is Approx. 100 in each location. I guess the first solution is more applicable, will test it and let you know the feedback.

The main issue with 100 access points failing over to another location is performance.  Typically you want 1gigabit interface for each 100 access points that connect to a controller.  If the minimum bandwidth is less than that, users will have to contend with performance issues and tunneling overhead upon failover. 

Putting a second controller for redundancy at the same site used to be cost prohibitive because the licenses would need to exist on both controllers.  With centralized licensing, both controllers at the site can share  the same licensing and your extra costs is pretty much the controller hardware.  Typically the controller hardware would fail before anything else at the physical site like routers/switches, etc (there might not be a way to fail over to another site).  If something like the main router fails, there is not going to be much of anything, so wireless might be an afterthought.  Having two controllers at the same site offers the best failover performance, period, combined with 802.1x authentication, which will automatically reconnect a client securely.