Wireless Access

Reply
MVP
Posts: 314
Registered: ‎04-03-2014

Controller max unicast routes

Hi!

 

When reading the data sheet of the 3000 controllers we find a limitation called: "Number of IPv4 unicast routes". When planning for a central controller to terminate IAP-VPN tunnels using distributed L3 scopes we´re looking at the 7000 series controllers and the "Concurrent IPsec sessions" limits. I don´t see any limits to the number of routes on there though, anyone know the limit?

 

Are there any other limit we need to look out for when sizing the central controller for IAP-VPN termination? Anyone have any experience of maxing out lets say a 7010 controller with close to a 1000 IAP-VPN tunnels?

 

Have a nice weekend Airheaders!

Christoffer Jacobsson | Aranya AB
Aruba: ACMX #537 ACCP | CWNP: CWNA CWDP CWSP
Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: Controller max unicast routes

Keep in mind that the 7000 series are meant to be branch/small office controllers. For IAP-VPN termination and aggregation, you should consider a 7200 series controller.


Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 314
Registered: ‎04-03-2014

Re: Controller max unicast routes

Hi!

 

Please elaborate why. Let´s say You´ll place 500 single RAP-155s on separate sites with IAP-VPN, surely a 7010 would do fine? Where´s the limitation?

Christoffer Jacobsson | Aranya AB
Aruba: ACMX #537 ACCP | CWNP: CWNA CWDP CWSP
MVP
Posts: 314
Registered: ‎04-03-2014

Re: Controller max unicast routes

If anyone could comment on this it would be greatly appreciated since we have these kind of deployments coming up in the near future.

Christoffer Jacobsson | Aranya AB
Aruba: ACMX #537 ACCP | CWNP: CWNA CWDP CWSP
Guru Elite
Posts: 21,269
Registered: ‎03-29-2007

Re: Controller max unicast routes

Christoffer,

 

The 7010 series controller was meant to be at a branch and not the datacenter.  As you can see from the datasheet, it was on designed to handle 32 access points.  It will not scale too well in an IAP-VPN situation that exceeds that number.  If you design a network that exceeds what the platform was designed for, you put yourself at risk.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 314
Registered: ‎04-03-2014

Re: Controller max unicast routes

Ok, thank you. This really should be put more clearly in the datasheet if this is the case. I was thinking that since the controller isn´t processing any off the normal wireless information that it does for a controller based AP and only passing traffic to and from its VPN tunnels it would scale to the number of specified IPSEC tunnels. 

 

I also remember someone at Airheads mentioning this as a good use case for the upcoming 7000 series controllers. I would really like to se exact numbers of supported IAP branches on the controller datasheets.

 

Cheers,

Christoffer Jacobsson | Aranya AB
Aruba: ACMX #537 ACCP | CWNP: CWNA CWDP CWSP
Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: Controller max unicast routes

I think it's just assumed that there wouldn't be a VPN concentrator in a branch office.

Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite
Posts: 21,269
Registered: ‎03-29-2007

Re: Controller max unicast routes

Christoffer,

 

There is an effort to add more information to the datasheet.  Please stay tuned.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: