Wireless Access

Reply
Contributor II

Experiences in Building a Redundant WAN with Aruba Remote Access Points

From original blog entry at http://www.commsolutions.com/blog/2012/03/experiences-in-building-a-redundant-wan-with-aruba-remote-access-points/

The following is an example of a client with an “outside the box” application for the Aruba Remote AP/Remote Networking solution. As a part of this implementation, many great ideas were discovered.

There is a great potential for this architecture. This article will try to dissect and explain the choices made in this particular implementation, and how it can be adjusted to support larger scale deployments.

Initial Environment:



As a typical MPLS customer, this client had 50 or so remote sites connected via MPLS back to a central site. Due to the nature of the remote locations, the last-mile or local loop was very unreliable, in which they had tried to use backup VPN services (via the router configuration), but found that this too was unreliable, complex and difficult to maintain. For those unfamiliar with the Aruba Remote AP / Remote Networking solution, suffice it to say that the solution allows a simple L2 extension for Wired and Wireless User experiences to any location with an Ethernet uplink or 3G/4G coverage. Feel free to familiarize yourself with this great discussion of the technology:

Rethinking Remote Access

Otherwise, if you’re already familiar, keep reading….

First Steps:

We augmented the environment by adding an Aruba controller to the central site and RAP2’s and RAP5’s (depending on bandwidth requirements).



Controller and RAPs provide the alternate path, over Broadband or 3G/4G.

Since each remote site had an additional Ethernet port available on the site router, we connected RAP port 1 on the remote RAP directly to the site router.

The Aruba controller supports extending via Layer-2 (L2TP) tunneling, any VLAN the controller supports to a remote port on a Remote AP. This concept is key, and allows great flexibility in the use of the controller, and the design of the “backup” WAN.

This design is a hub and spoke data flow design, as the customer’s existing WAN was architected this way due to centralized data resources.

Similar to a “group mode” or “cloud-based” Frame-Relay design, the WAN a single IP subnet, similar to just extending a LAN segment (hence the group or shared nomenclature) to create a new WAN.

If we consider the RAP and the controller as networking devices, the controller is the new Backup Network WAN router, and the RAP simply extends that interface to the remote site’s router.

In the example below, we’ve simplified the view by replacing the Controller/RAP with the segment and router they represent in this design.



Controller & RAP provide Backup WAN Router & WAN Segment functionality.

We created a Wired Port profile on the controller to support the new WAN, create a localized VLAN upon the controller to support the new WAN, and created routing instances on the new WAN VLAN and the existing Central site VLAN. We configured the Remote Site routers to route on the new VLAN via OSPF to the controller.



Multiple Sites supported on single WAN Backup Segment (group-mode).

The controller would not have to participate in routing if you wish to simply use the Controller and RAP combination as a Layer-2 multiplexer. You could simply extend via L2 to any other routing capable device (allowing routing protocols that are not supported on the controller to simply be passed to supporting devices), allowing BGP, EIGRP or other protocols to be supported on the new Backup WAN.

Point-To-Point Emulation:

In addition, this can be expanded to multiple VLANs, allowing the backup WAN to emulate a series of point-to-point circuits for customer’s concerned with minimizing broadcast traffic or controlling site-to-site traffic.



Multiple VLANs for per-site RAP deployment emulate a series of Point-to-Point WAN networks.

The only additional requirement is that each site with a RAP would have to have a differing Wired Port profile, so that the different VLANs could be configured on the Port 1 interface.

Routing:

This customer made the decision to use dynamic routing on both the Primary and Backup paths, but weighted the Backup path (on the Remote Site Router where routes were injected, as well as on the Core Switch / Router at the central site to prefer the MPLS WAN over the Backup Network. Although the downstream speed was higher on the localized broadband connections, the latency on the broadband was significantly higher (80ms vs 40ms) than upon the MPLS network.

If the latency had been similar, or if the customer had deployed WAN optimization behind the router’s, we could have considered making the paths equal cost, or perhaps even weighted more towards the broadband connections.

Additionally, a simple static route pointing to the next hop and weighted could be utilized to facilitate fallback to the RAP / L2TP Backup path.

An additional lesson learned was that in order to “manage” this link, the customer wanted to have a device or IP to be able to monitor if the Broadband was up from an internal Network Management System (NMS). The Aruba RAP Whitelist allows you to provide an address for the L2TP endpoint.

We created a new subnet for the RAPs L2TP pool and assigned addresses for the RAP L2TP address statically. They then can monitor (albeit only by ICMP) the L2TP address to determine if the backup “path” is operational.

Conclusion:

Sometimes a customer provides an alternative use model for an established product. We have successfully deployed thousands of Remote APs for Small Office and Home Use, and have now utilized the controller and RAP model to deliver a very cost-effective backup WAN for a customer. This model is also now being used to deploy broadband WANs, with split-tunneling deployed at the Remote AP sites where the requirements to reduce overall costs.

The ease of Remote AP provisioning, the flexibility and controls of centralized management, and the very low cost makes for a very effective, easy to live with leased–line or MPLS WAN alternative.

Integrated with other solutions such as WAN optimization, it may not only be possible to create resiliency and backup for your primary network, but reduce WAN link cost requirements as well.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: