Wireless Access

Hello All,

 

I have 2 7240 Mobility Controllers setup with VRRP Master Redundancy (Hot Standby).

 

Someone brought my attention to this new feature on the 6.3 Code called "High Availability:Fast Failover). However, from the Aruba Documentation, it seems this feature is not applicable to what I currently have.

 

It seems it works more towards Master/Local Redundancy. Is this a correct assumption?

 

Again, I'm considering why I would even consider doing High Availability:Fast Failover when my 2 Controllers are in the Data Centre and on the same Subnet. What is the recommended best practice?

 

 

#7240

It is more flexible,reliability and not AP rebootstrap rather than what we have on current master-local redundancy.

AP Fast Failover is basically the redundancy solution to allow campus AP`s to failover from active to standby controller without needing to reboot strap which will significantly reduce network downtime.
AP establishes simultaneous communication channel between active and standby controller.

Note:-
---------

CAP in tunnel mode, CPSEC supported.
CAP on bridge mode is not supported.

How it works:-
----------------

AP connects to first becomes the master controller for that AP.
Master controller informs the AP about standby controller; sends out the hello message.
Standby controller process the config for the AP and create the session locally on the controller however it skips the config download from AP and will mark it as standby.
Standby controller creates a datapath tunnel to the AP and marks the tunnel as standby.
No traffic will be forwarded when it is in the state of standby tunnel mode.

 

What happens during controller failure:-
--------------------------------------------------------

AP deauth and disassociates all clients and standby controller state will be changes to active mode.
Standby controller updates the status and traffic will be forwarded through the tunnel.
It informs the AP sending out the message saying active and serve clients.

 

Different controller roles configuration is Active. standby and Dual.

Active:- AP is terminating on the controller which is currently active and clients pass traffic from them.
Dual:- Few aps are active on the controller and act us a standby for other few aps.
Standby:- Doesn`t server AP`s; just acts as a standby on listening mode and will become active only in case of failover.

 

Hope this helps.

Thanks sriram. 

 

I read the document as well. But you made the same point I'm making.

 

I have the Redundancy as VRRP Master Redundancy (Primary Master/BackupMaster).

The APs do not go through any reboostrap process (resulting to downtime) when they failover to Backup Master. Even with Preemption enabled, the APs still don't go through a rebootstrap process when they fallback Primary Master.

 

So my question is, will the High Availability:Fast Failover feature work better than what I already have deployed and will isn't it targeted towards Master/Local Redundancy deployments?

Ok & Got your question. Yes, this is basiclly targeted for Master-local deployments and not for Master-standby (VRRP Master Redundancy) which you have currently.

 

Thank you.

 

 

Thank you.

 

 

How does AP fast failover provide for influencing which controller an AP or AP group associates to.  Please tell me primary LMS or something and not arbitrary by first controller it discovers or something.  I would like to be able to provide some load sharing scheme and not have it be all arbitrary or loading first controller to mas and then overflow to other controller

 

While both of my active controllers will be in same layer 2 the advantage I see to layer 3 cluster is that I can fully load the active controllers in my Enterprise (no WAN) such that I get 4096 capacity from two 7240 controllers and a third 7240 can take full failover from a single controller failure.

 

This all makes semse as long as AP associations are not arbitrary (6.3 UG is vaugue on this)

#7240

---

@chs2027 wrote:

How does AP fast failover provide for influencing which controller an AP or AP group associates to.  Please tell me primary LMS or something and not arbitrary by first controller it discovers or something.  I would like to be able to provide some load sharing scheme and not have it be all arbitrary or loading first controller to mas and then overflow to other controller

 

While both of my active controllers will be in same layer 2 the advantage I see to layer 3 cluster is that I can fully load the active controllers in my Enterprise (no WAN) such that I get 4096 capacity from two 7240 controllers and a third 7240 can take full failover from a single controller failure.

 

This all makes semse as long as AP associations are not arbitrary (6.3 UG is vaugue on this)

---

Hi chs2027,

 

Yes you are correct. I believe the LMS-IP Address allocation within the AP System Profile will decide that. 

 

I haven't really tested this out yet. As I believe it makes no sense implementing such a solution when you have the 2 Controllers in the same Data Centre and on the same Rack. This would make a whole lot of sense within a Layer 3 environment. I'm referring to HA Failover in this case.

 

However, please note that HA Failover doesn't support Remote AP deployments.

 

All the best!

#7240

Hi eosuorah,

 

HA Failovern does support the LACP with AP-225 ?

 

Regards

 

 

Hi all,

 

For the lms-ip, can we use the loopback IP of the existing active controller?

We do not use the VRRP IP for the lms-ip in fast HA failover for the controller, right?

 

In 6.3.x, is it true that all active and backup controllers within a single high-availability group must be deployed in a single master-local topology, and not master-master redundancy topology?

In 6.4.1.x, is it true that all active and standby controllers within a single high-availability group must be deployed in master-local or independent masters topology, and not master-master redundancy topology?

 

How do we verify the fast failover configuration? Is there a command to verify this?

10 ping drops for clients to re-connect?

 

When fast failover is configured, how long does it take for the AP to failover, from the "previous active" controller to the "new active controller"?

 

Here's a link, for reference:

http://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Content/ArubaFrameStyles/VRRP/HighAvFastFailover.htm 

> How do we verify the fast failover configuration? Is there a command to verify this?

 

You can use the "ap-move ap-name <name>" command to simulate an HA failover.  This

will be as though the backup controller told the AP to move to it.  There are actually two

scenarios to test -- when the AP cannot reach a controller, and when the controllers cannot

reach each other.  IIRC this command simulates the latter, not the former.

 

> 10 ping drops for clients to re-connect?

 

Thereabouts, it is fast but not seamless.  Don't believe Airwave charts, as it seems not

yet to be able to figure out that the AP has moved for several minutes; there will be big gaps

in the statistics but everything was working fine.

 

 

 

Hi,

 

If we have a scenario, in "show ap database", the "standby ip" does not show the IP of the "standby" controller, what could be the possible issues?

 

In ap system-profile, lms-ip and backup lms-ip are assigned with the active controller IP and standby controller IP.

In the ha group-profile, does the controller need to match the lms-ip and backup lms-ip? (Y/N) ___

Yes, you should define the controller IPs im both the HA config and in the LMS IP config in the system profile.

Does "controller IP" refer to loopback ip or ip interface?

Whatever you have set for the controller-ip

Show controller-ip

Hi all,

 

For the ap-move, is there a command to "move" the AP back to the active master?

 

Go to the controller it moved to, and use "ap-move" there.   Yes the manual isn't worded perfectly.

 

Hi,

 

Thanks for sharing!

 

Anyone knows what could be the possible reason if ap-move can't work, even though, the "Switch IP" and "Standby IP" are showing?

Is there any clue from the "show datapath session" or "AP console logs"? 

 

If we have discussed this issue here, anyone knows what the process would be like:

to put this information onto the user guide, so that it can benefit more engineers and administrators?

 

 

So, the fast failover feature doesn´t work for Master redundancy?, only work for Local redundancy?

 

HI,

 

I saw in some presentation timers for Fast Failover:

 

AP: 1,7 seconds

USERS: 100 seconds

 

Do you know why it take up to 100 seconds to establich connection to SSID?

 

Thanks,

Dusan

As stated in my original message this doubles my capacity from 2046 max when using active/active with local controller redundancy to 4096 with cluster as in HA with AP fast failover so I see a huge advantage there, don't you?

When you say it does not support Remote AP deployment, are you referring to RAP's? Please clarify

---

@chs2027 wrote:
As stated in my original message this doubles my capacity from 2046 max when using active/active with local controller redundancy to 4096 with cluster as in HA with AP fast failover so I see a huge advantage there, don't you?

When you say it does not support Remote AP deployment, are you referring to RAP's? Please clarify

---

I'm assuming you are running a 7240 Mobility Controller. Yes?

If so, I see what you are attempting to achieve here and yes I see what you are attempting to achieve. However, don't forget to include Licensing as a factor that should be taken into consideration. You need to determine how this will all work out for you. 

 

And yes, I'm referring to RAPs.

 

#7240

Three 7240's, two will be active taking full complement of 2048 AP's each and third will be standby able to take full 2048 from any single active controller failure.  Therefore I have 4096 capacity with full single point of failure redundancy.  The Standby will eventually be located in a separate location with the actives being in buildings across the street from each other where we have fiber through tunnel between buildings, so same L2 for these yet they will have site redundancy. (we treat these two building as one when it comes to Cisco Core/Backbone, so the Wireless 4500 Distribution layer is separated by site but connected by fiber and in a VSS configuration)

 

The RAP's will terminiate into a 3600 controller in the DMZ which will also be used for Guest traffic to be tunnled to.

 

Question that came up and documentation was not clear on is if LMS is used to point AP groups to an active controller in an HA design

 

 

 

#7240

---

@chs2027 wrote:

Three 7240's, two will be active taking full complement of 2048 AP's each and third will be standby able to take full 2048 from any single active controller failure.  Therefore I have 4096 capacity with full single point of failure redundancy.  The Standby will eventually be located in a separate location with the actives being in buildings across the street from each other where we have fiber through tunnel between buildings, so same L2 for these yet they will have site redundancy. (we treat these two building as one when it comes to Cisco Core/Backbone, so the Wireless 4500 Distribution layer is separated by site but connected by fiber and in a VSS configuration)

 

The RAP's will terminiate into a 3600 controller in the DMZ which will also be used for Guest traffic to be tunnled to.

 

Question that came up and documentation was not clear on is if LMS is used to point AP groups to an active controller in an HA design

 

 

 

---

The only way I've known you will do this is to ensure you already have Redundancy configured in which you are already using LMS anyway. So, you will then have to then migrate to High Availability.

 

So to answer your question, I will say yes. The AP Group is linked to the AP System Profile. In the AP System Profile you use "LMS" to associate the AP Group to the Active Controller. However, ensure you have the Controllers allocated with their respective roles in the HA Group Profile.

 

Good luck. 

 

 

#7240

---

@eosuorah wrote:

---

@chs2027 wrote:

Three 7240's, two will be active taking full complement of 2048 AP's each and third will be standby able to take full 2048 from any single active controller failure.  Therefore I have 4096 capacity with full single point of failure redundancy.  The Standby will eventually be located in a separate location with the actives being in buildings across the street from each other where we have fiber through tunnel between buildings, so same L2 for these yet they will have site redundancy. (we treat these two building as one when it comes to Cisco Core/Backbone, so the Wireless 4500 Distribution layer is separated by site but connected by fiber and in a VSS configuration)

 

The RAP's will terminiate into a 3600 controller in the DMZ which will also be used for Guest traffic to be tunnled to.

 

Question that came up and documentation was not clear on is if LMS is used to point AP groups to an active controller in an HA design

 

 

 

---

The only way I've known you will do this is to ensure you already have Redundancy configured in which you are already using LMS anyway. So, you will then have to then migrate to High Availability.

 

So to answer your question, I will say yes. The AP Group is linked to the AP System Profile. In the AP System Profile you use "LMS" to associate the AP Group to the Active Controller. However, ensure you have the Controllers allocated with their respective roles in the HA Group Profile.

 

Good luck. 

 

 

---

Point of correction here. I shouldn't have used the term "Migrate". Just setup your redundancy (Master/Backup Master or Master/Local whatever) and then use "LMS" to complete your High Availability: Fast Failover solution.

 

#7240