Wireless Access

We are running out of IPs in our main SSID and are considering NATing.  I have a few questions for others that might have dealt with this situation:

-          Can the M3s handle NATing for about 7000 users?  Or, is it better to use another box to do the NATing? 

-          Seems Aruba VRDs recommend subnets no larger than /24, but with a vlan pool limit of 32, this will not be enough for us.  So we either need to do a couple of VAPs with the same SSID profile but different vlan pools with vlan mobility enabled (if we want roaming) or

-          I have seen some other large deployments use /23 or even /22s.  However, seems to me these would be too large of a broadcast domain, even with the “drop broadcast” flag enabled, there would still be a lot of DHCP traffic.  Moreover, I believe broadcasts get to the controller where in turn are dropped, so the AP still hears all the originating client broadcasts, right?

Thanks,

 

Marcelo

If you go with /22 or /23 deployment you can enable the drop broadcast at the VAP level (drops multicast/broadcast in the air ) and also enable bcmc optimization on the VLAN (drops multicast / broadcast on the VLAN) and this way it should not get to AP but if you need multicast in your environment this may not be a good idea

If you go with the NATing for that many users its probably better to an external box do that

Optimize VLAN Broadcast and Multicast Traffic
Broadcast and Multicast (BCMC) traffic from APs, remote APs, or distributions terminating on the same VLAN floods all VLAN member ports. This causes critical bandwidth wastage especially when the APs are connected to L3 cloud where the available bandwidth is limited or expensive. Suppressing the VLAN BCMC traffic to prevent flooding can result in loss of client connectivity.
To effectively prevent flooding of BCMC traffic on all VLAN member ports, use the bcmc-optimizationparameter under the interface vlancommand. This parameter ensures controlled flooding of BCMC traffic without compromising the client connectivity. By default this option is disabled. You must enable this parameter for the controlled flooding of BCMC traffic.
The bcmc-optimization parameter has the following exemptions:
All DHCP traffic will continue to flood VLAN member ports even if the bcmc-optimizationparameter is enabled.

The controllerwill do proxy ARP if the target IP entry exists on the controller. If the target IP does not exist on the controller, ARP requests will be flooded on all VLAN member ports.

You can configure BCMC optimization in CLI and in the WebUI.
In the CLI
(host) (config) #interface vlan 1
(host) (config-subif)#bcmc-optimization
(host) (config-subif)#show interface vlan 1

http://www.arubanetworks.com/techdocs/ArubaOS_60/UserGuide/Network_Parameters.php

Thanks Victor, I did read the UG many times, but still wasn't 100% sure "originating" client broadcast would not be heard by the AP, since the controller is the one blocking the traffic.  How would the controller block the traffic if it does not know about it?

mlew2433,

 

You can actually make your subnets as large as you want, like Vfabian says.

 

If a client sends a brodcast and you have "drop broadcast and multicast" on that Virtual AP, it will not be replicated back down to all the wireless clients.  DHCP will only be sent out as a broadcast on the wired side.  ARP is answered by the controller and sent back to the client via unicast if you have "Broadcast Filter ARP" enabled on the VAP.  You would NOT do this if you have any applications that rely on wireless multicast.

Got it, thanks for the explanation.

How about suppress-arp at the vlan level, is this enabled by default on 6.2 code?  If not, worth also turning on for large subnets?

According to the 6.1.3.2 release notes:

 

"Suppress-ARP and Broadcast-Filter ARP