Wireless Access

Reply
Occasional Contributor II

Large client base - vlan pools or large subnet

I've read a few posts in airheads on the vlan pool vs. large subnet topic but they seemed more focused on smaller networks. (10 pools at most and /24's) So I am posting to get opinions.

 

Currently on my network:

It is a single campus
peak time concurrent clients are around 20,000

In the 6 months I have been running airwave I have seen 75,000 client devices

We currently do vlan pooling, we have 26 /22 subnets in the pool.

We do not allow inter client communication

We convert all bcast/mcast to unicast

there is only one class of wireless user

the number of devices is always creeping upwards

 

We are doing a large upgrade to 7200 series controllers so we now have an opportunity to revisit the vlan pooling / large subnet question.  Moving to a large subnet would simplify a lot of configurations and make it easier to look at.

 

Would a /15 subnet be too large and not recommened (we have no intention over ever allowing interclient communications or enabling bcast/mcast)?  (when I think about switched networks it just feels extremely wrong...)

Airplay is something we may consider in the future.

 

If you have a large campus and evaluated vlan pools versus the large subnet, why did you choose one over the other?

 

Would Aruba NOT recomened a large flat subnet in this case?

Thanks,


Re: Large client base - vlan pools or large subnet

 

 

You could do a combination of both :

 

Have 5 - 7 VLANs per pool with large subnets and split those VLANs pools accross different Virtual APs . Also enable bcmc-optimization on the VLANs to decrease the amount of bcast/mcast on the wired side of things

 

Aruba recommend VLAN pool sizes for M3's to be 10 but since you are planning on migrating to the 7240's those are more powerful.

 

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Guru Elite

Re: Large client base - vlan pools or large subnet


mverlis wrote:

I've read a few posts in airheads on the vlan pool vs. large subnet topic but they seemed more focused on smaller networks. (10 pools at most and /24's) So I am posting to get opinions.

 

Currently on my network:

It is a single campus
peak time concurrent clients are around 20,000

In the 6 months I have been running airwave I have seen 75,000 client devices

We currently do vlan pooling, we have 26 /22 subnets in the pool.

We do not allow inter client communication

We convert all bcast/mcast to unicast

there is only one class of wireless user

the number of devices is always creeping upwards

 

We are doing a large upgrade to 7200 series controllers so we now have an opportunity to revisit the vlan pooling / large subnet question.  Moving to a large subnet would simplify a lot of configurations and make it easier to look at.

 

Would a /15 subnet be too large and not recommened (we have no intention over ever allowing interclient communications or enabling bcast/mcast)?  (when I think about switched networks it just feels extremely wrong...)

Airplay is something we may consider in the future.

 

If you have a large campus and evaluated vlan pools versus the large subnet, why did you choose one over the other?

 

Would Aruba NOT recomened a large flat subnet in this case?

Thanks,



mverilis,

 

I am going to paraphrase someone who I have been speaking to about this topic lately who has been doing testing with large subnets.  Here is what he suggests:

 

 

- Turn on bcmc optimization on that VLAN on every controller hosting that VLAN.

- Make sure broadcast filter all and broadcast filter ARP are enabled on that Virtual AP

- Make sure that wireless VLAN does not have wired users in it

On the wireless side, the incoming broadcast and multicast from a client is first unicast to the AP/controller which then can determine what to do with the packet, so there is inherent flow control over there

-Tthe ability for a client to generate uncontrolled bc/mc is limited by the wireless bandwidth that this particular device can get. 

 

 

There are also benefits from moving to a single VLAN such as:

 

- Not fragmenting IP address space, not running out of space in a VLAN that the pooling hash assigns a user to while there are free spots available in other VLANs - i.e., make more efficient use of address space without a whole lot of planning.

- No L3 mobility issues

- IPv6 deployment becomes much simpler with a single VLAN - only one RA to be advertised to the entire user population across all APs and these can be simply multicast

 

Your main consideration is your switching fabric needs to be able to handle all those mac addresses in its table.

 

This is certainly  cutting edge deployment, so if you want us to have someone talk to you about this, please let me know. (please don't corner your Aruba SE).

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: Large client base - vlan pools or large subnet

We have the bcmc optimization enabled in the SSID profiles
On the VAPS we have Drop Broadcast and Multicast, Convert Broadcast ARP requests to unicast enabled
We don't have any wired users on these vlans

The switch our controllers will hook up to can handle the macs

 

 

I would like to talk to someone about this.

Thanks

Guru Elite

Re: Large client base - vlan pools or large subnet

Please do BCMC Optimization on the VLANs, as well.

 

BCMC optimization on the SSID profile allows us to send multicast and broadcast traffic at higher than the basic rates.  BCMC optimization at the VLAN level drops all of the wired and wireless broadcasts (supersedes Drop Broadcasts and Multicast at the VAP level).

 

I sent you a PM.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: Large client base - vlan pools or large subnet

We will be chaning to the very large flat subnets.

I have BCMC optimization on the vlan now.  I have a follow up regarding it however.

If I do not enable BCMC-optimization on the vlan, would the bcasts/mcasts be allowed through to the APs and then be dropped if I have "Drop Broadcast and Multicast" on the VAP enabled?  

So the bcast/mcast would be on the wired link but not get to the wireless?
We only care about keeping it off the wireless in all locations except for one exception we have.  If it is on the wire, it is OK.


The exception where we have is a specific set of residences with no wired drops.  We will be isntalling access points and need to provide a multicast IPTV stream to them.  With bcmc-optimization on the vlan it will not work.
I would rather prefer not having a seperate set of vlans for this specific group.  But I want to know what you would recommend.

Thanks

Occasional Contributor II

Re: Large client base - vlan pools or large subnet

I will also add that the subnets contain ONLY wireless users and interclient communication is disabled.

Guru Elite

Re: Large client base - vlan pools or large subnet

Bcmc optimization at the VLAN level will drop broadcasts on the vlan on the wired and wireless sides.

 

You might want a separate SSID for IPTV and enable IGMP proxy/snooping so that the multicast will only go to access points with users on it that are subscribed to the stream.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: Large client base - vlan pools or large subnet

We are in a similar situation and would like to get the community’s feedback on an alternative solution to using vlan pools or having large subnets.

 

We currently have a single vlan pool for each pair of M3 controllers (one pool name, but different set of vlans mapped to it at the local).   This was done for redundancy.   We currently have 12 – 15  /23 subnets mapped to each pool.

 

In a couple of weeks we will be migrating to RFC 1918 private addresses and at that time we will do away with vlan pooling and use a single appropriately sized subnet per building.  The subnet size will range from a /24 for very small buildings to a /21 for larger buildings.  The /21 for the larger buildings does not represent the actual concurrent connections, but is oversized to allow for a 4 hour lease time.  This will be a huge improvement over the current 15 minute lease time.

 

Classroom buildings may require some initial adjusting because of the high turn over of clients, but we fell that this route along with the multicast/broadcast enhancement knobs will make for a more efficient network.  The biggest drawback to this route is that the vlan is applied on the virtual AP profile (so instead of using a single profile with the generic pool name for all buildings) and now we will have to create a new profile for all 200+ buildings on campus.

 

We look forward to your comments and suggestions.

 

Thanks

 

James Nesbitt

Guru Elite

Re: Large client base - vlan pools or large subnet

Not to oversimplify things, but you would not need a virtual AP or individual VLAN for each building.  You can group buildings and put that ENTIRE population into the same VLAN/VAP.  You can have an ap-group for each building, if you want, but have them share the same Virtual AP on a larger VLAN.  Consolidation and simplification is the goal of this approach.

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: