Wireless Access

Reply
Frequent Contributor II
Posts: 109
Registered: ‎11-11-2008

Master redundancy (VRRP) and DHCP.

Hello everyone

 

I have a particular setup I want to discuss/get input from the community on. I have a customer in the works of moving from a VPN infrastructure to use Aruba and RAP-5. The customer have many offices geographically spread across out country. For the moment it's about 40-50 very small offices.

We now have a RAP-5 in place at all the offices, running fine with WLAN and using the Ethernet ports for printers etc.

 

The customer has insisted on having a separate IP subnet for WLAN and cable on each site. This totals a lot of VLAN and also wants to use Aruba as DHCP for these VLANs. The reason for using Aruba as DHCP is that the customer don't have a good infrastructure behind at the moment, but moving to a full AD, RADIUS etc.

They also want to have separate VLAN for WLAN/cable for each site, for easier troubleshooting. If a customer with the given IP is having problems they will instantly know which location the problem is at. I have told them that this is not an optimal solution, but VLAN wise and DHCP wise.

 

That have 2 3x00 controllers which shall be in a master-standby setup when things are up and running. But because of the sheer number of VLANs and especially DHCP scopes, I see a problem when running controllers in VRRP.

The DHCP scopes with 254 hosts is clearly an overkill at each location, but for the standby to work correctly and not having 2 DHCP servers on the same VLAN, what is the recommended setup for this.

If the master fails, the standby should have the same VLAN and same scope so that users can reach their local printer etc.

I know this is not the ideal setup and I have made that clear to the customer, but as we know the customer always is correct :D

I was thinking about splitting the scope in 2, putting the 2 parts on each controller.

The real problem is that I might need to add one VRRP instance for each DHCP scope to have a VRRP IP for each DHCP to use as gateway.

 

Hope anyone can brainstorm a bit with me to setup this in a somewhat sensible way.

 

Roar Fossen

 

 

Guru Elite
Posts: 21,023
Registered: ‎03-29-2007

Re: Master redundancy (VRRP) and DHCP.

Okay.

 

How many devices at each site?  Maybe the rule can be that only sites that rise above "x" number of clients deserve their own VLAN.  When a device or user associates to the WLAN, it says what AP they are connected to, so there is less value to dedicating a VLAN to each site, creating a vrrp, etc...

 

The customer should use an external router at the headend site for routing because it is simpler to manage.

 

If you have two controllers that use master-standby through a firewall, the firewall will NOT allow you to do a static NAT to a vrrp.  You will have to use an external DNS a-record and pre-populate the a-record two two addresses and point the AP to that a-record externally for redundancy.  Each controller will require its own statically Natted Public address.

 

Aruba has written a Validated Reference Design on Remote APs.  It can be found here:  

http://www.arubanetworks.com/technology/reference-design-guides/

 

It has quite a few ideas about how to deploy Remote APs that you can use, in addition to what others will answer here.

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 109
Registered: ‎11-11-2008

Re: Master redundancy (VRRP) and DHCP.

Hi

 

Well, the number of devices at each site is very low, i would guess about 5 devices, most of them on cable behind the RAP-5. The customer is a company changing your front window on your car, so most of the users are just a few computers.

On the WLAN it's mostly customers waiting for their car, so the guest network is in the air, but this network has only on VLAN and one DHCP scope.

 

All the RAP's use a URL (no IP) for getting back to the designated master controller, so this part is covered with two firewalls, because the controllers will be placed at 2 geographically separated sites. So this bit i'm not concerned about.

 

Idealy i would like to use one VLAN for the employee WLAN and one VLAN for cable serving employee computers and printers. And in turn only one DHCP scope for each VLAn aswell, but the customer is not convinced yet. They do have an evalution of AirWave, so troubleshooting should not be a problem, location wise.

The point of this tread is to look at Aruba recommendations and show this to the customer for leverage, to maybe change the structure of the setup.

 

I shall have a closer look at the RAP VRD to see if i can relate some of it to the customers setup.

 

Another question for you, i have seen the recommendation from Aruba that one should not have a bigger DHCP scope than 512 hosts. I have not seen why this is so, and is there a recommendation of number of scopes? Is it processing power that is the problem or what?

 

Roar Fossen

Guru Elite
Posts: 21,023
Registered: ‎03-29-2007

Re: Master redundancy (VRRP) and DHCP.

The internal DHCP server is only sized/designed for a guest network.  You can always point to an external DHCP server to handle that with no issue.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 109
Registered: ‎11-11-2008

Re: Master redundancy (VRRP) and DHCP.

I understand, the point is that the customer is rebuild their whole infrastructure at the moment, moving servers etc out of office.

 

I would like to point out the same exact thing you said, by using an external DHCP. By using an external DHCP one would at all times have a DHCP on the VLAN, regardless of which controller is master.

 

Thanks anyway Colin

 

Roar

Frequent Contributor II
Posts: 135
Registered: ‎07-06-2012

Re: Master redundancy (VRRP) and DHCP.

Another question for you, i have seen the recommendation from Aruba that one should not have a bigger DHCP scope than 512 hosts. I have not seen why this is so, and is there a recommendation of number of scopes? Is it processing power that is the problem or what?

 

 

I belive the main reason is to reduce broadcast domain as all the users will share the same air time/bandwidth. That is why ARUBA recommend using VLAN Pool.

Frequent Contributor II
Posts: 109
Registered: ‎11-11-2008

Re: Master redundancy (VRRP) and DHCP.

Hi

 

I fully agree with Aruba regarding the size of the broadcast domain and I use VLAN pooling in those situations that I need more hosts than 512. I was also wondering if the same goes for the number of scopes.

In my head the number of scopes should be limited, but for this setup we have a lot.

 

Can this affect the DHCPd daemon or what?

 

I will strongly ask the customer to reconsider the structure, but for as now the system looks to be running fine with the scopes at hand

 

Thanks anyway guys

 

Roar

Frequent Contributor II
Posts: 135
Registered: ‎07-06-2012

Re: Master redundancy (VRRP) and DHCP.

Hi Mosher,

 

I found the following for you which might be a good start to go through:

 

please note that those are information from Microsoft which they use in their own dedicated dhcp server (not a MC or router used for DHCP server).

 

How to determine the number of DHCP servers to use

Because there is no fixed limit to the maximum number of clients a DHCP server can service or to the number of scopes you can create on a DHCP server, the primary factors to consider when you determine the number of DHCP servers to use are network architecture and server hardware.  For example, in a single subnet environment, only one DHCP server is necessary, although you may want to use two servers or deploy a DHCP server cluster for increased fault tolerance. In multiple subnet environments, routers must forward DHCP messages between subnets, so router performance can affect your DHCP service. In both cases, DHCP server hardware affects service to clients.

For more information on deploying a DHCP server cluster, see Cluster support for DHCP servers.

When you determine the number of DHCP servers to use, consider the following:

  • The location of routers on the network and whether you want a DHCP server on each subnet. 
    When you extend the use of a DHCP server across more than one network, you often need to configure additional DHCP relay agents and, in some cases, use superscopes as well.
  • The transmission speed between the segments for which DHCP service is provided. 
    If you have slower WAN links or dial-up links, you may need a DHCP server on both sides of these links to service clients locally.
  • The speed of the server disk drives and the amount of random access memory (RAM) installed in the DHCP server computer.
    In order to maximize DHCP server performance, use the fastest disk drives and the most RAM possible. Carefully evaluate disk access time and average times for disk read and write operations when you plan for your DHCP server hardware needs.
  • Practical constraints based on the IP address class selected for use and other server configuration details.

You can test your DHCP servers before deployment on the organization network in order to determine the limitations and abilities of your hardware and to see whether network architecture, traffic, and other factors affect DHCP server performance. Hardware and configuration tests also allow you to determine  the number of scopes to configure at each server.

To provide a general idea of DHCP server performance, a DHCP server running Microsoft® Windows Server 2003  was run in a test lab environment, and a custom stress application was used against the server. The details of this lab test can help you configure your tests and determine how many DHCP servers to use on your network:

Server and network configuration

  • Processors: Two x86 Family 6 Model 7 Stepping 3 GenuineIntel ~498 megahertz (MHz)
  • Total physical memory: 256.00 megabytes (MBs)
  • Network adapters: Three Ethernet 802.3 100 megabits per second (mbps)
  • Subnets serviced: Six, four of which are separated from the test server by routers running the DHCP Relay Agent service.
  • Operating system: Windows Server 2003, Enterprise Edition
  • Number of scopes: 5,155
  • DHCP database size at maximum load: 2 gigabytes (GBs)
  • Additional factors: Several thousand exclusion ranges, option values, and reservations are configured in the scopes on the server.

Test details

The DHCP server was hit with both valid and invalid DHCP client lease and renewal requests from a client/attack simulation stress application on six subnets for 1,152 hours (48 days).

Test results

The DHCP server provided clients with the following service during the test:

  DHCP server function Message and lease volume handled (1,152 hours)

Lease assignments

68,412,059

DHCP discover messages

20,039,592

DHCP offer messages

20,039,253

DHCP request messages

57,559,426

DHCP acknowledgement messages

57,470,934

DHCP negative acknowledgement messages sent by the server

484,012

DHCP decline messages

190,901

Lease releases

0

Notes

  • These test results are intended to provide a general idea of DHCP server performance capacity. Tests were performed on average hardware and do not imply any limitation of the DHCP service. In addition, the large size of the test DHCP server database (2 GBs) is extremely unusual and was produced due to the high volume of DHCP traffic that the test application generated. In real world environments, typical database sizes are in the tens of MBs or less.
  • When you add a large number of scopes to the server, be aware that each scope creates a corresponding need for additional, incremental increases to the amount of disk space used for the DHCP server registry and for the server paging file. For more information, see Change the size of the virtual memory paging file.
  • DHCP servers running Windows Server 2003  provide performance monitoring tools that you can use to test and monitor your servers. For more information, see Monitoring DHCP server performance.
Guru Elite
Posts: 21,023
Registered: ‎03-29-2007

Re: Master redundancy (VRRP) and DHCP.

[ Edited ]

Aruba has limited the number of supported internal DHCP leases in their controller platforms to 512 because the internal DHCP server was only designed to support smaller guest networks,  not an enterprise.  It is not a problem to put a helper-address on a VLAN interface and have an external DHCP server provide services for thousands of clients in an Aruba System.  

 

This is stated in the 6.1.3.x release notes under "Known Issues".

 

The size of the broadcast domain is a separate network design issue.

 

 

 

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 109
Registered: ‎11-11-2008

Re: Master redundancy (VRRP) and DHCP.

Hi

 

Yes, I have seen the 512 limit. What do I do when I have a master-standby setup with say a guest net of 254 hosts?

 

In this scenario Master is the DHCP for the guests, can I run the DHCP server on the standby with the same subnet? To have the guests in the same vlan/subnet I will need the same subnet on both controllers when the master fails.

 

Roar

Search Airheads
Showing results for 
Search instead for 
Did you mean: