11-24-2014 01:05 AM
Layer-3 Mobility Overview
IAPs form a single Instant network when they are in the same Layer-2 (L2) domain. As the number of clients increase, multiple subnets are required to avoid broadcast overhead. In such a scenario, a client must be allowed to roam away from the Instant network to which it first connected (home network) to another network supporting the same WLAN access parameters (foreign network) and continue its existing sessions.
Layer-3 (L3) mobility allows a client to roam without losing its IP address and sessions. If WLAN access parameters are same across these networks, clients connected to IAPs in a given Instant network can roam to APs in a foreign Instant network and continue their existing sessions. Clients roaming across these networks are able to continue using their IP addresses after roaming. You can configure a list of Virtual Controller IP addresses across which L3 mobility is supported.
Aruba Instant Layer-3 mobility solution defines a Mobility Domain as a set of Instant networks, with same WLAN access parameters, across which client roaming is supported. The Instant network to which the client first connects is called its home network. When the client roams to a foreign network, an AP in the home network (home AP) anchors all traffic to or from this client. The AP to which the client is connected in the foreign network (foreign AP) tunnels all client traffic to or from the home AP through a GRE tunnel.
Figure 1 Routing of traffic when the client is away from its home network
When a client first connects to an Instant network, a message is sent to all configured Virtual Controller IP addresses to see if this is an L3 roamed client. On receiving an acknowledgement from any of the configured Virtual Controller IP addresses, the client is identified as an L3 roamed client. If the AP has no GRE tunnel to this home network, a new tunnel is formed to an AP (home AP) from the client's home network.
Each foreign AP has only one home AP per Instant network to avoid duplication of broadcast traffic. Separate GRE tunnels are created for each foreign AP / home AP pair. If a peer AP is a foreign AP for one client and a home AP for another, two separate GRE tunnels are used to handle L3 roaming traffic between these APs.
If client subnet discovery fails on association due to some reason, the foreign AP identifies its subnet when it sends out the first L3 packet. If the subnet is not a local subnet and belongs to another Instant network, the client is treated as an L3 roamed client and all its traffic is forwarded to the home network through a GRE tunnel.
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
11-24-2014 07:00 AM
To continue what KDisc98 wrote, I've found that Layer 3 Mobility is very useful in a design where you have a high density of APs and older controllers. For instance, one customer of mine has 3600 controllers that terminate a majority of the campus traffic. In their quad, they have a couple of high density buildings on one 3600 and the remaining parts of the quad on another 3600. The long-term solution is to setup a 7220 or 7240 and have the entire quad on a single controller for roaming purposes. In the short-term, we've enabled Layer 3 IP Mobility between the two 3600s so the student experience of roaming is improved.
It's been a great solution in the mean time until we can re-architect the site.
Hope it helps!
11-26-2014 04:53 AM
Thanks for the nice explanation .
"If client subnet discovery fails on association due to some reason, the foreign AP identifies its subnet when it sends out the first L3 packet. If the subnet is not a local subnet and belongs to another Instant network, the client is treated as an L3 roamed client and all its traffic is forwarded to the home network through a GRE tunnel. "
i oculd not follow the above part . If client discovery fails means roaming failed ?
correct me if i am wrong