How do configure HA AP fast fail over with Master Standby set up ?

By esupport posted Jul 30, 2015 08:56 AM

  
Requirement:

Aruba OS tested version : 6.4.2.8

This article will talk about master standby setup.

HA Common Deployment Scenarios:

  • Master-Redundancy
  • Master-Local
  • Local-Local
  • Master-Master

Advantages of HA

  1. AP Fast Failover through pre-established IPSEC/GRE tunnels to Active and Standby controllers.
  2. AP does not turn its radio off, does not re-bootstrap nor re-download its configuration to fail-over.
  3. Failover takes place upon heartbeat or keep alive misses.

Controller roles:

  • Active
  • Standby
  • Dual

Note: HA works across L3 network as well.

Here is the topology sketch of master standby setup.

 

 



Solution:

HA master standby caveats

  • Inter-controller Heartbeats
    • detects peer failure within a sub-second
    • Not recommended if inter-controller latency is close to 100ms and/or risk of hbt packet loss
  • Client State Sync
    • speeds up dot1x authentication after failover by sync’ing the dot1x keys with the standby controller
  • Over-Subscription
    • extends the standby AP tunnels beyond the standby platform capacity
    • Failed-over APs are still limited by the platform capacity

Constraints and Points for master-standby set up.

  1. Use only Controller-ip in ‘ha group-profile’
  2. The lms-ip has to match one of the controller IPs listed in the ha group-profile

Best practices and facts:

  • Configure an lms-ip in the ap system profile
  • Use controller role ‘dual’ as much as possible.
  • Use bkup-lms to recover from a double failure (Controller and AP).
  • HA failover takes precedence over lms/bkup-lms failover.
  • APs that failed over to bkup-lms will not build a standby tunnel until it has moved back to its primary lms.
  • 11r & State-sync do not work because on a failover we deauth the client which makes the 11r client do a full dot1x.

Notes

  • Topology supported in 6.4 and beyond
  • Bkup-lms is required in case of double failure (controller failure and  ap reboot)
  • Inter-controller heartbeat is not needed/supported (IC-Hbt triggers failover in 0.5s while VRRP takes 3s )
  • HA Preemption and LMS Preemption are useless (one controller is active at any time)
  • VRRP preemption is ok, thanks to 2 mns timer on backup active master. (APs will have time to setup their GRE tunnels with preempting controller before getting kicked out by backup master)
  • HA-Mgr is aware of the VRRP role provided by CFGM
  • VRRP VIP should be used for the ap master discovery


Configuration:

Controller Config

-----------------------

 

Active Master

ap system-profile “primary"
  lms-ip 10.10.1.1
  bkup-lms-ip 10.10.1.2
!
ha group-profile "Cluster-A"
  pre-shared-key aruba2hp
  state-sync
  controller 10.10.1.1 role dual
  controller 10.10.1.2 role dual
!
ap-group "Cluster-A"
  ap-system-profile "primary"
!
ha group-membership Cluster-A

Backup Master

ha group-membership Cluster-A



Verification

 Below commands would verify the HA config.

 

  • show ap database (this command presents both active and standby ip config)
  • show ap database on standby (this command will represent "S" flag stating standby flag)
  • show ha group-profile 
  • show ha group-membership

 

4 comments
0 views

Comments

Sep 25, 2019 09:32 AM

I have configured HA Mode configuration in aruba controller 7220. 

Master IP - 172.28.0.2

Standby IP - 172.28.0.3

VRRP IP - 172.28.0.4

 

when master goes of all license is showing in Standby controller & also all configuration has been tranferred to active. The problem is that The AP is not showing UP.

 

Should I have to configured lms in ap group or anything else in ap group 

 

Please help 

Dec 15, 2016 10:26 AM

does configuring HA require the AP's to reboot or rebootstrap to take the config?

or is there any other downtime associate with configuring HA in a production network?

Nov 18, 2015 04:19 PM

AOS 6.4

Nov 18, 2015 09:09 AM

does HA fail-over with VRRP support in 6.3.1.18 code?