Wireless Access

hello

 

we do have two aruba 7205 controllers with NO master controller

i'm trying to figure out the best way to deploy them to  acheive redundancy

i read that i can just configure them as standlaone and configure VRRP between them and the APs should just terminate to the VRRP IP ?

 

my question : if i did the above then i'll need to configure double the license one on each controller per AP ?

if the above is true then that's not applicable since we do have100 APs and 100 Licenses only

 

what i'm trying to achieve is

-one controller will serve all aps and user traffic, the other is standy

-if active controller fails aps should termiante on the stadnby one and continue working as normal

-we dont need to add more licneses per controller only 100 license per 100 aps

 

what would  be the optimal redundancy soultion for that setup without mobility master

 

i came across the master controller local design but most of it refering to version 6.x

i'm not sure if that fits on the arubaos8 or not since i'm new to aruba and only deployed standalone deployments

 

looking for clarifications

 

thanks in advance

 

If you do not have an MM, your redundancy options in 8.x are virtually identical to those in 6.x (licensing, standby controller, vrrp, etc).

thanks cjoseph

 

so based on teh available option in this regard, what do you recommend that would be best based on our scenario here ?

You can configure master redundancy between two controllers and point your access point at the VRRP.  Centralized licensing is enabled automatically.

 

 

There's a few options you have here, in short here is the following :

 

If using Master/Local or Master/Master you can enable Centralized Licensing to share the same pool of licenses between two controllers. 

 

You can still use MCM/Standalone mode with AOS8. If you go for Master/Local and you lose the Master, you will need to replace/configure a new master before further changes can be implemented.

If you go for a Master/Master deployment you can still make changes to the environment in the event of a controller failure.

 

Take a look at the Campus Redundancy VRD, this explains all the options in more depth. It is written for AOS6 but the concepts still apply to AOS8 in MCM/Standalone mode.

 

https://community.arubanetworks.com/t5/Validated-Reference-Design/Campus-Redundancy-Model/ta-p/510228

 

Just to add to and highlight some of what has been stated.

 

With 2 controllers, you can create a standalone, and then set up the other standalone as it's VRRP backup. You can have APs point to the VIP, and the APs will terminate on the primary controller. If the primary controller fails, the APs will terminate to the secondary controller, which will have become the primary. The VRRP failover is 3 heartbeats, and the AP PAPI failover is 8 heartbeats. Heartbeats are 1 second. Clients will disconnect and have to reconnect, and firewall states are not preserved. I refer to this as AP preservation, not client preservation.

 

Instead of doing a standalone configuration, you can set up one controllers as a Master Controller Mode (MCM) Master controller. You can then set up one (or more if you had more) controllers as Mobility Controllers (MCs). APs can only terminat to MCs. The Master controller is "ONLY" a management device. So with 2 controllers, one as the Master and the other as an MC, you would not have any failover for the APs, since as I just stated, APs cannot terminate to the Master controller.

 

If you did add an additional controller to the MCM configuration, you would then have the Master controller, and 2 MCs. At this point, you could set up VRRP between the 2 MCs, LMS-IP and Backup LMS-IP, or High Availability (HA). All three of these will provide redundancy. How quickly the failover occurs varies between the 3 solutions, however clients most likely will be disconnected and firewall states will not be preserved. Again, each of these will do AP preservation, not really client preservation.

 

If you want client preservation, where the client continues and firewall state is preserved, then you need to run a Mobility Master (MM).

 

I hope this helps,

 

thanks guys for your feedback

 

so jusst to be on the same page i believe for my setup i'll go with installing to standalone controllers and configure VRRP between them

 

as stated above centralized licensing will work

 

but what about configuration ? will the configuration be sybchronized between the primary standlaone and the backup ?

 

i'm running code 8.4.2

Hey axai1 I will be doing the same scenario as yours but using a VMC and a 7200.

 

What documentation did you consulted to achieve this configuration ? I tried looking at the fundamentals guide but I didn't find the know-how.

 

And what about the configuration synchronization ? Did you discover the answer ? Based in previous posts here in the airheads community looks like it doesn’t have the synchronization...

 

Although, in my case I have Airwave in my environment, I don’t know if its capable to improve something or maybe bringing the configuration sync feature ?

If VRRP is configured between 2 standalone controllers, both the licenses and configuration is synchronized between the active controller and the standby controller. Point the APs to the virtual IP (VIP) and if the active goes down, when the standby takes over, the APs will reconnect to the standby (which is now the active). Failover between the active and standby should occur in about 4-5 seconds. Failover time for the APs can vary depending upon how many APs you have failing over. Clients will be disconnected and will have to reconnect and will lose any stateful connection. AirWave does not provide any benefit or features in this design regarding the failover.

I hope this helps,

 

Thanks for the clarification westcott !!

 

Can you help me, saying to what term or chapter should I look at in the User Guide documentation, that show me how to configure as the best practice this "High Availability" scenario ?

 

And about the configuration sync, are you saying that even after the VRRP is done and the controller is connect to my primary controller, if I change the configuration in my primary controller, my other standalone controller, in this case the VMC, will have its configuration updated ???

Or are you just saying that for the VRRP to happened they both will need to have equal configuration ?

 

 

 

In a standalone redundancy configuration, using VRRP, the steps almost identical to configuration redundancy of a Mobility Master. If you look in the User's Guide for the section "Configuring Standby Mobility Master Using Layer 2 Redundancy" this will guide you to what needs to be done. There are two key tasks that must be performed. First, VRRP must be configured on each of the standalone controllers. This simply configures a Virtual IP (VIP) that is shared between the controllers. The next step, which is critical is to configure database synchronization between the two controllers.  Database synchronization can be verified using the "show database synchronize" command. Once the VIP and database synchronization is enabled, the two controllers are identical to each other (excepting their IP addresses). Any configuration changes made to the active is synchronized to the standby.

I hope this helps,

 

Westcott... thank you very much for your instructions, unfortunately, I need more explicit help...

I am able to configure the VIP and make the access point use its IP as the master but I am not able to configure the database synchronization.

 

In this chapter "Configuring Standby Mobility Master Using Layer 2 Redundancy" There are three sessions, VRRP, Master redundancy and Data Base synchronization.

I am aware that as I have only 2 controller in my setup as standalone is not possible to configure Master redundancy. Just to check I did tried but it didn't work or it supposed to correct ?

In the third section, is very direct, only showing that is only need toggle a button enabling the database synchronization and set the synchronization time.

But checking the show database synchronization command I get the following situation.

 

(Aruba-VMC-VA [mynode] #show roleinfo

switchrole:standalone
masterip:172.16.1.140

 

(WLC-7005) [mynode] #show roleinfo

switchrole:standby
masterip:172.16.1.140

 

(Aruba-VMC-VA) [mynode] #database-synchronize
Cannot start database synchronization: peer is not configured.

(Aruba-VMC-VA) [mynode] #

 

So, the third section or is incomplete or I am doing something wrong.

I configure the peer as the command is saying, this configure is about the second session of the chapter, Master Redundancy. Because is only permit that I configure the peer and the password not in the local node, but in the mobility controller level.

and as I told before, configuring the Master redundancy with two standalone controller it’s not working...

Can you point the way of how to make the database sync work ?

Two thoughts. One, I'm not sure VRRP redundancy between a physical controller and a VM is allowed. Hopefully, someone else can answer this. The other is that in a standalone environment the node hierarchy is as shown below

 

(7010-3a) [mynode] #show configuration node-hierarchy
Default-node is not configured. Autopark is disabled.
Configuration node hierarchy
----------------------------
Config Node Type Name
----------- ---- ----
/     System
/mm       System
/mm/mynode       System

 

Typically, in an MM environment, the VRRP is configured at the /mm/mynode level on each of the controllers. Then  the database synchronization is configured at the /mm level. This is how it is done on an MM managed platform, and it may need to be configured this way also on a standalone platform.

 

I hope this helps,

 

westcott... I was able to advance. Unfortunately another problem shows up.

 

The correct way to configure is:

 

First configure the VRRP as the configuration guide says.

between the VMC and the physical controller there is no problem with changing master(standalone) and standby(standalone) role with each other. Although I did not test the preempt function.

 

(Aruba-MC-VA) [mynode] #show vrrp

Virtual Router 180:

    Description MASTER_VRRP

    Admin State UP, VR State MASTER

    IP Address 172.16.1.150, MAC Address 00:00:5e:00:01:b4, vlan 172

    Priority 201, Advertisement 1 sec, Preemption Disable Delay 0

    Auth type PASSWORD, Auth data: ********

    tracking is not enabled

 

(WLC-7005) [mynode] #show vrrp

Virtual Router 180:

    Description BKP_VRRP

    Admin State UP, VR State BACKUP

    IP Address 172.16.1.150, MAC Address 00:00:5e:00:01:b4, vlan 172

    Priority 101, Advertisement 1 sec, Preemption Disable Delay 0

    Auth type PASSWORD, Auth data: ********

    tracking is not enabled

 

 

Both rolesinfo in this configuration still says switchrole:standalone

 

So, the second step is to configure the database synchronization as you told.

To do that, is necessary to level up in the hierarchy and in the level Mobility Controller activate the database synchronization toggle and set a sync period and then in the local node level, the toggle and the sync period will be the same as the one settled in the mobility controller level. So this time in the local level, It will be need to fill in Master VRRP, the peer ip and the IPsec peer passphrase. So the section about Master Redudancy of the chapter is partly correct to my scenario.

 

Now, with this setup complete, in show roleinfo, the backup VRRP controller will be called standbye and with show swiches both controller are showing up their respective information.

 

(Aruba-MC-VA) [mynode] #show switches

 

All Switches

------------

IP Address    IPv6 Address  Name               Location          Type        Model       Version        Status  Configuration State  Config Sync Time (sec)  Config ID

----------    ------------  ----               --------          ----        -----       -------        ------  -------------------  ----------------------  ---------

172.16.1.131  None          Aruba-MC-VA Building1.floor1  standalone  ArubaMC-VA  8.2.2.4_68953  up      UPDATE SUCCESSFUL    0                       14

172.16.1.132  None          WLC-7005           Building1.floor1  standby     Aruba7005   8.2.2.4_68953  up      CONFIG FAILURE(14)   0                       14

 

Total Switches:2

 

 

But, with this setting, the database synchronization will not work.

 

(Aruba-MC-VA) [mynode] #show database synchronize

 

Last L2 synchronization time: Fri Jan 31 14:33:44 2020

Last L3 synchronization time: Secondary not synchronized since last reboot

To Master Switch at 172.16.1.139:  *** FAILED ***

WMS Database backup file size: 40266 bytes

Local User Database backup file size: 41647 bytes

Global AP Database backup file size: 23061 bytes

IAP Database backup file size: 3760 bytes

Airgroup Database backup file size: 3062 bytes

License Database backup file size: 5323 bytes

CPSec Database backup file size: 3224 bytes

L2 Synchronization took 10 second

L3 Synchronization took less than one second

Last failure cause: Standby switch did not acknowledge the CPSec database transfer

 

 

(Aruba-MC-VA) [mynode] # show log errorlog all

(…)

Jan 31 14:27:34 <dbsync 307273>  <5520> <ERRS> |dbsync|  dbsync: failed to start db sync on standby (handle_start_sync_reply_receive)

 

WLC-7005) [mynode] # show log errorlog all

(…)

Jan 31 14:27:34  dbsync[3834]: <307319> <3834> <ERRS> |dbsync|  dbsync: Can not start db sync on backup Master Switch: (SYNC_WAIT_WMS_DB)

 

So, I discover that to resolve this error, it was necessary to configure the Cluster WhiteList propagation settings, so I set the master as the root and the standbye as the member.

 

Unfortunately the problem with synchronization will continue, and  new error shows up….

 

(WLC-7005) [mynode] # show log errorlog all

(...)

Jan 31 14:48:29 <dbsync 307335>  <3834> <ERRS> |dbsync|  dbsync: Can not receive file on backup Master Switch: (SYNC_WAIT_BOCMGR_DB)

 

(Aruba-MC-VA) [mynode] # show log errorlog all

(…)

Jan 31 14:48:29 <dbsync 307398>  <5520> <ERRS> |dbsync|  dbsync: failed to receive CPSEC db sync on standby (handle_send_cpsec_db_ack)

 

 

(Aruba-MC-VA) [mynode] #show database synchronize

 

Last L2 synchronization time: Fri Jan 31 14:48:29 2020

Last L3 synchronization time: Secondary not synchronized since last reboot

To Master Switch at 172.16.1.139:  *** FAILED ***

WMS Database backup file size: 40266 bytes

Local User Database backup file size: 41649 bytes

Global AP Database backup file size: 23061 bytes

IAP Database backup file size: 3760 bytes

Airgroup Database backup file size: 3062 bytes

License Database backup file size: 5323 bytes

CPSec Database backup file size: 3224 bytes

L2 Synchronization took 11 second

L3 Synchronization took less than one second

Last failure cause: Standby switch did not acknowledge the CPSec database transfer

 

57 L2 synchronization attempted

57 L2 synchronization have failed

 

0 L3 synchronization attempted

0 L3 synchronization have failed

 

L2 Periodic synchronization is enabled and runs every 1 minute

 

L3 Periodic synchronization is disabled

 

Synchronization doesn't include Captive Portal Custom data

(Aruba-MC-VA) [mynode] #

 

 

(WLC-7005) [mynode] #show database synchronize

 

Last L2 synchronization time: Fri Jan 31 14:48:29 2020

From Master Switch at 172.16.1.131:  *** FAILED ***

WMS Database backup file size: 40266 bytes

Local User Database backup file size: 41649 bytes

Global AP Database backup file size: 23061 bytes

IAP Database backup file size: 3760 bytes

Airgroup Database backup file size: 3062 bytes

License Database backup file size: 5323 bytes

CPSec Database backup file size: 0 bytes

Bocmgr Database backup file size: 0 bytes

L2 Synchronization took 11 second

Last failure cause: Unknown error

 

57 L2 synchronization attempted

57 L2 synchronization have failed

 

L2 Periodic synchronization is enabled and runs every 1 minute

 

Synchronization doesn't include Captive Portal Custom data

(WLC-7005) [mynode] #

 

So.... Any help ? Is this a bug ?

 

Just to put more information. In my lab I have the VMC and two physical controllers. So as the VMC is showing this error I decide to try the same configuration using the two physical controllers, so without the Clustering whitelist (because it not asked) and the two physical controller It is partially working, as there is no error message showing up, but the configuration are is not been replicated to the standby controller… I check it by removing the master and AP did go the standby but there is no config in the standby, so even with the database synchronization not showing error with two physical controller there is no replication of the configuration….

Is there any way to do Active-Active without doubling the AP licenses, and without a MM?

The licensing is centralized, so you do not need to double it. However, ArubaOS 8 requires a management machine. That is either an MM, or a controller in Master Controller Mode (MCM). In either case, the management machine is strictly that, management, no termination of APs. In MCM mode or MM mode, you can have active/active, but that is done with two additional MCs (controllers). You can run standalone, however that is active/standby. The second controller is strictly a hardware failover.

 

I hope this helps,

So, I would need another controller to do Active/Active?

 

I happen to have one old 7005 and two new 9004.

Can I use the 7005 as the master controller and then use the two 9004 in active active? And what happens if the 7005 goes down? Would you do it or go with Active/Standby?

 

Thanks.

You could set up a controller as the management MCM and the other two could be set up with active-active redundancy, such as HA. Realize that these controllers will essentially be operating like OS 6, without the new features of OS 8, but they will work. If the MCM machine went down, it is like in OS 6, you lose your management machine and some features, but the wireless will still work.

 

Why do you not want to set up an MM? As for whether I would do it or not, there are too many variables for me to ponder to make that call.

 

I hope this helps,

I would be happy with an MM if I already had it, but now with AOS 10 I don't want o invest in a dying architecture.

Guess I will go with Active/Standby for now.

Hi

Check out if the "Controller IP"  IP-address is the same IP addresses you build syncronization upon 

 

I had problem with sync too, but i had another error appearing.

 

P.S. Also I had 2 hardware 7205 contollers 

I have two controllers in HA (active/standby) without MM, version 8.4.
I did a failover test by disconnecting the active controller interfaces, the standby controller changed role, the ap only lost some packets but from the  controller up I kept seeing the ap down. I've read this several times: "Point the APs to the virtual IP (VIP)", what does it mean?

From the active controller  #show ap database long i see both ip of the controllers.

Standby Controller Log:

May 2 dbsync[3787]: <307269> <3787> <ERRS> |dbsync| dbsync: timed out, failed to complete in time (state= WAITING FOR WMS DATABASE FROM MASTER, timeout= 780000)
May 2 dbsync[3787]: <307319> <3787> <ERRS> |dbsync| dbsync: Can not start db sync on backup Master Switch: (SYNC_WAIT_WMS_DB)
May 2 dbsync[3787]: <307341> <3787> <ERRS> |dbsync| dbsync: Can not restore db on backup Master Switch: (dbsync_do_wms_db_restore, SYNC_RESTORE_WMS_DB)

May 2 stm[3643]: <305102> <3643> <ERRS> |stm| |ha| sapm_ha_allow_ap: Active-mode Hello received from AP <ap-name> on standby controller, ignoring
May 2 KERNEL(<ap-name>): [4663555.922252] wlan_mlme_app_ie_delete: appie is NULL. Do nothing.
May 2 isakmpd[3585]: <103103> <3585> <WARN> |ike| IKE SA Deletion: IKE2_delSa peer:<IPAddress>:500 id:2219754124 errcode:ERR_IKESA_EXPIRED saflags:0x41000005 arflags:0x20
May 2 KERNEL(APMESH-POINT): [3374898.181577] avap is null

Thanks​



Original Message:
Sent: Jan 23, 2020 04:05 PM
From: David Westcott
Subject: Arubaos8 two controllers redundancy scenario

If VRRP is configured between 2 standalone controllers, both the licenses and configuration is synchronized between the active controller and the standby controller. Point the APs to the virtual IP (VIP) and if the active goes down, when the standby takes over, the APs will reconnect to the standby (which is now the active). Failover between the active and standby should occur in about 4-5 seconds. Failover time for the APs can vary depending upon how many APs you have failing over. Clients will be disconnected and will have to reconnect and will lose any stateful connection. AirWave does not provide any benefit or features in this design regarding the failover.

I hope this helps,

 

If you use DNS for controller discovery, point it at the VIP between two controllers.
In the AP system profile of your AP-Group, make sure the LMS-IP is the VIP.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------

Original Message:
Sent: May 03, 2022 06:58 AM
From: Claudia Bolognino
Subject: Arubaos8 two controllers redundancy scenario

I have two controllers in HA (active/standby) without MM, version 8.4.
I did a failover test by disconnecting the active controller interfaces, the standby controller changed role, the ap only lost some packets but from the  controller up I kept seeing the ap down. I've read this several times: "Point the APs to the virtual IP (VIP)", what does it mean?

From the active controller  #show ap database long i see both ip of the controllers.

Standby Controller Log:

May 2 dbsync[3787]: <307269> <3787> <ERRS> |dbsync| dbsync: timed out, failed to complete in time (state= WAITING FOR WMS DATABASE FROM MASTER, timeout= 780000)
May 2 dbsync[3787]: <307319> <3787> <ERRS> |dbsync| dbsync: Can not start db sync on backup Master Switch: (SYNC_WAIT_WMS_DB)
May 2 dbsync[3787]: <307341> <3787> <ERRS> |dbsync| dbsync: Can not restore db on backup Master Switch: (dbsync_do_wms_db_restore, SYNC_RESTORE_WMS_DB)

May 2 stm[3643]: <305102> <3643> <ERRS> |stm| |ha| sapm_ha_allow_ap: Active-mode Hello received from AP <ap-name> on standby controller, ignoring
May 2 KERNEL(<ap-name>): [4663555.922252] wlan_mlme_app_ie_delete: appie is NULL. Do nothing.
May 2 isakmpd[3585]: <103103> <3585> <WARN> |ike| IKE SA Deletion: IKE2_delSa peer:<IPAddress>:500 id:2219754124 errcode:ERR_IKESA_EXPIRED saflags:0x41000005 arflags:0x20
May 2 KERNEL(APMESH-POINT): [3374898.181577] avap is null

Thanks​



Original Message:
Sent: Jan 23, 2020 04:05 PM
From: David Westcott
Subject: Arubaos8 two controllers redundancy scenario

If VRRP is configured between 2 standalone controllers, both the licenses and configuration is synchronized between the active controller and the standby controller. Point the APs to the virtual IP (VIP) and if the active goes down, when the standby takes over, the APs will reconnect to the standby (which is now the active). Failover between the active and standby should occur in about 4-5 seconds. Failover time for the APs can vary depending upon how many APs you have failing over. Clients will be disconnected and will have to reconnect and will lose any stateful connection. AirWave does not provide any benefit or features in this design regarding the failover.

I hope this helps,

 

It's a production environment and the AP has already been provisioned on the controllers.
Should I change the "Master IP" in the "ap provisioning parameters"?
LMS-IP is the VIP and the BLMS?
Will I have to do the same configuration in the standby controller (for LMS and BLMS)?

Thanks



Original Message:
Sent: May 03, 2022 07:14 AM
From: Colin Joseph
Subject: Arubaos8 two controllers redundancy scenario

If you use DNS for controller discovery, point it at the VIP between two controllers.
In the AP system profile of your AP-Group, make sure the LMS-IP is the VIP.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: May 03, 2022 06:58 AM
From: Claudia Bolognino
Subject: Arubaos8 two controllers redundancy scenario

I have two controllers in HA (active/standby) without MM, version 8.4.
I did a failover test by disconnecting the active controller interfaces, the standby controller changed role, the ap only lost some packets but from the  controller up I kept seeing the ap down. I've read this several times: "Point the APs to the virtual IP (VIP)", what does it mean?

From the active controller  #show ap database long i see both ip of the controllers.

Standby Controller Log:

May 2 dbsync[3787]: <307269> <3787> <ERRS> |dbsync| dbsync: timed out, failed to complete in time (state= WAITING FOR WMS DATABASE FROM MASTER, timeout= 780000)
May 2 dbsync[3787]: <307319> <3787> <ERRS> |dbsync| dbsync: Can not start db sync on backup Master Switch: (SYNC_WAIT_WMS_DB)
May 2 dbsync[3787]: <307341> <3787> <ERRS> |dbsync| dbsync: Can not restore db on backup Master Switch: (dbsync_do_wms_db_restore, SYNC_RESTORE_WMS_DB)

May 2 stm[3643]: <305102> <3643> <ERRS> |stm| |ha| sapm_ha_allow_ap: Active-mode Hello received from AP <ap-name> on standby controller, ignoring
May 2 KERNEL(<ap-name>): [4663555.922252] wlan_mlme_app_ie_delete: appie is NULL. Do nothing.
May 2 isakmpd[3585]: <103103> <3585> <WARN> |ike| IKE SA Deletion: IKE2_delSa peer:<IPAddress>:500 id:2219754124 errcode:ERR_IKESA_EXPIRED saflags:0x41000005 arflags:0x20
May 2 KERNEL(APMESH-POINT): [3374898.181577] avap is null

Thanks​



Original Message:
Sent: Jan 23, 2020 04:05 PM
From: David Westcott
Subject: Arubaos8 two controllers redundancy scenario

If VRRP is configured between 2 standalone controllers, both the licenses and configuration is synchronized between the active controller and the standby controller. Point the APs to the virtual IP (VIP) and if the active goes down, when the standby takes over, the APs will reconnect to the standby (which is now the active). Failover between the active and standby should occur in about 4-5 seconds. Failover time for the APs can vary depending upon how many APs you have failing over. Clients will be disconnected and will have to reconnect and will lose any stateful connection. AirWave does not provide any benefit or features in this design regarding the failover.

I hope this helps,

 

Hi axai1,

I have a similar question about the configuration synchronization.
We have two 7210 standalone controllers in our environment running in L2 redundancy with out MM. Primary controller is in production environment and have all running configs.

Is there any way I can copy these configs which include WLAN, ARM, Radius, firewall, etc configs to backup controller?

The L2 redundancy using vrrp is working fine and APs do switch to backup controller when primary goes down, also the database sync is successful and 200 licenses for APs show on the secondary device. But I don't see any WLAN and other configuration replicated onto the secondary.

Do I have to manually do all the configurations in the second standalone device? (Both devices are standalone masters)



Regards,
Aezad Burhan.
Original Message:
Sent: Jul 20, 2019 04:25 PM
From: assem ibrahim
Subject: Arubaos8 two controllers redundancy scenario

thanks guys for your feedback

 

so jusst to be on the same page i believe for my setup i'll go with installing to standalone controllers and configure VRRP between them

 

as stated above centralized licensing will work

 

but what about configuration ? will the configuration be sybchronized between the primary standlaone and the backup ?

 

i'm running code 8.4.2

Is the Master Controller Mode (MCM) Master controller deployment mode still an option with ArubaOS 8.10.x?

Thank you,
Davalia Ridings
KBHIT
Original Message:
Sent: Jul 15, 2019 02:38 PM
From: David Westcott
Subject: Arubaos8 two controllers redundancy scenario

Just to add to and highlight some of what has been stated.

 

With 2 controllers, you can create a standalone, and then set up the other standalone as it's VRRP backup. You can have APs point to the VIP, and the APs will terminate on the primary controller. If the primary controller fails, the APs will terminate to the secondary controller, which will have become the primary. The VRRP failover is 3 heartbeats, and the AP PAPI failover is 8 heartbeats. Heartbeats are 1 second. Clients will disconnect and have to reconnect, and firewall states are not preserved. I refer to this as AP preservation, not client preservation.

 

Instead of doing a standalone configuration, you can set up one controllers as a Master Controller Mode (MCM) Master controller. You can then set up one (or more if you had more) controllers as Mobility Controllers (MCs). APs can only terminat to MCs. The Master controller is "ONLY" a management device. So with 2 controllers, one as the Master and the other as an MC, you would not have any failover for the APs, since as I just stated, APs cannot terminate to the Master controller.

 

If you did add an additional controller to the MCM configuration, you would then have the Master controller, and 2 MCs. At this point, you could set up VRRP between the 2 MCs, LMS-IP and Backup LMS-IP, or High Availability (HA). All three of these will provide redundancy. How quickly the failover occurs varies between the 3 solutions, however clients most likely will be disconnected and firewall states will not be preserved. Again, each of these will do AP preservation, not really client preservation.

 

If you want client preservation, where the client continues and firewall state is preserved, then you need to run a Mobility Master (MM).

 

I hope this helps,