I am looking for the possible methods of redundancy for RAPs - I know in a master/standy scenario, you would NAT the public IP to the VIP and the VIP would handle the failover scenario with it's virtual IP and MAC. If two controllers are not within the same L2 network, meaning we can't setup VRRP, is LMS/Backup LMS a viable option? Obviously we would need (2) public IPs instead of (1) and the RAP would require a reboot, but in a DR scenario, is that a possible option? I've always used VRRP for this, but I understand it's limitations.
I looked through the RAP VRD as well, and it seems like best practice is VRRP in a Master/Standby setup.
2 public IPs. The VRRP implementation in ArubaOS does not work with RAP. EDIT: IF the VRRP is behind a NAT boundary (e.g. static nat to private VRRP does not work).
Setup a DNS a-record
Populate that A-record with both ip addresses
Have your DNS server deliver the ip address as round-robin or both addresses at one time to the a-record that RAP points to.
If you setup DNS a-record with two addresses, what happens next depends on the DNS server configuration:
- DNS round robin will deliver one ip address and then the other
- An alternate DNS setup will deliver both addresses
If the DNS server is only serving up one address at a time (round robin), that is all that the RAP will try. If it finds a controller at that address, you can deliver a second address via backup LMS-IP, which it will use as backup. If it does not find a controller at that address, it should reboot, where the DNS server should supply the second address. If the DNS server is sending out two ip addresses, the RAP will try the first address, and if it does not exist, it will try the next address. LMS-IP and backup LMS can be delivered to the RAP in any scenario where it finds a controller.
LMS and Backup LMS can only be delivered if the RAP finds a controller after cold boot in the first place. DNS supplying alternate addresses or I guess a Netscaler would provide redundancy upon cold boot for the initial ip address.
Interesting question brought up - can you add (2) provisioning rules in Activate for IAP to RAP in a folder for redundancy? Would it accept both rules and try the first, then the second if the first fails? How would it handle that?
At this time, you can only put one.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.