Wireless Access

last person joined: 17 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Basic Question 1 of 3: Redundant Masters or Master-Locals?

This thread has been viewed 1 times

  • 1.  Basic Question 1 of 3: Redundant Masters or Master-Locals?

    Posted May 24, 2012 10:57 PM

    I am in the process of setting up our new Aruba wireless system, and while I’ve learned a lot about ArubaOS et. al. I have a few basic questions on which I’d like your opinions.  I’d like to go down the appropriate path with this setup once, if possible, and so need assistance selecting the right path.  I have read selected sections of the ArubaOS User Guide and other documentation including the KB and forums, but by no means everything. I’ll edit each post with links to the other two so I can ask separate questions but still give a complete picture.  Please feel free to question my assumptions.

     

    Question 1:  Use a “redundant master” setup or a “master-with-locals” setup?

    We currently have two 3400 controllers and 50 APs, to use for our HQ site (3 bldgs, total of 6 ‘floors’, 450 users)  a medium sized site (1 floor of 100 users) and one small office of about 10 users.  The other sites are about 45ms and 200ms ‘away,’ respectively.  We intend to expand the installation worldwide to our other 2 major sites, 4 medium sites and 12 small sites similar to the above.

     

    I think I can set up our two 3400’s now as redundant masters, and I think these will sync their configurations so that I can enter configuration data on only the active controller.  As far as I know this would be like any other VRRP-based device – unless a monitored item goes down, forcing VRRP failover, the active device does everything.  There is no ‘subordination’ relationship here, just redundancy.

     

    I could also use a master controller and subordinate local controllers, but I am less clear on how this works.  I have looked through Ch 21 of the User Guide but it doesn’t go in to how to divide the APs between controllers.  I *think* the AAA, SSID and VAP profiles, etc., are configured on the master and can be used by any local and associated APs but I’m not sure.

    We plan on adding more controllers (we’re hoping just 2 to 4 more) to our other major offices to handle the APs for their region.  Generally the AAA requirements will be the same globally, and we’d like to make it as easy as possible for travelling staff to connect at other offices (we have a single corporate SSID now at every office, which enforces the same authentication but sometimes with different AAA servers).  If it works better, we would then make these others ‘local’ controllers under the master here at HQ.

     

    Could we also have redundant masters at HQ and have the other controllers as locals subordinate to that master (pair)?

     

    Thanks!  Paul

     

    Question 2 here: Question 2 of 3

     

    Question 3 here: Question 3 of 3


    #3400


  • 2.  RE: Basic Question 1 of 3: Redundant Masters or Master-Locals?

    EMPLOYEE
    Posted May 24, 2012 11:28 PM
    @ptrivino wrote:

    I am in the process of setting up our new Aruba wireless system, and while I’ve learned a lot about ArubaOS et. al. I have a few basic questions on which I’d like your opinions.  I’d like to go down the appropriate path with this setup once, if possible, and so need assistance selecting the right path.  I have read selected sections of the ArubaOS User Guide and other documentation including the KB and forums, but by no means everything. I’ll edit each post with links to the other two so I can ask separate questions but still give a complete picture.  Please feel free to question my assumptions.

     

    Question 1:  Use a “redundant master” setup or a “master-with-locals” setup?

    We currently have two 3400 controllers and 50 APs, to use for our HQ site (3 bldgs, total of 6 ‘floors’, 450 users)  a medium sized site (1 floor of 100 users) and one small office of about 10 users.  The other sites are about 45ms and 200ms ‘away,’ respectively.  We intend to expand the installation worldwide to our other 2 major sites, 4 medium sites and 12 small sites similar to the above.

     

    I think I can set up our two 3400’s now as redundant masters, and I think these will sync their configurations so that I can enter configuration data on only the active controller.  As far as I know this would be like any other VRRP-based device – unless a monitored item goes down, forcing VRRP failover, the active device does everything.  There is no ‘subordination’ relationship here, just redundancy.

     

    I could also use a master controller and subordinate local controllers, but I am less clear on how this works.  I have looked through Ch 21 of the User Guide but it doesn’t go in to how to divide the APs between controllers.  I *think* the AAA, SSID and VAP profiles, etc., are configured on the master and can be used by any local and associated APs but I’m not sure.

    We plan on adding more controllers (we’re hoping just 2 to 4 more) to our other major offices to handle the APs for their region.  Generally the AAA requirements will be the same globally, and we’d like to make it as easy as possible for travelling staff to connect at other offices (we have a single corporate SSID now at every office, which enforces the same authentication but sometimes with different AAA servers).  If it works better, we would then make these others ‘local’ controllers under the master here at HQ.

     

    Could we also have redundant masters at HQ and have the other controllers as locals subordinate to that master (pair)?

     

    Thanks!  Paul

     

    Question 2 here: Question 2 of 3

     

    Question 3 here: Question 3 of 3

    The biggest difference between master-backup and master-local is that in a master-backup scenario, only the master can terminate, or serve access points.  If you simply want one controller to backup the other, the master-backup master scenario works well.  Everything pretty much is synchronized, except for layer2 and layer3 information, timezone, SNMP parameters.

     



  • 3.  RE: Basic Question 1 of 3: Redundant Masters or Master-Locals?

    Posted May 25, 2012 12:58 AM

    Thanks cjoseph.  iirc my reading indicates that the master will also provide APs with controller functionality if the local controller is unavailable.  So I'm thinking that having a master and distributed locals gives me both redundancy for any local controller as well as a single place to do configurations, that is then pushed out to the local controllers as needed.  That would be ideal, I think.

     

    However your reply to my #2 question maybe means I don't need that, I had perhaps misunderstood remote vs non-remote.  My previous understanding was that the 'default' or more common config was that the Aruba APs tunneled their client traffic back to the controller, but Remote APs did not, they put client traffic directly on to their local LAN connection - it sounds like I have this wrong, if not completely backwards.  If I don't HAVE TO tunnel the traffic to the controller, I won't, I'll use the wired LAN as I do now.

     

    If I have this all right, and I'm no longer worried about latency back to the controller site and I'm not worried about melting the controller with all the client traffic, it seems like I can possibly use redundant master controllers for a good deal of my deployment, perhaps even for all sites.  

     

    Am I getting this now?  Thanks again.

     

    Paul



  • 4.  RE: Basic Question 1 of 3: Redundant Masters or Master-Locals?
    Best Answer

    EMPLOYEE
    Posted May 25, 2012 07:08 AM
    @ptrivino wrote:

    Thanks cjoseph.  iirc my reading indicates that the master will also provide APs with controller functionality if the local controller is unavailable.  So I'm thinking that having a master and distributed locals gives me both redundancy for any local controller as well as a single place to do configurations, that is then pushed out to the local controllers as needed.  That would be ideal, I think.

     

    However your reply to my #2 question maybe means I don't need that, I had perhaps misunderstood remote vs non-remote.  My previous understanding was that the 'default' or more common config was that the Aruba APs tunneled their client traffic back to the controller, but Remote APs did not, they put client traffic directly on to their local LAN connection - it sounds like I have this wrong, if not completely backwards.  If I don't HAVE TO tunnel the traffic to the controller, I won't, I'll use the wired LAN as I do now.

     

    If I have this all right, and I'm no longer worried about latency back to the controller site and I'm not worried about melting the controller with all the client traffic, it seems like I can possibly use redundant master controllers for a good deal of my deployment, perhaps even for all sites.  

     

    Am I getting this now?  Thanks again.

     

    Paul

    In a master/local situation, if the master dies, the local controller is read-only and would have to be changed to a master and rebooted to be able to change/configure WLAN settings.   In a master/master situation, the surviving controller has full read/write capability.

     

    Both Campus and Remote APs can both tunnel user traffic back to the controller, as well as bridge traffic locally.  The Remote AP can tunnel it over a public network over IPSEC, as well as have site surviviability for certain types of networks.  The Remote AP and Campus AP use the same hardare; they are just provisioned differently.  Those are probably the main differences.

     



  • 5.  RE: Basic Question 1 of 3: Redundant Masters or Master-Locals?

    Posted May 25, 2012 12:42 PM

    Excellent info, thank you.

     

    Paul