Wireless Access

last person joined: 7 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Controller max unicast routes

  • 1.  Controller max unicast routes

    Posted Apr 17, 2015 10:11 AM

    Hi!

     

    When reading the data sheet of the 3000 controllers we find a limitation called: "Number of IPv4 unicast routes". When planning for a central controller to terminate IAP-VPN tunnels using distributed L3 scopes we´re looking at the 7000 series controllers and the "Concurrent IPsec sessions" limits. I don´t see any limits to the number of routes on there though, anyone know the limit?

     

    Are there any other limit we need to look out for when sizing the central controller for IAP-VPN termination? Anyone have any experience of maxing out lets say a 7010 controller with close to a 1000 IAP-VPN tunnels?

     

    Have a nice weekend Airheaders!



  • 2.  RE: Controller max unicast routes

    Posted Apr 17, 2015 10:39 AM
    Keep in mind that the 7000 series are meant to be branch/small office controllers. For IAP-VPN termination and aggregation, you should consider a 7200 series controller.


    Thanks,
    Tim


  • 3.  RE: Controller max unicast routes

    Posted Apr 17, 2015 10:41 AM

    Hi!

     

    Please elaborate why. Let´s say You´ll place 500 single RAP-155s on separate sites with IAP-VPN, surely a 7010 would do fine? Where´s the limitation?



  • 4.  RE: Controller max unicast routes

    Posted Apr 25, 2015 10:05 AM

    If anyone could comment on this it would be greatly appreciated since we have these kind of deployments coming up in the near future.



  • 5.  RE: Controller max unicast routes

    Posted Apr 25, 2015 12:34 PM

    Christoffer,

     

    The 7010 series controller was meant to be at a branch and not the datacenter.  As you can see from the datasheet, it was on designed to handle 32 access points.  It will not scale too well in an IAP-VPN situation that exceeds that number.  If you design a network that exceeds what the platform was designed for, you put yourself at risk.



  • 6.  RE: Controller max unicast routes

    Posted Apr 25, 2015 12:47 PM

    Ok, thank you. This really should be put more clearly in the datasheet if this is the case. I was thinking that since the controller isn´t processing any off the normal wireless information that it does for a controller based AP and only passing traffic to and from its VPN tunnels it would scale to the number of specified IPSEC tunnels. 

     

    I also remember someone at Airheads mentioning this as a good use case for the upcoming 7000 series controllers. I would really like to se exact numbers of supported IAP branches on the controller datasheets.

     

    Cheers,



  • 7.  RE: Controller max unicast routes

    Posted Apr 25, 2015 12:51 PM
    I think it's just assumed that there wouldn't be a VPN concentrator in a branch office.

    Thanks,
    Tim


  • 8.  RE: Controller max unicast routes

    Posted Apr 25, 2015 07:17 PM

    Christoffer,

     

    There is an effort to add more information to the datasheet.  Please stay tuned.