I've been digging round the forums for the last couple of hours trying to get a clear definition of each of these roles in order to best define a new standard design principle for our wireless LAN infrastructure. We are moving from a Cisco centric environment towards Aruba, so I apologise now for any obvious mistakes in the wording used in this post.
In our environment, we typically deploy dual controllers at our sites as having a level of resiliency is important for a number of applications that run over the wireless infrastructure. What I'm struggling with a little bit is when configuring these devices, which of the several options would be best suited to our environment. Having read multiple posts one thing that is obvious is that a 'master' is required, for obvious configuration reasons. What I'm struggling a little bit with is what role the second controller should adopt, and the pro's and con's of each of them. In our POC/POV environment I currently have it set as a 'local', I'm using LMS and VRRP to provide resiliency for the APs. This works very well during controller failure. However, I think how I currently have my controllers deployed is wrong. From what I have read, APs, in this scenario, should be terminated on the 'local' and not the 'master' which is how I have them now defined.
So question 1 is, should the APs use the 'local' as the primary LMS / active VRRP with the 'master' as a backup?
and question 2 is, given this topology, should I consider using something other than 'master' / 'local' i.e. master primary / master backup ?
I'll continue to read on as I'd like to understand this in detail myself, but would appreciate some advice on getting the basic understanding correct and any references to documents to back this up would be much appreciated.
There are really only two types:
Master and Local.
The master is where all configuration changes are made. The local connects to the master and gets the majority of its configuration from it. "Standalone" is just something that is asked during the startup wizard to for you to avoid setting credentials for a local to connect to it. a "Standalone" controller is essentially a master.
All controllers, whether Master or Local, can terminate access points. Those are the basics. The "Campus Network Design Version 8" validated reference design document here: http://www.arubanetworks.com/resources/reference-design-guides/ will give you the majority of the answers you need...
Thanks for the information.
I have skimmed through a number of these documents, but what has confused me somewhat is that, especially in the forums, people are terminating their APs on the 'local' and not the 'master'. Is there a design reason for doing this? In the majority of cases they seem to have more than two controllers deployed which is something we don't do. In our situation we generally deploy the same make and model of controller, so in terms of hardware there is no difference.
Is there a technical reason, if you were only deploying two controllers, that would wouldn't look to use this model i.e. 'master & local' as opposed to 'master & master backup'?
A backup master is a master controller that you cannot terminate access points on. It's sole responsibility is to back up the only read-write appliance you have in your network.
If someone wanted to double their capacity, they would have a master-local setup where they could terminate access points on BOTH appliances.
A master does alot of the database processing, so in larger environments, you don't want access points to terminate on it, at all... It is all based on design preference...
A large network would have a master/backup master pair and alot of local controllers that point to them. The access points would only terminate on the local controllers. If the master controller has a problem, the backup master would step in, and you would still have an appliance that has read-write capability in your network without any interruption.
If you have a master/local, but no backup master, you would lose the ability to make global changes to your network. Your network would still be able to run. With Arubacare, you could get another appliance to replace a failed master in 24 hours. Again, this is a design decision that people make.
Great, that is exactly what I was looking for. I guess I was confused as in the VRD document it talks about 'Master' redundancy and 'Local' redundancy in two separate sections (pages 29 and 33 of the document), without their being a reference to a 'Master' in the 'Local' section. Guess it's just because this is new to me and for those with more knowledge/experience it is just known/assumed. Thanks for clearing this up.
Give the first one a VRRP on its management VLAN with a priority of 200. Configure Master Redundancy and configure it with the VRRP above.
Give the second controller a VRRP with a priority of 100
Make sure the first controller has control of the VRRP.
Configure the second controller with master redundancy and point it at the VRRP instance. Immediately the controller with the lower priority will get is global configuration from the controller with higher priority. At this point you can enable centralized licensing.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.