Wired Intelligent Edge

last person joined: 2 hours ago 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

Load balancing for dynamic segmentation

This thread has been viewed 26 times
  • 1.  Load balancing for dynamic segmentation

    Posted 12 days ago
    I am looking for details on how dynamic segmentation clients are load balanced on a controller cluster. All I have found is the switch configuration where the controller IP and a backup controller IP can be configured. In this way the wired clients are not load balanced. Does the cluster VRRP need to be configured for the load balancing to be enabled?

    ------------------------------
    Stewart Smith
    ------------------------------


  • 2.  RE: Load balancing for dynamic segmentation

    Posted 12 days ago
    No. If the controllers are clustered, the users will be load balanced.

    ------------------------------
    Dustin Burns
    Lead Mobility Engineer @WEI

    ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2021
    If my post was useful accept solution and/or give kudos
    ------------------------------



  • 3.  RE: Load balancing for dynamic segmentation

    Posted 12 days ago
    The switch only supports having a physical gateway IP from the cluster.  Once you enter that in and enable the tunneling profile (ubt zone command), the switch will automatically download the cluster information and have high availability and load balancing ready from the cluster map (bucket list) downloaded from the cluster.  You can verify this with the "show ubt state" command.

    ubt zone corporate vrf default
    primary-controller ip 10.5.8.6
    enable

    Justin-6300# show ubt state

    =====================================================================
    Zone corporate:
    =====================================================================

    Local Conductor Server (LCS) State:

    LCS Type IP Address State Role
    ---------------------------------------------------------------------
    Primary : 10.5.8.6 ready_for_bootstrap operational_primary

    Switch Anchor Controller (SAC) State:

    IP Address MAC Address State
    -----------------------------------------------------------------
    Active : 10.5.8.6 00:0b:86:b7:6a:7f registered
    Standby : 10.5.8.7 00:0b:86:dd:6c:00 registered

    Justin-6300# show ubt information

    =====================================================================
    Zone corporate:
    =====================================================================
    SAC Information :

    Active : 10.5.8.6
    Standby : 10.5.8.7

    Node List Information :

    Cluster Name : TME-Cluster

    Cluster Alias Name :

    Node List :
    ----------------
    10.5.8.6
    10.5.8.7

    Bucket Map Information :

    Bucket Map Active : [0...255]

    Bucket ID A-UAC S-UAC Connectivity
    ----------------------------------------------------------
    0 10.5.8.6 10.5.8.7 L3
    1 10.5.8.6 10.5.8.7 L3
    2 10.5.8.6 10.5.8.7 L3
    3 10.5.8.7 10.5.8.6 L3
    4 10.5.8.6 10.5.8.7 L3
    5 10.5.8.6 10.5.8.7 L3
    6 10.5.8.7 10.5.8.6 L3
    7 10.5.8.6 10.5.8.7 L3
    8 10.5.8.6 10.5.8.7 L3
    9 10.5.8.6 10.5.8.7 L3
    10 10.5.8.6 10.5.8.7 L3
    11 10.5.8.7 10.5.8.6 L3
    12 10.5.8.6 10.5.8.7 L3
    13 10.5.8.6 10.5.8.7 L3
    14 10.5.8.6 10.5.8.7 L3

    ------------------------------
    Justin Noonan
    ------------------------------



  • 4.  RE: Load balancing for dynamic segmentation

    Posted 11 days ago
    Ok thanks. I don't see the ubt commands on the switch which is 2930M - does load balancing only work with CX? I didn't set this up so am not sure how load balancing would work. The current configuration is :

    tunneled-node-server
    controller-ip 10.x.x.20
    backup-controller-ip 10.x.x.21
    mode role-based reserved-vlan 4089

    sh tunneled-node-server

    Tunneled Node Server Information

    State : Enabled
    Primary Controller : 10.x.x.20
    Backup Controller : 10.x.x.21
    Keepalive Interval (seconds) : 8
    Mode : Role-based
    Vlan-Mode : vlan-extend-disable
    Reserved-Vlan : 4089

    ------------------------------
    Stewart Smith
    ------------------------------



  • 5.  RE: Load balancing for dynamic segmentation

    Posted 11 days ago
    After a little more digging, please ignore my previous post. The issue seems to be that the bucket map always specifies one controller as the UAC 

    [ 0] :: 10.x.x.20 10.x.x.21 0.0.0.0 0.0.0.0
    [ 4] :: 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0
    [ 8] :: 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0


    Bucket Map Information

    Bucket Name : TUNNELED_NODE_ESSID
    Bucket Map Active : [0 .. 255]
    [ 0] :: (0, 1, 1) (0, 1, 1) (0, 1, 1) (0, 1, 1) (0, 1, 1) (0, 1, 1)
    [ 6] :: (0, 1, 1) (0, 1, 1) (0, 1, 1) (0, 1, 1) (0, 1, 1) (0, 1, 1)
    [ 12] :: (0, 1, 1) (0, 1, 1) (0, 1, 1) (0, 1, 1) (0, 1, 1) (0, 1, 1)
    [ 18] :: (0, 1, 1) (0, 1, 1) (0, 1, 1) (0, 1, 1) (0, 1, 1) (0, 1, 1)
    [ 24] :: (0, 1, 1) (0, 1, 1) (0, 1, 1) (0, 1, 1) (0, 1, 1) (0, 1, 1)
    [ 30] :: (0, 1, 1) (0, 1, 1) (0, 1, 1) (0, 1, 1) (0, 1, 1) (0, 1, 1)
    [ 36] :: (0, 1, 1) (0, 1, 1) (0, 1, 1) (0, 1, 1) (0, 1, 1) (0, 1, 1)
    [ 42] :: (0, 1, 1) (0, 1, 1) (0, 1, 1) (0, 1, 1) (0, 1, 1) (0, 1, 1)

    ------------------------------
    Stewart Smith
    ------------------------------



  • 6.  RE: Load balancing for dynamic segmentation

    Posted 11 days ago
    Have you configured controller clustering, and do you have an MM (Mobility Master / Mobility Conductor)? MM is a prerequisite for controller clustering.

    From the bucket-map output, it looks like there is no clustering in place.


    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 7.  RE: Load balancing for dynamic segmentation

    Posted 11 days ago
    Yes there is a cluster with MM. The load balancing works fine for the wireless clients. 

    [MDC] *#show lc-cluster group-membership

    Cluster Enabled, Profile Name = "xxxx-Campus-Cluster"
    Redundancy Mode On
    Active Client Rebalance Threshold = 20%
    Standby Client Rebalance Threshold = 40%
    Unbalance Threshold = 5%
    AP Load Balancing: Enabled
    Active AP Rebalance Threshold = 20%
    Active AP Unbalance Threshold = 5%
    Active AP Rebalance AP Count = 50
    Active AP Rebalance Timer = 1 minutes
    Cluster Info Table
    ------------------
    Type IPv4 Address Priority Connection-Type STATUS
    ---- --------------- -------- --------------- ------
    self 10.x.x.20 128 N/A CONNECTED (Leader)
    peer 10.x.x.21 128 L2-Connected CONNECTED (Member, last HBT_RSP 48ms ago, RTD = 0.000 ms)

    ------------------------------
    Stewart Smith
    ------------------------------



  • 8.  RE: Load balancing for dynamic segmentation

    Posted 11 days ago
    What versions have you running on the gateways/controllers? And what on the 2930M switches?

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 9.  RE: Load balancing for dynamic segmentation

    Posted 11 days ago
    Controllers are 8.6.0.10
    Switches are 16.10.0009

    ------------------------------
    Stewart Smith
    ------------------------------



  • 10.  RE: Load balancing for dynamic segmentation

    Posted 11 days ago
    Should be good with those versions. There is some good material, also on logging/troubleshooting in the Dynamic Segmentation Inside Out video series, but if you just want to make it work, it may be best to reach out to Aruba Support and let them have a look at your deployment.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 11.  RE: Load balancing for dynamic segmentation

    Posted 11 days ago
    Ok I will raise with TAC. It is a live customer site with over 50 switch stacks. I am assured that it did previously load balance correctly
    Thanks

    ------------------------------
    Stewart Smith
    ------------------------------