Q: Do we have radio/port redundancy on AP LACP GRE striping feature and what changed in config from AOS 6.4.2.0?
A: This article is applied to code 6.4.2.0 and above. Tested on code 6.4.2.6.
In Aruba OS 6.4.1 releases GRE striping IP address was defined in the global AP system profile, which did not allow APs to maintain GRE striping tunnels if the AP failed over to a backup controller in a different L3 network.
However from Aruba OS 6.4.2.0 The AP LACP LMS map information profile is a local profile that maps a LMS IP address (defined in the AP system profile) to a GRE striping IP address and supported across L3 networks as well.
The GRE striping IP address parameter is deprecated from the AP system profile in Aruba OS 6.4.2.0 and above. Here is the below command to configure it.
In Aruba OS 6.4.1 &6.3
(host) (config) #ap system-profile LACP
(host) (AP system profile "LACP") #lms-ip 10.32.1.11
(host) (AP system profile "LACP") #gre-striping-ip 10.32.1.11
From Aruba OS 6.4.2.0 and above
For deployments running ArubaOS 6.4.2.x and later, execute the following commands to configure LACP and AP LACP LMS map information settings.
(host) (config) #ap system-profile LACP
(host) (AP system profile "LACP") #lms-ip 10.32.1.11
(host) (AP system profile "LACP") #exit
(host) (config) #ap-lacp-striping-ip
(host) (AP LACP LMS map information) #striping-ip 10.32.1.11
Keypoints:
- GRE striping ip address should be the management controller address +1. In case of VRRP configured it should be VRRP address + 1.
- GRE Striping IP does not belong to any physical or virtual interface on the controller, but the controller can transmit or receive packets using this IP.
- Ensure that the gre-striping-ip is unique and not used by any other host on the subnet.
- LACP cannot be enabled if wired AP functionality is enabled on the second port.
There is NO radio port redundancy with AP LACP GRE striping feature. If radio 0 the first port is down; AP will be down and no radio/port redundancy or no traffic will be passed so E0/uplink to swich needs to be always up.
From below set up you could notice “s” flag which indicates “ GRE striping ip is configured”
(WC01.SF02) #show ap database
AP Database
-----------
Name Group AP Type IP Address Status Flags Switch IP Standby IP
---- ----- ------- ---------- ------ ----- --------- ----------
18:64:72:c7:08:72 default 225 10.32.1.253 Up 42m:35s s 10.32.1.8 0.0.0.0
Flags: U = Unprovisioned; N = Duplicate name; G = No such group; L = Unlicensed
I = Inactive; D = Dirty or no config; E = Regulatory Domain Mismatch
X = Maintenance Mode; P = PPPoE AP; B = Built-in AP; s = LACP striping
R = Remote AP; R- = Remote AP requires Auth; C = Cellular RAP;
c = CERT-based RAP; 1 = 802.1x authenticated AP; 2 = Using IKE version 2
u = Custom-Cert RAP; S = Standby-mode AP; J = USB cert at AP
how to check both “eo and “e1” is up ?
(WC01.SF02) # show ap debug lacp ip-addr 10.32.1.253
AP LACP GRE Striping IP: 10.32.1.11
AP LACP Status
--------------
Link Status LACP Rate Num Ports Actor Key Partner Key Partner MAC
----------- --------- --------- --------- ----------- -----------
Up slow 2 17 11 00:1a:1e:09:92:00
Slave Interface Status
----------------------
Slave I/f Name Permanent MAC Addr Link Status Member of LAG Link Fail Count
-------------- ------------------ ----------- ------------- ---------------
eth0 18:64:72:c7:08:72 Up Yes 3
eth1 18:64:72:c7:08:73 Up Yes 3
GRE Radio Traffic Received on Enet Ports
----------------------------------------
Radio Num Enet 0 Rx Count Enet 1 Rx Count
--------- --------------- ---------------
0 405 1872
1 23 0
Traffic Sent on Enet Ports
--------------------------
Radio Num Enet 0 Tx Count Enet 1 Tx Count
--------- --------------- ---------------
0 61 0
1 23 0
non-wifi 2 5275
Below output indicates there are two GRE tunnels established one for 5 Ghz and another for 2.4 GHz.
show datapath tunnel table
# Source Destination Prt Type MTU VLAN Acls BSSID Decaps Encaps Heartbeats Flags EncapKBytes DecapKBytes
------ -------------- -------------- --- ---- ---- ---- ------------------- ----------------- ---------- ---------- ---------- ----- ------------- -----------
9 10.32.1.11 10.32.1.253 47 8300 1500 0 0 0 2 0 18:64:72:F0:87:20 17 0 0 IMSPa
10 10.32.1.10 10.32.1.253 47 9000 1500 0 0 0 0 0 18:64:72:C7:08:72 1751 0 1734 TES
12 SPI06DC4700 in 10.32.1.8 50 IPSE 1500 0 routeDest 01F4 536 0 0 0
11 10.32.1.10 10.32.1.253 47 8200 1500 0 0 0 2 0 18:64:72:F0:87:30 47 0 0 IMSPa
13 SPIF6B1C500out 10.32.1.9 50 IPSE 1500 0 routeDest 01F4 0 434 0 0
(WC01.SF02) # show ap bss-table
fm (forward mode): T-Tunnel, S-Split, D-Decrypt Tunnel, B-Bridge (s-standard, p-persistent, b-backup, a-always)
Aruba AP BSS Table
------------------
bss ess port ip phy type ch/EIRP/max-EIRP cur-cl ap name in-t(s) tot-t mtu acl-state acl fm
--- --- ---- -- --- ---- ---------------- ------ ------- ------- ----- --- --------- --- --
18:64:72:f0:87:20 aruba-ap N/A 10.32.1.253 g-HT ap 11/9/21 0 18:64:72:c7:08:72 0 29m:54s 1500 - 2 T
18:64:72:f0:87:30 aruba-ap N/A 10.32.1.253 a-HT ap 40-/15/21 0 18:64:72:c7:08:72 0 29m:54s 1500 - 2 T
What happens when you brought E1 port second port goes down?
AP is still up and all traffic will go through EO port uplink however you will notice LACP e1 port is down. Find below highlighted.
AP LACP GRE Striping IP: 10.32.1.11
AP LACP Status
--------------
Link Status LACP Rate Num Ports Actor Key Partner Key Partner MAC
----------- --------- --------- --------- ----------- -----------
Up slow 1 17 11 00:1a:1e:09:92:00
Slave Interface Status
----------------------
Slave I/f Name Permanent MAC Addr Link Status Member of LAG Link Fail Count
-------------- ------------------ ----------- ------------- ---------------
eth0 18:64:72:c7:08:72 Up Yes 3
eth1 18:64:72:c7:08:73 Down No 4
What happens when EO port is down ?
AP will go down and AP will lose the GRE tunnel and will not come up until it come back online.
Caveat is LACP helps in terms of load balancing and increasing then throughput for better performance and reliability however it doesn’t give you the option of port redundancy.
Striping IP should be VRRP+1 IP address which is 10.32.1.11 in this case.
Useful commands
show ap debug lacp ap-name <ap-name>
shoe ap database
show datapath tunnel
show datapath user
show datapath route-cache