Wireless Access

 View Only
last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Expand all | Collapse all

Aruba AP and WLC contoller Overhead.

This thread has been viewed 39 times
  • 1.  Aruba AP and WLC contoller Overhead.

    Posted Sep 22, 2023 06:28 PM

    Hello Community, I am trying to find the overhead added by AP and WLC with respect to GRE and other headers. I have tried downloading file from my office network where I have (AP and WLC ) along with routing, security devices .

    I n another test, downaloding the same file form my home ( just a netgear modem with interent connection) .

    Here is my setup and test result in office network

    PC------AP--------Switch-------WLC-----Switch------Firewall ( L3 core)--------Router-------ISP.

    I have 1500 MTU throughput the path. I have also verified the ping from WLC to AP with DF bit and max size pinging is 1472 which validates the MTU is 1500 between WLC-AP.

    During the TCP handshake I clearly see the negotiated TCP mss is 1460 however While doing PCAP on my PC, wireshark captures shows max packet size is 1440 (including Data + headers) and length in TCP data packet is max 1372.

    I am tying to understand a math on 60 bytes of cut, even AP send packet to WLC over GRE and adds a additional overhead of ~24 bytes even the tcp msss should be 1416 (1460 - 24 ({GRE})

    The max capture size on wireshark should be (1500-24) = 1476, then where is additional overhead? thre is no good comamnd i could find on Aruba to understand the overhead.

    Second Test:- I am downloading the exact same file and running capture on home network, The same PC show max cature size is 1514 (I believe this is inlcude etherent header) and max TCP length is 1448 whis is inline with MTU and mss values in TCP.

    Can anybody help to understand this?



  • 2.  RE: Aruba AP and WLC contoller Overhead.

    EMPLOYEE
    Posted Sep 22, 2023 11:15 PM

    Rather than focusing on the numbers as you have, can you explain what it is that you are trying to accomplish or learn here?

    When it comes to the tunnel between the AP and Mobility Controller (MC) our usage isn't exactly the same as what you might have in place for standard tunneling of traffic between two other devices.

    The traffic between AP and MC isn't constrained to just the "usual" 1500 bytes, but can expand up to the 802.11 maximum MTU of 2304 bytes or even larger in the case of A-MSDU or A-MPDU.  Point is, assuming that jumbo frames between AP and MC hasn't been enabled, the wireless traffic is likely getting fragmented, sent through the GRE tunnel, defragmented on the other end, and then transmitted over the air or over the wire.  Shoving these 802.11 packets across an 802.3 medium is why we can see a 30% improvement in throughput when jumbo has been implemented.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------



  • 3.  RE: Aruba AP and WLC contoller Overhead.

    Posted Sep 24, 2023 04:24 AM

    Thanks for your response. I am trying to understand the total overhead added by AP and WLC.  I did some analysis on the collected captures, and here are my additional findings.

    1) From the home network the wireshark captures show  1514, which is completely accurate by looking at the captures.

    (1448 (Data len)  + 32B TCP header + 20B IP + 14 byte Ethernet.  = 1514 

    2) From the Office network where a network has  AP and WLC, according to the PCAP

    (1374 (Data len)  + 32B TCP header + 20B IP + 14 byte Ethernet.  = 1440 

    This is around a total of 74 bytes of overhead seen according to PCAP and that's what I am trying to find why the 74 bytes of overhead.

    I understand the flow and wrapping of 802.11 header into 802.3 frames and send it via GRE tunnel, If I am not mistaken 802.11 frame is 36B and GRE is 24B which makes total 60B, where are rest 14 bytes?  Maybe an ethernet frame overhead between AP <->WLC? 

    Second question: My PC only sends a max packet of 1440 in the above setup though I have 1500 MTU on NIC. 

    I am assuming my machine is already doing Path MTU discovery before sending the traffic to the server in order to avoid fragmentation, Is my understanding correct? How does PC discover the path MTU with AP and WLC setup before sending packets to server  

    The TCP mss in syn and sync-ack is definitely showing 1460 in my captures so definitely there is something else letting PC know to send the packet with the right size to avoid fragmentation.

    Third question: If the path discovery true in the second question? is this applicable to the tunnel interface?

    Just to add more context, why I am trying to find these answers?

    -My actual problem is, VPN users are connected with a tunnel interface, which has MTU 1400. The users are at home connecting to VPN infra and accessing the internal and external resources, the performance is pretty rock solid however the same users are connected to office wifi complaining of poor performance., after debugging i found that 1400 MTU is not optimal for users, because IPsec has already 73 bytes of overhead + Aruba adding some additional overhead will cause frag issue. 

    I decided to lower the MTU to 1350 on the tunnel interface and performance increased by almost 10X, now the question is to understand the overhead so that i can find optimal value to configure tunnel MTU. I hope this gives more clarity. 




  • 4.  RE: Aruba AP and WLC contoller Overhead.

    EMPLOYEE
    Posted Sep 24, 2023 11:00 AM

    Are you describing a setup where the AP is remote from the controller and must traverse an IPSec tunnel to reach the controller?



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------



  • 5.  RE: Aruba AP and WLC contoller Overhead.

    Posted Sep 24, 2023 01:34 PM

    No, There is no IPSEC between AP and the controller, The AP's are WLC are located in the same physical premised and connected via L2/L3 network. We are using standard tunneling only, no CPsec.

    Here is my setup.

    Underlay:

    =========

    User-----(wireless)------>AP----->L2switch----->WLC----L2switch----->L3 Gw/FW ------->Router--------->Interent.
    AP and WLC are in different VLAN so technically, they are routed via L3 device.
    Overlay:---
    =======

    User -------(ipsec)--------->Same L3 Gw / Acting as VPN gateway------->Router--------->Interent.

    The problem statement and detail is in the above thread.




  • 6.  RE: Aruba AP and WLC contoller Overhead.

    EMPLOYEE
    Posted Sep 25, 2023 12:00 PM

    The packet overhead between AP and MC is variable, based on packet direction and WLAN configuration.  I observed 54 bytes on the low end and 78 bytes on the high end, without testing all of the variations.

    If you are having fragmentation issues, then I would recommend that you enable jumbo frames between AP and MC in line with our published best practices for maximizing the throughput of the wireless network.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------



  • 7.  RE: Aruba AP and WLC contoller Overhead.

    Posted Sep 26, 2023 04:22 PM

    Would it be possible to point out the document to explain this behavior in detail?

    BTW, what is MC? Mobility Conductor? I believe that is just a management platform. 

    Were you mean to refer WLC in your last thread? 

    Also would you be able to confirm if the machine does path MTU before checking before sending packets?




  • 8.  RE: Aruba AP and WLC contoller Overhead.

    EMPLOYEE
    Posted Sep 26, 2023 04:32 PM

    Which behavior?  I don't know of any documentation that goes into depth on how we utilize GRE, as mentioned I observed those values by looking at packet captures to see the data going into the Mobility Controller (MC) and then forwarded on to the AP and then vice versa.

    Mobility Controller = MC, Mobility Conductor = MCR

    WLC is not an acronym used in the Aruba lexicon.

    I didn't observe any PMTUD happening, but I wasn't looking for it either.

    I think the options for your particular setup are pretty clear, you need to either increase the MTU between AP and MC or decrease the MTU for the client side VPN to fit within the WLAN tunnel.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------