Question: Can we configure datacenter redundancy model with HA?
Environment: Controller running 6.3 and above.
AP Fast Failover does not provide redundancy for controllers or AP’s master discovery process, and hence customers using VRRP for controller redundancy should continue to use it. AP Fast Failover can coexist with VRRP, as long as VRRP-IP is not used in ha group-profile and as LMS in AP system profile.
Master Controller Redundancy
The master controller in the Aruba user-centric network acts as a single point of configuration for global policies such as firewall policies, authentication parameters, RF configuration to ease the configuration and maintenance of a wireless network. It also maintains a database related to the wireless network that is used to make any adjustments (automated as well as manual) in reaction to events that cause a change in the environment (such as an AP becoming unavailable).
The master controller is also responsible for providing the configuration for any AP to complete its boot process. If the master controller becomes unavailable, the network continues to run without any interruption. However, any change in the network topology or configuration will require the availability of the master controller. To maintain a highly redundant network, the administrator can use a controller to act as a hot standby for the master controller. The underlying protocol used is the same as in local redundancy, that is, VRRP.
Traditional Design (Prior to AP Fast Failover)
!
ap system-profile <profile-name>
lms-ip <VRRP1 IP>
bkup-lms-ip <VRRP2 IP>
!
In the above design, VRRP is used to provide redundancy withing datacenter. If Local-A goes down than VRRP will failover to Local-B. However, if entire datacenter goes down, than backup-lms-ip will be used to provide redundancy across datacenters.
Design after migrating to AP Fast Failover
1. Remove VRRP1 IP as lms-ip and configure Local-A IP as lms-ip in ap system profile.
2. Use VRRP 2 IP as bkup-lms-ip.
Master1 controller config
!
ap system-profile <profile-name>
lms-ip <Local-A IP>
bkup-lms-ip <VRRP-2 IP>
!
ha group-profile HA1
controller <Local-A IP> role DUAL
controller <Local-B IP> role DUAL
heartbeat
statesync
pre-shared-key <key>
!
Local-A & Local-B controller config
ha group-membership HA1
After migrating to above design, AP Fast Failover will work between Local A & Local B. APs will have active tunnels to Local A and standby tunnels to Local B. If Local A fails, than Local B will take over the APs providing redundancy within datacenter.
However, to achieve redundancy across datacenter, "bkup-lms-ip" can still be used and works fine with AP Fast Failover. So if entire datacenter1 goes down than APs will bootstrap to datacenter2 (VRRP2 IP address).
Please note, 'when APs move from LMS to BKUP-LMS, it will NOT be fast failover. In the above design, it would be ideal to move APs back to lms-ip as soon as datacenter1 comes back online to have AP Fast Failover working again.