AP redundancy solutoins (like a backup-LMS) put heavy load on the backup controller during failover, resulting in slower failover performance. If the number of Acces Points to failover is much more then unavailability of wireless downtime to users further increases. To avoid this, ArubaOS now supports redundancy through the High Availability:Fast Failover feature based upon the Virtual Router Redundancy Protocol (VRRP).
This WLAN redundancy solution allows a campus AP to rapidly fail over from a active to a standby controller without needing to rebootstrap. It significantly reduces network downtime and client traffic disruption during network upgrades or unexpected failures.
APs using the High Availability: Fast Failover feature regularly communicate with the standby controller, so the standby controllerr has only a light workload to process if an AP failover occurs. This results in very rapid failover times, and a shorter client reconnect period. This feature supports failover for campus APs in tunnel forwarding mode only. It does not support failover for remote APs or campus APs in bridge forwarding mode.
The High Availability: Fast Failover features work across Layer-3 networks, so there is no need for a direct Layer-2 connection between controllers in a high-availability group.When the AP first connects to its active controller, that controller sends the AP the IP address of a standby controller, and the AP attempts to connect to the standby controller.
APs using control plane security establish an IPsec tunnel to their standby controllers. APs that are not configured to use control plane security send clear, unencrypted information to the standby controller. An AP will failover to its backup controller if it fails to contact its active controller through regular heartbeats and keepalive messages, or if the user manually triggers a failover using the WebUI or CLI.
A controller using this feature can have one of three high availability roles – active, standby or dual.
Active controller:
An active controller serves APs, but cannot act as a failover standby controller for any AP except the ones that it serves as active.
Standby Controller:
A standby controller acts as a failover backup controller, but cannot be configured as the primary controller for any AP.
Dual Controller:
A dual controller can support both roles, and acts as the active controller for one set of APs, and also acts as a standby controller for another set of APs.
High Availability groups support the following deployment modes
- Active/Active Deployment
- 1:1 Active/Standby Deployment
- N:1 Active/Standby Deployment
Active/Active Deployment:
In this model, two controllers are deployed in dual mode. Controller one acts as standby for the APs served by controller two, and vice-versa. Each controller in this deployment model supports approximately 50% of its total AP capacity, so if one controller fails, all the APs served by that controller would fail over to the other controller , thereby providing high availability redundancy to all APs in the cluster.
1:1 Active/Standby Deployment model:
In this model, the controller in active mode supports up to 100% of its rated capacity of APs, while the other controller in standby mode is idle. If the active controller fails, all APs served by the active controller would failover to the standby controller.
N:1 Active/Standby Deployment model:
In this model, each controller in active mode supports up to 100% of its rated capacity of APs, while one other controller is idle in standby mode is idle. If an active controller fails, all APs served by the active controller would failover to the standby controller.This model requires that the AP capacity of the standby controller is able to support the total number of APs distributed across ALL active controllers in the cluster.
In the cluster shown in the example below, two active controllers use a single higher-capacity standby controller.
Configuring High Availability:Fast Failover
From WebUI:
- Navigate to Configuration>Advanced Services>All Profiles.
- In the Profiles list in the left window, expand "HA" and then select "HA group information"
- Mention a name to the group and click ADD
- In the left, click on the newly created group. Enter the IP address of each controller in the HA group, and assign a role to each controller.
NOTE: The IP address of each controller must be reachable by APs, and must be the IP address that appears in the "show controller-ip" command on specific controllers
Select the Preemption checkbox if an AP that has failed over to a standby should attempt to connect back to its original active controller once that controller is reachable again. When you enable this setting, the AP will wait for the time specified by the lms-hold-down-period parameter in the ap system profile before the AP attempts to switch back from the standby controller to the orginal controller.
From CLI:
Points to be noted:
- All active and backup controllers within a single high-availability group must be deployed in a single master-local topology.
- The high availability: fast failover feature supports APs in campus mode using tunnel or decrypt-tunnel forwarding modes, but does not support campus APs in bridge mode.
- This feature is not supported on remote APs and mesh APs in any mode.
- Legacy AP-60 series and AP-70series APs also do not support this feature.