Controller Based WLANs

 View Only
last person joined: one year ago 

APs, Controllers, VIA
Back to Library

How to configure L2 GRE Tunnel Group in 6.4.2.3 

Apr 09, 2015 07:46 AM

The controller supports redundancy for L3 Generic Routing Encapsulation (GRE) tunnels. Starting with ArubaOS 6.4.2.3, the controller supports redundancy for L2 GRE tunnel as well. This feature enables automatic redirection of the user traffic to a standby tunnel when the primary tunnel goes down.

 

All member tunnels in a group must have the same VLAN membership.
An L2 member tunnel can only be part of one tunnel-group.
L2 tunnel-group is not interoperable with other vendors.

 

 

Environment : Aruba OS 6.4.2.3 and above. 

 

Network Topology : The Controllers Aruba-1 and Aruba-2 are connected by two links on VLAN 1 and VLAN 10

 

rtaImage (4).jpg

 

We can add multiple tunnels to a tunnel-group. The order of the tunnels defined in the tunnel-group configuration specifies their standby precedence. The first member of the tunnel-group is the primary tunnel. When the first tunnel fails, the second tunnel carries the traffic.
 
(Aruba-1) (config) #tunnel-group Test
(Aruba-1) (config-tunnel-group)#mode l2
(Aruba-1) (config-tunnel-group)#tunnel 1
(Aruba-1) (config-tunnel-group)#tunnel 2
 
We can also enable or disable pre-emption as part of the tunnel-group configuration. Pre-emption is enabled by default. The pre-emption option automatically redirects the traffic whenever it detects an active tunnel with a higher precedence in the tunnel-group. When pre-emption is disabled, the traffic gets redirected to a higher precedence tunnel only when the tunnel carrying the traffic fails.

(Aruba-1) (config) #tunnel-group test
(Aruba-1) (config-tunnel-group)#preemptive-failover
 
(Aruba-1)#show tunnel-group

Tunnel-Group Table Entries
--------------------------
Tunnel Group  Mode  Tunnel Group Id  Preemptive Failover   Active Tunnel Id  Tunnel Members
------------     ----  ---------------  --------------------  ----------------  --------------
Test                 L2         16385            enabled                          1                 1   2

(Aruba-1) #show datapath tunnel-group

Datapath Tunnel-Group Table Entries
-----------------------------------
Tunnel-Group  Active Tunnel        Members
------------  -------------  -------------------
16385                   12             12  10

(Harri2) #show datapath tunnel

+----+------+-----------------------------------------------------+
|SUM/|      |                                   |                 |
|CPU | Addr | Description                                   Value |
+----+------+-----------------------------------------------------+
|    | [00] | Tunnel FIB forwarded                             12 |
|    | [04] | Tunnel FIB stale                                      4 |
+----+------+-----------------------------------------------------+
|    |      |                                                     |
| G  | [00] | Current Entries                                    10 |
| G  | [02] | High Water Mark                                  10 |
| G  | [03] | Maximum Entries                                8192 |
| G  | [04] | Total Entries                                          26 |
| G  | [06] | Max link length                                        1 |
| G  | [07] | Current Tunnel FIB                       4294967295 |
| G  | [08] | Tunnel FIB recompute                              2 |
+----+------+-----------------------------------------------------+

Datapath Tunnel Table Entries
-----------------------------

Flags: E - Ether encap,  I - Wi-Fi encap,  R - Wired tunnel,  F - IP fragment OK
       W - WEP,  K - TKIP,  A - AESCCM,  G - AESGCM,  M - no mcast src filtering
       S - Single encrypt,  U - Untagged,  X - Tunneled node,  1(cert-id) - 802.1X Term-PEAP
       2(cert-id) - 802.1X Term-TLS,  T - Trusted,  L - No looping, d - Drop Bcast/Unknown Mcast,
       D - Decrypt tunnel,  a - Reduce ARP packets in the air, e - EAPOL only
       C - Prohibit new calls, P - Permanent, m - Convert multicast
       n - Convert RAs to unicast(VLAN Pooling/L3 Mobility enabled), s - Split tunnel
       V - enforce user vlan(open clients only)
       H - Standby (HA-Lite)

 #          Source       Destination    Prt  Type  MTU   VLAN       Acls                BSSID          Decaps     Encaps   Heartbeats Cpu QSz Flags  EncapKBytes  DecapKBytes
------  --------------  --------------  ---  ----  ----  ---- -------------------  ----------------- ---------- ---------- ---------- --- --- ----- ------------- -----------
10      10.1.1.2        10.1.1.1        47   1     1100  0    0    0    0    0     00:00:00:00:00:00          0          0          0  10   0 TEFPRH
12      10.17.171.36    10.17.171.37    47   1     1100  0    0    0    0    0     00:00:00:00:00:00          0          0          0   9   0 TEFPR

(Aruba-1) #show interface tunnel 1

Tunnel 1 is up line protocol is up
Description: Tunnel Interface
Source  10.17.171.37 (Vlan 1)
Destination 10.17.171.36
Tunnel mtu is set to 1100
Tunnel is a Layer2 GRE TUNNEL
Tunnel is Trusted
Inter Tunnel Flooding is enabled
Tunnel keepalive is disabled
Keepalive type is Default
tunnel vlan 100,200

Member of Tunnel-group:  Test

(Aruba-1) #show interface tunnel 2

Tunnel 2 is up line protocol is up
Description: Tunnel Interface
Source  10.1.1.1 (Vlan 10)
Destination 10.1.1.2
Tunnel mtu is set to 1100
Tunnel is a Layer2 GRE TUNNEL
Tunnel is Trusted
Inter Tunnel Flooding is enabled
Tunnel keepalive is disabled
Keepalive type is Default
tunnel vlan 100,200

Member of Tunnel-group:  Test

Statistics
0 Favorited
2 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.