Controllerless Networks

Contributor II

IAP VPN preemption issues

Hi there,


I am attempting to setup an Instant AP in a customer's branch office that has a primary and secondary IPSEC VPN back to a 7005 Controller in their Data Centre.


The Primary IPSEC VPN is routed over an MPLS WAN while the Secondary VPN is router over a 4G wireless USB dongle connected to the back of the IAP.


When simulating an MPLS WAN outage, the link fails over to the 4G/secondary VPN when the preemption hold time (600 seconds) expires, as expected.


Now, when the hold timer expires again, the 4G connection drops while the IAP attempts to re-build the Primary VPN even while the MPLS is still down.


What's worse is that the link stays down for that 600 seconds until it rebuilds the Secondary VPN over the 4G link. Essentially when there is an MPLS outage, there is a 10 minute outage every 10 minutes.


Both Aruba TAC and our local SEs have stated that this is normal behaviour which I find pretty insane. They have advised that we should disable preemption. With 130 sites being rolled out, we want it to be as automatic as we can.


Is this REALLY by design? I find it hard to believe that the IAP won't attempt to do something as simple as ping the Primary VPN endpoint IP before attempting to build the VPN, and drop the Secondary.


Am I missing something?



Contributor II

Re: IAP VPN preemption issues

This was finally admitted as a bug...

Search Airheads
Showing results for 
Search instead for 
Did you mean: