Wireless Access

Frequent Contributor II

AP, Controller and clients communication in ARUBA network infrastructure

Hi everyone,


I was thinking about how exactly frames/packets are being translated and moved between Client, AP and Controller in ARUBA network. So the following is my analysis, please correct or modify my flow so we can know exacly how ARUBA network elements are functioning.


We have to know that AP make GRE tunnel for to Controller for each SSID.


1st: Wireless Client with IP:1 and MAC:A wants to talk with Client 2.


2nd: Client 1 knows Client 2 IP address and used ARP to get Client 2 MAC address (note they are in same subnet/VLAN).


3rd: AP receives the packet , remove 802.11 header, add GREheader on top of the current IP header, then add GRE-IP header on top of the GRE header with (Sourc IP: 4) and (Dest IP: 3), add 802.3 header with Source (MAC: E) and Dest (MAC: C).


4th: The switch will know that (MAC: E) is connected to (port: x) and (MAC: C) is connected to (port: y). and it will forward the frame to the MC after tagging it with the VLAN ID, if VLAN 2 is not the native VLAN.


5th: MC will decapsulate the 802.3 header, however, it will record the frame source MAC address, then, it will check the IP header protocol type and know that this packet recived from the GRE tunnel associated with (MAC: E).


6th: the MC will removed GRE header and GRE-IP header and route the packet to (VLAN: 1) { because this is a vital function I THINK that using " no inter-vlan routing" will not affect it }.


7th: MC will use ARP to find the MAC address for the destination and Source IP address in the packet.


8th: MC will encapsulate the packet inside 802.3 frame header using source (MAC: A) and destination (MAC: B). and tag the frame with (VLAN: 1) if it is not the native VLAN.


9th: Switch receive the frame and register that (MAC: A) reside in (port: y). then forward the frame to (port: z).


10th: Client 2, send reply with Source (IP: 2 - MAC: B), destination (IP: 1 - MAC: A).


11th: Switch know that (MAC: A) is connected in (port: y) and so send the frame to that port.


12th: Controller receive the packet and know that the destination MAC address is connected to GRE interface that has (VLAN: 1 and MAC: D for the other end).


13th: Controller remove the 802.3 header and insert GRE header and then GRE-IP header with Source (IP: 3) Dest. (IP: 4) and insert the new 802.3 header with source (MAC: C) and Dest (MAC: E).


14th: Switch receive the frame and from previous step it knows that (MAC:E) is in (port: x).


15th: AP recive the frame and from the MAC address it know it belong to (SSID1) it removes the 802.3 header, GRE-IP header and  GRE header and insert 802.11 header using Tx address (MAC: E), Source (MAC: B) and Destination (MAC: A). 



This is how I understand ARUBA communication protocol, I need someone to correct me or sheer me if I am on the right way !! :S


I noticed that:


1- GRE tunnels are distingutioned using SSID MAC address on the AP. not using different IP-address (unless ARUBA is using port numbers or something like this somehow/somewhere in the packet).


2- Access point mac-address-table will be really big maybe even bigger than the switch it self.


3- due to this there is a lot of load on the MC.


4- (if IP is not configured on MC SSID's VLANs) MC should figure out each VLAN is mapped to which IP-Subnet from e.g. packets received from wireless client or DHCP server IP assignement so when it receives a packet from wired to wireless clients it can manage to forward it.



I hope this helps :smileyfrustrated:


Aruba Employee

Re: AP, Controller and clients communication in ARUBA network infrastructure

Eveything looks good... One minor correction...


We have to know that AP make GRE tunnel for to Controller for each SSID.


AALAP: AP makes GRE tunnel for each BSS. This means if you have 1 SSID broadcasting on A radio and b/g radio, then you will have 2 GRE tunnels for client traffic. You will always have 1 GRE tunnel per AP for heartbeats (6.x onwards).



Search Airheads
Showing results for 
Search instead for 
Did you mean: