Wireless Access

We have recently moved to an LMS/Backup LMS configuration and my manager was advised that any AP rebooted whilst failed over to the Backup would automatically find it during Discovery.  Without changing the DNS entry for aruba-master

Our DNS is currently configured for Round Robin, so having two entries in this would not be a solution.

However, when rebooting an AP during a failover test, it did not start and when connected to via console we could see that it was stuck at ADP.  Is it possible for the AP to automatically find the Backup LMS using aruba-master or would the DNS entry need to be changed on failover?

- What version of ArubaOS are you running?

- Do you have the LMS and Backup LMS defined in the AP system profile in the ap-group?

- Access Points find their LMS and Backup LMS via ip address defined in the AP system profile.

Version is 6.5.4.12 and both the IP addresses for LMS and Backup LMS are in the AP System profile

This was configured before the failover, however, the AP still failed to boot correctly.

On bootup,  the access point first has to find a controller.  When it does, it presents its name and ap-group to that controller.  In side the ap-group configuration, in the ap system profile, there is an lms-and backup lms-ip address.  The AP is immediately redirected to the lms-ip, get the same configuration and start accepting clients.  If it loses connectivity to the lms-ip, it gets redirected backup-lms-ip gets its configuration and starts accepting clients.  There should be no reboot between the lms-ip and the backup-lms-ip phase.  APs should only reboot if they cannot reach the controller.

After an ap reboots, you should type "show ap debug system-status ap-name <name of ap>" and get the reboot reason.  Alternatively, you can type "show log system 50" and it should tell you why an AP rebooted or lost connectivity.

The AP reboot was not caused by the failover, it was a manual process to see what would happen.  As we are moving to LMS/Backup LMS as part of our DR plan.  As such, we needed to test all issues that could arrive, from the LMS failover to simulating a power outage to a remote AP.

I was during this simulated power outage where the AP restarted and failed to connect to the Backup LMS

How are you simulating the power outage?  You should first try unplugging the uplink to the lms-ip controller first.

For the failover between the two controllers was done by unplugging the LMS from the network, which failed all APs to the BackupLMS without any issue.  This is not what I am questioning.

There is no direct link between the LMS and Backup LMS, as we are moving to Layer 3 across 2 sites

When the AP was connected to the BackupLMS as were another 184 across the country, it then had its Ethernet cable pulled and put back in.  This is when it hung.  The 184 had no issues, as they did not need to discover the controller.

Let me just add a little to what cjoseph stated and explain the process a little more. When an AP boots, it needs 6 pieces of information:

IP Address

Subnet Mask

Default Gateway

AP Name

AP Group

IP address of the controller the AP will initial communicate with

All of this can be statically or dynamically obtained.

If it is a brand new AP, the IP info will be gotten using DHCP. The name will be the MAC of the Eth 0 port on the AP, the group will be 'default'.

The initial controller is obtained in the following order

statically configured

DHCP option 43/60

Aruba Discovery Protocol (ADP) multicast and broadcast

DNS

If this is a new AP, all things will be default..

After the AP has the address of the initial controller, it communicates with it and  checks if it has the same OS. If not, it does an FTP transfer, which takes about 4 minutes, and downloads the new OS. It will then reboot, with this new OS, go through the above process again, at that point it will talk to the initial controller again. This time the OS is the same, so the AP will either download the LMS-IP address for the AP group that the AP is part of, along with the backup LMS-IP. If there is an LMS-IP setting, the AP will communicate with that controller to download its configuration. If there is no LMS-IP setting, the AP try the backup LMS-IP. If it cannot communicate with either, it will communicate with the controller it discovered and use that to download its configuration.

I hope this helps,

---

@ElisUKIT wrote:

For the failover between the two controllers was done by unplugging the LMS from the network, which failed all APs to the BackupLMS without any issue.  This is not what I am questioning.  GOOD

 

There is no direct link between the LMS and Backup LMS, as we are moving to Layer 3 across 2 sites  GOOD

 

When the AP was connected to the BackupLMS as were another 184 across the country, it then had its Ethernet cable pulled and put back in.  This is when it hung.  The 184 had no issues, as they did not need to discover the controller.

---

"it then had its Ethernet cable pulled and put back in.  This is when it hung" - Are you saying that the AP had its ethernet cable pulled and plugged back in?  If that is the case, the AP completely power cycles and starts the master disvoery (aruba-master) all over again.  It does not move to the second controller, because the lms-ip and backup lms is not saved across reboots.  If you want cold-boot discovery, you should put two ip addresses into the a-record for aruba-master, so it can discover both ip addresses.  Here is how that would work:

AP boots up cold, resolves aruba-master.domain.com and receives two ip addresses, OR if your DNS is configured to do round-robin, it sends one ip address upon first resolution and then a different ip address on a second resolution (turning off round robin on your DNS server would offer the best performance).  If the AP receives two ip addresses, it will attempt to reach the first ip address and then attempt to reach the second if the first controller doesn't respond.   If it reaches the backup controller, it will receive its lms-ip and backup lms-ip.  It will then attempt to reach the first controller that is down, and if it doesn't answer (because it is down), it will then attempt to reach the second controller.

Big picture, failing over access points to a second datacenter is typically a last resort.  Controllers don't fail often, so you should just put two at the same site and point aruba-master to the vrrp between them.  If you have network problems at a site, frequently that same problem will prevent access points from reaching the controller at the backup site.  If the access points do reach the controller at the backup site, all cllients will have to receive different ip addresses, which will disconnect their applications.  In addition, if connectivity to the remote site is not good, your clients, in addition to having to reconnect their applications, will have poor performance.  Having a second controller in a VRRP configuration to backup the first controller at the primary site provides the best failover performance (no application restarts) and performance will continue to be like it was in the first place (sometimes your users won't even notice).  It also offers you the opportunity to swap out a controller at the primary site during production if there is a hardware failure, etc without disturbing your users.  If you need to provide a backup controller at a second site, you can do that as well.

Thank you for your response.  This is the information I could find online, but my manager was advised that it would find the Backup LMS on a cold restart.  So I needed to confirm that.