Wireless Access

Reply
Occasional Contributor I

AP LMS discovery when failed over to BLMS

We have recently moved to an LMS/Backup LMS configuration and my manager was advised that any AP rebooted whilst failed over to the Backup would automatically find it during Discovery.  Without changing the DNS entry for aruba-master

 

Our DNS is currently configured for Round Robin, so having two entries in this would not be a solution.

 

However, when rebooting an AP during a failover test, it did not start and when connected to via console we could see that it was stuck at ADP.  Is it possible for the AP to automatically find the Backup LMS using aruba-master or would the DNS entry need to be changed on failover?

Guru Elite

Re: AP LMS discovery when failed over to BLMS

- What version of ArubaOS are you running?

- Do you have the LMS and Backup LMS defined in the AP system profile in the ap-group?

- Access Points find their LMS and Backup LMS via ip address defined in the AP system profile.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Occasional Contributor I

Re: AP LMS discovery when failed over to BLMS

Version is 6.5.4.12 and both the IP addresses for LMS and Backup LMS are in the AP System profile

 

This was configured before the failover, however, the AP still failed to boot correctly.

Guru Elite

Re: AP LMS discovery when failed over to BLMS

On bootup,  the access point first has to find a controller.  When it does, it presents its name and ap-group to that controller.  In side the ap-group configuration, in the ap system profile, there is an lms-and backup lms-ip address.  The AP is immediately redirected to the lms-ip, get the same configuration and start accepting clients.  If it loses connectivity to the lms-ip, it gets redirected backup-lms-ip gets its configuration and starts accepting clients.  There should be no reboot between the lms-ip and the backup-lms-ip phase.  APs should only reboot if they cannot reach the controller.

 

After an ap reboots, you should type "show ap debug system-status ap-name <name of ap>" and get the reboot reason.  Alternatively, you can type "show log system 50" and it should tell you why an AP rebooted or lost connectivity.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Occasional Contributor I

Re: AP LMS discovery when failed over to BLMS

The AP reboot was not caused by the failover, it was a manual process to see what would happen.  As we are moving to LMS/Backup LMS as part of our DR plan.  As such, we needed to test all issues that could arrive, from the LMS failover to simulating a power outage to a remote AP.

 

I was during this simulated power outage where the AP restarted and failed to connect to the Backup LMS

Guru Elite

Re: AP LMS discovery when failed over to BLMS

How are you simulating the power outage?  You should first try unplugging the uplink to the lms-ip controller first.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Guru Elite

Re: AP LMS discovery when failed over to BLMS

I am hoping that the path to the backup lms does not run through the lms-iP.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Occasional Contributor I

Re: AP LMS discovery when failed over to BLMS

For the failover between the two controllers was done by unplugging the LMS from the network, which failed all APs to the BackupLMS without any issue.  This is not what I am questioning.

 

There is no direct link between the LMS and Backup LMS, as we are moving to Layer 3 across 2 sites

 

When the AP was connected to the BackupLMS as were another 184 across the country, it then had its Ethernet cable pulled and put back in.  This is when it hung.  The 184 had no issues, as they did not need to discover the controller.

Frequent Contributor II

Re: AP LMS discovery when failed over to BLMS

Let me just add a little to what cjoseph stated and explain the process a little more. When an AP boots, it needs 6 pieces of information:

 

IP Address

Subnet Mask

Default Gateway

AP Name

AP Group

IP address of the controller the AP will initial communicate with

 

All of this can be statically or dynamically obtained.

 

If it is a brand new AP, the IP info will be gotten using DHCP. The name will be the MAC of the Eth 0 port on the AP, the group will be 'default'.

 

The initial controller is obtained in the following order

 

statically configured

DHCP option 43/60

Aruba Discovery Protocol (ADP) multicast and broadcast

DNS

 

If this is a new AP, all things will be default..

 

After the AP has the address of the initial controller, it communicates with it and  checks if it has the same OS. If not, it does an FTP transfer, which takes about 4 minutes, and downloads the new OS. It will then reboot, with this new OS, go through the above process again, at that point it will talk to the initial controller again. This time the OS is the same, so the AP will either download the LMS-IP address for the AP group that the AP is part of, along with the backup LMS-IP. If there is an LMS-IP setting, the AP will communicate with that controller to download its configuration. If there is no LMS-IP setting, the AP try the backup LMS-IP. If it cannot communicate with either, it will communicate with the controller it discovered and use that to download its configuration.

 

I hope this helps,

David
Sr. Trainer and Author of upcoming "Understanding ArubaOS: Version 8.x" book
Guru Elite

Re: AP LMS discovery when failed over to BLMS


@ElisUKIT wrote:

For the failover between the two controllers was done by unplugging the LMS from the network, which failed all APs to the BackupLMS without any issue.  This is not what I am questioning.  GOOD

 

There is no direct link between the LMS and Backup LMS, as we are moving to Layer 3 across 2 sites  GOOD

 

When the AP was connected to the BackupLMS as were another 184 across the country, it then had its Ethernet cable pulled and put back in.  This is when it hung.  The 184 had no issues, as they did not need to discover the controller.


"it then had its Ethernet cable pulled and put back in.  This is when it hung" - Are you saying that the AP had its ethernet cable pulled and plugged back inIf that is the case, the AP completely power cycles and starts the master disvoery (aruba-master) all over again.  It does not move to the second controller, because the lms-ip and backup lms is not saved across reboots.  If you want cold-boot discovery, you should put two ip addresses into the a-record for aruba-master, so it can discover both ip addresses.  Here is how that would work:

 

AP boots up cold, resolves aruba-master.domain.com and receives two ip addresses, OR if your DNS is configured to do round-robin, it sends one ip address upon first resolution and then a different ip address on a second resolution (turning off round robin on your DNS server would offer the best performance).  If the AP receives two ip addresses, it will attempt to reach the first ip address and then attempt to reach the second if the first controller doesn't respond.   If it reaches the backup controller, it will receive its lms-ip and backup lms-ip.  It will then attempt to reach the first controller that is down, and if it doesn't answer (because it is down), it will then attempt to reach the second controller.

 

Big picture, failing over access points to a second datacenter is typically a last resort.  Controllers don't fail often, so you should just put two at the same site and point aruba-master to the vrrp between them.  If you have network problems at a site, frequently that same problem will prevent access points from reaching the controller at the backup site.  If the access points do reach the controller at the backup site, all cllients will have to receive different ip addresses, which will disconnect their applications.  In addition, if connectivity to the remote site is not good, your clients, in addition to having to reconnect their applications, will have poor performance.  Having a second controller in a VRRP configuration to backup the first controller at the primary site provides the best failover performance (no application restarts) and performance will continue to be like it was in the first place (sometimes your users won't even notice).  It also offers you the opportunity to swap out a controller at the primary site during production if there is a hardware failure, etc without disturbing your users.  If you need to provide a backup controller at a second site, you can do that as well.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: