Hey Airheads,
I'm trying to POC a backup solution for the company I work for and I'm having a bit of an issue coming up with a viable solution. I feel as though I have parts to the solution, but not the entire solution. It utilizes part of an LMS and L3 mobility solution, but each solution by itself won't cut it. Let me explain.
Let's say for examples sake that I have 4 locations; Location A, B, C, and D. Each location is as follows:
Location A (10.100.(vlan).(supplicant) on a /23 or /24
Controller: 7000 Series (Active Master and LMS Controller)
VLAN 10: 10.100.10.x (Employee-SSID_prof / Employee-aaa_prof)
VLAN 11: 10.100.11.x (Employee2-SSID_prof / Employee2-aaa_prof)
VLAN 12: 10.100.12.x (Voice-SSID_prof / Voice-aaa_prof)
AP-Group: LocA-AP-Group
#show ap essid
Employee
Employee2
Voice
Location B (10.101.(vlan).(supplicant) on a /23 or /24
Controller: 3000 Series (Active Master pointing to Controller A for LMS)
VLAN 10: 10.101.10.x (Employee-SSID_prof / Employee-aaa_prof)
VLAN 11: 10.101.11.x (Employee2-SSID_prof / Employee2-aaa_prof)
VLAN 12: 10.101.12.x (Voice-SSID_prof / Voice-aaa_prof)
AP-Group: LocB-AP-Group
#show ap essid
Employee
Employee2
Voice
Location C (10.102.(vlan).(supplicant) on a /23 or /24
Controller: 3000 Series (Active Master pointing to Controller A for LMS)
VLAN 10: 10.102.10.x (Employee-SSID_prof / Employee-aaa_prof)
VLAN 11: 10.102.11.x (Employee2-SSID_prof / Employee2-aaa_prof)
VLAN 12: 10.102.12.x (Voice-SSID_prof / Voice-aaa_prof)
AP-Group: LocC-AP-Group
#show ap essid
Employee
Employee2
Voice
Location D (10.103.(vlan).(supplicant) on a /23 or /24
Controller: 3000 Series (Active Master pointing to Controller A for LMS)
VLAN 10: 10.103.10.x (Employee-SSID_prof / Employee-aaa_prof)
VLAN 11: 10.103.11.x (Employee2-SSID_prof / Employee2-aaa_prof)
VLAN 12: 10.103.12.x (Voice-SSID_prof / Voice-aaa_prof)
AP-Group: LocD-AP-Group
#show ap essid
Employee
Employee2
Voice
Let's assume that Location A's controller is serving as the backup controller for the other locations, and has all AP-Groups created on it (LocA-AP-Group, LocB-AP-Group, LocC-AP-Group, LocD-AP-Group).
Let's also assume that each location has specific application servers, and that the supplicants are IP dependent. If Location B's controller goes down, the APs at Location B will reference the IP address of the LMS controller (in this case, it's Location A) and, if it finds its AP-Group, will start broadcasting again. Once the APs rebootstrap and come up, supplicants will rejoin and get connected. However, the supplicants will now have new IP addresses in the same address space as Location A's location, NOT at its own home location. Also, since the use of non-unique VLANs at each location is present, if more than one site fails over, all will share the same address space, which may or may not be desired. This is where, I believe, L3 Mobility comes into play.
With L3 Mobility, I can have all Location(x) controllers join the same mobility group and, using the home and care-of features built within it, allow supplicants access to their home resources from different locations. However, I think that that solution depends on the home controller being up; what happens if it goes down? From what I understand, whatever controller is serving as the LMS backup controller for all other locations needs to have all AP-Groups within it, but how do you accomplish that? I found that using unique VLANs for each desired SSID would work, as detailed in the L3 Mobility VRD. Example below will simply be for the controller serving as the main backup controller for each location (Location A)
LocA-AP-Group
VLAN 10
VLAN 11
VLAN 12
LocB-AP-Group
VLAN 100
VLAN 110
VLAN 120
LocC-AP-Group
VLAN 200
VLAN 210
VLAN 220
LocD-AP-Group
VLAN 300
VLAN 310
VLAN 320
(I realize that using VLANs that spread out isn't a good idea typically, but it'll serve for the above listed example).
So, if Location C fails over to Location A's controller, supplicant devices will now route out of Location A's network on VLANs 200, 210, and 220.
This is where it gets hazy for me.
L3 Mobility relies on the controllers actually being up in order to work, and LMS failover will allow those APs to move over to the new controller, but it won't take into account for the new VLANs. I suppose that if Controller A has the AP-Groups setup how I have it listed above it won't matter too much, but will L3 Mobility be needed at that point? Setting up the IP profiles for the different VLANs with their respective DHCP IP helper addresses will help supplicants get the right IPs, but will that "parent" VLAN need to be tagged on Location A's router(s) / switch(es), as well as its home location? Also, what if there were a hundred locations? Would the LMS master-controller (we'll call it) need to have hundreds of VLANs added to it? Some of my constituents have asked me to find a simpler solution, but I'm not sure if there is one since we're using non-unique VLANs. Anyway, another set of eyes / brain would help me in figuring this out.
Thank you in advance!