Wireless Access

Hi

We are in the process of moving away from L2 VRRP master/local setup to use L3 LMS/Backup LMS with a master/local setup, so that we can get some datacentre resilience for DR and i have a question on the best way to handle AP discovery.

Regarding General Resilience:

I understand that if the master LMS fails, then the AP's will bootstrap for 8 times then try the backup LMS, which should then have taken the role of master. I understand this wont be as quick as VRRP but its a sacrifice we have to make to get the resilience.

Regarding Discovery:

However, what i can't get my head around is how to handle AP discovery in this scenario.  Currently we use aruba-master for discovery, which points to the VRRP

The IP for AP discovery is being used for new AP's out of the box. so only the first boot they will contact that IP.

After AP-provisioning you have configuredthem with LMS/B-LMS IP. When the aruba-master IP is gone, the AP knows that it must contact the B-LMS. So the aruba-master DNS record doesn't need to be high availiable, and you can point it to you're LMS IP by default.

Ahh - i had read that the lms/backup lms IP didnt persist in the AP's config, only the ap group name, so i thought it retrieved its config again each time it booted via the discovery.  

If not though - i can relax a bit more!

Thank you Fabian

What verson of ArubaOS is this?  There are subtle differences, depending on the ArubaOS and if you are using clustering or not.

We are on 6.5.4.12_68901 and using 2 x 7210's without clustering mode, just master/local

Okay.  Clustering is only available in 8.x, and the rules are slightly different there.

You currently only have a single ip address for access points that cold boot access.  Access points that cold boot only obtain the LMS-IP/Backup LMS-IP from the first controller they contact. Typically when access points cold boot, they use DNS or a DHCP option to contact ther first controller.  If you want access points to have true redundancy upon cold boot,  you would want to put 2 ip addresses in the aruba-master a-record.  With that configuration, the AP will try one, and then the other upon cold boot, so that they will be able to find the a controller, regardless if one or the other is down.

Opinion:

Honestly, if your network is fairly reliable, I would just stick to what you currently have (two controllers at a single site) because it is simpler.  Networks fail much more often than controllers due to simple things like mis configuration.  If your network fails, chances are your access points will not be able to reach the secondary controller, or if they do, the performance could be bad, based on where that secondary controller is offsite.  Your clients will also have to re-ip which could be disruptive.  Having two controllers at the same location ensures fairly fast failover and is easier to maintain.  You could alternatively have the LMS-IP point to the VRRP between these two controllers and add a controller offsite and make that the backup lms-ip.

I hope that makes sense.