Wireless Access

We have a requirement as below where customer do not want to go with Master-local redudancy .

So the scenario / setup as this

HQ (4550) and 3 branch office.(each 4450)

HQ has no AP's and Each branch office has 200 AP's.

HQ  controller  is the license server to all the Branch office controller.

HQ controller can handle if two branch offices going down at the same time. customer is OK not to have full redundancy that is HQ cannot handle all the AP's of the 3 branch offices going down at the same time.

1) As we need to go with Master redundancy as per customer demand what will be the best way to discover Master controller and have redundancy?

2) if we configure Branch office controller IP as primary LMS-IP & Master-IP(may be as static)  and having Backup LMS-IP as HQ Controller. If Branch office controller is down will the AP (even if it reboots) form GRE tunnel with HQ controller and come UP? No configuration changes needed until Branch office controller is UP 

Or any other suggestions for such setup. I know for sure Master-local will be the best unfrotunately not feasible due to customer do not want it,

It is not really practical for a master controller over a wan to be the backup for a branch controller.  If the access points from a branch fail to the master, the performance could be pretty bad for clients.  Putting a backup master at the HQ would be to maintain a read-write controller that could still monitor and manage the whole network  Having a master failure could be far worse than a branch failure because you would lose the ability to configure your network, period.

If a branch controller fails, and there is a support contract, HPE/Aruba can send a controller the next day.  If the master controller fails, you would need a current flashbackup to load onto a replacement controller.  With a backup master, a master controller failure is "hitless".

Fortunately, hardware controller failures are rare.

Your customer could consider in addition to a backup master, putting a second controller at any site that needs to have 24/7 uptime.  With centralized licensing, they would only have to purchase the hardware.

thanks for the information. i agree with you but thats the customer need and demand. we tried to convince but no luck . 

All the controllers will have the role master only even at Branch office.

Is there any recommendation to have master - master  redudancy without VRRP in such scenario.

VRRP requires that controllers share the same l2 interface, which means a redundant master needs to share the same subnet as the master.

If all of the controllers have a master role, how are the configurations synchronized?

Configurations will be Synched Manually.

HQ Will have All the three Ap-groups of the Branch office.

Each Branch office has its own AP-group only.

i know this is tedious but unfortunately the situation demands it.

Each branch office should be a local of the master at HQ, so that the configuration can be synchronized and controlled from a central location. If it is not configured like that, there will be administrative overhead involved in keeping the configuration synchronized in three locations.  Putting a backup master at HQ, would allow the administrator to still be able to modify the configurations and preserve centralized licensing at a central location if the master ever fails.

Typically you would want a gigabitethernet connection for a controller for every 100 access points, so if a "branch" has 200 access points and the HQ is backing it up, if there is two gigabits between the branch and HQ, the users should not have a bad experience.  If it is less than that, the users would have a suboptimal experience and traffic would "hairpin" to reach local resources at the branch site. The users will also obtain a different set of ip addresses and there would need to be a plan to account for that.  The controllers at the branch and HQ would also need to have to keep the same version of ArubaOS, otherwise the branch APs would have to upgrade or downgrade if the version of ArubaOS at HQ is different from the branch upon failover.

In my experience, very few business require 99.999% uptime like hospitals and those that do typically spend the money for a second controller at the site for that rare occasion, because they don't have to purchase separate licenses for redundancy.  The customer's thinking is if they would lose more money in 24 hours with the wireless being down, than it costs for second controller hardware, it makes more sense to get a controller at the site.

These suggestions are only based on the limited information about what you mention about the customer's network.

Thanks for the detail information .

Let me put it straight what i am thinking off  and  please let me know if this works or not,

If i have two controllers A& B connected using L3 . Both controllers are Master in the role, Controller B has an AP  with primary LMS-IP as Controller B and backup as controller A.

AP on controller B is in the same vlan as Controller B.

Discovery of the Master if AP reboots

1) Can I have ADP first and fails look for DNS for aruba-master.domain?

or

2) Can i have DNS for Aruba-master.domain resolving both controller IP , if one is not reachable will AP look for the other?

Thanks in advance

---

thanjavurubhavesh@gmail.com

Discovery of the Master if AP reboots

 

1) Can I have ADP first and fails look for DNS for aruba-master.domain?

 

or

 

2) Can i have DNS for Aruba-master.domain resolving both controller IP , if one is not reachable will AP look for the other?

 

Thanks in advance

 

 

 

If the access point is in the same VLAN as both controllers, it will attach to the first one that answers (you cannot control which one answers first).  If it receives no answer, it will attempt dns-based discovery.

If the AP is NOT in the same subnet as either controller, you can put two a-records in your DNS server for aruba-master.  If your DNS server is configured for round-robin, it will supply one ip address for one request and then the other address for a second request.  By default Microsoft DNS servers will deliver both ip addresses to the AP (NOT round robin) and the AP will attempt to connect to one and then the other if the first one doesn't answer.

Sorry CJoseph to re-open the post. I would like know if AP with external Antenna  Master fail over moves to other Master using DNS , do we need to re-configure the Gain or the AP will store the Gain values ?

The gain for antennas is in the access points flash, just like the AP name and the ap group.  It is preserved upon failover.  The gain is not part of the controller configuration, but is stored locally on the access point.