Wireless Access

Reply
Highlighted
Frequent Contributor I

Re: clarification on Master Redundancy and Fast Failover

I hope its ok that I reply in this old thread?

 

I've tried the setup with master/standby configured in one HA group. This works without the HA heartbeats (those are not there as already mentioned).

 

However, there is one thing that doesn't work in my setup:

The aruba-master DNS entry points to the VRRP address. LMS 1 points to the master physical address, LMS 2 to the standby.

When an AP boots and the master is up, all works fine. When the AP boots while the master is down I would expect the AP to try the 2nd LMS (which is now the master) after 3 failed attempts to reach LMS 1. What happens is that the AP builds its GRE tunnels to the VRRP address, but the IPSEC tunnel to LMS 2. The SSIDs are not coming up at that point.

Rebooting the AP with a reachable master (LMS1) is the only way that I can make it work. Any ideas?

 

Thx

Peter

ACMX, ACDX, ACCP, MASE
Highlighted
Guru Elite

Re: clarification on Master Redundancy and Fast Failover

What version of ArubaOS is this, a 6.3 ot 6.4 variant?

 

To be honest, if you have just two controllers, a master and backup master, just VRRP redundancy (instead of FF) might be enough.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Frequent Contributor I

Re: clarification on Master Redundancy and Fast Failover

Hi Colin

 

Yes I know for the VRRP solution. Although I must say that the fast-failover does work well in this setup.

I'm testing this in my lab with two controllers (preparing for ACMX). I wouldn't suggest this setup in 'real life'. I have however seen this setup in production environments, with active/standby HA roles for the controllers.

The OS version on the controllers is 6.4.4.6.

 

Best regards

Peter

ACMX, ACDX, ACCP, MASE
Highlighted
Contributor II

Re: clarification on Master Redundancy and Fast Failover

I faced the same issue in the past but I believe I used the same configuration that you stated.

 

I believe I resolved it by adding the bklms-ip of the secondary master (which was missing prior). You have already have that configured.

 

I will lab this up tonight and test because now I am curious.

Highlighted
Guru Elite

Re: clarification on Master Redundancy and Fast Failover

I would check all of the points that HLavender recommended.  Not having the Backup LMS pointing to controller ip of the backup could create that issue.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Frequent Contributor I

Re: clarification on Master Redundancy and Fast Failover

Hi

Yes, both LMS IPs are configured. I've found the culprit however. It was the HA role that was set to standby for the standby master. A booting AP could never terminate on this controller.

Changing the roles to 'dual' solved the issue.

Just to be complete: here is what I saw with those active / standby roles:

LMS problem.png

As you can see, after booting the AP build it's IPSec tunnel with the standby (now active) master .202 but the GRE tunnel is set to the vrrp address address (because standby won't accept the AP).

 

Br

Peter

 

ACMX, ACDX, ACCP, MASE
Highlighted
New Contributor

Re: clarification on Master Redundancy and Fast Failover

This is possible since 6.4. I seemed to have heard a lot, even from TAC, about FF not being supported. But The documents say this works, even a VRD for it. Aps say they are in standby on the controller, with 0 heartbeart counters. When I rebooted, the APs did not rebootstrap like they did with traditional VRRP failover. At this point VRRP is only useful for management and DNS discovery.

 

https://ase.arubanetworks.com/solutions/id/53

Highlighted
Regular Contributor I

Re: clarification on Master Redundancy and Fast Failover

With fast failover you should not be using VRRP for your APs - the "local" part of being a master-local. Use LMS of the primary controller and backup LMS of the secondary (although the backup setting may not even be necessary - but it doesn't hurt).

 

You can still use it for the "master" part.


--
ACMA ACMP
Highlighted
New Contributor

Re: clarification on Master Redundancy and Fast Failover

I don't think the thread was about Master/Local, it was about Master/Standby using Master Redundnacy with no locals. What your saying makes sense, but for a master/local deployment. This is how I understood it.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: