Wireless Access

Hello

the best practice is that your Aruba controllers should just be an adjunct to the network and not route any traffic.  The network aggregation switch is fine as the default gateway, but do not make any controller, especially the controller in a cluster the default gateway for any traffic.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
------------------------------

Original Message:
Sent: Jul 01, 2022 09:29 AM
From: Guram Mazmishvili
Subject: Mobility controller as gateway of AP management network

Hello

I have some questions and I hope you will share your experience.

I have Mobility master and two MC 7220 in vrrp cluster

I have few campus with APs, APs management network L3 interface is on firewall now.

So, I want to change L3 interface from firewall to MC or ZL5412 aggregation switch,
 because i dont want to pass double traffic between network devices.

What is the best practices for design perspective? 

Thank you.

Thank you for your answer,

The controller have capabilities to pass 40gbps firewall traffic,
Why is this a bad idea to only pass AP management L3 interface through controller?
The controller is terminating GRE tunnels to APs anyway.
Original Message:
Sent: Jul 01, 2022 10:29 AM
From: Colin Joseph
Subject: Mobility controller as gateway of AP management network

the best practice is that your Aruba controllers should just be an adjunct to the network and not route any traffic.  The network aggregation switch is fine as the default gateway, but do not make any controller, especially the controller in a cluster the default gateway for any traffic.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card

Original Message:
Sent: Jul 01, 2022 09:29 AM
From: Guram Mazmishvili
Subject: Mobility controller as gateway of AP management network

Hello

I have some questions and I hope you will share your experience.

I have Mobility master and two MC 7220 in vrrp cluster

I have few campus with APs, APs management network L3 interface is on firewall now.

So, I want to change L3 interface from firewall to MC or ZL5412 aggregation switch,
 because i dont want to pass double traffic between network devices.

What is the best practices for design perspective? 

Thank you.

- Controller resources are not infinite.  You only want the controller to do what is necessary for the system and no more.  Every resource you take from the controller takes from its ability to encrypt, decrypt and transport user traffic:  you typically don't want that
- Routers and switches are made to route and switch.  You want those devices to continue to do that, so that if you have support staff that has to troubleshoot routing, switching and redundancy, they can continue troubleshooting routing and switching equipment that they are familiar with and not Aruba Controllers, which are not designed to route and switch.
- Controllers that are clustered should not be routing traffic, because if they become unavailable, there has to be a mechanism for another controller to replace it in the routing hierarchy.  This could complicate a routing/switching troubleshooting event or episode.

I could go on and on, but in the end, that is just not what they are designed for.  You could certainly still configure it in that manner, it just could create issues in the future.

That is my opinion.  


------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
------------------------------

Original Message:
Sent: Jul 02, 2022 02:16 AM
From: Guram Mazmishvili
Subject: Mobility controller as gateway of AP management network

Thank you for your answer,

The controller have capabilities to pass 40gbps firewall traffic,
Why is this a bad idea to only pass AP management L3 interface through controller?
The controller is terminating GRE tunnels to APs anyway.
Original Message:
Sent: Jul 01, 2022 10:29 AM
From: Colin Joseph
Subject: Mobility controller as gateway of AP management network

the best practice is that your Aruba controllers should just be an adjunct to the network and not route any traffic.  The network aggregation switch is fine as the default gateway, but do not make any controller, especially the controller in a cluster the default gateway for any traffic.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card

Original Message:
Sent: Jul 01, 2022 09:29 AM
From: Guram Mazmishvili
Subject: Mobility controller as gateway of AP management network

Hello

I have some questions and I hope you will share your experience.

I have Mobility master and two MC 7220 in vrrp cluster

I have few campus with APs, APs management network L3 interface is on firewall now.

So, I want to change L3 interface from firewall to MC or ZL5412 aggregation switch,
 because i dont want to pass double traffic between network devices.

What is the best practices for design perspective? 

Thank you.

Okay, Thank you for your opinion.
Original Message:
Sent: Jul 02, 2022 07:06 AM
From: Colin Joseph
Subject: Mobility controller as gateway of AP management network

- Controller resources are not infinite.  You only want the controller to do what is necessary for the system and no more.  Every resource you take from the controller takes from its ability to encrypt, decrypt and transport user traffic:  you typically don't want that
- Routers and switches are made to route and switch.  You want those devices to continue to do that, so that if you have support staff that has to troubleshoot routing, switching and redundancy, they can continue troubleshooting routing and switching equipment that they are familiar with and not Aruba Controllers, which are not designed to route and switch.
- Controllers that are clustered should not be routing traffic, because if they become unavailable, there has to be a mechanism for another controller to replace it in the routing hierarchy.  This could complicate a routing/switching troubleshooting event or episode.

I could go on and on, but in the end, that is just not what they are designed for.  You could certainly still configure it in that manner, it just could create issues in the future.

That is my opinion.  


------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card

Original Message:
Sent: Jul 02, 2022 02:16 AM
From: Guram Mazmishvili
Subject: Mobility controller as gateway of AP management network

Thank you for your answer,

The controller have capabilities to pass 40gbps firewall traffic,
Why is this a bad idea to only pass AP management L3 interface through controller?
The controller is terminating GRE tunnels to APs anyway.
Original Message:
Sent: Jul 01, 2022 10:29 AM
From: Colin Joseph
Subject: Mobility controller as gateway of AP management network

the best practice is that your Aruba controllers should just be an adjunct to the network and not route any traffic.  The network aggregation switch is fine as the default gateway, but do not make any controller, especially the controller in a cluster the default gateway for any traffic.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card

Original Message:
Sent: Jul 01, 2022 09:29 AM
From: Guram Mazmishvili
Subject: Mobility controller as gateway of AP management network

Hello

I have some questions and I hope you will share your experience.

I have Mobility master and two MC 7220 in vrrp cluster

I have few campus with APs, APs management network L3 interface is on firewall now.

So, I want to change L3 interface from firewall to MC or ZL5412 aggregation switch,
 because i dont want to pass double traffic between network devices.

What is the best practices for design perspective? 

Thank you.