Configuring High Availability:Fast Failover

A controller using this feature can have one of three high availability roles – active, standby or dual. An active controller serves APs, but cannot act as a failover standby controller for any AP except the ones that it serves as active. A standby controller acts as a failover backup controller, but cannot be configured as the primary controller for any AP. A dual controller can support both roles, and acts as the active controller for one set of APs, and also acts as a standby controller for another set of APs.

The High Availability:Fast Failover feature supports redundancy models with an active controller pair, or an active/standby deployment model with one backup controller supporting one or more active controllers. Each of these clusters of active and backup controllers comprises a high-availability group. Note that all active and backup controllers within a single high-availability group must be deployed in a single master-local topology.

High Availability groups support the following deployment modes.

Active/Active Deployment model
1:1 Active/Standby Deployment model
N:1 Active/Standby Deployment model

 

The high availability: fast failover feature supports APs in campus mode using tunnel or decrypt-tunnel forwarding modes, but does not support campus APs in bridge mode. This feature is not supported on remote APs and mesh APs in any mode. Legacy AP‑60 series and AP‑70 series APs also do not support this feature.

Active/Active Deployment model

In this model, two controllers are deployed in dual mode. Controller one acts as standby for the APs served by controller two, and vice-versa. Each controller in this deployment model supports approximately 50% of its total AP capacity, so if one controller fails, all the APs served by that controller would fail over to the other controller , thereby providing high availability redundancy to all APs in the cluster.

Figure 1  Active-Active HA Deployment

Click to view a larger size.

1:1 Active/Standby Deployment model

In this model, the active controller supports up to 100% of its rated capacity of APs, while the other controller in standby mode is idle. If the active controller fails, all APs served by the active controller would failover to the standby controller.

Figure 2  1:1 Active/Standby Deployment

Click to view a larger size.

N:1 Active/Standby Deployment model

In this model, the active controller supports up to 100% of its rated AP capacity, while the other controller is idle in standby mode. If an active controller fails, all APs served by the active controller would failover to the standby controller. This model requires that the AP capacity of the standby controller is able to support the total number of APs distributed across all active controllers in the cluster.

In the cluster shown in the example below, the standby controller has enough AP capacity to support the total number of APs terminating at the active controllers. ( Controller 1 and Controller 2)

Figure 3  1:1 Active/Standby Deployment

Click to view a larger size.

AP Communication with Controllers

The High Availability: Fast Failover features work across Layer-3 networks, so there is no need for a direct Layer-2 connection between controllers in a high-availability group

When the AP first connects to its active controller, the active controller provides the IP address of a standby controller, and the AP attempts to establish a tunnel to the standby to the standby controller. If an AP fails to connect to the first standby controller, the active controller will select a new standby controller for that AP, and the AP will attempt to connect to that standby controller.

An AP will failover to its backup controller if it fails to contact its active controller through regular heartbeats and keepalive messages, or if the user manually triggers a failover using the WebUI or CLI.

 

Configuring High Availability: Fast Failover

Configure the High Availability feature in the WebUI or CLI using the high-availability and high-availability group profiles.

Using the WebUI

To configure High Availability:

1. Navigate to Configuration>Advanced Services>All Profiles.
2. In the Profiles list in the left window, expand the HA profile menu.
3. Select HA group information.
4. In the HA group information section in the right window pane, enter a name for a new HA group, then click Add.
5. Select the HA group you just created.
6. Enter the IP address of each controller in the HA group, and assign a role to each controller. The IP address of each controller must be reachable by APs, and must be the IP address that appears in the Configuration>Controller>System settings tab of the controller WebUI, or in the output of the show controller-ip CLI command.
Active: Controller is active and is serving APs.
Dual: Controller serves some APs and acts as a standby controller for other APs.
Standby: Controller does not serve APs, as only acts as a standby in case of failover.
7. Select the Allow Preemption checkbox if an AP that has failed over to a standby should attempt to connect back to its original active controller once that controller is reachable again. When you enable this setting, the AP will wait for the time specified by the lms-hold-down-period parameter in the ap system profile before the AP attempts to switch back from the standby controller to the orginal controller.
8. Click Apply to save your changes.

Using the CLI

Configure the High Availability group:

(host)(config) #ha group-profile <profile>

controller <ip-addr> role active|dual|standby

controller-v6 <ip-addr> role active|dual|standby

preemption

no ...

A controller using the high availability:fast failover feature must be defined as a member of a High Availability group.To add a controller to the new High Availability group, issue following CLI command:

(host)(config)#ha group-membership <ha-group>

Migrating from another Redundancy Solution

ArubaOS has a concept of a local management switch (LMS) and a backup LMS. In a typical deployment, the AP contacts the master mobility controller and is directed to the mobility controller that handles the AP connection and traffic via the LMS parameter. If the LMS becomes unreachable and a backup LMS is specified, the AP attempts to reconnect to that backup mobility controller. This function provides Layer 3 and site redundancy when this level of redundancy is required.

 

High Availability:Fast Failover provides redundancy for APs, but not for controllers. Deployments that require master controller redundancy should continue to use an existing VRRP redundancy solution.

If your deployment currently uses a backup-LMS or VRRP redundancy solution, use the procedures below to migrate to a High-Availability based solution.

Migrating from VRRP Redundancy

Perform the following steps to migrate from VRRP to High-Availability redundancy:

1. Remove the VRRP IP address as the LMS IP address of the AP.

(host) (AP system profile) #no lms-ip

2. Configure the AP to use the active controller’s IP address (not VRRP the IP address) as the LMS-IP for the AP.

(host) (AP system profile) #lms-ip <ipaddress>

3. Configure the AP to use the standby controller IP address (not VRRP the IP address) as the backup LMS-IP for the AP.

(host) (AP system profile) #bkup-lms-ip <ipaddress>

4. Configure the master controller with an active role in the high-availability group profile.

(host) (config) #ha group-profile grp1

(host) (HA group information "grp1"): controller <ipaddress> role active

5. Configure thestandby controller with a standby role in the high-availability group profile.

(host) (HA group information "grp1"): controller <ipaddress> role standby

Migrating from Backup-LMS Redundancy

Perform the following steps to migrate from Backup-LMS to High-Availability redundancy and maintain the existing configuration as defined by the lms-ip and bkup-lms-ip parameters in the AP system profile.

1. Configure the controller serving the AP with an active role in the the high-availability group profile.

(host) (config) #ha group-profile grp1

(host) (HA group information "grp1"): controller <ipaddress> role active

2. Configure the AP’s standby controller with a standby role in the high-availability group profile.

(host) (HA group information "grp1"): controller <ipaddress> role standby