Configuring Standby Mobility Master

The Mobility Master in the Aruba user-centric network acts as a single point of configuration for global policies such as firewall policies, authentication parameters, and RF configuration to ease the configuration and maintenance of a wireless network.

To maintain a highly redundant network, the administrator can use another Mobility Master to act as a hot standby for the primary Mobility Master using VRRP.

The topic includes the following sections:

Before you Begin

Configuring VRRP for Mobility Master

Configuring Master Redundancy

Configuring Database Synchronization

Before you Begin

Before you begin configuring VRRP redundancy, obtain the following network information:

VLAN ID for the primary and backup Mobility Master on the same Layer-2 network.

Virtual IP address to be used for the VRRP instance.

 

Ensure that the two Mobility Masters are connected on the same broadcast domain (or Layer-2 connected) for VRRP operation. The two Mobility Masters must run the same version of ArubaOS.

Configuring VRRP for Mobility Master

You can use either the WebUI or CLI to configure VRRP on the Mobility Master.

In the WebUI

1. In the Mobility Master node hierarchy, navigate to the Configuration > Services > Redundancy page.
2. Under Virtual Router Table, click the + icon to add a new virtual router. The New Virtual Router fields appear.
3. Select the IP version from the IP Version drop-down list.
4. Select the VLAN on which you want to configure VRRP from the VLAN drop-down list.
5. Set Admin State to UP.
6. Specify the priority value in the Priority field. For a backup Mobility Master, use the default priority value of 100. For the primary Mobility Master, use the a priority value higher than the default, such as 200.
7. Configure other VRRP parameters as described in Table 1 .
8. Click Submit.
9. Click Pending Changes.
10. In the Pending Changes window, select the check box and click Deploy changes.
11.  Repeat steps 1-10 to configure VRRP on the other Mobility Master in the primary and backup redundant pair.

Table 1: VRRP Configuration Parameters

Parameter

Description

ID

The ID uniquely identifies this VRRP instance. For ease in administration, you should configure this with the same value as the VLAN ID.

Description

This is an optional text description to describe the VRRP instance.

IP version

Select IPv4 \ IPv6 from the drop-down list box.

Authentication Password

This is an optional password of up to eight characters that can authenticate VRRP peers in their advertisements. If this is not configured, there is no authentication password.

Retype authentication password

Reconfirm the password, if configured.

IP address

Based on the selection made in the IP version field, either IP Address \ IPv6 Address is displayed. This is the virtual IP address that will be owned by the elected VRRP master. Ensure that the same IP address and VRRP ID is used on each member of the redundant pair.

NOTE: Note: The IP address must be unique and cannot be the loopback address of the controller. A maximum of only two virtual IPv6 addresses can be configured on each VRRP instance. Only IPv6 address format is supported for the v6 instance.

Priority

Priority level of the VRRP instance for the controller. This value is used in the election mechanism for the master. When configuring VRRP on a local controller, use the default priority value of 100. For a master controller, use a higher priority value, such as 110.

Advertisement interval (secs)

This is the interval, in seconds, between successive VRRP advertisements sent by the current master. The default interval time is recommended.

Default: 1 second

Enable router Pre-emption

Selecting this option means that a controller can take over the role of master if it detects a lower priority controller currently acting as master.

Pre-emption delay (secs)

Specifying a value enables the delay timer. The timer is triggered when the VRRP state moves out of backup or init state to become a master. This is applicable only if you enable router pre-emption.

When the timer is triggered, it forces VRRP to wait for a specified period of time, so that all the applications are ready before coming up. This prevents the APs from connecting to the controller before it can receive them. In the meantime, if there is an advertisement from another VRRP, the VRRP stops the timer and does not transition to master.

Admin state

Administrative state of the VRRP instance. To start the VRRP instance, change the admin state to UP in the WebUI.

VLAN

VLAN on which the VRRP protocol runs.

Tracking master up-time

(Optional) Perform VRRP priority tracking based on how long the controller has been the master. This feature iis designed to ensure that a master will only be allowed to take and maintain control of the VRRP if it has been up for a certain amount of minutes (0-1440). This prevents an issue where a device that is periodically going up and down assumes the role of primary master.

Tracking master up-time priority

(Optional) The additional priority given to the master once it has been up for the time interval defined by the Tracking Master Up-time parameter.

Tracking VRRP master state ID

(Optional) Perform tracking based on the UP or DOWN state of another VRRP master by specifing the the VRRP ID of the master to be tracked.

Tracking VRRP master state priority

(Optional) The priority taken away from a VRRP master if it is in a DOWN state. The priority levels are returned to their previous state when the VRRP master comes back up.

Tracking VLAN

(Optional) Perform VRRP priority tracking based on the UP or DOWN state of a VLAN. Click the + icon below the Tracking VLAN table and specify the following values:

VLAN Id: ID of the VLAN to be tracked.

Subtract: Priority level to be subtracted from the controller's VRRP priority if the tracked VLAN goes down.

Tracking interface

(Optional) Perform VRRP priority tracking based on the UP or DOWN state of a specific interface . Click the + icon below the Tracking Interface table and specify the following values:

Interface: Interface Port to be tracked.

Subtract: Priority level to be subtracted from the controller's VRRP priority if the tracked interface goes down.

In the CLI

Execute the following CLI commands on both Mobility Masters:

(MM-Primary) [mynode] (config) #vrrp <id>

(MM-Primary) ^[mynode] (config-submode)#ip address <ip addr>

(MM-Primary) ^[mynode] (config-submode)#vlan <id>

(MM-Primary) ^[mynode] (config-submode)#description <string>

(MM-Primary) ^[mynode] (config-submode)#priority <level>

(MM-Primary) ^[mynode] (config-submode)#no shutdown

The following sample CLI commands configure virtual router 10 on the initially-preferred master:

(MM-Primary) [mynode] (config) #vrrp 10

(MM-Primary) ^[mynode] (config-submode)#ip address 192.168.10.245

(MM-Primary) ^[mynode] (config-submode)#vlan 1

(MM-Primary) ^[mynode] (config-submode)#description "Preferred-Master"

(MM-Primary) ^[mynode] (config-submode)#priority 200

(MM-Primary) ^[mynode] (config-submode)#no shutdown

The following sample is the corresponding VRRP configuration for the backup Mobility Master:

(MM-Backup) [mynode] (config) #vrrp 10

(MM-Backup) ^[mynode] (config-submode)#ip address 192.168.10.245

(MM-Backup) ^[mynode] (config-submode)#vlan 1

(MM-Backup) ^[mynode] (config-submode)#description "Backup-Master"

(MM-Backup) ^[mynode] (config-submode)#priority 100

(MM-Backup) ^[mynode] (config-submode)#no shutdown

Verifying VRRP Configuration

Execute the following CLI command on the Mobility Master (both primary and backup) to verify the VRRP configuration:

(MM-Primary) [mynode] #show vrrp <id>

The following output is displayed on the primary Mobility Master:

(MM-Primary) [mynode] #show vrrp 10

Virtual Router 10:

Description

Admin State UP, VR State MASTER

IP Address 192.168.10.245, MAC Address 00:00:5e:00:01:34, vlan 1

Priority 200, Advertisement 1 sec, Preemption Disable Delay 0

Auth type NONE ********

tracking is not enabled

The following output is displayed on the backup Mobility Master:

(MM-Backup) [mynode] #show vrrp 10

Virtual Router 10:

Description

Admin State UP, VR State BACKUP

IP Address 192.168.10.245, MAC Address 00:00:5e:00:01:34, vlan 1

Priority 100, Advertisement 1 sec, Preemption Disable Delay 0

Auth type NONE ********

tracking is not enabled

Configuring Master Redundancy

You can configure the Master redundancy either using the WebUI or the CLI:

In the WebUI

1. In the Mobility Master node hierarchy, navigate to the Configuration > Services > Redundancy page.
2. Under Master Redundancy, enter the virtual router ID of the VRRP instance in the Master VRRP field.
3. In the IP address of peer field, enter the loopback IP address of the peer Mobility Master for master redundancy.
4. In the IPSec key of peer field, specify the IPsec authentication password.
5. Click Submit.
6. Click Pending Changes.
7. In the Pending Changes window, select the check box and click Deploy changes.
8. Repeat steps 1-7 for the other Mobility Master.

In the CLI

Execute the following commands on Mobility Master (both primary and backup) to associate the VRRP instance for Master redundancy:

(MM-Primary) [mynode] (config) #master-redundancy

(MM-Primary) [mynode] (config-submode)#master-vrrp <id>

(MM-Primary) ^[mynode] (config-submode)#peer-ip-address <ip addr> ipsec <KEY>

(MM-Primary) [mynode] (config) #write memory

The following sample commands configure Master redundancy on the primary Mobility Master:

(MM-Primary) [mynode] (config) #master-redundancy

(MM-Primary) [mynode] (config-submode)#master-vrrp 10

(MM-Primary) ^[mynode] (config-submode)#peer-ip-address 192.168.10.244 ipsec aruba123

(MM-Primary) ^[mynode] (config) #write memory

The following sample is a Master redundancy configuration on the backup Mobility Master:

(MM-Backup) [mynode] (config) #master-redundancy

(MM-Backup) [mynode] (config-submode)#master-vrrp 10

(MM-Backup) ^[mynode] (config-submode)#peer-ip-address 192.168.10.243 ipsec aruba123

(MM-Backup) ^[mynode] (config) #write memory

Verifying Master Redundancy

Execute the following CLI command on the Mobility Master (both primary and backup) to verify the Master redundancy configuration:

(MM-Primary) [mynode] #show master-redundancy

The following output is displayed on the primary Mobility Master:

(MM-Primary) [mynode] #show master-redundancy

Master redundancy configuration:

VRRP Id 10 current state is MASTER

Peer's IP Address is 192.168.10.244

Peer's IPSEC Key is ********

The following output is displayed on the backup Mobility Master:

(MM-Backup) [mynode] #show master-redundancy

Master redundancy configuration:

VRRP Id 10 current state is BACKUP

Peer's IP Address is 192.168.10.243

Peer's IPSEC Key is ********

Configuring Database Synchronization

In a redundant Mobility Master scenario, you can configure a redundant pair to synchronize their WMS and local user databases. You can either manually or automatically synchronize the databases.

When manually synchronizing the database, the active VRRP master synchronizes its database with the standby. The command takes effect immediately.

When configuring automatic synchronization, you set how often the two Mobility Masters synchronize their databases. To ensure successful synchronization of database events, you must set periodic synchronization to a minimum period of 20 minutes.

In the WebUI

1. In the Mobility Master node hierarchy, navigate to the Configuration > Services > Redundancy page.
2. Under Master Redundancy, click the Database synchronization toggle switch to enable this setting.
3. Enter the frequency of synchronizing the databases in the Sync period field. A minimum value of 20 minutes is recommended.
4. Click Submit.
5. Click Pending Changes.
6. In the Pending Changes window, select the check box and click Deploy changes.
7. Repeat steps 1-6 for the other Mobility Master.

In the CLI

Use the following command to configure database synchronization and the scheduled interval for synchronizing the databases:

(MM-Primary) [mynode] (config) #database synchronize period <minutes>

Use the following command to verify the database synchronization on the Mobility Master:

(MM-Primary)[mynode] (config)#show database synchronize