Solved: Re: The truth about the WLC traffic without using Flex connect

bhupenderrawat79 · ‎08-25-2018

Hello Experts!

Can someone please clarify how does the Client traffic traverse the network when there is a local WLC without Flex connect.

Lets say I have the following easy topology

ISP Router

Firewall

Transport Switch

Core Switch ----------WLC and Access Points Attached

Access Switch--------Clients and Access points attached

Hence, is it true that ALL traffic generated from a computer(Wifi Client) will traverse the network via the Access Point and it will exit via the WLC ports? If so, does this mean that ALL in/out traffic is tunneled from the AP to the Controller?

Is this why you want to make sure you bundled all ports on the WLC to the switch that this is connected to? in order to be able to provide more bandwidth to the wifi clients? but then what good does this do if you have a 15mb to the internet? and nothing else local for the users to connect to. This ISP internet connection will create a bottleneck regardless of bonding the ports at the wlc is this correct?

Rasika Nayanajith · ‎08-30-2018

Hi

"Thanks for the response. Then what you are saying is that ALL in/out traffic comming or going to the AP traverse the WLC. Instead of routing it via the Switch of where the AP is connected. Although I actually to clarify this I did test using a wire tap and what I saw was that."

This is true in Local Mode AP (both control & data traffic tunnel back to WLC)

"THE AP does talks with the WLC but it seems that only for control CAPWAP purposes, BUT all other traffic in/out from the AP s routed via the local egress switch of where the AP is connected to. Hence the traffic traversing the WLC is very mininal as opposed to the traffic coming out from the AP directly to switch."

This is true when APs are in FlexConnect mode & WLAN configured for Local Switching. In that case only control traffic hits WLC & data traffic locally switched.

In either case WLC to SW connectivity won't become a bottleneck for a reasonable size network (less than 500 APs). If you have very large deployments (In our campus setup with 2500+ APs, I see traffic around 2Gbps aggregate)

For redundancy point of view always recommended to bundle those WLC ports (at least 2) & connect that to switch as etherchannel port. If you have a WLC HA pair that that would be ideal.

HTH

Rasika

View solution in original post

Scott Fella · ‎08-26-2018

When APs are in local mode or when AP’s are in FlexConnect local switching, all traffic passes the WLC. Now this doesn’t mean you are going to oversubscribed a one gig link. Cisco has looked at customer installs and validated that majority of the traffic will not hit over 80%. Now I’m some cases it might be way less or even more (4K video). So you would have to look at the utilization on the switch port and see if in your case your one port is a bottleneck. I really doubt it. I have seen customer sites when they only connected a single gig port and never ever added a second. I also had a site which had around 200 AP’s and never hit over 75% utilization from our snmp monitoring tool. You want to LAG for redundancy in most cases.

-Scott
*** Please rate helpful posts ***

bhupenderrawat79 · ‎08-26-2018

Scott,

Thanks for your response. So basically adding or setting up LAG is more for a redudant peace of mind rather that providing more traffic out to the network via the WLC is this correct?

but what about in the case when using an mgig port at this point you only have one uplink to the switch from the controller which in the case of the 3504 WLC will have no redudancy. and it seems in this case that this type of setup is used more for bandwidth expansion right?

Scott Fella · ‎08-26-2018

I do believe you can LAG the mGIG and the 1Gig ports on the 3504.

-Scott
*** Please rate helpful posts ***

Rasika Nayanajith · ‎08-26-2018

but what about in the case when using an mgig port at this point you only have one uplink to the switch from the controller which in the case of the 3504 WLC will have no redudancy. and it seems in this case that this type of setup is used more for bandwidth expansion right?

Do you have mGig switch that connect to 3504 ? If not you are limited to 1Gbps as that what switch supports.

If it is mGig, you have enough bandwidth for APs that can supported by a 3504, you do not require any bandwidth expansion. Even 1Gbps is more than enough.

Redundancy is the only thing you missing in that scenario, do not worry about bandwidth

HTH

Rasika

*** pls rate all useful responses ***

bhupenderrawat79 · ‎08-26-2018

Rasika,

Thanks for your response. So it basically comes to what the client wants correct?.

Whether they want the bandwidth (by using an mgig port) with no redundancy. Or by perhaps sacrificing bandwidth but instead having redundancy and according to what I have read, links from the WLC to the switch hardly get saturared is this statement also correct in your experience?.

Rasika, what is still not clear to me is IF all the client traffic traversing the AP GOES through the WLC before going to the switch infrastructure. Thanks again for your time

RichardAtkin · ‎08-27-2018

Yes. The AP and WLC have a CAPWAP Tunnel between them and ALL traffic to/from the Client always* (*in a centrally switched deployment) goes via the WLC and AP. You can verify this by looking on the Access later switch where the AP connects - you will never see the Client’s MAC Address appear on the switch because it’s all tunnelled.

I agree with what everyone else has said too - most places just use WiFi for e-mail & browsing - bursty traffic patterns that don’t use much bandwidth overall unless you have thousands and thousands of Clients. Even VoIP and Video streaming isn’t that demanding for most customers when compared to a 1Gbps interface.

You could also ask where most of the bandwidth is consumed from - increasingly it’s the internet. How fast is their Internet connection compared to available WLC bandwidth?

Scott Fella · ‎08-27-2018

All traffic from the AP goes through the switch to the WLC and then egress from the switch the controller is connected to.

mGIG you can still LAG with the 1Gig ports so you can still have redundancy. The thing here is, what bandwidth do you need? You should be able to look at utilization on the existing infrastructure to see how much traffic you are currently using. Like I mentioned in the previous post, you might not even get close to oversubscribing a gig link on wireless. If you have mGIG switches, then go for it, if you don’t, then you can’t do mGIG and will have to utilize the 1Gig ports.

-Scott
*** Please rate helpful posts ***

bhupenderrawat79 · ‎08-27-2018

Scott,

Thanks for the clarification and how does the traffic traverse with flexconnect. Because I put a tap on the link between the WLC and the switch and I do see capwap traffice but i do not see client traffic. Does this mean that when the wlc is using or configured as flexconnect then the client traffic does not traverse the WLC to go out.?

Scott Fella · ‎08-27-2018

FlexConnect local switching means that control traffic goes to the WLC for processing and data traffic is handled by the switch and the infrastructure. You have control and data traffic on the AP so when you are looking at traffic, you need to understand which is the control traffic vs data traffic.

Makes sense?

-Scott
*** Please rate helpful posts ***

Rasika Nayanajith · ‎08-27-2018

Rasika, what is still not clear to me is IF all the client traffic traversing the AP GOES through the WLC before going to the switch infrastructure.

As Richard explain in his response, AP will add CAPWAP header (UDP port 5246 or 5247 for control & data traffic) destined to WLC source from AP IP address. That packet hitting your switch infrastructure & hop by hop it goes to WLC. However original IP packet source/destination is not known by those interim hop, as they only see capwap header source/destination.

When it hits WLC, then it remove those CAPWAP header and look at original IP packet destination. Therefore rest of wired network see original packet IP coming from WLC (infact CAPWAP tunneled by AP to WLC)

Hope it clear

Rasika

*** Pls rate all useful responses ***

bhupenderrawat79 · ‎08-30-2018

Rasika,

Thanks for the response. Then what you are saying is that ALL in/out traffic comming or going to the AP traverse the WLC. Instead of routing it via the Switch of where the AP is connected. Although I actually to clarify this I did test using a wire tap and what I saw was that.

THE AP does talks with the WLC but it seems that only for control CAPWAP purposes, BUT all other traffic in/out from the AP s routed via the local egress switch of where the AP is connected to. Hence the traffic traversing the WLC is very mininal as opposed to the traffic coming out from the AP directly to switch.

Hence in my opinion the WLC uplinks to the network or the bandwidth of these does not really matter too much.

Rasika Nayanajith · ‎08-30-2018

Hi

"Thanks for the response. Then what you are saying is that ALL in/out traffic comming or going to the AP traverse the WLC. Instead of routing it via the Switch of where the AP is connected. Although I actually to clarify this I did test using a wire tap and what I saw was that."

This is true in Local Mode AP (both control & data traffic tunnel back to WLC)

"THE AP does talks with the WLC but it seems that only for control CAPWAP purposes, BUT all other traffic in/out from the AP s routed via the local egress switch of where the AP is connected to. Hence the traffic traversing the WLC is very mininal as opposed to the traffic coming out from the AP directly to switch."

This is true when APs are in FlexConnect mode & WLAN configured for Local Switching. In that case only control traffic hits WLC & data traffic locally switched.

In either case WLC to SW connectivity won't become a bottleneck for a reasonable size network (less than 500 APs). If you have very large deployments (In our campus setup with 2500+ APs, I see traffic around 2Gbps aggregate)

For redundancy point of view always recommended to bundle those WLC ports (at least 2) & connect that to switch as etherchannel port. If you have a WLC HA pair that that would be ideal.

HTH

Rasika

bhupenderrawat79 · ‎08-30-2018

Rasika,

This is exactly what I was looking for. So in your opinion why would an enterprise set or configure Local Mode AP on a WLC? Thanks a million again for your valuable time.

Rasika Nayanajith · ‎08-30-2018

So in your opinion why would an enterprise set or configure Local Mode AP on a WLC?

That is a good question :), It is the simplest way to manage & operate. As everything is going through WLC, you have better control with it (feature rich). Troubleshooting is very easy as you have to touch one single point.

Cisco using its controllers for past 10-15 years (since purchase of Airespace) & it is proven to working. Even today they could not come up with better alternative (SDA-Wireless is yet to adapt by customers-it is not that simple, Flexconnect is there for particular market segment -retail, limited to 100 APs max at those sites& have its own limitations.) Meraki is there to make it real simple for customers, but limited to what you can do compare to Cisco enterprise wireless products.

So if you are looking at Cisco wireless technology, still controllers play its role & many deploying local mode with it.

Thanks for rating our responses as well.

HTH

Rasika