WLC HA Failover on L2 Fibre Optic WAN

K D · ‎03-31-2014

Hi there,

I am just wondering if the below scenario works, if the L2 Fibre Optic Wan link is down between the two DCs. Please refer to attached diagram.

======================================================================

The Fibre link is L2 link, meaning that the VLANs are spanning between the 2 DCs. HSRP is being used on all VLANs and DC1 being the primary active interface for all VLANs. In the event of the L2 Fibre Link failure, the VLAN interfaces on the respective core will become active, providing gateway access for all VLANs.

The WLC HA pair is between the DCs via the L2 Fibre link and the redundant port communication happens via the Fibre link. WLC in DC1 is the Active box and the WLC in DC2 would be in “Standby hot” mode.

When the L2 Fibre fails, the HA Primary box in DC 1 will detect that its lost communication to the standby box(via both redundant port and network) and will still continue to function in active state. The HA Secondary box in DC2 will detect that the Primary failure(via both redundant port and network) and transition itself to Active state. In this scenario when the L2 link is down, both WLC would be in active – active state.

Upon the link coming back online, the wlc WOULD BE SYNCED and goes into active-standby state.

===========================================================================

Would the above scenario work, as I am unable to find any documentation describing about WLC HA setup which can run in “ACTIVE-ACTIVE” state.

Leo Laohoo · ‎03-31-2014

This depends on how you were able to setup your VSS.

VSS not only tells you to configure an MEC between a point-to-point etherchannel link but as well as a VSS heartbeat. This is your last-line-of-defense against a "split brain" scenario you've mentioned above.

I've seen some design where there's either NO VSS heartbeat link or the link goes to the same fibre core as the MEC. I tell you, when some buckhoe digs up this fibre, things can get pretty exciting!

So what I'd like to know from you is, describe your MEC and your VSS heartbeat link. Are they in the same fibre path/core?

Another thing ... HSRP? On a pair of VSS? WTF? One of the biggest selling point of VSS is the elimination of HSRP and/or STP. I don't understand why you want to put HSRP back into a pair of VSS unless someone enjoys putting extra (and redundant) lines of code into the configuration.

K D · ‎03-31-2014

no VSS or MEC, its only HRSP between them.

Leo Laohoo · ‎03-31-2014

Ok. Cool.

So your WLCs ... How did you manage to connect the Redundant Ports (RP)? This is like the VSS heartbeat link. The one of the RP port's function ensures that neither one goes into active-active.

K D · ‎03-31-2014

The redundant ports are to be connected via the core switch(on same VLAN )at the respective DCs.

So when the Fibre link between DCs fail, the RP also losses connectivity between WLCs.

I hope I have answered your questions.

Leo Laohoo · ‎03-31-2014

The redundant ports are to be connected via the core switch(on same VLAN )at the respective DCs.

I doubt if this will work.

Redundancy Port
This interface has a very important role in the new HA architecture. Bulk configuration during boot up and incremental configuration are synched from the Active WLC to the Standby WLC using the Redundant Port. WLCs in a HA setup will use this port to perform HA role negotiation. The Redundancy Port is also used in order to check peer reachability sending UDP keep-alive messages every 100 msec (default timer) from the Standby WLC to the Active WLC. Also, in the event of a box failure, the Active WLC will send notification to the Standby WLC via the Redundant Port. If the NTP server is not configured, a manual time synch is performed from the Active WLC to the Standby WLC on the Redundant Port. This port in case of standalone controller and redundancy VLAN in case of WISM-2 will be assigned an auto generated IP Address where last 2 octets are picked from the last 2 octets of Redundancy Management Interface (the first 2 octets are always 169.254).

What you are proposing to do defeats the true purpose of HA SSO. So you depend entirely on a switch and if your fibre cuts, you are gone. Both WLC goes into Active-Active. What you are proposing to do is NOT what is intended for HA SSO. You might as well turn HA SSO off.

Besides, with your setup, you don't need a Layer 1 issue. All you need is something as simple as a STP loop and *BOOM*, WLC will go into Active-Active.

You might be able to get away with this if, you might say, you connect Redundant Ports (RPs) to fibre optic media converter. As long as there is nothing in between both converters then this might even work (as long as either one of the media converters don't loose power).

Can you also specify what kind of WLC/WiSM are you planning to use? This design of yours doesn't call of a WiSM-2, does it?

K D · ‎04-01-2014

Thanks Leo. we are planning to use 5508 across the DCs.

The main reason for splitting the WLCs across the DCs is that if the L2 link fails, the APs in DC2 will still have access to WLC, if the Standby transitions to Active state. upon the link coming back, I hope this will sync and transitions into Standby-hot state.

The reason not opting to deploy as Primary and secondary, is that we don't want the clients to reauthenticate as the APs and Clients sessions are maintained.

I am planning to test this out before we deploy as well, But I am not sure how this will behave.

Leo Laohoo · ‎04-01-2014

There's no problem with splitting your WLC to two different DC. This I get. This is what I've done too, however, I have WiSM-2 and they are both on a VSS chassis. My setup works even though they are 20 kms apart.

You may need to think about using a dedicated a pair of fibre to hook up the RPs to.