Solved: Okay.. so you have the

martaylor · ‎08-28-2014

Hi

I am looking at installing some 8510s in High Availability mode. As the 8510s will be in different Data Centres I need to take into account the HA failover connectivity.

I can see on CCO some info on L2 connectivity been needed for WiSMs but cant find any info on 8510s.

http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-5/High_Availability_DG.pdf

The Redundancy VLAN should be a non routable VLAN. In other words, no layer 3 interface should be
created for this VLAN and can be allowed on VSL Link to extend HA setup between multiple chassis
in VSS setup. It is important to make sure this VLAN is dedicated for the HA process and is not part of
any Data VLAN, or else it may result in unpredictable results.

The connectivity between the Data Centres uses Nexus 7k & 5k's, with Layer 2 provided by OTV.

Does or has anyone installed 8510s or other WLC appliances over a dedicated L2 VLAN between different switches using OTV and can it be configured ?

cheers

Hi

re this part of the response

5500/7500/8500 WLCs have a dedicated Redundancy Port which should be connected back to back in order to synchronize the configuration from the Active to the Standby WLC. Keep-alive packets are sent on the Redundancy Port from the Standby to the Active WLC every 100 msec (default timer) in order to check the health of the Active WLC.

can the dedicated redundancy Port be connected over an OTV link to mimic a back to back connection as we need to put the 8510s into 2 different Data Centres

Vinod Arya · ‎08-28-2014

This l2 configuration is required on WiSM as it is module in chassis and hence depends on a internal backplane connection with 6500 and which is terminated as a l2 traffic. So you define dedicated Redundancy VLAN which is used to synchronize the configuration from the Active WLC to the Standby WLC.

Ideally this is not required on full appliaces like 55xx/75xx/86xx controllers.

Both physical appliances are not connected to each other via redundancy vlan, but instead with redundancy physical port.

5500/7500/8500 WLCs have a dedicated Redundancy Port which should be connected back to back in order to synchronize the configuration from the Active to the Standby WLC. Keep-alive packets are sent on the Redundancy Port from the Standby to the Active WLC every 100 msec (default timer) in order to check the health of the Active WLC.

So no L2 vlan config is required.

-Thanks

Vinod

-Thanks Vinod **Rating Encourages contributors, and its really free. **

View solution in original post

Vinod Arya · ‎08-28-2014

This l2 configuration is required on WiSM as it is module in chassis and hence depends on a internal backplane connection with 6500 and which is terminated as a l2 traffic. So you define dedicated Redundancy VLAN which is used to synchronize the configuration from the Active WLC to the Standby WLC.

Ideally this is not required on full appliaces like 55xx/75xx/86xx controllers.

Both physical appliances are not connected to each other via redundancy vlan, but instead with redundancy physical port.

5500/7500/8500 WLCs have a dedicated Redundancy Port which should be connected back to back in order to synchronize the configuration from the Active to the Standby WLC. Keep-alive packets are sent on the Redundancy Port from the Standby to the Active WLC every 100 msec (default timer) in order to check the health of the Active WLC.

So no L2 vlan config is required.

-Thanks

Vinod

-Thanks Vinod **Rating Encourages contributors, and its really free. **

saxenanitesh8522 · ‎01-13-2015

Hi Vinod,

After reading your answer above, please correct me if i am wrong that for the HA to happen it has been connected back to back through the redundant port for checking its keep alive.

but as per cisco this is there statement.

High availability (HA): Client SSO

Enables client stateful switchover for 1:1 redundant controller deployments

Industry's first and only controller redundancy solution reduces client downtime to less than a second for business-critical applications, with no client reauthentication needed. The redundant controllers can be geographically distributed over a Layer 2 connection for data center level redundancy

so how is this possible? i have configured OTV for the Management port but question araises for the redundant port which uses link local address how we will get the layer 2 capabilities for that.

Scott Fella · ‎01-13-2015

The RP port has to be either back to back or connected to a switch using L2. The RP has to also be in the same subnet also as the management. The other thing to consider is back to back is the best way since latency can cause the HA to failover. If you do connect the RP in different DC's, just make sure you have enough bandwidth for the heartbeat.

-Scott

-Scott
*** Please rate helpful posts ***

saxenanitesh8522 · ‎01-15-2015

Hi Scott,

I have dark fiber running between both the sites, and the latency is below 20 ms on both the sides and we are running OTV between them.

I just need to understand the RP port ip address is the same management ip address. I need to clarify that the link local ip address that is shown in the Redundant port is 169.254.X.X which is automatically generated. So how can we have a L2 for that?

I have never understood this point on the HA between two sites. If you can clarify the same.

Scott Fella · ‎01-15-2015

Okay.. so you have the management and the redundancy manager, that need to be on the same subnet. The RP interface will use 169.254.<last two octet of the redundancy manager>. If you look at it this way, when the ports are connected using an Ethernet cable back to back, its in its own subnet per say. So no matter what, as long as there is layer 2 connectivity between the RP, then the communication between the ports will happen. Maybe a better example is that you can always configure two devices with a static address that doesn't belong in any of your networks. You can connect then in any vlan as long as they are on the same subnet and they would be able to communicate. So its something like that. Maybe it doesn't make sense or maybe it does.

I have two 8510's connected in two different buildings and the RP is connected to a switch, but that vlan is bridged to the other switch which the other 8510 is connected to.

-Scott

-Scott
*** Please rate helpful posts ***

saxenanitesh8522 · ‎01-15-2015

So will the management ports and rp interface port will be in a same vlan or different vlans?

So management port will be in X vlan and rp interface port will be in Y vlan.

where as Y vlan will be just a L2 VLAN without any SVI while X is a L2 vlan with a SVI for the routing purpose.

Scott Fella · ‎01-15-2015

That is how I would setup the SSO, different vlans and the RP on a layer 2 vlan.

-Scott

-Scott
*** Please rate helpful posts ***

saxenanitesh8522 · ‎01-15-2015

i guess i have try this with nexus OTV with layer 2 for the RP..

As i havent seen this configuration for layer 2 without ip address on the OTV.

Thanks Scott.. for the clarification...

Scott Fella · ‎01-15-2015

Well do this... create the SVI and test. I would at least block other traffic from reaching that vlan.

-Scott

-Scott
*** Please rate helpful posts ***

martaylor · ‎01-15-2015

Hi Scott

I was sent this link that says its OK to use OTV for the HA link but obviously we need to test it

http://www.cisco.com/c/en/us/products/collateral/wireless/aironet-1130-ag-series/qa_c67-714540.html?cachemode=refresh

Scott Fella · ‎01-15-2015

Just test and make sure. v7.3 of HA AP SSO really wasn't working and on that code did require a back to back cable. Stability of the link is important so test, fail it over and let it run for a few days or a week or so and make sure there isn't any failover. That will sort of give you an idea if that will work well.

Im assuming you want to do SSO and not N+1, because N+1 doesn't require the RP port.

-Scott

-Scott
*** Please rate helpful posts ***

Tim Fairclough · ‎11-25-2015

Hi Frank,

Yes, the deployment did go ahead successfully. All sites run FlexConnect, corporate and voice traffic locally switched in most cases, with BYOD and Guest centrally switched. No unexpected HA failovers, or other issues which were attributed to OTV.

Tim

BenBen · ‎12-31-2015

Hi Tim,

Thank you very much for sharing your implementation result! Sorry for the late reply.

I read your message from phone and forgot to say thanks.

Thanks.

Tim Fairclough · ‎04-30-2015

Hi,

Just wondering if you could provide an update on your testing AP SSO HA over OTV.

I am currently working on a design using a pair of 8510's, Nexus 7k / OTV between the DC's.

Have you observed any issues with the RP uplink, stability etc? Have you stretched client VLANs, or are you purely doing FlexConnect local switching?

My customer uses FlexConnect at all sites, with corporate clients locally switched. I will be centrally switching Guest, BYO, etc to a DC VLAN, which will be OTV stretched between the two controllers.

I would be grateful for any feedback you (or others) may have....

Regards,

Tim

8510 WLC in HA mode over OTV