04-21-2017 07:22 AM - edited 07-05-2021 06:54 AM
I am working on a design for wireless failover and I have an idea in my head and cant really see why it wouldnt work but im asking others.
If I have a WLC HA pair in two different geographically datacenters, Could I still set the IP of HA pair one at DC01 as primary and IP of HA pair one at DC02 as secondary so in the event the box to box failover doesnt work worse case scenario the APs will failover to the secondary HA pair in DC02? Yes I know clients and APs would see disruption but I am planning as last resort. In the interim the box to box failover would work and we could repair the previous active controller before the 90 days is up on the HA-SKU controller. I guess this would be a failover event for complete Datacenter failure or WAN connections broke to remote sites.
04-21-2017 08:19 AM
Steve,
You are talking about N+1 and not SSO I'm assuming since your separated via layer 3. This is a typical deployment and each controller would have interfaces/ip on subnets locally at that site. Now your AP high availability should be set to define your primary and secondary controllers.
You should not be using SSO as the RP has to be on the same subnet along with all the other interfaces.
-Scott
*** Please rate helpful posts ***
04-21-2017 08:27 AM
04-21-2017 11:45 AM
Think of SSO like HSRP. Scoot is right you will want to consider N+ redundancy and set the high availability in your APs.
04-21-2017 11:52 AM
N+1 doesn't solve the issue of client and AP interruption.
04-21-2017 12:01 PM
Thats correct there is no SSO client or SSO ap in N+1. You are correct in your understanding. I know of one customer who stretched layer 2 across to the backup DC and their working fine.
Many environments can suffer a short drop because if the main goes down most times many other things have issues and wireless is lowest they worry about.
04-21-2017 12:15 PM
Ok so basic questions here:
traditionally you could set primary and secondary IPs of controllers on APs?
HA pair active/standby sync the configs which means IP addresses will carry to the standby controller.
so why could I not set my APs to that IP as primary and for the secondary IP set it to the IP of another HA pair? Seems simple enough but do the APs go into Simone other mode when HA pairs are configured that prevent them from having a primary and secondary controller IP?
04-21-2017 12:28 PM
You can but you still have a break in the connection and thus a client ap interruption.
Now if the 2 controllers that are SSO - if one broke you would not.
04-21-2017 12:35 PM
Right. HA pair 1 would be AP01s primary controller(s). So if the active one failed in the HA pair, then stateful failover would happen and AP01 would never know. That is same site redundancy. Now if the that HA pair fails completely for AP01 because the ingress WAN link to the site with the HA pair failed then I could failover AP01 to HA pair 2 at a completely different site. Now yes in the case of a failover to another physical site separated via layer 3 boundry would cause AP01 to go through capwap again and clients to get new IPs etc etc...wireless wouldn't be completely down due to HA pair at the primary site going down.
Does that make sense? Kinda why I said N+1 hybrid. N+1 in a sense that an HA pair will be the "backup" pair for the other but SSO cause they are HA pairs.
04-21-2017 12:37 PM
yea 2 (SSO) pairs .. it would work. You would likely add the high availability of the 3rd controller as the primary of HA pair #2.
04-24-2017 06:11 AM
What do you mean?
04-24-2017 06:45 AM
Each HA pair only has 1 IP address correct?
So I would enter the IP of the HA pair to the APs primary controller
and the IP of the second HA pair to secondary controller so tertiary would just be blank
04-24-2017 07:28 AM
If your design is N+1, then you would want to specify the primary and secondary controller and the tertiary would be blank. If your design is SSO, then you would only use the primary controller IP address and the secondary and tertiary would be left empty.
-Scott
*** Please rate helpful posts ***
04-24-2017 07:43 AM
But if I have 2 HA pairs then I would use primary and secondary.
Each HA pair IP would fill both primary and secondary.
04-24-2017 07:47 AM
Specify what type of HA you have, N+1, SSO or two pairs of SSO to make N+1? Better yet, put a drawing together so that we are clear on what you have and are trying to do. Still not clear as HA comes in two forms.
-Scott
*** Please rate helpful posts ***
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide