cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1713
Views
5
Helpful
4
Replies

FlexConnect w/ Local Switching Scalability

Hi all

 

We have deployed a pair of 5520s in a 1+1 HA mode with APs from different offices distributed across both. Each WLC has enough licenses to support all APs in case of failure of one WLC. All APs are configured as FlexConnect, and our corporate SSID is locally switched... So far everything was ok, but we haven't had A LOT of wireless users until recently. People used to treat wireless network as a hotspot service, but everything is going to change with introduction of W10 corporate endpoints. Out management wants to introduce seamless experience on wireless network, i.e. wireless as primary. We are doing a lot of work at the moment to make this happen (plenty of site surveys which results into AP increase by 5 times in some cases).

 

Previously we used to have 1 Class C network assigned to Wireless devices.

This was even enough for multi stories buildings. In FlexConnect environments (especially where roaming is expected between floors) wireless VLAN has to span across multiple switch stacks. It was ok for 250 endpoints, but with more and more devices going wireless it's going to be a problem.

 

For example, what if our largest office goes 'wireless as primary' soon... there will be 8 floors, with up to 1000 users. To be able to support 1000 corporate wireless devices (worst case scenario), I need to have a /22 VLAN which will span across multiple switch stacks (in fact, all of those)... It doesn't sound very scalable to me. It's not the best campus design, I suppose, if I'll have one VLAN on all switches with up to 1000 possible hosts in it. Not even sure how much overhead I'll have due to increased broadcast traffic due to ARP....

 

So, I wanted to ask if anyone deployed FlexConnect with local switching in a large offices (or campuses) and how did you solve this problem? This is THE only concern I have so far... well, maybe a limitation of 50APs per FC group to support key caching (in my understanding OKC is supported across multiple groups, but not with other methods)....

 

To summarize

 

  1. How to support seamless roaming experience in large FlexConnect deployments with locally switched VLANs?
  2. How to maintain the IP address when users roam between floors?
  3. What is the max recommended VLAN/subnet size for locally switched networks? Overhead?
  4. If users roam between floors, how will this work with DHCP snooping turned on?
  5. What key caching methods work with inter-FlexConnect group roaming (if user roams from AP that belongs to one FC group to AP in a different FC group)

Thanks

 

Any input will be highly appreciated.

 

Thanks

Tim

4 Replies 4

Scott Fella
Hall of Fame
Hall of Fame
I will let you know that we have a /22 in one of our sites for Corp and another just for guest. However we have local controllers but shouldn’t be any different than what your trying to achieve. Since FlexConnect local switching doesn’t support layer 3 roaming, you need to stick to one subnet. I think you will be fine to be honest. Just scale it for density.
-Scott
*** Please rate helpful posts ***

Hi Scott

 

Thanks a lot for your comment. When you say that you have /22 in one of your offices but you have a local WLC, does it mean you still run FlexConnect w/ local switching in that office? The reason I am asking is obvious... if it's Local mode for APs, then WLC contains all broadcasts. In fact, you will only have one interface in the VLAN (WLC itself) and any broadcast will never go to wired network.

 

FlexConnect makes it a bit dodgy... If I have 8 floors with 2 stack each (16 stacks). It means my star topology (with central core) will have to span /22 VLAN across all 16 stacks + core. If client sends broadcast (ARP) from one floor it will be sent everywhere... Hence, I am asking. I can't find any documents that relate to FlexConnect scalability design guidelines or best practices.

 

And yes, I am aware about roaming with FC local switching :) that's why I raised this subject - the size of the VLAN is my concern really.... 

 

Thanks again for your time

Hi Tymofii,

I have done a few flex-connect deployments myself, mostly due to using the virtual WLC. The largest deployment was around 125 access-points with a few hundred active end-points spread over 10 access stacks. We used 4 VLANs for end-point connectivity based on the different use-cases (corp, voice, byod and guest). The VLANs where configured with a /23 IPv4 network and stretched over all access stacks within the LAN. The flex-connect groups where carefully planed based on expected roaming behavior within certain areas.

 

The deployment described above worked -surprisingly- well and might give you an idea how far you can go. However, I do recommend using a central switched design with controllers on-site instead for a deployment that big due to the following constraints:

  • Switchport configuration with local switching is more error-prone and might conflict with certain wired dot1x templates;
  • Friend don't let friends build big layer 2 networks :-) ;
  • Roaming might take longer due to changing point-of-presence of the end-point's MAC address on the wired side;
  • With local switching access-points will forward broadcast traffic from the wired side to the wireless side;
  • Certain features re not available or limited with local switching.

Cisco released converged access in 2013 as answer for these constraints. Converged access has been deprecated with the new SDA architecture which uses a fabric instead, I highly recommend you to read in about this new architecture. Good luck!

Please rate useful posts... :-)

Thanks Freerk

 

I am not so worried about roaming delay due to the MAC tables update because our Layer 2 topologies are basic - STAR with etherchannels. So, worst case scenario, if user roams between stacks it needs to propagate from new STACK down to the core/distribution and then to the original STACK from where endpoint roamed. Hence, it's few milliseconds really.

 

However, what I've noticed in our existing FC deployments  is that sometime switches complain about MAC flapping. This happens if user connects to remote floor's AP and then back (if this repeats due to whatever reason we see MAC flapping between LOCAL switchport and etherchannel to the core). Do you see a lot of this?

 

LARGE Layer 2 domains (/22) are a concern of course :) I am more and more convinced I will need a dedicated WLC for this particular site to support central switching. In fact, it could be a nice exercise if we do FlexConnect with local switching using local WLC initially, but if we see any issues, convert to central switching...

Review Cisco Networking for a $25 gift card