WLC HA failing across data centers

Andreas van Fondern · ‎04-07-2016

Hello,

I am trying to establlish AP SSO HA between two WLC which are located between geographically different DC (within the same city), and the DC are connected bya 2 x 10Gb/s port-channel. So latency is not an issue. When I enable SSO on Standby WLC and reboot the Standby appliance cannot find the Active WLC and goes into maintenance. The error message I am receiving is:

Initiate Role Negotiation Message to peer

Role Negotiation timeout. Didn't find Peer..

Moving to maintenance state as peer is reachable via secondary link
Entering maintenance mode...

Both WLC are configured with a LAG of 4 1 GB/s interfaces. So the Standby appliance I thought it may have been the LAG but that did not work.

The output of the show redundancy summary command are below:

ACTIVE CONTROLLER:

(Cisco Controller) >show redundancy summary
            Redundancy Mode = SSO ENABLED
                Local State = ACTIVE
                 Peer State = UNKNOWN - Communication Down
                       Unit = Primary
                    Unit ID = 00:06:F6:DC:18:80
           Redundancy State = Non Redundant
               Mobility MAC = 00:06:F6:DC:18:80
            BulkSync Status = Pending

STANDBY CONTROLLER:

(Cisco Controller) >show redundancy summary
            Redundancy Mode = SSO ENABLED
                Local State = MAINTENANCE
                 Peer State = UNKNOWN - Communication Down
                       Unit = Secondary
                    Unit ID = 04:62:73:51:EC:80
           Redundancy State = Non Redundant
               Mobility MAC = 04:62:73:51:EC:80
Maintenance Mode = Enabled
Maintenance cause= Peer RP is not reachable or Hardware model/Software version mismatch

I have confirmed that both WLCs are running the same version of software)8.0.121.0), and that VLAN for the Redundancy ports is spanning the DCs correctly. Has anyone encountered issue before and have a resolution?

Thanks in advance

Andreas

Ric Beeching · ‎04-07-2016

Are you trying to setup redundancy peering between the bonded interfaces used for standard management? Depending on the WLC Model you will need to use the dedicated port for redundancy.Have a look at this guide:

HA SSO Deployment Guide

If geographically split you may want to consider using a pseudo wire to connect them across so the WLCs believe they are directly connected to each other.

Cheers,

Ric

-----------------------------
Please rate helpful / correct posts

Andreas van Fondern · ‎04-08-2016

Thanks for your reply Ric. Yes I am using bonded/LAG interfaces as this is setup of the Primary/Active WLC, the configuration of which I am hoping not to alter if possible. The WLCs are 5508s so they have dedicated RP interfaces.

The guide that you have referenced is the one I used in my unsuccessful HA attempt.

The WLC are geograhically split with the VLANs stretched between the two DCs. The RP interface VLAN is stretched between the DCs with no other devices on the VLAN. The infrastructure between the WLC are all Nexus 9300s.

Are you able to elaborate of the pseudo wire idea?

Thanks

Andreas

Ric Beeching · ‎04-10-2016

Hi Andreas,

Sorry for the late response. A pseudo wire basically makes the devices think they are directly connected to each other which I believe is required for the HA RP interfaces. It is essentially a tunnel between the two endpoints to facilitate this.

I don't have any configuration examples which isn't very helpful, you'd have to research layer 2 pseudo wire configurations to see if there is something appropriate for you.

Alternatively you could use an N+1 HA configuration which isn't as ideal but at least you'd still have simple redundancy.

Cheers,

Ric

-----------------------------
Please rate helpful / correct posts

Ric Beeching · ‎04-10-2016

Hmm, the HA FAQ says there is support for split DC setups so I think you just need to ensure that they are layer 2 adjacent somehow.

http://www.cisco.com/c/en/us/products/collateral/wireless/aironet-1130-ag-series/qa_c67-714540.html

One example would be to use OTV to allow this but you'd need hardware that supported it.

http://www.cisco.com/c/en/us/products/collateral/switches/nexus-7000-series-switches/white_paper_c11-644634.html#_Toc408469215

-----------------------------
Please rate helpful / correct posts

Andreas van Fondern · ‎04-10-2016

I have confirmed that the mangement/redundancy management interfaces are Layer 2 adjacent. The VLANs are spanned between the DCs, with the SVIs only configured in the Primary DC. The second WLC, when configured with a management IP prior to enabling SSO, can ping within and outside the management VLAN etc.

What perplexes me is that when the second WLC attempts to find the primary WLC it goes into maintenance mode because the peer is reachable via secondary link. I have not be to any information on this error message on the Internet or the Cisco web site.

Andreas van Fondern · ‎04-10-2016

The only thing I can find on the Cisco web site is the following bug:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCun91394/?referring_site=ss

mlinval · ‎04-13-2016

Are your Redundancy Management interfaces on the same vlan as well? The redundancy port ip address is created by using the third and fourth octets of their ip addresses.

Can you ping the redundancy Management port ip address from the opposite DC?

Also, verify that the two controllers are running the exact same code.

BlazeHu85 · ‎03-09-2018

Hello, We have the same problem, but we have OTV between the DCs. Have you found a solution? Thanks Balazs