SlideShare ist ein Scribd-Unternehmen logo

EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x

Als PPTX, PDF herunterladen
Aruba, a Hewlett Packard Enterprise company
Aruba, a Hewlett Packard Enterprise company

In this presentation, we will discuss the L3 Redundancy Requirement which primarily comes from customers who want to handle the complete Data Center Failure during natural disasters or other catastrophic events. Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Layer-3-Redundancy-for-Mobility-Master-ArubaOS/td-p/382029 Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908

Technologie
1 von 38
1 Master-L3-Redundancy 10:00 GMT | 11:00 CET | 14:00 GST FEB 6th, 2018 Presenter: Abdul Ali Irfaan abdul.ali.irfaan@hpe.com
2 Agenda • Introduction • Functionality • Topology • Configuration • Troubleshooting • Debugging • Caveats • Changes from Earlier Versions • Demo
3 INTRODUCTION
4 Introduction Why Layer-3 Redundancy? • The L3 Redundancy Requirement primarily comes from customers who want to handle the complete Data Center Failure during natural disasters or other catastrophic events. • ArubaOS 8.2.0.0 introduces support for a redundant pair of Mobility Masters. • L3 redundancy will prevent a scenario where a Mobility Master acts as a single point of failure if the link to the Mobility Master goes down, or a co-located standby Mobility Master controller pair fails due to a data center failure or a local natural disaster.
5 Introduction • Configuration and databases are synced automatically from the primary to secondary data center. • Managed Devices detect a failure in the primary data center and automatically switch to the secondary data center. • The switchover event in the managed device will have minimal service impact if any. • With Centralized licensing, a single license can be used for both primary and secondary data centers. • Layer-2 and Layer-3 redundancy will work together. • When the primary data center comes back up all managed devices will switch back to primary data center with minimal service impact if any.
6 FUNCTIONALITY
7 Functionality • The L3 Redundancy Feature supports Active-Standby model. • The L3 Redundancy role is driven by explicit user configuration at both ends. There are 3 roles: Primary ,Secondary, None (default). • The L3 Redundancy role will determine: • If the user can make the config changes • If the sync will be initiated. • When the redundancy Role is “Primary”, user config changes will be allowed on MM and initiates DB/config sync . • If the redundancy Role is “Secondary”, user config changes will not be allowed and sync from primary will be accepted and acted upon. • On the Secondary Master, config changes are allowed only on /mm/mynode. • L3 redundant peers can either be switch IP or VRRP IP of L3 peers.
8 Functionality • There are 4 sets of data that will be synced across L3 peers: • Databases • Certificates • Captive Portal Files (Custom images) • Configurations
9 Functionality • Config sync is periodic and is based on configured l3-sync-timer (default 2 hours). • If L2 redundancy is configured in primary and secondary DC then DB sync is initiated from Primary active to Secondary active . • DB/config sync will not take place between MM’s if both are configured with role as primary or both configured with role as secondary.
10 Functionality • MDs can be configured with secondary master IP during the initial setup, ZTP or as partial configuration from MM. • Each MD will interface with HCM which will provide the reachability information of both Primary and Secondary MM. • If MDs directly terminate on MM, then MDs probe the primary and secondary MM IP to detect primary data center failure. • If MDs connect to MM via VPNC , then MDs probe the primary and secondary VPNC IP (if any) to detect primary data center failure. • When MD detects that it cannot reach primary MM for 15 minutes, it triggers L3 Switchover.
11 Functionality • The MDs will have management tunnel with only one MM at any given time. • When MD detects that Primary Data Center is down and Secondary Data Center is up, MD will tear down the tunnel with Primary DC (or VPNC1) and attempt to establish IPSec tunnel with its Secondary DC (or VPNC2). • Secondary MM will accept MDs only if it detects its tunnel with Primary MM is down. • The MDs can connect to the Secondary Master and it will show up as a connected device in “show switches” in the Secondary master and can stay on it as long as Primary is down. As soon as the Primary is up, the tunnel with MDs will be torn down and MDs will switch back to primary MM.
12 Topology
13 CONFIGURATION
14 Configuration Enabling L3 redundancy (On primary and secondary MM) from /mm/mynode) (Primary-Master) [mynode] (config-submode)#master-l3redundancy (Primary-Master) [mynode] (config-submode)#l3-peer-ip-address 10.17.204.171? ipsec IPSEC secure communication between masters ipsec-custom-cert Custom-Cert-based IPSEC secure communication between masters ipsec-factory-cert Factory-Cert-based IPSEC secure communication between masters (Primary-Master) [mynode] (config-submode)#l3-sync-state ? None No Sync state for L3 Redundancy Primary Set Sync state for L3 Redundancy as Primary Secondary Set Sync state for L3 Redundancy as Secondary (Primary-Master) [mynode] (config-submode)#l3-sync-time 2 Example: (Primary-Master) [mynode] (config) #master-l3redundancy (Primary-Master) [mynode] (config-submode)#l3-peer-ip-address 10.17.204.171 ipsec arub123 (Primary-Master) [mynode] (config-submode)#l3-sync-state Primary (Primary-Master) [mynode] (config-submode)#l3-sync-time 2
15 Configuration Secondary master IP config for MDs (Using CLI under /md) For MD: secondary master-ip <ip/FQDN> ipsec <key> <optional-peer-mac-1> <optional-peer-mac-2> secondary master-ip <ip/FQDN> ipsec-factory-cert <mac-1> <optional-peer-mac-2> secondary master-ip <ip/FQDN> ipsec-custom-cert <mac-1> <optional-peer-mac-2> ca-cert <ca-cert- name/factory-cert> server-cert <server-cert-name/factory-cert> suite-b < gcm128/gcm256> Example: secondary master-ip 10.17.204.171 ipsec aruba123 For BoC: secondary master-ip <ip/FQDN> vpn-ip <ip/FQDN> ipsec <key> <optional-peer-mac-1> <optional-peer-mac-2> secondary master-ip <ip/FQDN> vpn-ip <ip/FQDN> ipsec-factory-cert <mac-1> <optional-peer-mac-2> secondary master-ip <ip/FQDN> vpn-ip <ip/FQDN> ipsec-custom-cert <mac-1> <optional-peer-mac-2> ca-cert <ca-cert-name/factory-cert> server-cert <server-cert-name/factory-cert> suite-b < gcm128/gcm256> Example: secondary masterip 10.17.204.171 vpn-ip 10.17.204.173 ipsec-factory-cert vpn-mac-1 00:50:56:9f:31:8b
16 Configuration Initial Setup in MD: Full-setup : Do you want to enable L3 Redundancy (Yes|No)[No]: Enter Secondary Master switch IP address or FQDN: Is this a VPN concentrator for managed device to reach Secondary Master switch (yes|no) [no]: Enter IPSec Pre-shared Key: Enter Secondary Master switch MAC address: Enter Secondary Redundant Master switch MAC address [none]: This device connects to Secondary Master switch via VPN concentrator (yes|no) [no]: Enter VPN concentrator IP address or FQDN: VPN concentrator Authentication method (FactoryCert|PSKwithMAC) [FactoryCert]: Enter VPN concentrator MAC address: Enter Redundant VPN concentrator MAC address [none]: Enter IPSec Pre-shared Key: Enter VPN concentrator MAC address: Enter Redundant VPN concentrator MAC address [none]: Is Secondary Master switch Virtual Mobility Master? (yes|no) [yes]: Secondary Master switch Authentication method (PSKwithIP|PSKwithMAC) [PSKwithIP]: Secondary Master switch Authentication method (PSKwithIP|PSKwithMAC|FactoryCert) [PSKwithIP]: Enter IPSec Pre-shared Key: Enter Secondary Master switch MAC address: Enter Secondary Redundant Master switch MAC address [none]:
17 Configuration Mini-setup: Do you want to enable L3 Redundancy (Yes|No)[No]: Enter Secondary Master switch IP address or FQDN: Enter VPN concentrator IP address or FQDN [none]: Enter VPN concentrator MAC address: Enter Redundant VPN concentrator MAC address [none]: Enter Secondary Master switch MAC address: Enter Secondary Redundant Master switch MAC address [none]:
18 TROUBLESHOOTING
19 Troubleshooting • Verify L3-sync role, L3 peer IP, Pre-Shared Key on the Primary and Secondary MM • On Primary MM: • On Secondary MM:
20 Troubleshooting • Verify crypto ipsec sa between Primary and Secondary MM
21 Troubleshooting • Crypto ipsec sa on Secondary MM
22 Troubleshooting • Verify database sync between Primary and Secondary MM
23 Troubleshooting • Verify config sync between Primary and Secondary MM
24 Troubleshooting • Verify config-id on Primary and Secondary MM • On Secondary: • On Primary:
25 Troubleshooting • Verify the status of MMs on the MDs
26 Troubleshooting Manual config sync: On Secondary MM: master-l3redundancy config-sync Manual L3 switchover: On MD: master-l3redundancy switchover
27 Troubleshooting • Verify if the MDs have failed over to the Secondary MM
28 Debugging Dbsync related issues logging system process dbsync level debugging Config Sync related issues logging system process cfgm level debugging logging system process cfgdist level debugging Ike related issues : logging security process crypto level debugging Health check and failover issues logging system process fpapps level debugging logging system process hcm level debugging
29 CHANGES FROM EARLIER VERSIONS
30 Changes from earlier versions • In 6.4.4, L3 Redundancy Support was added for BoC Controllers. It had some limitations like • User had to explicitly do the sync across L3 peers manually • MDs rebooted when the Master IP changed • Separate licenses had to be manually installed on the Secondary Master. • In 8.x , L3 redundancy: • Config DB’s and captive portal files are automatically synced between primary an secondary. • MD’s do not reboot during master IP change. • Licenses are synced between Primary and secondary MM.
31 CAVEATS
32 Caveats • No UI support for configuring L3 redundancy in this release • No v6 support for L3 peers. • L3 redundancy is not supported in standalone topology and MCM topology. • L3 redundancy and Centralized licensing in multiple mobility master are mutually exclusive.
33 DEMO
34 Demo
35 Demo
36 Demo
37 QUESTIONS?
38 THANK YOU!

Empfohlen

EMEA Airheads- ArubaOS - Cluster Manager
EMEA Airheads- ArubaOS - Cluster ManagerEMEA Airheads- ArubaOS - Cluster Manager
EMEA Airheads- ArubaOS - Cluster Manager
Aruba, a Hewlett Packard Enterprise company
 
Aruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User Guide
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2 EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads How licensing works in Aruba OS 8.x
EMEA Airheads How licensing works in Aruba OS 8.xEMEA Airheads How licensing works in Aruba OS 8.x
EMEA Airheads How licensing works in Aruba OS 8.x
Aruba, a Hewlett Packard Enterprise company
 
Roaming behavior and Client Troubleshooting
Roaming behavior and Client TroubleshootingRoaming behavior and Client Troubleshooting
Roaming behavior and Client Troubleshooting
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Aruba Instant AP- VPN Troubleshooting
EMEA Airheads- Aruba Instant AP- VPN TroubleshootingEMEA Airheads- Aruba Instant AP- VPN Troubleshooting
EMEA Airheads- Aruba Instant AP- VPN Troubleshooting
Aruba, a Hewlett Packard Enterprise company
 
Bringing up Aruba Mobility Master, Managed Device & Access Point
Bringing up Aruba Mobility Master, Managed Device & Access PointBringing up Aruba Mobility Master, Managed Device & Access Point
Bringing up Aruba Mobility Master, Managed Device & Access Point
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Troubleshooting 802.1x issues
EMEA Airheads- Troubleshooting 802.1x issuesEMEA Airheads- Troubleshooting 802.1x issues
EMEA Airheads- Troubleshooting 802.1x issues
Aruba, a Hewlett Packard Enterprise company
 

Empfohlen

EMEA Airheads- ArubaOS - Cluster Manager
EMEA Airheads- ArubaOS - Cluster ManagerEMEA Airheads- ArubaOS - Cluster Manager
EMEA Airheads- ArubaOS - Cluster Manager
Aruba, a Hewlett Packard Enterprise company
 
Aruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User Guide
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2 EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads How licensing works in Aruba OS 8.x
EMEA Airheads How licensing works in Aruba OS 8.xEMEA Airheads How licensing works in Aruba OS 8.x
EMEA Airheads How licensing works in Aruba OS 8.x
Aruba, a Hewlett Packard Enterprise company
 
Roaming behavior and Client Troubleshooting
Roaming behavior and Client TroubleshootingRoaming behavior and Client Troubleshooting
Roaming behavior and Client Troubleshooting
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Aruba Instant AP- VPN Troubleshooting
EMEA Airheads- Aruba Instant AP- VPN TroubleshootingEMEA Airheads- Aruba Instant AP- VPN Troubleshooting
EMEA Airheads- Aruba Instant AP- VPN Troubleshooting
Aruba, a Hewlett Packard Enterprise company
 
Bringing up Aruba Mobility Master, Managed Device & Access Point
Bringing up Aruba Mobility Master, Managed Device & Access PointBringing up Aruba Mobility Master, Managed Device & Access Point
Bringing up Aruba Mobility Master, Managed Device & Access Point
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Troubleshooting 802.1x issues
EMEA Airheads- Troubleshooting 802.1x issuesEMEA Airheads- Troubleshooting 802.1x issues
EMEA Airheads- Troubleshooting 802.1x issues
Aruba, a Hewlett Packard Enterprise company
 
Getting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallGetting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewall
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Aruba 8.x Architecture overview & UI Navigation
EMEA Airheads- Aruba 8.x Architecture overview & UI NavigationEMEA Airheads- Aruba 8.x Architecture overview & UI Navigation
EMEA Airheads- Aruba 8.x Architecture overview & UI Navigation
Aruba, a Hewlett Packard Enterprise company
 
Advanced rf troubleshooting_peter lane
Advanced rf troubleshooting_peter laneAdvanced rf troubleshooting_peter lane
Advanced rf troubleshooting_peter lane
Aruba, a Hewlett Packard Enterprise company
 
Airheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.xAirheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.x
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP DeploymentEMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP Deployment
Aruba, a Hewlett Packard Enterprise company
 
Aruba Mobility Controllers
Aruba Mobility ControllersAruba Mobility Controllers
Aruba Mobility Controllers
Aruba, a Hewlett Packard Enterprise company
 
ClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirements
Aruba, a Hewlett Packard Enterprise company
 
Hpe Intelligent Management Center
Hpe Intelligent Management CenterHpe Intelligent Management Center
Hpe Intelligent Management Center
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads - Multi zone ap and centralized image upgrade
EMEA Airheads - Multi zone ap and centralized image upgradeEMEA Airheads - Multi zone ap and centralized image upgrade
EMEA Airheads - Multi zone ap and centralized image upgrade
Aruba, a Hewlett Packard Enterprise company
 
Breakout - Airheads Macau 2013 - Top 10 Tips from Aruba TAC
Breakout - Airheads Macau 2013 - Top 10 Tips from Aruba TAC Breakout - Airheads Macau 2013 - Top 10 Tips from Aruba TAC
Breakout - Airheads Macau 2013 - Top 10 Tips from Aruba TAC
Aruba, a Hewlett Packard Enterprise company
 
Guest Access with ArubaOS
Guest Access with ArubaOSGuest Access with ArubaOS
Guest Access with ArubaOS
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Instant AP- Instant AP Best Practice Configuration
EMEA Airheads- Instant AP- Instant AP Best Practice ConfigurationEMEA Airheads- Instant AP- Instant AP Best Practice Configuration
EMEA Airheads- Instant AP- Instant AP Best Practice Configuration
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- ArubaOS - High availability with AP Fast Failover
EMEA Airheads- ArubaOS - High availability with AP Fast FailoverEMEA Airheads- ArubaOS - High availability with AP Fast Failover
EMEA Airheads- ArubaOS - High availability with AP Fast Failover
Aruba, a Hewlett Packard Enterprise company
 
Wireless LAN Design Fundamentals in the Campus
Wireless LAN Design Fundamentals in the CampusWireless LAN Design Fundamentals in the Campus
Wireless LAN Design Fundamentals in the Campus
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- ArubaOS - Rogue AP troubleshooting
EMEA Airheads- ArubaOS - Rogue AP troubleshootingEMEA Airheads- ArubaOS - Rogue AP troubleshooting
EMEA Airheads- ArubaOS - Rogue AP troubleshooting
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Aruba OS- Mobile First Platform– Aruba OS 8.0 introduction
EMEA Airheads- Aruba OS- Mobile First Platform– Aruba OS 8.0 introductionEMEA Airheads- Aruba OS- Mobile First Platform– Aruba OS 8.0 introduction
EMEA Airheads- Aruba OS- Mobile First Platform– Aruba OS 8.0 introduction
Aruba, a Hewlett Packard Enterprise company
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPass
Aruba, a Hewlett Packard Enterprise company
 
Adapting to evolving user, security, and business needs with aruba clear pass
Adapting to evolving user, security, and business needs with aruba clear passAdapting to evolving user, security, and business needs with aruba clear pass
Adapting to evolving user, security, and business needs with aruba clear pass
Aruba, a Hewlett Packard Enterprise company
 
Managing and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANsManaging and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANs
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS SwitchEMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)
Aruba, a Hewlett Packard Enterprise company
 
Virtualization & Network Connectivity
Virtualization & Network Connectivity Virtualization & Network Connectivity
Virtualization & Network Connectivity
itplant
 

Weitere ähnliche Inhalte

Was ist angesagt?

Managing and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANsManaging and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANs
Aruba, a Hewlett Packard Enterprise company
 

Was ist angesagt? (20)

Getting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallGetting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewall
 
EMEA Airheads- Aruba 8.x Architecture overview & UI Navigation
EMEA Airheads- Aruba 8.x Architecture overview & UI NavigationEMEA Airheads- Aruba 8.x Architecture overview & UI Navigation
EMEA Airheads- Aruba 8.x Architecture overview & UI Navigation
 
Advanced rf troubleshooting_peter lane
Advanced rf troubleshooting_peter laneAdvanced rf troubleshooting_peter lane
Advanced rf troubleshooting_peter lane
 
Airheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.xAirheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.x
 
EMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP DeploymentEMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP Deployment
 
Aruba Mobility Controllers
Aruba Mobility ControllersAruba Mobility Controllers
Aruba Mobility Controllers
 
ClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirements
 
Hpe Intelligent Management Center
Hpe Intelligent Management CenterHpe Intelligent Management Center
Hpe Intelligent Management Center
 
EMEA Airheads - Multi zone ap and centralized image upgrade
EMEA Airheads - Multi zone ap and centralized image upgradeEMEA Airheads - Multi zone ap and centralized image upgrade
EMEA Airheads - Multi zone ap and centralized image upgrade
 
Breakout - Airheads Macau 2013 - Top 10 Tips from Aruba TAC
Breakout - Airheads Macau 2013 - Top 10 Tips from Aruba TAC Breakout - Airheads Macau 2013 - Top 10 Tips from Aruba TAC
Breakout - Airheads Macau 2013 - Top 10 Tips from Aruba TAC
 
Guest Access with ArubaOS
Guest Access with ArubaOSGuest Access with ArubaOS
Guest Access with ArubaOS
 
EMEA Airheads- Instant AP- Instant AP Best Practice Configuration
EMEA Airheads- Instant AP- Instant AP Best Practice ConfigurationEMEA Airheads- Instant AP- Instant AP Best Practice Configuration
EMEA Airheads- Instant AP- Instant AP Best Practice Configuration
 
EMEA Airheads- ArubaOS - High availability with AP Fast Failover
EMEA Airheads- ArubaOS - High availability with AP Fast FailoverEMEA Airheads- ArubaOS - High availability with AP Fast Failover
EMEA Airheads- ArubaOS - High availability with AP Fast Failover
 
Wireless LAN Design Fundamentals in the Campus
Wireless LAN Design Fundamentals in the CampusWireless LAN Design Fundamentals in the Campus
Wireless LAN Design Fundamentals in the Campus
 
EMEA Airheads- ArubaOS - Rogue AP troubleshooting
EMEA Airheads- ArubaOS - Rogue AP troubleshootingEMEA Airheads- ArubaOS - Rogue AP troubleshooting
EMEA Airheads- ArubaOS - Rogue AP troubleshooting
 
EMEA Airheads- Aruba OS- Mobile First Platform– Aruba OS 8.0 introduction
EMEA Airheads- Aruba OS- Mobile First Platform– Aruba OS 8.0 introductionEMEA Airheads- Aruba OS- Mobile First Platform– Aruba OS 8.0 introduction
EMEA Airheads- Aruba OS- Mobile First Platform– Aruba OS 8.0 introduction
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPass
 
Adapting to evolving user, security, and business needs with aruba clear pass
Adapting to evolving user, security, and business needs with aruba clear passAdapting to evolving user, security, and business needs with aruba clear pass
Adapting to evolving user, security, and business needs with aruba clear pass
 
Managing and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANsManaging and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANs
 
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS SwitchEMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
 

Ähnlich wie EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x

20088 1 ccna3 3.1-06 switch configurations
20088 1 ccna3 3.1-06 switch configurations20088 1 ccna3 3.1-06 switch configurations
20088 1 ccna3 3.1-06 switch configurations
Dipak Misra
 
Set Up & Operate Tungsten Replicator
Set Up & Operate Tungsten ReplicatorSet Up & Operate Tungsten Replicator
Set Up & Operate Tungsten Replicator
Continuent
 
Setup & Operate Tungsten Replicator
Setup & Operate Tungsten ReplicatorSetup & Operate Tungsten Replicator
Setup & Operate Tungsten Replicator
Continuent
 
Webinar Slides: Tungsten Connector / Proxy – The Secret Sauce Behind Zero-Dow...
Webinar Slides: Tungsten Connector / Proxy – The Secret Sauce Behind Zero-Dow...Webinar Slides: Tungsten Connector / Proxy – The Secret Sauce Behind Zero-Dow...
Webinar Slides: Tungsten Connector / Proxy – The Secret Sauce Behind Zero-Dow...
Continuent
 
Slow things down to make them go faster [FOSDEM 2022]
Slow things down to make them go faster [FOSDEM 2022]Slow things down to make them go faster [FOSDEM 2022]
Slow things down to make them go faster [FOSDEM 2022]
Jimmy Angelakos
 
F5 link controller
F5 link controllerF5 link controller
F5 link controller
Jimmy Saigon
 

Ähnlich wie EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x (20)

EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)
 
Virtualization & Network Connectivity
Virtualization & Network Connectivity Virtualization & Network Connectivity
Virtualization & Network Connectivity
 
CCNA4 Verson6 Chapter2
CCNA4 Verson6 Chapter2CCNA4 Verson6 Chapter2
CCNA4 Verson6 Chapter2
 
Expanding your options with the MQ Appliance
Expanding your options with the MQ ApplianceExpanding your options with the MQ Appliance
Expanding your options with the MQ Appliance
 
Building a Highly available messaging hub using the IBM MQ Appliance
Building a Highly available messaging hub using the IBM MQ ApplianceBuilding a Highly available messaging hub using the IBM MQ Appliance
Building a Highly available messaging hub using the IBM MQ Appliance
 
20088 1 ccna3 3.1-06 switch configurations
20088 1 ccna3 3.1-06 switch configurations20088 1 ccna3 3.1-06 switch configurations
20088 1 ccna3 3.1-06 switch configurations
 
Set Up & Operate Tungsten Replicator
Set Up & Operate Tungsten ReplicatorSet Up & Operate Tungsten Replicator
Set Up & Operate Tungsten Replicator
 
The SaltStack Pub Crawl - Fosscomm 2016
The SaltStack Pub Crawl - Fosscomm 2016The SaltStack Pub Crawl - Fosscomm 2016
The SaltStack Pub Crawl - Fosscomm 2016
 
NFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center ArchitecturesNFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center Architectures
 
IBM System Networking Overview - Jul 2013
IBM System Networking Overview - Jul 2013IBM System Networking Overview - Jul 2013
IBM System Networking Overview - Jul 2013
 
Informix HA Best Practices
Informix HA Best Practices Informix HA Best Practices
Informix HA Best Practices
 
Always on high availability best practices for informix
Always on high availability best practices for informixAlways on high availability best practices for informix
Always on high availability best practices for informix
 
IBM MQ Appliance - Administration simplified
IBM MQ Appliance - Administration simplifiedIBM MQ Appliance - Administration simplified
IBM MQ Appliance - Administration simplified
 
IBM Programmable Network Controller
IBM Programmable Network ControllerIBM Programmable Network Controller
IBM Programmable Network Controller
 
Setup & Operate Tungsten Replicator
Setup & Operate Tungsten ReplicatorSetup & Operate Tungsten Replicator
Setup & Operate Tungsten Replicator
 
Webinar Slides: Tungsten Connector / Proxy – The Secret Sauce Behind Zero-Dow...
Webinar Slides: Tungsten Connector / Proxy – The Secret Sauce Behind Zero-Dow...Webinar Slides: Tungsten Connector / Proxy – The Secret Sauce Behind Zero-Dow...
Webinar Slides: Tungsten Connector / Proxy – The Secret Sauce Behind Zero-Dow...
 
Slow things down to make them go faster [FOSDEM 2022]
Slow things down to make them go faster [FOSDEM 2022]Slow things down to make them go faster [FOSDEM 2022]
Slow things down to make them go faster [FOSDEM 2022]
 
Firewalld : A New Interface to Your Netfilter Stack
Firewalld : A New Interface to Your Netfilter StackFirewalld : A New Interface to Your Netfilter Stack
Firewalld : A New Interface to Your Netfilter Stack
 
Training Slides: Basics 102: Introduction to Tungsten Clustering
Training Slides: Basics 102: Introduction to Tungsten ClusteringTraining Slides: Basics 102: Introduction to Tungsten Clustering
Training Slides: Basics 102: Introduction to Tungsten Clustering
 
F5 link controller
F5 link controllerF5 link controller
F5 link controller
 

Mehr von Aruba, a Hewlett Packard Enterprise company

EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...
EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...
EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...
Aruba, a Hewlett Packard Enterprise company
 

Mehr von Aruba, a Hewlett Packard Enterprise company (18)

Airheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba CentralAirheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
 
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard AgentsAirheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
 
EMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba CentralEMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba Central
 
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.xEMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
 
EMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS SwitchEMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS Switch
 
Introduction to AirWave 10
Introduction to AirWave 10Introduction to AirWave 10
Introduction to AirWave 10
 
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS SwitchEMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
 
EMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant APEMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant AP
 
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.xEMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
 
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPMEMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
 
Airheads Meetups: 8400 Presentation
Airheads Meetups: 8400 PresentationAirheads Meetups: 8400 Presentation
Airheads Meetups: 8400 Presentation
 
Airheads Meetups: Ekahau Presentation
Airheads Meetups: Ekahau PresentationAirheads Meetups: Ekahau Presentation
Airheads Meetups: Ekahau Presentation
 
Airheads Meetups- High density WLAN
Airheads Meetups- High density WLANAirheads Meetups- High density WLAN
Airheads Meetups- High density WLAN
 
Airheads Meetups- Avans Hogeschool goes Aruba
Airheads Meetups- Avans Hogeschool goes ArubaAirheads Meetups- Avans Hogeschool goes Aruba
Airheads Meetups- Avans Hogeschool goes Aruba
 
EMEA Airheads - Configuring different APIs in Aruba 8.x
EMEA Airheads - Configuring different APIs in Aruba 8.x EMEA Airheads - Configuring different APIs in Aruba 8.x
EMEA Airheads - Configuring different APIs in Aruba 8.x
 
EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
EMEA Airheads - Aruba Remote Access Point (RAP) TroubleshootingEMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
 
EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...
EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...
EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...
 
EMEA Airheads- ClearPass extensions and how they can help
EMEA Airheads- ClearPass extensions and how they can helpEMEA Airheads- ClearPass extensions and how they can help
EMEA Airheads- ClearPass extensions and how they can help
 

Kürzlich hochgeladen

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 

Kürzlich hochgeladen (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 

EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x

  • 1. 1 Master-L3-Redundancy 10:00 GMT | 11:00 CET | 14:00 GST FEB 6th, 2018 Presenter: Abdul Ali Irfaan abdul.ali.irfaan@hpe.com
  • 2. 2 Agenda • Introduction • Functionality • Topology • Configuration • Troubleshooting • Debugging • Caveats • Changes from Earlier Versions • Demo
  • 4. 4 Introduction Why Layer-3 Redundancy? • The L3 Redundancy Requirement primarily comes from customers who want to handle the complete Data Center Failure during natural disasters or other catastrophic events. • ArubaOS 8.2.0.0 introduces support for a redundant pair of Mobility Masters. • L3 redundancy will prevent a scenario where a Mobility Master acts as a single point of failure if the link to the Mobility Master goes down, or a co-located standby Mobility Master controller pair fails due to a data center failure or a local natural disaster.
  • 5. 5 Introduction • Configuration and databases are synced automatically from the primary to secondary data center. • Managed Devices detect a failure in the primary data center and automatically switch to the secondary data center. • The switchover event in the managed device will have minimal service impact if any. • With Centralized licensing, a single license can be used for both primary and secondary data centers. • Layer-2 and Layer-3 redundancy will work together. • When the primary data center comes back up all managed devices will switch back to primary data center with minimal service impact if any.
  • 7. 7 Functionality • The L3 Redundancy Feature supports Active-Standby model. • The L3 Redundancy role is driven by explicit user configuration at both ends. There are 3 roles: Primary ,Secondary, None (default). • The L3 Redundancy role will determine: • If the user can make the config changes • If the sync will be initiated. • When the redundancy Role is “Primary”, user config changes will be allowed on MM and initiates DB/config sync . • If the redundancy Role is “Secondary”, user config changes will not be allowed and sync from primary will be accepted and acted upon. • On the Secondary Master, config changes are allowed only on /mm/mynode. • L3 redundant peers can either be switch IP or VRRP IP of L3 peers.
  • 8. 8 Functionality • There are 4 sets of data that will be synced across L3 peers: • Databases • Certificates • Captive Portal Files (Custom images) • Configurations
  • 9. 9 Functionality • Config sync is periodic and is based on configured l3-sync-timer (default 2 hours). • If L2 redundancy is configured in primary and secondary DC then DB sync is initiated from Primary active to Secondary active . • DB/config sync will not take place between MM’s if both are configured with role as primary or both configured with role as secondary.
  • 10. 10 Functionality • MDs can be configured with secondary master IP during the initial setup, ZTP or as partial configuration from MM. • Each MD will interface with HCM which will provide the reachability information of both Primary and Secondary MM. • If MDs directly terminate on MM, then MDs probe the primary and secondary MM IP to detect primary data center failure. • If MDs connect to MM via VPNC , then MDs probe the primary and secondary VPNC IP (if any) to detect primary data center failure. • When MD detects that it cannot reach primary MM for 15 minutes, it triggers L3 Switchover.
  • 11. 11 Functionality • The MDs will have management tunnel with only one MM at any given time. • When MD detects that Primary Data Center is down and Secondary Data Center is up, MD will tear down the tunnel with Primary DC (or VPNC1) and attempt to establish IPSec tunnel with its Secondary DC (or VPNC2). • Secondary MM will accept MDs only if it detects its tunnel with Primary MM is down. • The MDs can connect to the Secondary Master and it will show up as a connected device in “show switches” in the Secondary master and can stay on it as long as Primary is down. As soon as the Primary is up, the tunnel with MDs will be torn down and MDs will switch back to primary MM.
  • 14. 14 Configuration Enabling L3 redundancy (On primary and secondary MM) from /mm/mynode) (Primary-Master) [mynode] (config-submode)#master-l3redundancy (Primary-Master) [mynode] (config-submode)#l3-peer-ip-address 10.17.204.171? ipsec IPSEC secure communication between masters ipsec-custom-cert Custom-Cert-based IPSEC secure communication between masters ipsec-factory-cert Factory-Cert-based IPSEC secure communication between masters (Primary-Master) [mynode] (config-submode)#l3-sync-state ? None No Sync state for L3 Redundancy Primary Set Sync state for L3 Redundancy as Primary Secondary Set Sync state for L3 Redundancy as Secondary (Primary-Master) [mynode] (config-submode)#l3-sync-time 2 Example: (Primary-Master) [mynode] (config) #master-l3redundancy (Primary-Master) [mynode] (config-submode)#l3-peer-ip-address 10.17.204.171 ipsec arub123 (Primary-Master) [mynode] (config-submode)#l3-sync-state Primary (Primary-Master) [mynode] (config-submode)#l3-sync-time 2
  • 15. 15 Configuration Secondary master IP config for MDs (Using CLI under /md) For MD: secondary master-ip <ip/FQDN> ipsec <key> <optional-peer-mac-1> <optional-peer-mac-2> secondary master-ip <ip/FQDN> ipsec-factory-cert <mac-1> <optional-peer-mac-2> secondary master-ip <ip/FQDN> ipsec-custom-cert <mac-1> <optional-peer-mac-2> ca-cert <ca-cert- name/factory-cert> server-cert <server-cert-name/factory-cert> suite-b < gcm128/gcm256> Example: secondary master-ip 10.17.204.171 ipsec aruba123 For BoC: secondary master-ip <ip/FQDN> vpn-ip <ip/FQDN> ipsec <key> <optional-peer-mac-1> <optional-peer-mac-2> secondary master-ip <ip/FQDN> vpn-ip <ip/FQDN> ipsec-factory-cert <mac-1> <optional-peer-mac-2> secondary master-ip <ip/FQDN> vpn-ip <ip/FQDN> ipsec-custom-cert <mac-1> <optional-peer-mac-2> ca-cert <ca-cert-name/factory-cert> server-cert <server-cert-name/factory-cert> suite-b < gcm128/gcm256> Example: secondary masterip 10.17.204.171 vpn-ip 10.17.204.173 ipsec-factory-cert vpn-mac-1 00:50:56:9f:31:8b
  • 16. 16 Configuration Initial Setup in MD: Full-setup : Do you want to enable L3 Redundancy (Yes|No)[No]: Enter Secondary Master switch IP address or FQDN: Is this a VPN concentrator for managed device to reach Secondary Master switch (yes|no) [no]: Enter IPSec Pre-shared Key: Enter Secondary Master switch MAC address: Enter Secondary Redundant Master switch MAC address [none]: This device connects to Secondary Master switch via VPN concentrator (yes|no) [no]: Enter VPN concentrator IP address or FQDN: VPN concentrator Authentication method (FactoryCert|PSKwithMAC) [FactoryCert]: Enter VPN concentrator MAC address: Enter Redundant VPN concentrator MAC address [none]: Enter IPSec Pre-shared Key: Enter VPN concentrator MAC address: Enter Redundant VPN concentrator MAC address [none]: Is Secondary Master switch Virtual Mobility Master? (yes|no) [yes]: Secondary Master switch Authentication method (PSKwithIP|PSKwithMAC) [PSKwithIP]: Secondary Master switch Authentication method (PSKwithIP|PSKwithMAC|FactoryCert) [PSKwithIP]: Enter IPSec Pre-shared Key: Enter Secondary Master switch MAC address: Enter Secondary Redundant Master switch MAC address [none]:
  • 17. 17 Configuration Mini-setup: Do you want to enable L3 Redundancy (Yes|No)[No]: Enter Secondary Master switch IP address or FQDN: Enter VPN concentrator IP address or FQDN [none]: Enter VPN concentrator MAC address: Enter Redundant VPN concentrator MAC address [none]: Enter Secondary Master switch MAC address: Enter Secondary Redundant Master switch MAC address [none]:
  • 19. 19 Troubleshooting • Verify L3-sync role, L3 peer IP, Pre-Shared Key on the Primary and Secondary MM • On Primary MM: • On Secondary MM:
  • 20. 20 Troubleshooting • Verify crypto ipsec sa between Primary and Secondary MM
  • 22. 22 Troubleshooting • Verify database sync between Primary and Secondary MM
  • 23. 23 Troubleshooting • Verify config sync between Primary and Secondary MM
  • 24. 24 Troubleshooting • Verify config-id on Primary and Secondary MM • On Secondary: • On Primary:
  • 25. 25 Troubleshooting • Verify the status of MMs on the MDs
  • 26. 26 Troubleshooting Manual config sync: On Secondary MM: master-l3redundancy config-sync Manual L3 switchover: On MD: master-l3redundancy switchover
  • 27. 27 Troubleshooting • Verify if the MDs have failed over to the Secondary MM
  • 28. 28 Debugging Dbsync related issues logging system process dbsync level debugging Config Sync related issues logging system process cfgm level debugging logging system process cfgdist level debugging Ike related issues : logging security process crypto level debugging Health check and failover issues logging system process fpapps level debugging logging system process hcm level debugging
  • 30. 30 Changes from earlier versions • In 6.4.4, L3 Redundancy Support was added for BoC Controllers. It had some limitations like • User had to explicitly do the sync across L3 peers manually • MDs rebooted when the Master IP changed • Separate licenses had to be manually installed on the Secondary Master. • In 8.x , L3 redundancy: • Config DB’s and captive portal files are automatically synced between primary an secondary. • MD’s do not reboot during master IP change. • Licenses are synced between Primary and secondary MM.
  • 32. 32 Caveats • No UI support for configuring L3 redundancy in this release • No v6 support for L3 peers. • L3 redundancy is not supported in standalone topology and MCM topology. • L3 redundancy and Centralized licensing in multiple mobility master are mutually exclusive.