Hi,
Agree with you both with better network design, controllers and AP should not
be on same L2. Use DNS for MC discovery.
You should also check out NG architecture for AOS8 with clustering for HA.
Best regards
Fredrik L. Andersen
+ 47 930 888 15
Sendt fra min iPhone
> 5. jan. 2018 kl. 19:25 skrev Norton, Thomas (Network Operations)
> :
>
> Hey Ryan,
>
> I agree with Amel, I highly recommend breaking out your aps separate from
> your controller management VLAN and utilizing DHCP for discovery.
>
> We break out our ap management VLANs from our controller management VLAN and
> have the ap VLANs broken up into multiple geographic VTP domains to mitigate
> this.
>
> With that said we have had our own set of challenges from an HA perspective,
> as we have had to tune our ha heartbeat timers, and configuration to meet our
> needs…
>
> -T.J.
> Liberty University
>
>
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv
> on behalf of Amel Caldwell
> Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv
>
> Date: Friday, January 5, 2018 at 12:42 PM
> To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU"
> Subject: Re: [WIRELESS-LAN] Aruba / HA / And ARP broadcasting during
> controller losses
>
> Hi Ryan—
>
> We have a similar setup, our main campus has around 7,000 APs with one master
> controller. We have separate AP management VLANs in each of our buildings
> (we don’t span VLANs across multiple buildings here) and use DHCP options for
> master controller discovery. We still get a ton on pings looking for a lost
> controller but the infrastructure handles the pings better than they do ARPs.
> It may help if you separate the controller management and AP management onto
> separate VLANs and use DHCP options; this would have the effect of changing
> the ARP to ICMP traffic and hopefully that would be enough to weather the
> event of a lost controller.
>
> I do wholeheartedly agree that Aruba implenting a back-off mechanism to
> lessen this impact over time would be great. I am also not real happy with
> how Aruba implemented the “heartbeat” option for the standby-controller to
> verify the primary is still up and it really does not scale well.
>
> Amel Caldwell
> University of Washington UW-IT
> Wi-Fi Network Engineer
> Wi-Fi Service Manager
>
> am...@uw.edu
> 206-543-2915
>
>
>
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv
> on behalf of "Turner, Ryan H"
>
> Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv
>
> Date: Friday, January 5, 2018 at 9:14 AM
> To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU"
> Subject: [WIRELESS-LAN] Aruba / HA / And ARP broadcasting during controller
> losses
>
> All:
>
> Based on design recommendations from Aruba, our 10,000 AP network has been
> broken up into a few management domains. For example, Main Campus has
> approximately 5,000 access points, and the controllers and access points
> share the same VLAN.
>
> What we have noticed is that if we lose a controller (or shut it down for
> maintenance or a move), the access points start ARPing like crazy for the
> downed controller. We can see in excess of 1,000 ARPs a second in the
> management VLAN. This has the negative side effect of causing CPU spikes
> across certain models of switches on campus, and we lose management to those
> switches. User traffic doesn’t generally seem affected, but SNMP monitoring
> ceases. We are wondering if others have seen this, or designed around
> mitigating this. This is definitely a scaling issue, and we feel as though
> Aruba could develop back-off mechanisms from allowing High Availability to
> essentially DoS parts of campus with ARP.
>
> Thanks!
>
> Ryan Turner
> Manager of Network Operations
> ITS Communication Technologies
> The University of North Carolina at Chapel Hill
>
> r...@unc.edu
> +1 919 445 0113 Office
> +1 919 274 7926 Mobile
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/discuss.
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/discuss.
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/discuss.
**
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/discuss.
