Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

8510 WLC in HA mode over OTV

Hi

I am looking at installing some 8510s in High Availability mode. As the 8510s will be in different Data Centres I need to take into account the HA failover connectivity.

I can see on CCO some info on L2 connectivity been needed for WiSMs but cant find any info on 8510s.

http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-5/High_Availability_DG.pdf

The Redundancy VLAN should be a non routable VLAN. In other words, no layer 3 interface should be
created for this VLAN and can be allowed on VSL Link to extend HA setup between multiple chassis
in VSS setup. It is important to make sure this VLAN is dedicated for the HA process and is not part of
any Data VLAN, or else it may result in unpredictable results.

The connectivity between the Data Centres uses Nexus 7k & 5k's, with Layer 2 provided by OTV.

Does or has anyone installed 8510s or other WLC appliances over a dedicated L2 VLAN between different switches using OTV and can it be configured ?

cheers

Hi

re this part of the response

5500/7500/8500 WLCs have a dedicated Redundancy Port which should be connected back to back in order to synchronize the configuration from the Active to the Standby WLC. Keep-alive packets are sent on the Redundancy Port from the Standby to the Active WLC every 100 msec (default timer) in order to check the health of the Active WLC.

 

can the dedicated redundancy Port be connected over an OTV link to mimic a back to back connection as we need to put the 8510s into 2 different Data Centres

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

This l2 configuration is

This l2 configuration is required on WiSM as it is module in chassis and hence depends on a internal backplane connection with 6500 and which is terminated as a l2 traffic. So you define dedicated Redundancy VLAN which is used to synchronize the configuration from the Active WLC to the Standby WLC.

Ideally this is not required on full appliaces like 55xx/75xx/86xx controllers. 

Both physical appliances are not connected to each other via redundancy vlan, but instead with redundancy physical port.

5500/7500/8500 WLCs have a dedicated Redundancy Port which should be connected back to back in order to synchronize the configuration from the Active to the Standby WLC. Keep-alive packets are sent on the Redundancy Port from the Standby to the Active WLC every 100 msec (default timer) in order to check the health of the Active WLC.

So no L2 vlan config is required.

-Thanks

Vinod

-Thanks Vinod **Rating Encourages contributors, and its really free. **
17 REPLIES
Cisco Employee

This l2 configuration is

This l2 configuration is required on WiSM as it is module in chassis and hence depends on a internal backplane connection with 6500 and which is terminated as a l2 traffic. So you define dedicated Redundancy VLAN which is used to synchronize the configuration from the Active WLC to the Standby WLC.

Ideally this is not required on full appliaces like 55xx/75xx/86xx controllers. 

Both physical appliances are not connected to each other via redundancy vlan, but instead with redundancy physical port.

5500/7500/8500 WLCs have a dedicated Redundancy Port which should be connected back to back in order to synchronize the configuration from the Active to the Standby WLC. Keep-alive packets are sent on the Redundancy Port from the Standby to the Active WLC every 100 msec (default timer) in order to check the health of the Active WLC.

So no L2 vlan config is required.

-Thanks

Vinod

-Thanks Vinod **Rating Encourages contributors, and its really free. **
New Member

Hi Vinod, After reading your

Hi Vinod,

 

After reading your answer above, please correct me if i am wrong that for the HA to happen it has been connected back to back through the redundant port for checking its keep alive.

 

but as per cisco this is there statement.

 

High availability (HA): Client SSO

Enables client stateful switchover for 1:1 redundant controller deployments

Industry's first and only controller redundancy solution reduces client downtime to less than a second for business-critical applications, with no client reauthentication needed. The redundant controllers can be geographically distributed over a Layer 2 connection for data center level redundancy

 

so how is this possible? i have configured OTV for the Management port but question araises for the redundant port which uses link local address how we will get the layer 2 capabilities for that.

Hall of Fame Super Silver

The RP port has to be either

The RP port has to be either back to back or connected to a switch using L2.  The RP has to also be in the same subnet also as the management. The other thing to consider is back to back is the best way since latency can cause the HA to failover.  If you do connect the RP in different DC's, just make sure you have enough bandwidth for the heartbeat.  

-Scott

-Scott
*** Please rate helpful posts ***
New Member

Hi Scott,I have  dark fiber

Hi Scott,

I have  dark fiber running between both the sites, and the latency is below 20 ms on both the sides and we are running OTV between them.

I just need to understand the RP port ip address is the same management ip address. I need to clarify that the link local ip address that is shown in the Redundant port is 169.254.X.X which is automatically generated. So how can we have a L2 for that?

I have never understood this point on the HA between two sites. If you can clarify the same.

Hall of Fame Super Silver

Okay.. so you have the

Okay.. so you have the management and the redundancy manager, that need to be on the same subnet.  The RP interface will use 169.254.<last two octet of the redundancy manager>.  If you look at it this way, when the ports are connected using an Ethernet cable back to back, its in its own subnet per say.  So no matter what, as long as there is layer 2 connectivity between the RP, then the communication between the ports will happen.  Maybe a better example is that you can always configure two devices with a static address that doesn't belong in any of your networks.  You can connect then in any vlan as long as they are on the same subnet and they would be able to communicate.  So its something like that.  Maybe it doesn't make sense or maybe it does.  

I have two 8510's connected in two different buildings and the RP is connected to a switch, but that vlan is bridged to the other switch which the other 8510 is connected to.

-Scott

-Scott
*** Please rate helpful posts ***
New Member

So will the management ports

So will the management ports and rp interface port will be in a same vlan or different vlans?

 

So management port will be in X vlan and rp interface port will be in Y vlan.

where as Y vlan will be just a L2 VLAN without any SVI while X is a L2 vlan with a SVI for the routing purpose.

 

Hall of Fame Super Silver

That is how I would setup the

That is how I would setup the SSO, different vlans and the RP on a layer 2 vlan.

-Scott

-Scott
*** Please rate helpful posts ***
New Member

i guess i have try this with

i guess i have try this with nexus OTV with layer 2 for the RP..

As i havent seen this configuration for layer 2 without ip address on the OTV.

Thanks Scott.. for the clarification...

Hall of Fame Super Silver

Well do this... create the

Well do this... create the SVI and test.  I would at least block other traffic from reaching that vlan.

-Scott

-Scott
*** Please rate helpful posts ***
New Member

Hi ScottI was sent this link

Hi Scott

I was sent this link that says its OK to use OTV for the HA link but obviously we need to test it

http://www.cisco.com/c/en/us/products/collateral/wireless/aironet-1130-ag-series/qa_c67-714540.html?cachemode=refresh

 

Hall of Fame Super Silver

Just test and make sure. v7.3

Just test and make sure. v7.3 of HA AP SSO really wasn't working and on that code did require a back to back cable.  Stability of the link is important so test, fail it over and let it run for a few days or a week or so and make sure there isn't any failover.  That will sort of give you an idea if that will work well. 

Im assuming you want to do SSO and not N+1, because N+1 doesn't require the RP port.

-Scott

-Scott
*** Please rate helpful posts ***
New Member

Hi Frank,Yes, the deployment

Hi Frank,

Yes, the deployment did go ahead successfully. All sites run FlexConnect, corporate and voice traffic locally switched in most cases, with BYOD and Guest centrally switched. No unexpected HA failovers, or other issues which were attributed to OTV.

Tim

New Member

Hi Tim,

Hi Tim,

Thank you very much for sharing your implementation result! Sorry for the late reply.

I read your message from phone and forgot to say thanks. 

Thanks.

New Member

Hi,Just wondering if you

Hi,

Just wondering if you could provide an update on your testing AP SSO HA over OTV.

I am currently working on a design using a pair of 8510's, Nexus 7k / OTV between the DC's.

Have you observed any issues with the RP uplink, stability etc? Have you stretched client VLANs, or are you purely doing FlexConnect local switching?

My customer uses FlexConnect at all sites, with corporate clients locally switched. I will be centrally switching Guest, BYO, etc to a DC VLAN, which will be OTV stretched between the two controllers.

I would be grateful for any feedback you (or others) may have....

 

Regards,

Tim

New Member

timWe never got round to

tim

We never got round to implementing it, instead the customer chose the option of HA in a single data centre with a N+1 8510 in a different DC.

I did get a reply from Cisco saying that running the HA/redundancy link over OTV should be OK - below

OTV is there to create a transparent layer 2 connection between DC's separated at layer 3.  Referring to the HA FAQ document (http://www.cisco.com/c/en/us/products/collateral/wireless/aironet-1130-ag-series/qa_c67-714540.html?cachemode=refresh), using OTV to fulfil this function should be fine as you’ll be linking to this documented topology.

  • Two 5508, 7500, or 8500 models connected via the RP port over Layer 2 VLAN/fiber in the same or different data centers

Thanks

Martyn

 

New Member

Thanks for the info Martyn. I

Thanks for the info Martyn. I am going to forge ahead with this plan, the customer is keen to give it a go. Worst case, I can always split the controllers to N+1 model...

 

Thanks,

Tim

New Member

Hi Tim,

Hi Tim,

Did you complete the 8510 HA over OTV implementation? Could you share if it is a sucess?

Thanks.

532
Views
5
Helpful
17
Replies