Wireless Controller Redundancy with No Client Reauthentication Needed
Last fall, I blogged about No SSID Outage or Access Point Stateful Switchover introduced with the AireOS 7.3 release whereby if your wireless LAN Controller fails due to some hardware failure, thousands of Access Points fail over sub-second to the standby controller! This is possible due to continuous synchronization of CAPWAP states, Configuration Changes, Radio Channel and Power, Roaming Keys and Access Point licenses between the two Controllers. This means even if the administrator changes the configuration, channel plans or the clients roam and the primary controller fails; the Access Points will simply fail over in a stateful fashion to the secondary. In this blog, I will share details on the upcoming enhancements to High Availabilty with the 7.5 release.
In the upcoming AireOS 7.5 release, we take High Availability to the next level with two critical enhancements.
1. Today, after Access Points fail over from the primary to the standby controller, each client tries to re-authenticate and the standby controller then checks against its CCKM database whether the client has already authenticated. At the rate of several tens of authentications per second, it can take anywhere from zero to a few hundred seconds for the tens of thousands of clients that are connected to a controller to re-authenticate. The client stateful essentially eliminates this downtime with sub-second failover. Thus the total downtime that any user running a voice-call or Citrix session experiences is 2-3 seconds that the application requires to reconnect.
2. In the AireOS 7.3 release, the two controller appliances need to be co-located and connected with an Ethernet cable. While adequate for the majority of deployments, others prefer to keep the standby controller in another datacenter or another building within the same campus environment. The AireOS 7.5 release allows you to deploy the standby controller in the L2-adjacent separated environment from the primary controller so they share the management IP address.
For more information about High Availability, here’s a short animated video:
You can also reference the deployment guide and the FAQ: