Q. In the Cisco® Unified Wireless Network Software Release 7.3, what are the enhancements in the area of high availability of wireless LAN controllers?
A. Today in a Cisco Unified Wireless Network deployment, an access point is configured with primary, secondary, and sometimes even tertiary controllers. When the primary controller fails, depending upon the number of access points managed by a controller, the access point may be down from tens to hundreds of seconds before failing over to the secondary controller. Once it detects that the primary controller is unavailable, the access point has to rediscover the controller and reestablish the Control and Provisioning of Wireless Access Points (CAPWAP) tunnel to the secondary controller. In addition to this, the client needs to reauthenticate with the access point and reestablish any session-sensitive applications such as telnet or Citrix.
With Release 7.3, a controller can be configured as the hot standby controller to another controller designated as the active controller. The redundancy ports of these two controllers are connected with an Ethernet cable. This connection is used to exchange configurations and keep the databases in sync. The standby controller maintains the CAPWAP states of the access points connected to the active controller. This is why a subsecond failover can be achieved from the active controller to the standby.
The standby controller also syncs the pairwise master key (PMK) key cache from the active controller. In this way, when the client reassociates to the access point, there is no need for the controller to reassociate with the RADIUS Server (Figure 1).
Figure 1. Fast Access Point Failover between Primary and Standby
Q. What actions can trigger access points to fail-over to the standby controller?
A. The following scenarios are supported:
• Failure of the controller appliance: Downtime between failover reduced to less than 1 second. Note that it is not possible to achieve hitless software upgrade of controller.
• Network failure (for example, someone pulls the backhaul cable): Downtime up to 3 seconds.
Q. How often is the keepalive check done between the active and the standby controller?
A. Every 100 ms, a keep-alive is sent by the standby to the active to check the up status. In case of the Cisco 5508 Wireless Controller and the Cisco Flex 7500 and Cisco 8500 Wireless Controller, this is done on the redundancy port. In the case of Cisco Wireless Services Module 2 blade server, the keepalive is sent over a redundancy VLAN.
Q. If a user is on an active voice call during a failure, what impact will he experience?
A. Cisco Unified Wireless Network release 7.3 supports only single sign-on (SSO) for access points. With the enhancements in high availability, the client may have to reestablish the connection with the access point. Assuming no change in IP address, the user will most likely experience a few seconds of jitter when the switchover occurs.
Q. Do my active and standby controllers share the IP address or operate as separate devices?
A. The two controllers operate as separate devices and do share the same IP address. The entire configuration is exactly same, except for the redundancy management IP and redundant port IP.
Q. Which controller models support the fast failover functionality?
A. The following controllers support the high-availability functionality starting with Release 7.3:
1. Cisco 5508 Wireless Controller
2. Cisco Wireless Services Module 2 (WiSM2)
3. Cisco Flex 7500 Series Wireless Controller
4. Cisco 8500 Series Controller
Fast-failover functionality is not available for the following controller models:
Q. Can my standby controller be on the same Layer 2 network across two closets on the same floor or across the campus or in two data centers within the campus?
A. The standby controller for 5508, Flex7500, 8500 needs to be physically adjacent to the primary and their redundancy ports connected directly with an ethernet cable. Having the primary and standby controller L2 separated is not supported. For WiSM2 please see the following question.
Q. Do the primary and standby WiSM2 blades need to be located within the chassis or can they be placed in two different chassis?
A. The two WiSM2 blades could be placed within the same chassis or across two chassis. The latency of the link connecting the two chassis needs to be less than 80 ms. Communication between the two controllers is not encrypted using a protocol such as Data Transport Layer Security (DTLS) because the environment is expected to be secured in the campus.
Q. Can I continue to support additional redundancy by having a secondary and tertiary controller?
A. Yes. You can continue to deploy secondary and tertiary controllers, just as you do today, in addition to the active and the standby controller. Remember, however, that controllers B and C Figure 2 cannot be the cost- effective standby controllers.
Figure 2. Additional Redundancy via Secondary and Tertiary Controller
Q. Can the primary and standby controller be different models?
A. No. The primary and standby controller both need to belong to the same product family (for example, the 5508) and run the same software version.
Q. Is high availability available for all modes of operation - for example, local mode, Flexconnect mode, and so on?
A. Yes. The primary and standby functionality allows you to operate in any of these modes.
Q. Can I continue to support the N+1 model in addition to the active standby mode?
A. Yes, it is possible to have the active controller be a part of N+1 design, as shown in Figure 3. However, please note that the controller in the network operations center (NOC) or data center providing N+1 functionality cannot be a cost-effective standby part, as identified in document in Table 1 in the "Standby Controller Licensing" section. Note also that there is no fast failover through the single sign-on access point to the N+1 controller.
Q. Can I continue to support the N+1 model in addition to the active standby mode?
A. Yes, it is possible to have the active controller be a part of N+1 design, as shown in Figure 4.
Figure 3. Additional N+1 Redundancy
Standby Controller Licensing
Q. What are the SKUs for the standby controller?
A. Table 1 lists the standby controller SKUs.
Table 1. Standby Controller Part Numbers
WS-SVC-WISM2HA-K9= and WS-SVC-WISM2-HA-K9
Q. Do I need to buy access point licenses on my standby controller?
A. No. When the active controller is unavailable, the standby controller will adopt the licenses from the primary controller. It is expected that customer is able to get the primary back online within 90 days. After 90 days, the customer will get a daily reminder to switch back to the primary controller.
Q. I already have a spare controller. Can I convert that controller to the standby controller?
A. Yes. Customers need to upgrade their controller software to Release 7.3. They can then convert the spare to a standby controller using the command line interface or GUI.
It is important to note that on the 5508, the controller needs to have at least 50 access point licenses or more in order to be able to convert the controller to the standby controller for the wireless LAN.
Q. Can I transfer the licenses from the spare Controller to another Controller?
It is not possible to transfer the base licenses (that come installed along with the purchase of the Controller) to the other
For further details about the Cisco Flex 7500 and the 8500 platforms that support Right to Use licensing, see the RTU Q&A.
Q. What new capabilities are introduced starting with Release 7.4 in high-availability licensing?
A. Starting with Release 7.4, the -HA SKU can now be used in N+1 mode. After 90 days, a daily reminder about reconnecting the primary controller will be sent to the network administrator.
Q. If I intend to rearchitect the network, can I convert the -HA controller to a primary controller by adding wireless licenses?
A. No. This is not a supported scenario. If you have purchased an -HA SKU, it is not possible to convert it to a primary controller.
The exception to this is if a customer has purchased a primary controller such as a Cisco 5508-50 Wireless Controller and converted it to an HA controller and now wants to revert that to being a primary controller. Such a transition is supported.
Q. Can the -HA SKU that has been deployed as an N+1 mode geographically separate from the primary be redeployed physically adjacent to the primary and support the full "no SSID outage" with access point SSO functionality?
A. Yes. You can migrate the -HA SKU in these two operating modes as needed.
Q. What is the difference in functionality with an -HA SKU operating as the N+1 compared to a fully licensed controller operating as an N+1 controller?
A. An -HA SKU only operates as a standby controller. This implies that it gets activated only when one or more primary controllers go down. Customers that intend to load-balance need to purchase fully licensed controllers.
Q. What is the capacity of the N+1 standby controller when an -HA SKU is used in N+1 mode?
A. Whether the customer purchases an -HA controller SKU or converts an existing controller to the HA SKU, the HA SKU can support the full capacity of the model (see Table 2).
Table 2. Models and Access Point Counts
Access Point Count
Cisco 5508 Wireless Controller
Cisco Wireless Services Module 2 (WiSM2)
Cisco Flex 7500 Series Wireless Controller
Cisco 8500 Series Wireless Controller
Consider the scenario in Figure 4 in which two controllers fail over to a single N+1 standby controller.
Figure 4. Two Controllers Failing Over to Single N+1 Standby Controller
The first primary controller is a 5508 with support for 300 Access Point while the second primary controller is a 5508 with support for another 350 Access Points.
Both of them are backed up by a single 5508-HA, which supports a capacity of 500 APs.
If the first controller fails, all 300 of the access points will fail over to the N+1 standby controller. This means a capacity of 500 - 300 = 200 is left on the -HA SKU.
Q. Can the N+1 standby controller be a different model of controller than the primary?
A. Yes. The N+1 standby can be the same or a different model of wireless LAN controller. For example, the primary can be a 5508, while the N+1 standby is a Cisco 8510 Wireless Controller. Note that in such a scenario you do not get the Access Point Stateful Failover functionality.