When a WLAN controller fails

* Milliseconds vs. seconds at the back end

In controller-based WLAN architectures, what happens if a controller fails, and what is its impact on availability of the RF access network?

As noted in the last newsletter, several companies simply don’t use controllers, eliminating that single point of failure. Of the controller-based architectures, Trapeze Networks seems to have the most resilient design for high availability.

The company has created a virtual WLAN controller environment, akin to a virtualized server farm or grid computing environment. Users are connected to a virtual cloud of WLAN controllers that operate fluidly, as a single unit, rather than associating a specific AP with a specific controller. The first time a user connects, he or she is authenticated via a controller in the back-end cluster; from there, the user record gets pushed to the AP and follows the user from AP to AP.

User authorization credentials can follow a user across clusters of up to 64 physical WLAN controllers, says Tim McCarthy, Trapeze software engineer.

Like a number of other WLAN companies, the data plane in Trapeze’s SmartMobile architecture has been pushed out to APs, so that sessions (such as real-time voice) already in progress aren’t affected by a back-end failure. In typical controller environments, though, a new user attempting to associate with a new AP attached to a failed controller would be unable to connect or would wait several seconds for controller failover.

Trapeze uses a scheme analogous to Virtual Redundancy Routing Protocol (VRRP) in the Layer 3 routing environment in that a member of the cluster can simply take over for a failed controller. Moving associations from APs among controllers within the cluster takes on the order of 30 milliseconds, according to Trapeze.

By contrast, other controller-based architectures, most of which use N+1 redundancy schemes, take multiple seconds to recover. N+1 redundancy generally involves serial failover from one controller to another, though some vendors let you set up the failover configuration in different ways. Vendors such as Aruba, Cisco, Meru, Motorola and Siemens have cited failover times ranging from 2 to 9 seconds in their controller networks.

This is the fifth and final article in a series of high-availability considerations for all wireless networks. Please see the other four, starting Oct. 22, which deal with other network segments and vendors. 

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT