Guest N+1 redundancy & load balancing in seperate data centers

I need assistance in aquiring documentation to setup N+1 redundancy & load balancing between two seperate guest anchor controllers installed in seperate data centers. Can you explaing how it should be setup or point me in the right direction for documentation? If you can't point me in the right direction to aquire documentation; can you answer the following questions?
1) How do I setup my mobility groups on my guest anchor controllers installed in the DMZ? Should both guest anchor's be in the same mobility group.
2) Do both guest anchors share the same virtual IP or do they need to be seperate (DMZ01 - 1.1.1.1 / DMZ02 - 2.2.2.2)? I think seperate!
3) Are there any configuration parameters on the guest anchors for load balancing?
4) Do either on of the guest anchors need to be setup as a master controller? I'm not sure?
5) Are there any configuration parameters on the foreign controllers for load balancing?
6) How do I setup my foreign controllers? Should both guest controllers be added to the mobility group on the foreigh controller? I would think both of them would be added to the foreign controller mobility group.
7) Should both guest anchors be added as an anchor on the WLAN? I would think both controllers would need to be added as anchors under the WLAN!
8) Am I missing anything here? This is how I think it should logically work?
Thanks,
Gordon

I need to elaborate on my questions:
1) Do both of my guest DMZ anchors need to be in a seperate mobility group on their own or can the guest anchors be in completely seperate mobility groups? All 100 + foreign controllers are in seperate mobility groups.
I) Example #1: Guest anchor number 1 (Mobility group: DMZ) / Guest anchor number 2 (Mobility group: DMZ)
II) Example #2: Guest anchor number 1 (Mobility group: DMZ01) / Guest anchor number 2 (Mobility group: DMZ02)
2) Do both guest anchor controllers have to be configured with seperate virtual IP's or do they share the same address?
I) Follow up to this question: I want to register the DMZ controllers with our DNS servers so that my clients receive a name when authenticating through my customized webauth. I am currently using 1.1.1.1 as the virtual address and I'm pretty sure this is the address I need to register with my external DNS server. My question is this. Does the address I use for the virtual interface matter? 1.1.1.1 is not a valid address with my network. Do I need to assign a valid address registered with my network if I'm going to add this address to my external DNS servers?
3) No change to my original question.
4) No change to my original question.
5) No change to my original question. I have run into Cisco documentation that mentions guest anchor load balancing, but the documentation is very vague. I'd love to be able to load balance as the network group wants to limit my guest traffic to the internet. I could double my pipe if I could load balance the guest anchors.
6) No change to my original question, but the answer to question one is key to the setup of my foreign controllers.
7) Elaboration: Should both guest controllers be added as an anchor under the WLAN on the foreign controllers? I would think both of them would be added.
8) No change:
9) Should my secondary guest controller be added as an anchor on the WLAN of the primary guest DMZ controller and visa versa?
Can my Cisco expert answer this or do I need to open a TAC case?
Thanks,
Gordon Shelhon
SR. Wireless Services Engineer
Company: Not specified

Similar Messages

  • Server Load-balancing Across Two Data centers on Layer 3

    Hi,
    I have a customer who would like to load balance two Microsoft Exchange 2010 CAS Servers which are residing across two data centers.
    Which is the best solution for this? Cisco ACE or Cisco ACE GSS or both?

    I would go with source natting the clients ip addresses, so that return traffic from the servers is routed correctly.
    It saves you the trouble with maintaining PBR as well.
    Source NAT can be done on the ACE, by applying the configuration to either the load balancing policy, or adding the configuration to the class-map entries in the multi-match policy.
    Cheers,
    Søren
    Sent from Cisco Technical Support iPad App

  • Access to load balanced web site

    I have a wierd problem where browsers on one subnet in my company cannot access any web sites that are load balanced in our data center.
    Other subnets can access the load balanced sites fine.
    Browsers on the subnet in question CAN access other non-loadbalanced sites within the same dc.
    Any thoughts on how to go about troublshooting?

    HI,
    have a look at the routing table of the servers.
    Is the return traffic (towards the clients) forwarded towards the loadbalancer from the servers or bypassing=
    Are you using source limitation on the loadbalancer?
    Are you using source nat?
    Please paste the config of the loadbalancer, the routing table of the servers and the source-address that gives you a hard time and we can have a look at it.
    Kind Regards,
    Joerg
    PS
    IN case of any doubts take a sniffer trace in front of the loadbalancer and behind the load balancer. If necessary additional ones at the client and at the server

  • Load Balance guest Internet access via two different DMZ zones at two sites

    Hi Sir,
    My customer has the following unified wireless guest access requirement:
    - There are 2 internet links and dmz zones at two different locations, Site A and Site B
    - Data centre is at Site A
    - WiSM is proposed to be installed at the Cat 6500 in Site A
    - Lightweight AP are distributed across Site A, Site B and other branches
    - Only one anchor WLC is proposed at Site A, DMZ zone to provide guest internet access
    My customer would like to load balance the guest via the two internet link at Site A and Site B but with the same SSID across all locations. Can it be done since only one anchor at Site A? How about puttting another anchor WLC at Site B, DMZ zone? But how can i establish two EoIP tunnel to two different anchor WLC from a single WiSM?
    Thanks for your help
    Delon

    You can... but you can't control where the traffic will flow. The wlc will determine which DMZ wlc it will use. The wlc will load balance, but traffic in site A might go to site B. I currently have deployed that senerio in multiple client installations....

  • 2 ISP load balancing and redundancy

    Hello!!
    Our small company has about 40 branches spreaded within city. Branches are connected by optic wire supplied by our ISP. So in ISP our branches are located in one VLAN. From every branch we created VPN tunnel to our server room in central office. Central office is like a cetner point. If optic wire fails to central office, there would no VPN tunnels and no network to all branches. Moreover, all the traffice goes through central office.
    Now we decided to pave one more optic line to our central office. And that will increase bandwidth and redundancy.
    Private network topology: There are no default gateways and ip-addresses. For examle, at first branch I will plug computer directly into media converter and at the second branch plug another computer to the media converter. After that this two computers became in one network. And can assign any ip addresses to them.
    What I have: our firewall do enough work, don't want to overload it. But we have some free ports in our new cisco 3750. The question is how to do load balancing and redundanccy? Can it do load balancing according to traffic? And how load balance incoming traffic? For example, connection was established from branche's router, how this router will choose through which line make connection? By the way, at all branches we use noisy cisco
    3700 series routers.

    Sorry for upping 1 year old threat.
    We talked to our Network Provider. They said "these two cables are coming from two different places, so there is no way to use etherchannel. You must use active-standby solution."
    Relying on STP we just put two cables into 3750 stack. But with default STP settings, connection was very unstable, many packet losses and disconnections. So we found easy solution with "flex links", making one interface backup of the other. And only now I recognized that this is not a failover solution. Because, if network beyond media converter will down, link from media converter to switch would still up.
    What could I do to make our L2 WAN redundant? Are there any additional STP settings.

  • PIX Redundant Internet Line and Load balancing

    I would like to find out if it's possible to configure my Cisco PIX 525 to use a secondary internet line from a different provider and perform load balancing. I'm using PIX Version 6.3(1)

    PIX version 6.3 does not support Redundancy and load balancing. but PIX/ ASA with version 7.0 supports Redundancy.

  • Two 2911 routers and 3560 switches (load balancing and redundancy)

    Good day, Sir !
    I have a model with hierarchical model. Two routers 2911 and two core switches 3560, two providers.
    I want to design redundancy scheme. Can you advice me how is better to do it ? here you can find image with topology, can you say is it good idea to connect with devices in this way ?
    Hope on you help ! Thank you !!!

    Hi,
    If you want to configure redundancy in your network on LAN you can use HSRP and from the WAN side depending on the connection with the provider you can either use BGP or any IGP.
    If you want to have load balancing as well with redundancy you can define differnt  HSRP group for different  vlan and on the wan with BGP you can use multipath option or with IGP you can manipulate the route matric.
    Thanks & Regards
    Sandeep

  • Redundant and load balance of Final Cut Server

    Greeting All,
    Anyone has good start of redundant and load balance solution for Final Cut Server? Please advise!!
    Thanks,
    Spin

    Found this and seems to have worked...
    http://support.apple.com/kb/HT3836
    Just ran those two commands and then restarted the web service and now I get the page.

  • Resources for designing redundancy and load balancing among data centers

    Hello all,
    I'm looking for resources for designing redundancy and load balancing between two physically separate data centers. I'm looking for some "best practice" links, tips, or recommendations. Any suggestions are appreciated!
    Thanks.

    I think that we can do per packet load balancing by using CEF.
    Please go to the following URL:
    http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fswtch_c/swprt1/xcfcefc.htm#xtocid5
    Also, you may need local director or distributed director. What resource/application is availalbe in the data centre? (e.g. http server, ftp server, TN3270 server, and so on)

  • Load Balancing on 2 seperate asdl link

    Dear All,
    We are having 2 internet link from 2 separate ISP.
    Please help me in doing load balancing on this 2 ADSL LINK.
    Thanks/Regards
    Atul

    what sort of router/pix are you running and what ios?

  • Load Balance & redundancy for internet from 2 different sites?

    Hi,
    we have 2 core sites where our servers are situated. Both sites are connected via a ptp link.
    All of our clients/sites reach these two sites via our MPLS network and they never route via the ptp link which is solely used between the two core sites.
    One of the sites has an ASA which goes out to our internet. We are thinking of replicating this on our other site.
    How would we go about load balancing the internet connection ie 50% go out on site A & 50% go out on site B?
    And if site A goes down, everything goes out via site B and vice versa?
    Diagram attached....
    Thank you,
    Louis

    Hi Louis, you could set default routes on the ASA's with tracking, and use ospf downstream to inject the default route in to the network with default information originate - this will only advertise out a default route if it has it in the routing table. With SLA you can track internet reachability by IP SLA echo to something like 8.8.8.8. Both sides can advertise this in to the network, if one goes then there is one left. Just be mindful of the policies and NAT required, you will have to duplicate the rules on the ASA's. With the NAT you have to ensure, that outgoing traffic comes back in the same path it left so it doesn't break connections.

  • Global load balancing/active active vip and virtual interface redundancy

    Is there a way to configure both of these technologies without exposing the external addressing to the internal network? I have active active within the data center and would like to have active/active across two data centers but I don't see any way to use internal addressing for my content rules and still use them for dns unless I can specify records without using content rules. Thanks.
    http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_configuration_example09186a008009438a.shtml
    http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a0080157898.html

    Hi Victor,
    In response to your questions regarding doing Active/Active GSLB using VIP and interface redundancy.
    Rule Based GSLB will not work with VIP/Interface
    redundancy.
    The reason is because the CSS can not set up an app session to a redundant
    interface, it needs to set the app session up to a real interface. Thus, a
    full mess topology must be used for GSLB and vip/interface redudancy.
    Bug ID CSddw27861 reported this problem and engineering added the command
    "ap-kal-vip" to support a full mess topology. This command can only be used
    under zone based GSLB and not rule based.
    The syntax for the command would be:
    dns-record a www.work.com 5.5.5.5 0 single kal-ap-vip 1.1.1.1
    rule/ACL based GSLB with vip/int redundancy will not work.
    Regards,
    Mark

  • Windows Server 2012 R2 - ADFS/Windows Network Load Balancing Converging Issue

    Hello,
    My name is Brandon. We have started upgrading our servers to Windows Server 2012 R2. We have some powerful servers for running ESXI 5.5 as the OS with the Guest Operating Systems as Windows Server 2012 R2. As far of our migrations/upgrades we have configured
    ADFS 2012 R2 into a Server Farm with Windows Network Load Balancing to add redundancy in the event a server goes down.
    I have been having issues with a Node with the Cluster getting stuck in the Status of Converging. The only way I have been able to get it back up is to restart the virtual server completely and it is temporary. When I first configure the Cluster the two
    virtual servers get added to the Node with no problems and fully converge. However, after some time a node will end up in Converging and this takes Authentication for ADFS down as the nodes can not be contacted over Port 443.
    Error: Host: server.domain.com Unable to connect to "server name"
    System
    Provider
    [ Name]
    Microsoft-Windows-NLB
    [ Guid]
    {F22AF71F-C4C3-425D-9653-B2F47B85DD30}
    EventID
    21
    I have tried using 1 & 2 Virtual NICs on the machines and still end up with communication issues. Could someone assist me with why I am having this issue? This is not an issue with a firewall. If it was a firewall it would never communicate the first
    time. Has anyone had experience with a similar configuration and how were you able to make it work?
    Below is my configuration.
    Static ARP Entry for Cluster IP Address has been added to our Layer 3 switch.
    Physical Server 1:
    ESXI 5.5 HOST
    1 NIC CONNECTED (shared with virtual guest)
    IP ADDRESS: 192.168.0.5
    SUBNET: 255.255.255.0
    DGW: 192.168.0.1
    Virtual Server 1 (Guest OS)
    Physical Server 2:
    ESXI 5.5 HOST
    1 NIC CONNECTED (shared with virtual guest)
    IP ADDRESS: 192.168.0.6
    SUBNET: 255.255.255.0
    DGW: 192.168.0.1
    Virtual Server 2 (Guest OS)
    Virtual Servers
    Virtual Server 1
    MS SERVER 2012 R2 (VIRTUAL)
    NLB NODE 2 
    VIRTUAL NETWORK ADAPTERS
     VNIC1 IP ADDRESS 192.168.0.10
    SUBNET: 255.255.255.0
    DGW: 192.168.0.1
     VNIC 2 (NLB)
    IP ADDRESS: 192.168.0.11
    SUBNET: 255.255.255.0
    Virtual Server 2
    MS SERVER 2012 R2 (VIRTUAL)
    NLB NODE 2
    VIRTUAL NETWORK ADAPTERS
     VNIC1
    IP ADDRESS 192.168.0.20
    SUBNET: 255.255.255.0
    DGW: 192.168.0.1
     VNIC 2 (NLB)
    IP ADDRESS: 192.168.0.21
    SUBNET: 255.255.255.0
    Cluster Configuration/Properties
    CLUSTER PROPERTIES CLUSTER IP: 192.168.0.30
    CLUSTER SUBNET: 255.255.255.0
    FULL INTERNET NAME: FS.DOMAIN.COM
    CLUSTER OPERATION MODE: MULTICAST
    PORT RULES:
    CLUSTER IP ADDRESS
    START
    END
    PROTOCAL
    MODE
    PRIORITY
    LOAD
    AFFINITY
    ALL
    80
    80
    BOTH
    MULTIPLE
    EQUAL
    NONE
    ALL
    443
    443
    BOTH
    MULTIPLE
    EQUAL
    NONE
    CLUSTER NODES:
    1.) SERVER1.DOMAIN.COM
    a. IP: 192.168.0.11
    2.) SERVER2.DOMAIN.COM
    a. IP: 192.168.0.21

    Hi,
    According to your description, my understanding is that:2 ESXI 5.5 physical devices (192.168.0.5 and 192.168.0.6), each of them has a virtual WS 2012 R2(192.168.0.10 and 192.168.0.20). Cluster the 2 virtual servers successfully, but they corrupt with event
    ID 21, and a restart of virtual device will resolve this problem temporarily.
    Event ID 21 means that NLB failed to converge due to inconsistencies in the port rules between this host and cluster host. This will occur if the number of port rules or the type of port rules are different between hosts.
    Ensure that all NLB hosts have identical port rules. Detailed steps you may reference:
    Event ID 21 — NLB Port Rules Configuration
    https://technet.microsoft.com/en-us/library/dd364034%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
    Best Regards,
    Eve Wang
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact
    [email protected]

  • Windows Server 2012 R2 - Windows Network Load Balancing Converging Issue

    Hello,
    My name is Brandon. We have started upgrading our servers to Windows Server 2012 R2. We have some powerful servers for running ESXI 5.5 as the OS with the Guest Operating Systems as Windows Server 2012 R2. As far of our migrations/upgrades we have configured
    ADFS 2012 R2 into a Server Farm with Windows Network Load Balancing to add redundancy in the event a server goes down.
    I have been having issues with a Node with the Cluster getting stuck in the Status of Converging. The only way I have been able to get it back up is to restart the virtual server completely and it is temporary. When I first configure the Cluster the two
    virtual servers get added to the Node with no problems and fully converge. However, after some time a node will end up in Converging and this takes Authentication for ADFS down as the nodes can not be contacted over Port 443.
    Error: Host: server.domain.com Unable to connect to "server name"
    System
    Provider
    Name]
    Microsoft-Windows-NLB
    Guid]
    {F22AF71F-C4C3-425D-9653-B2F47B85DD30}
    EventID
    21
    I have tried using 1 & 2 Virtual NICs on the machines and still receive this error even if only 1 VNIC is assigned to the virtual machine. Could someone assist me with why I am having this issue? Has anyone had experience with a similar configuration
    and how were you able to make it work?
    Below is my configuration.
    Static ARP Entry for Cluster IP Address has been added to our Layer 3 switch.
    Physical Server 1:
    ESXI 5.5 HOST
    1 NIC CONNECTED (shared with virtual guest)
    IP ADDRESS: 192.168.0.5
    SUBNET: 255.255.255.0
    DGW: 192.168.0.1
    Virtual Server 1
    Physical Server 2:
    ESXI 5.5 HOST
    1 NIC CONNECTED (shared with virtual guest)
    IP ADDRESS: 192.168.0.6
    SUBNET: 255.255.255.0
    DGW: 192.168.0.1
    Virtual Server 2
    Virtual Servers
    Virtual Server 1
    MS SERVER 2012 R2 (VIRTUAL)
    NLB NODE
    2 – VIRTUAL NETWORK ADAPTERS
     VNIC1
    IP ADDRESS 192.168.0.10
    SUBNET: 255.255.255.0
    DGW: 192.168.0.1
     VNIC 2 (NLB)
    IP ADDRESS: 192.168.0.11
    SUBNET: 255.255.255.0
    Virtual Server 2
    MS SERVER 2012 R2 (VIRTUAL)
    NLB NODE
    2 – VIRTUAL NETWORK ADAPTERS
     VNIC1
    IP ADDRESS 192.168.0.20
    SUBNET: 255.255.255.0
    DGW: 192.168.0.1
     VNIC 2 (NLB)
    IP ADDRESS: 192.168.0.21
    SUBNET: 255.255.255.0
    Cluster Configuration/Properties
    CLUSTER PROPERTIES
    CLUSTER IP: 192.168.0.30
    CLUSTER SUBNET: 255.255.255.0
    FULL INTERNET NAME: FS.DOMAIN.COM
    CLUSTER OPERATION MODE: MULTICAST
    PORT RULES:
    CLUSTER IP ADDRESS  START END  PROTOCAL MODE   PRIORITY LOAD  AFFINITY
    ALL    80 80 BOTH  MULTIPLE  ..  EQUAL  NONE
    ALL    443 443 BOTH  MULTIPLE  ..  EQUAL  NONE
    CLUSTER NODES:
    1.) SERVER1.DOMAIN.COM
    a. IP: 192.168.0.11
    2.) SERVER2.DOMAIN.COM
    a. IP: 192.168.0.21

    Thank you for your response. It took me a while to figure it out, but the whole issue was related to the type of Virtual Network Adapter I was selecting.
    I changed the network adapter from E1000 to VMXNET 3 and have not had a single error in the event logs or Windows NLB.
    I read somewhere that VMXNET 3 is preferred for Windows Server 2012 R2.
    https://communities.vmware.com/thread/433792
    Leyuka       May 23, 2013 6:14 AM
    "Just a help for everyone with this problem :
    After 10 days of research for our virtual datacenter behind a vcloud as iias ,  i found a solution .
    I only run windows 2012 server .
    Install vmware tools , remove e1000 network card after a vm stop, add a card same vswitch etc BUT with a vmxnet3 TYPE . DONT USE DEFAULT CARD
    Start and enjoy this solution . E1000 and E1000e are just unstable in windows8 / windows 2012 , the network card reset randomly with or without heavy IO. No log in windows , and as a vcloud user i don"t have esxi logs (damn i don't like cloud) and provider
    don"t know why ..."

  • Load-Balancing between Foreign and two Anchors

    Hi, we have two foreign controllers (one active, one standby) and two anchor controllers. All APs are connected to the active foreign controller. The layer 3 networks for the wlan clients on both anchors are different for the same SSID. SSID: Internet, anchor 1: Subnet A, anchor 2: Subnet B. So when a client is getting anchored to Anchor 1, the clients will get an ip from subnet A and when the client is getting anchored to anchor 2, the client will get an ip from subnet B.
    This is so far not a big problem because we only have a few accesspoints in some rooms. But what will happen, when we have a full covered wlan and the client roams from one AP to the other AP? Is there a possibility, that the client will anchored to a different anchor while roaming? I think this will result in a lack of connectivity because without a real disconnect the client will not ask for a new IP address.
    Other question: Is it possible to disable this load-balancing between anchor controllers? Or can i make a client sticky to only one anchor as long as an access-session is established?
    All controllers are 5760 with 3.3.3 software.

    Hi acontes, 
    It's an interesting question. 
    In this case, if all AP's are on WLC-A and there is no possibility that an L3 inter-subnet roam will occur between WLC-A and WLC-B, I would just forward WLC-A to Anchor A and WLC-B (in the event of fail over) to Anchor B (if Anchors reside on different subnets). If you must specify Anchor A and Anchor B on each WLC for redundancy purposes, it's important to understand the guidelines and limitations with regard to Foreign / Anchor Design.  
    As Scott mentioned, the limitation with Anchoring design is that there is no primary / secondary configuration for an Anchor on the Foreign WLC.
    If WLC-A has two entries (1) for Anchor-A and (2) for Anchor-B, the EoIP tunnels are establish and load-balancing occurs in a round robin fashion.
    Keep in mind the following with regard to guest N+1 redundancy:
    •A given foreign controller load balances wireless client connections across the list of anchor controllers configured for the guest WLAN. There is currently no method to designate one anchor as primary with one or more secondary anchors.
    •Wireless clients that are associated with an anchor WLC that becomes unreachable are re-associated with another anchor defined for the WLAN. When this happens, assuming web authentication is being used, the client is redirected to the web portal authentication page and required to re-submit their credentials.
    Since traffic is transported at Layer 2 via EoIP, the first point at which DHCP services can be implemented is either locally on the anchor controller or the controller can relay client DHCP requests to an external server. Since the IP address directly correlates to the DMZ subnet or the interface where the traffic egresses, it is possible for some clients to get IP's from both Subnet A or Subnet B in the event that WLC-A is building EoIP to both anchors.
    1) What happens if my clients roam?
    Nothing... since all AP's are on WLC-A, it's Intra-Controller Roaming
    Each controller supports same-controller client roaming across access points managed by the same controller. This roaming is transparent to the client as the session is sustained, and the client continues using the same DHCP-assigned or client-assigned IP address. The controller provides DHCP functionality with a relay function. Same-controller roaming is supported in single-controller deployments and in multiple-controller deployments.
    Would it be better to choose the same DHCP Pool on both anchors?
    It's probably better to have redundant anchors on the same subnet, but it's not required. 
    3) How would you design this :-)
    WLC-A <--EoIP--> Anchor A (DHCP Pool A)
    WLC-A <--EoIP--> Anchor B (DHCP Pool A)
    It's important to remeber what Scott mentioned about the lack of a primary / secondary relationship. If multiple controllers are added as mobility anchors for a particular WLAN on a foreign controller, the foreign controller internally sorts the controller by their IP address. The controller with the lowest IP address is the first anchor. For example, a typical ordered list would be 172.16.7.25, and 172.16.7.28. If the first client associates to the foreign controller's anchored WLAN, the client database entry is sent to the first anchor controller in the list, the second client is sent to the second controller in the list, and so on, until the end of the anchor list is reached. The process is repeated starting with the first anchor controller.
    If any of the anchor controller is detected to be down, all the clients anchored to the controller are deauthenticated, and the clients then go through the authentication/anchoring process again in a round-robin manner with the remaining controller in the anchor list. This functionality is also extended to regular mobility clients through mobility failover. This feature enables mobility group members to detect failed members and reroute clients.

Maybe you are looking for