- Introduction
- High Availability
- AP Control Channel Timeout
- Captive Portal SSID High Availability
- System limitations when no control plane connection is possible
- Disaster recovery scenarios and expected behaviors
- Disaster recovery combinations
Introduction
Bluesocket Access Points securely connect to the vWLAN through a TLS-based control channel. Within the control channel is a keep-alive mechanism which is used by vWLAN and the AP to determine when network connectivity is lost. This control channel provides the mechanism to exchange communication between the vWLAN and AP for RF management, AP configuration changes, user management, and user authentication.
There are multiple options to consider when network connectivity is disrupted to the primary vWLAN controller. The most robust option for disaster recovery is High Availability. As of vWLAN version 2.4, it is no longer necessary to acquire a supplemental license for High Availability. Rather, High Availability is licensed by default and is no longer an optional column within the vWLAN’s “AP Licenses” table in the secure web-based administrative interface.
Where it is not feasible to deploy a High Availability failover pair, there are other AP-side disaster recovery options available:
- AP Control Channel Timeout
- Captive Portal SSID High Availability
High Availability
vWLAN can be deployed in a high availability mode where there is a “master” (primary) and “node” (backup) in a 1+1 setup. If network connectivity between the Bluesocket AP and master vWLAN is disrupted resulting in the AP losing the configured keep-alive messages, the control channel to the vWLAN is considered lost.
Upon losing the control channel, the Bluesocket AP will attempt to connect to the node. If neither the master nor node is reachable, the AP will continually retry connecting to either until a connection can be established.
When Bluesocket APs initially discover the vWLAN node, they synchronize in real-time all user information which is populated to the vWLAN’s real-time user database. In this way, when a failover event occurs within the High Availability pair, existing users maintain their active sessions with zero packet loss.
For detailed instructions on configuring High Availability, please refer to the Administrator’s Guide for vWLAN. To specifically configure the interval (in seconds) for checking connectivity between the Bluesocket AP and the vWLAN, navigate in the secure web-based administrative interface to Configuration > System > High Availability:
AP Control Channel Timeout
The AP Control Channel Timeout is a feature that allows the Bluesocket AP to stay online and passing client traffic for a period of time even if the control channel is lost. This feature is particularly useful – in the absence of a High Availability connection – to allow the AP to continue servicing clients if the control channel is temporarily disrupted.
Note: At this time, it is not possible to combine AP Control Channel Timeout and Standby SSID options. Therefore, if you want to use this feature, you must delete all Standby SSIDs.
To configure the AP Control Channel Timeout duration value, navigate in the secure web-based administrative interface to Configuration > System > Settings > Domain tab:
Captive Portal SSID High Availability
The Captive Portal SSID High Availability feature allows the Captive Portal splash page SSID to function when the vWLAN that hosts the splash page is down. This feature only functions when the Enable Captive Portal Authentication option is selected in the SSID configuration, and enables users to be placed in a designated role when the primary vWLAN controller is down and no secondary controller is configured.
When the control channel is lost between an access point and vWLAN while using a captive portal/spash page SSID, clients can still connect to the SSID if the option Allow new clients to use the network when vWLAN is down is enabled. You can then specify a role to place the clients into upon connecting to the SSID while vWLAN is down. Once the connection between the AP and vWLAN is restored, the captive portal/splash page will resume normal operation.
Note: Clients who are connected to the captive portal SSID during the time that the AP and vWLAN lose connection will remain connected and in their properly designated role. Clients who connect to the captive portal SSID during the time in which the AP and vWLAN communication does not exist will be placed in the role designated on the SSID page, and will remain in that role even after the AP/vWLAN connection is restored. Clients must deassociate and then reassociate to the captive portal SSID once the AP/vWLAN connection is restored in order to be placed in their properly designated role (i.e., one other than what is specified on the SSID page in the Role to be assigned when vWLAN is down option).
To configure Captive Portal SSID High Availability, navigate in the secure web-based administrative interface to Configuration > Wireless > SSIDs:
Verify that the Enable Captive Portal Authentication and Allow new clients to use the network when vWLAN is down options are checked, and then specify the role to be assigned when vWLAN is down using the drop-down menu.
System limitations when no control plane connection is possible
If Bluesocket APs are in operation without a control plane connection to the vWLAN, the system behaves as follows:
- Existing users will continue passing traffic.
- With the exception of the Captive Portal SSID High Availability, new clients cannot be added to the WLAN and existing clients cannot change SSIDs.
- An 802.1x session timeout will result in a user disassociation and the user is not permitted to re-associate until the control channel is re-established.
- Layer 2 and Layer 3 roaming between Bluesocket APs that exchange RF adjacency information continues to be possible. However, roaming to Bluesocket APs outside the adjacency group is not possible and client connectivity is lost. Where connectivity is lost, the client must return to associate with a Bluesocket AP where they were previously associated. The exception is the Captive Portal SSID case, where Layer 2 roaming is possible between all APs configured with the same Captive Portal SSID.
- Local user expiration will not be enforced. If a user’s account expires while the control channel is down, the user is not forced out of the system.
- Client bandwidth reporting data is not updated during this time. Thus, historical data could be inaccurate if the user is timed out before the control channel is restored.
- If the network is disrupted during a web authentication or an 802.1X machine authentication attempt, that authentication will not be successful. The result is that the user is left in their present role.
Disaster recovery scenarios and expected behaviors
Scenario: Control plane connectivity does not exist between the AP and either the Standalone vWLAN, or between the AP and the master or node vWLAN in a High Availability configuration.
- Option: AP control channel timeout
- Expected behavior: Upon discovering that the control plane connection with the vWLAN is lost (this process may take 1-3 minutes); the AP control channel timeout timer begins counting down. The AP will periodically and continually attempt to establish a control plane connection with the vWLAN on TCP port 33333. While the timer is counting down, existing clients will continue to pass traffic. However, no new clients can be added to the WLAN and existing clients cannot change SSIDs. Clients can roam between adjacent APs that have shared client information prior to the loss of the control channel. When the AP control channel timer reaches zero, the AP will reboot continuously until the control plane connection can be reestablished. (For each reboot, the AP will attempt to establish a control plane connection with the vWLAN on TCP port 33333.) Upon AP reboot, all clients will lose connectivity with the WLAN. When the control plane connection is reestablished, clients can reconnect to the WLAN. For clients authenticating via pre-shared key, SSID Auth, MAC Auth, or 802.1X, any re-authentication into the Clients table is seamless to the end-user, provided that the client is configured to reconnect to the WLAN automatically. For clients authenticating via Web Auth: If the client is still authenticated in the vWLAN’s Clients table (Status > Clients), no re-authentication is required. If the client is no longer listed in the Clients table, the client must re-authenticate.
- Note: If the AP is rebooted while there is no control plane connection with the vWLAN, the control channel timeout does not resume counting down, and it does not reset the counter. Rather, the AP will reboot continuously until the control plane connection can be reestablished.
- Option: Captive Portal SSID High Availability
- Expected behavior: Upon discovering that the control plane connection with the vWLAN is lost (this process may take 1-3 minutes); the AP will stop broadcasting the active SSID(s) and will broadcast the Captive Portal SSID. At this point, clients must associate on the Captive Portal SSID. Once associated, clients may pass traffic and roam within the WLAN. The AP will periodically and continually attempt to establish a control plane connection with the vWLAN on TCP port 33333. When the control plane connection with the vWLAN is reestablished, the AP will stop broadcasting the Captive Portal SSID and start broadcasting the original SSIDs. At this point, clients must associate with the active SSID(s). For clients authenticating via pre-shared key, SSID Auth, MAC Auth, or 802.1X, any re-authentication into the Clients table is seamless to the end-user, provided that the client is configured to reconnect to the WLAN automatically. For clients authenticating via Web Auth: If the client is still authenticated in the vWLAN’s Clients table (Status > Clients), no re-authentication is required. If the client is no longer listed in the Clients table, the client must re-authenticate.
- Note: If the AP is rebooted while there is no control plane connection with the vWLAN, the Captive Portal SSID will not be re-broadcast. Rather, the AP will reboot continuously until the control plane connection can be reestablished.
- Option: No disaster recovery method configured
- Expected behavior: The AP will reboot immediately upon discovering that the control plane connection with the vWLAN is lost. (This process may take 1-3 minutes.) Upon AP reboot, all clients will lose connectivity with the WLAN. The AP will reboot continuously until the control plane connection can be reestablished. (For each reboot, the AP will attempt to establish a control plane connection with the vWLAN on TCP port 33333.) When the control plane connection is reestablished, clients can reconnect to the WLAN. For clients authenticating via pre-shared key, SSID Auth, MAC Auth, or 802.1X, any re-authentication into the Clients table is seamless to the end-user. For clients authenticating via Web Auth: If the client is still authenticated in the vWLAN’s Clients table (Status > Clients), no re-authentication is required. If the client is no longer listed in the Clients table, the client must re-authenticate.
Scenario: Control plane connectivity exists with High Availability node
- Option: High availability
- Expected behavior: Upon discovering that the control plane connection with the vWLAN is lost (this process may take 1-3 minutes); the AP will wait a period of time before failing over to the High Availability node to avoid unnecessary failover events. That period of time is configured in the vWLAN’s administrative UI under Configuration > System > High Availability > “Interval for BSAP keep-alive checks” and “Failed BSAP keep-alive checks.” If that period expires, the AP will fail over to the node and clients will continue passing traffic with zero packet loss. The AP will periodically and continually attempt to establish a control plane connection with the primary vWLAN on TCP port 33333. When the control plane connection with the primary vWLAN becomes available again, the AP will fail back to the master (if configured to do so in the vWLAN’s administrative UI under Configuration > System > High Availability > “Auto Failback to Master”). Clients will fail back to the master and will continue passing traffic with zero packet loss.
Disaster recovery combinations
- High availability + AP Control Channel Timeout
High availability failover will occur first. If a control plane connection cannot be established with either the master or node, the AP will begin the AP control channel timeout timer. The AP will periodically and continually attempt to establish a control plane connection with either the master or node vWLAN and reconnect when possible.
- High availability + Captive Portal SSID
High availability failover will occur first. If a control plane connection cannot be established with either the master or node, the AP will activate the Captive Portal SSID High Availability. The AP will periodically and continually attempt to establish a control plane connection with either the master or node vWLAN and reconnect when possible.
Note: At this time, it is not possible to combine AP Control Channel Timeout and High options.