This time is about some basic things. I will describe the unified Aruba controller discovery process. With the new unified software, the process is the same for IAP and CAP. Actually, with the new unified software, there is no IAP or CAP anymore.
The Aruba discovery process is a simple process. The AP uses this process to find a controller or a way to connect to AirWave or Central. Once, the AP found a controller, AirWave or Central it never uses the process again. Except, you do a factory reset on the AP.
The process has 7 plus 1 options. The first 7 options run automatically. The last option is the manual provisioning.
Unified Aruba Controller Discovery: Static Master Assignment
The first and easiest way to discover a controller is the static master assignment. You can do this by manually setting the environment variable during AP boot:
APBoot 1.5.3.14 (build 45815)
Built: 2014-09-05 at 11:23:04
Model: AP-20x
CPU: BCM53011/15, revision A0
I2C: ready
SKU: 2
OTP: 0xeca01028
Clock:
CPU: 800 MHz
DDR: 533 MHz
AXI: 400 MHz
APB: 200 MHz
PER: 400 MHz
DRAM: 128 MB
POST1: memory passed
SF: Detected MX25L25635E with page size 4 kB, total 32 MB
Flash: 32 MB
PCIe0: RC, link up
dev fn venID devID class rev MBAR0 MBAR1 MBAR2 MBAR3
00 00 14e4 4360 00002 03 08000004 00000000 00000000 00000000
PCIe1: RC, link up
dev fn venID devID class rev MBAR0 MBAR1 MBAR2 MBAR3
00 00 14e4 4360 00002 03 40000004 00000000 00000000 00000000
Power: POE
Net: eth0
Radio: bcm43460#0, bcm43460#1
Hit to stop autoboot: 2 0
apboot> setenv master 10.100.100.50
apboot> printenv
bootdelay=2
baudrate=9600
autoload=n
boardname=Springbank
servername=aruba-master
bootcmd=boot ap
autostart=yes
bootfile=armv7ns.ari
ethaddr=94:b4:0f:cb:75:cc
ethact=eth0
os_partition=0
stdin=serial
stdout=serial
stderr=serial
master=10.100.100.50
Environment size: 248/65532 bytes
apboot> saveenv
Saving Environment to Flash...
Erasing flash...Writing to flash..................done
apboot> bootAfter boot, the AP connects to the controller with the IP “10.100.100.50” (in my example). This is not handy in large environments and I’m not aware of any customer doing it that way.
I describe this options as well because after the AP uses one of the other options, the controller IP is saved to the same environment variable as above. So, after the AP completes one of the other options, the static assignment option is used for all other reboots.
Unified Aruba Controller Discovery: DHCP Based Discovery
From my point of view, this one is the most used option in the field. The AP tries this options first if no static assignment is present. For IPv4 the AP expects DHCP option 43. If you use IPv6, the AP requests option 52:
I will not show the IPv6 setup. But it is the same as with IPv4.
You find the DHCP configuration for a CAP here:
http://www.arubanetworks.com/techdocs/ArubaOS_60/UserGuide/DHCP_Option_43.php
In my case, the DHCP configuration looks like this:
#Aruba Option 43 for CAP
option master code 43 = ip-address;
#Match Option 60
class "ArubaAP-Class" {
match option vendor-class-identifier;
}
#AP_Management
subnet 10.102.102.0 netmask 255.255.255.0 {
option routers 10.102.102.1;
option subnet-mask 255.255.255.0;
option domain-search "flomain.local";
option domain-name "flomain.local";
option domain-name-servers 192.168.2.26;
subclass "ArubaAP-Class" "ArubaAP" { -->Matches the AP Requests
option vendor-class-identifier "ArubaAP"; -->Responds with Option 60 "ArubaAP"
option master 10.100.100.50; -->Set the Master
}
range 10.102.102.10 10.102.102.200;
}The config above is for the ISC-DHCP-Server on Debian. I create a new option “master”. This option is an IP address. The IP of the controller.
I also create a new class. This class matches all device with a specific “vendor-class-identifier”. DHCP option 60.
In the subnet declaration, I bring both together. The result is the controller IP in the Offer and ACK response from the DHCP server:
From the AP console it looks like this:
Getting an IP address...
[ 21.388000] ADDRCONF(NETDEV_UP): bond0: link is not ready
[ 23.392000] bond0: link up (1000FD)
[ 23.394000] ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
10.102.102.10 255.255.255.0 10.102.102.1
Running ADP...Done. Master is 10.100.100.50If you cannot use DHCP option 43, go to the next option, ADP.
Unified Aruba Controller Discovery: ADP Based Discovery
If the AP did not get option 43 in the DHCP Offer and/or Ack response but get an IP the AP tries the Aruba Discovery Protocol (ADP) to find a controller. ADP is very simple. The AP just send a broadcast or multicast. I have never seen the multicast option in environments. But the AP sends ADP packets to the multicast group 239.0.82.11. You need to implement multicast routing in the backbone. The controller joins this group as well. But most of the time multicast routing is the show stopper.
Most of the time, my customers use the broadcast option, with the controller in the same VLAN as the AP. If the customer did not use DHCP option 43. This is a simple UDP broadcast:
Unified Aruba Controller Discovery: DNS Based Discovery
This is the second most used option. If the AP can get an IP and can reach a DNS server, this option fits perfectly. The AP tries the options above first, but if they fail, DNS is used.
The AP simply tries to resolve aruba-master.domain.tld (for recent versions, the AP will look for aruba-conductor.domain.tld). The “domain.tld” part is from the DHCP packet. Put this name into your DNS. The AP will resolve the name and connect to the controller.
In the screenshot above, you see the DNS queries and afterward the PAPI requests to the controller.
From the CLI it looks like the options above:
Getting an IP address...
[ 24.552000] ADDRCONF(NETDEV_UP): bond0: link is not ready
[ 26.556000] bond0: link up (1000FD)
[ 26.558000] ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
10.102.102.10 255.255.255.0 10.102.102.1
Running ADP...Done. Master is 10.100.100.50Unified Aruba Controller Discovery: Instant VC Discovery
After all the steps above, the AP tries to find another virtual controller (VC). If the AP is in this step, it is in the Instant part of the discovery options. From this stage, the discovery of a controller is only possible after a reboot.
The Instant VC discovery is done through broadcasts. The VC will send UDP broadcasts in the VLAN:
If the AP receives such a message, it will connect to the VC, download the full IAP image and restart as an IAP. If no message is received, the AP has not so many options left.
Unified Aruba Controller Discovery: AirWave Discovery
If all the options above fail, the AP is not able to directly connect to a controller (mobility controller or virtual controller(IAP)).
One of the last options is to check DHCP option 43 for information to reach AirWave. The DHCP configuration for this looks like this:
#LAB_IAP
subnet 10.202.202.0 netmask 255.255.255.0 {
option routers 10.202.202.254;
option subnet-mask 255.255.255.0;
option domain-search "lab.flomain.local";
option domain-name "lab.flomain.local";
option domain-name-servers 192.168.2.26;
subclass "ArubaAP-Class" "ArubaInstantAP" {
option vendor-class-identifier "ArubaInstantAP";
option airwave "iap-test,192.168.2.23,aruba123"; -->send the AirWave connection String
}
range 10.202.202.10 10.202.202.200;
}The option for the AirWave connection string is defined like this:
#Aruba Option 43 for AirWave
option airwave code 43 = string;The class to match option 60 is defined the same as above for the DHCP based controller discovery.
If the string above is in the DHCP answer from the DHCP server, you see the following in the AP log:
Getting an IP address...
Jan 1 00:00:42 udhcpc[3231]: udhcpc (v0.9.9-pre) started
Jan 1 00:00:43 udhcpc[3231]: send_discover: pkt num 0, secs 0
Jan 1 00:00:43 udhcpc[3231]: Sending discover...
Jan 1 00:00:44 udhcpc[3231]: send_selecting: pkt num 0, secs 2
Jan 1 00:00:44 udhcpc[3231]: Sending select for 10.202.202.13...
Jan 1 00:00:44 udhcpc[3231]: Lease of 10.202.202.13 obtained, lease time 689311
Jan 1 00:00:44 udhcpc[3231]: DHCP OPT 60 is ArubaInstantAP
Jan 1 00:00:44 udhcpc[3231]: DHCP OPT 43, len: 30, buf: iap-test,192.168.2.23,aruba123
Jan 1 00:00:44 udhcpc[3231]: ams-ip: 192.168.2.23, length of ams-key: 8
[ 58.601904] ip_time_handler: Got ip and packets on bond0 Started master election 4-0, rand 26
10.202.202.13 255.255.255.0 10.202.202.254After some time, ca. 5min, the AP starts talking to AirWave and shows up as a new device. The AP will download the full IAP image from AirWave and reboot as an IAP.
Unified Aruba Controller Discovery: Activate
If even AirWave is not working, the AP tries to connect to Activate. First, the AP checks for a new Instant software image. Afterwards, it looks for provisioning rules in Activate. If a rule is found, the AP follows those instructions.
If nothing is there, the AP broadcasts a default SSID “SetMeUp-xx:xx:xx” to allow a manual provisioning of the AP. If this fails as well, the AP reboots and starts from scratch.
Unified Aruba Controller Discovery: Putting all Together
After you know all the single steps, an AP tries to connect to a controller you can decide which one is best for your environment. Keep in mind, the steps are sequentially and not in parallel. Below is an overview of all options:
What is your preferred discovery method? Let me know as a comment below.
If you find this post interesting, leave me a comment and share it with your friends. If you don’t like the post, leave me a comment and share it with your enemy. But whatever you do, leave me a comment, now.
A tip: you can also run the command “show log provision” at Instant AP CLI to troubleshoot the AP attempts to follow it’s discovery logic.
Hi Eduardo,
That is correct. Thanks for sharing this to help others, reading this post 🙂
BR
Florian
Hello Florian,
With the Aruba’s new nomenclature, it’s also necessary to create a DNS entry to “aruba-conductor.domain.tld” for the DNS discovery to work.
Hi Eduardo,
you are correct. Thanks for mentioning it here. This will help others.
BR
Florian
Hello Florian,
Based on the page 60 of Aruba Instant User Guide 8.9.0.0 (https://www.arubanetworks.com/techdocs/Instant_89_WebHelp/Content/view-pdfs-instant.htm), “Cloud First” principle is applied to AP Discovery feature. There’s a PNG workflow there to show up the AP’s new discovery logic into the following order: Aruba Activate > AirWave > Provisioning Rule in Flash > Controller Discovery.
There’s also a small glitch at your diagram, the “Activate” item is showing “No” for both directions.
Thank you for your posting and taking your time to teach the basis for Instant AP subsystem. It’s important for anyone that is starting to learn about it on it’s own.
Regards.
Hi Eduardo,
Thanks for the hint. This process is changing (evolving) all the time. With AOS10 (which was released some minutes ago) this process will change again.
BR
Florian
Note that for an AP booting into Unified (e.g. AP515), you need to match on the string “ArubaInstantAP” in vendor-class-identifier option, rather than the previous “ArubaAP” (if you were using CAP code).
Here’s the salient parts of my dhcpd config; as we have a lot going on in ours, we use an option space to scope the parameters, and we’re using pools for which we permit only APs to get an address:
option space ArubaAP-space;
option ArubaAP-space.serverip code 43 = ip-address;
class “aruba-ap” {
match if option vendor-class-identifier = “ArubaAP” or option vendor-class-identifier = “ArubaInstantAP”;
option vendor-class-identifier “ArubaAP”;
}
subnet y.y.y.y netmask 255.255.254.0 {
option ArubaAP-space.serverip x.x.x.x;
pool {
deny dynamic bootp clients;allow members of “aruba-ap”;
range y.y.y.a y.y.y.b;
}
I suppose it might be possible to have the “option ArubaAP-space.serverip x.x.x.x” within the class declaration so it applies globally and have it applicable to all subnets unless overridden? But I have not tried that.
This thread is useful, particularly comment 4: https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=25228
I am not sure the official documentation has caught up with this change yet, I couldn’t find it lately when I was looking. My SE confirmed they had seen notification of this change at some point internally.
Hi jrbinks,
thanks for the update. For unified APs this has changed. Great to see that you share your findings with the community so that others can benefit.
BR
Florian