B@AP or B@EWC to save on large spanned subnets conundrum

  • 0
  • 2
  • Question
  • Updated 11 months ago
  • Answered
Hi,

Opening this topic up for some advise, and see what others may have done.

Its good practise to building networks without large broadcast domains, so typically keeping say a /24 subnet per stack for Data and Voice. Where I'm coming unstuck is if I have a large building, with multiple stacks I wouldn't therefore wont to have the same VLAN for wireless spanned across all those switches.

I would need this though, so that any APs configured for B@AP, wireless devices keep their IP address as they roams around the campus. 

The fix for this is to B@EWC, and create a topology group - which would certainly address the problem.

The conundrum I have is that when creating large networks, and large wireless networks you would need to move into bridging all traffic back to the controller which works in reverse to the contrary of what you would want to do in this situation and bridge traffic directly out of the AP.

Perhaps bridging all traffic on large to very large networks is perfectly fine, so long as you have high availability controllers and distribute the load, maybe even add further controllers in a mobility group?

So just wanted to get peoples opinion on it, and hear about what others have done on large deployments like this.

Many thanks in advance
Photo of Martin Flammia

Martin Flammia

  • 6,210 Points 5k badge 2x thumb

Posted 11 months ago

  • 0
  • 2
Photo of Eric Burke

Eric Burke

  • 3,168 Points 3k badge 2x thumb
Martin,

I've got several installs with larger VLAN's spanning multiple buildings without incident.  We use an EAPS rung to tie all of our core switches together with LACP handoffs in each direction.  We then use /22's on our larger wireless subnets and we B@AP into those same VLAN's spanning the EAPS trunks.  We've found that the overhead on the controller is much higher if done the other way and the larger subnet size has minimal impact with respect to broadcast traffic.  In the largest deployment, we have a /21 allocated, but that's about as high as I'll go.

Eric (37 acre campus, 150 common-area AP's).
Photo of Martin Flammia

Martin Flammia

  • 6,210 Points 5k badge 2x thumb
Thanks for posting Eric, that's a great example.
Photo of Craig Guilmette

Craig Guilmette, Employee

  • 2,670 Points 2k badge 2x thumb
The theory that B@EWC is slow is really not true, is B@AP faster maybe but I bet it is not even measurable. Everybody worries about the controller uplink port when most of the time the controller uplink ports are less than 20% utilized. Some of our controllers have 10 gig ports and can be configured in a 20 GIG LAG and all but the virtual controller support static LAG. I would not hesitate to solve your issue with B@EWC rather than horrible Q trunks everywhere or making users change IP's when they roam to an AP that puts them in a different subnet/vlan. The NFL stadiums do B@EWC and they work fine? 
(Edited)
Photo of Martin Flammia

Martin Flammia

  • 6,190 Points 5k badge 2x thumb
NFL was something that I hesitated on asking, but think I ended up getting two answers in one!

Thanks Craig.
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 48,954 Points 20k badge 2x thumb
is another reason the NFL does it that way because they do Analytics.... to have one port with the sensor/flow collector configured.
Photo of Eric Burke

Eric Burke

  • 3,168 Points 3k badge 2x thumb
That's really good to know Craig.  Our installs are mostly on older controllers with 1gb interfaces and we've seen some cases (mostly on WinG) where the controllers run a bit CPU-heavy.  The only other consideration is that many of us consider the firewall as the central focal point for security (preventing us from having to look in multiple places to assess policy).  In your stadium examples, do you have a finite cap on subnet size?
Photo of Martin Flammia

Martin Flammia

  • 6,210 Points 5k badge 2x thumb
Have one additional question regarding this. Most of the time I might be installing the V2110 controller which supports up to 1,050 APs.

Quite often the deployment will involve a Guest wireless that is often bridged directly out of the second Ethernet port, with a bridge at controller topology as a means of completely segregating internal and guest traffic.

So the problem I have is that I then would essentially be stuck with a single 1Gb port, I'm not aware you can add more ports or 10Gb ports?

This probably means if I want to start bridging all wireless traffic to the controller I would need to move to a physical appliance that has 10Gb ports, like the C5210.

In your opinion, when do you think that transition to 10Gb capable controller would need to happen?

I know thats a very open ended question, and it depends on what the wireless is being used for... but even as a rough guide perhaps broken down to light, moderate and heavy wireless usage, as the following as an example:

  • Light: Basic email and web browsing.
  • Moderate: Moderate use with some audio streaming, video streaming, file downloads Cloud-based applications, and VoIP.
  • Heavy: Large file downloads (high volume), video and web conferencing
What do you think?

Thanks
(Edited)
Photo of James A

James A, Embassador

  • 7,002 Points 5k badge 2x thumb
 The V2110 uses vmxnet3 for esa0 and esa1, which is a 10Gb interface. So as long as your VM hosts have 10Gb you'll be fine.
Photo of Craig Guilmette

Craig Guilmette, Employee

  • 2,670 Points 2k badge 2x thumb
Hello Martin

That is a valid question and not one I have an answer for. I will say most of our customers using V2110 controllers with Guest access using the second port are working OK with a single GIG port. There are so many factors like how many AP's do both radios on each AP offer the guest SSID if so we have 2 users data per AP times the number of AP's and then what are they doing? Streaming 4K video streams or checking email once every 5 minutes. You get my point right? The only real way to check is use EMC and look at the port utilization of that port at the highest peak usage of that Guest wlan service. I know it wasn't the answer you wanted but it is the truth. Only the port utilization is the limiting factor.  
(Edited)
Photo of Martin Flammia

Martin Flammia

  • 6,190 Points 5k badge 2x thumb
Hi Craig,

Thanks for posting. Chicken and egg problem then really, as I would want to know what to do beforehand, but that is still useful information to know.

Using your theory I wonder if I could look at this from the point of view of current installations, taking a rough guesstimate of the port utilisation of current APs instead, seeing as I don't have a list of installations, of varying sizes, all bridging traffic at the controller.

If I get a rough estimate as to what the AP port utilisation is in different scenarios, I could theoretically scale that up depending on how big the installation is.

What do you reckon?