Redundancy for Tunnel Concentrator deployments that are managed by
ExtremeCloud IQ can be configured with the following two levels of redundancy, which
can provide up to six Tunnel Concentrator instances for tunnel termination:
Redundant tunnels (Primary, Secondary, Tertiary) where each
tunnel points to a different Tunnel Concentrator service.
Redundant HA pairs within a Tunnel Concentrator
service.
The following image illustrates a redundant deployment where
failovers have occurred at both levels of redundancy resulting in traffic being
directed to the secondary tunnel's backup instance.
Redundancy for ExtremeCloud IQ Deployments
To assign Primary,
Secondary, and Tertiary tunnel
destinations, use the User
Profile configuration on ExtremeCloud IQ. The following conditions
apply:
APs direct traffic to the highest priority tunnel
destination that is currently active. The Primary tunnel has the
highest priority ranking followed by the Secondary tunnel, and then
the Tertiary
tunnel.
To detemine whether unused tunnels are active, APs use a
keepalive process that involves sending a ping inside of each of the primary,
secondary, and tertiary tunnels. The AP listens for responses from each tunnel
to determine whether those tunnels are active or inactive. Keepalives are
configured for each Tunnel Concentrator Service separately and there is no
requirement that each service called by a single user profile use the same
keepalive settings. See Configure Tunnel Concentrator Service for more information.
There is no requirement that the primary, secondary, and tertiary tunnel
destinations within a user profile be on the same network segment or in the same
data center. As a result, you can add geographic redundancy by pointing to
Tunnel Concentrator services that are in geographically dispersed data
centers.
It is supported to have one tunnel destination that points to a redundant
Tunnel Concentrator service while another tunnel destination in the same user
profile points to a service that includes a single instance only.
It is supported to use Tunnel Concentrator services that are
installed on different hardware appliance models within the same user
profile.
It is supported to assign the same Tunnel Concentrator service to more than
one user profile. For example, a service could be the primary tunnel destination
in one profile, and the tertiary tunnel destination in a different profile.
To configure HA pairs within a single Tunnel Concentrator service,
use the Tunnel Concentrator
Service configuration on ExtremeCloud IQ. The following conditions
apply:
Both instances in a redundant service must be on the
same network segment and in the same data center. L2 connectivity is
required between each instance in the service.
A VRRP address must be configured for the Tunnel
Concentrator service if HA pairs are deployed within a the service. VRRP
is not required if the service includes a single instance only.
Note
A VRRP address that provides a redundant Tunnel
Concentrator service with high availability is different than the VRRP
address that provides Tunnel Concentrator with its login address.
