0% found this document useful (0 votes)
54 views25 pages

Ruijie AC Virtualization Technical White Paper

Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
54 views25 pages

Ruijie AC Virtualization Technical White Paper

Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 25

White Paper for AC Virtualization Technology

AC Virtualization
Technical White Paper

www.ruijienetworks.com 1
Ruijie AC Virtualization Technical White Paper

Copyright Statement

Ruijie Networks©2000-2017

Ruijie Networks reserves all copyrights of this document. Any reproduction, excerption, backup,
modification, transmission, translation or commercial use of this document or any portion of this document,
in any form or by any means, without the prior written consent of Ruijie Networks is prohibited.

Exemption Statement

This document is provided “as is”. The contents of this document are subject to change without any notice.
Please obtain the latest information through the Ruijie Networks website. Ruijie Networks endeavors to
ensure content accuracy and will not shoulder any responsibility for losses and damages caused due to
content omissions, inaccuracies or errors.

Obtaining Technical Assistance

 Ruijie Networks Website: http://www.ruijienetworks.com/


 Service Email: [email protected]
 Technical Support: http://www.ruijienetworks.com/service.aspx
 Technical Support Hotline: +86-4008-111-000

Documentation Conventions

The symbols used in this document are defined as follows:

This symbol brings your attention to some helpful suggestions and references.

This symbol means that you must be extremely careful not to do some things that may damage the switch
or cause data loss.

www.ruijienetworks.com 2
Contents
Abstract ................................................................................................................................................................................................................ 3
Keywords ............................................................................................................................................................................................................. 3
Terminology ....................................................................................................................................................................................................... 3
Overview .............................................................................................................................................................................................................. 3
Background .............................................................................................................................................................................................................................. 3
Technical Advantages ......................................................................................................................................................................................................... 4
Technical Principle .......................................................................................................................................................................................... 5
Basic Concepts ........................................................................................................................................................................................................................ 5
Domain ID .................................................................................................................................................. 6
Device ID .................................................................................................................................................... 6
AC Priority .................................................................................................................................................. 6
VSL 6
Roles of Member ACs ................................................................................................................................ 6
Work Mode ................................................................................................................................................. 7
VAC Deployment.................................................................................................................................................................................................................... 7
Configuring Physical Connections ............................................................................................................. 7
Setting VAC Parameters ............................................................................................................................ 7
Configuring VSL Ports................................................................................................................................ 8
Switching from Standalone Mode to VAC Mode ....................................................................................... 8
Initializing VSLs .......................................................................................................................................... 9
Electing Roles ............................................................................................................................................ 9
VAC Management and Maintenance .......................................................................................................................................................................... 10
Configuration Synchronization ................................................................................................................. 10
MAC Address Selection ........................................................................................................................... 10
Keepalive Mechanism of VSL Physical Links .......................................................................................... 10
Member AC Adding .................................................................................................................................. 11
Member AC Exit ....................................................................................................................................... 11
License Sharing ....................................................................................................................................... 11
Dual-Active Chassis Detection................................................................................................................. 12
Out-of-Band Management in VAC Mode ................................................................................................. 12
Device Management in VAC Mode .......................................................................................................... 12
SNMP Cache............................................................................................................................................ 13
Packet Forwarding ............................................................................................................................................................................................................ 14
Packet Forwarding Through VSLs ........................................................................................................... 14
MAC Address Learning Mode .................................................................................................................. 14
ARP Learning Mode ................................................................................................................................. 14
Distributed Forwarding ............................................................................................................................. 14
Version Upgrade ................................................................................................................................................................................................................. 15
AC Version Upgrade ................................................................................................................................ 15
AP Version Upgrade ................................................................................................................................ 15
Technical Features ......................................................................................................................................................................................... 15
High Reliability .................................................................................................................................................................................................................... 15
Load Balancing .................................................................................................................................................................................................................... 16

www.ruijienetworks.com 1
License Sharing ................................................................................................................................................................................................................... 17
Ease of Management ......................................................................................................................................................................................................... 17
Typical Applications ...................................................................................................................................................................................... 17
Application Solution ......................................................................................................................................................................................................... 17
Restrictions....................................................................................................................................................................................................... 17
Hardware Restrictions ..................................................................................................................................................................................................... 17
Number of Supported Member ACs ........................................................................................................ 17
VSL Hardware Requirements .................................................................................................................. 18
Service Link Requirements ...................................................................................................................... 18
M18000-WS-ED/M8600E-WS-ED Deployment Restrictions ................................................................... 18
Software Restrictions ....................................................................................................................................................................................................... 18
Domain ID Deletion .................................................................................................................................. 18
AC Priority Modification ............................................................................................................................ 19
Device ID Modification ............................................................................................................................. 19
Software Upgrade Restrictions ................................................................................................................ 19
VSL Port ................................................................................................................................................... 19
Hot Backup Restrictions ........................................................................................................................... 19
Roaming Restrictions ............................................................................................................................... 20
Restrictions in AP Configuration Display ................................................................................................. 20
IP Source Guard and ARP-Check ........................................................................................................... 20
Conclusion ......................................................................................................................................................................................................... 20
Appendix ............................................................................................................................................................................................................ 20
Comparison of Ruijie VAC and H3C WX5500H ..................................................................................................................................................... 20
FAQs ..................................................................................................................................................................................................................... 21
Deployment .......................................................................................................................................................................................................................... 21
Can multiple ACs of different models form a VAC?................................................................................. 21
How to configure the service port on the uplink switch connected to a VAC? ........................................ 21
What should I pay attention to when configuring the VSL interface on the uplink switch? ..................... 22
Can one member AC serve as a backup only without running services? ............................................... 22
Does centralized forwarding support inter-WLAN roaming? ................................................................... 22
Feature Description .......................................................................................................................................................................................................... 22
When a new AC is added to the VAC, can it be automatically upgraded to the VAC version? .............. 22
If an AC with a license is removed from the VAC, will APs go offline? ................................................... 22

www.ruijienetworks.com 2
Ruijie AC Virtualization Technology White Paper

Abstract
AC virtualization technology combines multiple Access Controllers (ACs) into one Virtual AC (VAC). This
document describes the implementation principle, typical application, and application restrictions of AC
virtualization.

Keywords
VAC, virtual AC, high reliability, capacity expansion, license sharing, ease of configuration, hot backup

Terminology

Terminology Description
VAC Virtual AC. Multiple ACs are virtualized into one virtual AC.

VSL Virtual Switching Link

BFD Bidirectional Forwarding Detection

GR Graceful Restart

ISSU In-Service Software Upgrade

MSTP Multiple Spanning Tree Protocol

NLB Network Load Balance

NMM Network Monitoring Module

VRRP Virtual Router Redundancy Protocol

Overview

Background
The current AC hot backup experiences the following problems:

www.ruijienetworks.com 3
White Paper for AC Virtualization Technology

(1) AC hot backup does not support configuration synchronization. Configuration errors are prone to occur,
which leads to market issues.

(2) AC hot backup does not support license sharing. ACs that are mutually backed up both need licenses.

(3) AC hot backup does not support N:M backup. The commonly used 1:1 active/standby or active/active hot
backup are costly. For example, four Wireless Switch (WS) cards can implement only 2:2 hot backup,
which reduces the utilization of WS cards.

Mobile government and enterprise customers require multiple ACs to share the same external management IP
addresses, including the Network Access Server (NAS) IP address for authentication, network management IP
address, and IP address of the tunnel between the Access Point (AP) and AC.

Many colleges and universities purchase multiple WS cards to deploy large-scale wireless networks. However,
the management of these WS cards is complex. The customers desire to simplify the management of the WS
cards to be as easy as the management of one device.

Technical Advantages
In comparison with the current AC networking mode, AC virtualization has the following advantages:

(1) Simplified management. After multiple ACs compose a VAC, administrators can manage them in a unified
manner, with no need to connect to each AC for separate configuration and management.

(2) Simplified network topology and IP deployment. All ACs in a VAC share the same IP address and NAS IP
address, and use the same Network Address Translation (NAT) server. The VAC is connected to a switch
via an aggregate link. In comparison with the current hot backup configuration, VAC does not need the
Virtual Router Redundancy Protocol (VRRP) configuration.

(3) License sharing within a VAC. In current hot backup scenarios, licenses need to be imported to both ACs.
After a VAC is configured, licenses need to be imported only to one AC and other ACs in the VAC can also
use the licenses.

Assume that a user imports licenses to AC 1, AC 1 and AC 2 compose a VAC, and AC 1 breaks down or
is removed after APs access ACs. In this case, the licenses on AC 2 are insufficient, a new AP cannot
access AC 2, and an AP that drops out of the network on AC 2 cannot access AC 2 again. AC 1 needs to
be added to the VAC as soon as possible. Temporary licenses can be used if AC 1 encounters a
hardware fault and needs to be repaired.

(4) Extendable capacity and performance. In current hot backup scenarios, when an AC is added, an IP
address needs to be allocated to the AC, a cluster needs to be configured, and APs that need to access
the new AC need to be planned. In a VAC, only the AC that is to be added to the VAC needs to be
configured, thereby improving the capacity and performance.

The capacity is restricted by the AC hardware and the supported maximum capacity varies with ACs. For
details, see 5.1.1 "Number of Supported Member ACs".

(5) N:M high reliability. For example, in a VAC composed of four ACs, if any of the four ACs breaks down, the
load of the APs associated with the AC will be balanced to the other three ACs.

www.ruijienetworks.com 4
White Paper for AC Virtualization Technology

(6) Simplified load balancing. The current load balancing specifies the ACs to be associated with APs based
on the cluster priority and the option 138 field, to control APs to associate with different ACs. The
deployment is complex, because the priority of each AP and the DNS addresses (option 138 fields) of
different AP network segments need to be configured. With the VAC deployed, dynamic load balancing
can be configured for the aggregate ports on the switch, so that APs can connect to ACs evenly.

(7) A VAC is connected to a switch through aggregate links, which provide redundant links, implement load
balancing, and fully utilize all bandwidth.

Technical Principle

Basic Concepts
As shown in Figure 1, one VAC is composed of two or more ACs. ACs are connected via Virtual Switching
Links (VSLs) to form a VAC. The VAC is connected to peripheral devices through aggregate links.

Figure 1 VAC Composition

Switch
Aggregate
Switch port

Legend
VSL
Service link

www.ruijienetworks.com 5
White Paper for AC Virtualization Technology

Domain ID

Domain ID is an attribute that identifies a VAC. Only ACs that share the same domain ID can compose a VAC.
The value ranges from 1 to 255 and the default domain ID is 100.

Device ID

Device ID is an attribute that identifies a member AC in a VAC. The value ranges from 1 to the maximum
number of ACs and the default value is 1.

In standalone mode, interfaces are numbered in 2-dimensional format, for example, GigabitEthernet 2/3. In a
VAC, interfaces are numbered in 3-dimensional format. Take GigabitEthernet 1/2/3 as an example. The first
dimension (digit 1) indicates the ID of the member AC. The second and third dimensions (digits 2 and 3)
indicate the slot ID and the ID of the interface on the slot respectively. The device IDs of member ACs in a VAC
must be unique. If two member ACs share the same device ID, they cannot compose a VAC.

AC Priority

AC priority is an attribute that determines the role of a member AC in a VAC during role election. A higher
priority indicates a higher probability of being elected as the active AC. The value ranges from 1 to 255 and the
default value is 100. If an AC needs to be elected as the active AC, its priority needs to be raised.

AC priority includes configured priority and run priority. Run priority is the configured priority stored in the
configuration file at the startup and will not change during VAC running. If an administrator modifies the
configured priority, the run priority keeps unchanged, and the new configured priority takes effect only after the
configuration is saved and the VAC is restarted.

VSL

A Virtual Switching Link (VSL) is a special aggregate link used to exchange data between member ACs. Only
control packets are transmitted through VSLs. Control packets has a higher priority than data packets, so as to
reduce the possibility of losing control packet.

Roles of Member ACs

A VAC is composed of one or more ACs. When two ACs compose a VAC, one AC is elected as the active AC
and the other AC is elected as the standby AC. When more than two ACs form a VAC, ACs other than the
active AC and the standby AC serve as candidate ACs. On the management plane, only the active AC is in the
work state. On the control plane, in principle, wireless services are processed by each member AC and switch
services (such as the Open Shortest Path First (OSPF) service) are processed by the active AC. When the
active AC malfunctions, the standby AC becomes the active AC to provide management service. If there are
candidate ACs, one AC is elected as the standby AC.

On the data plane, each member AC in a VAC is involved in packet forwarding.

www.ruijienetworks.com 6
White Paper for AC Virtualization Technology

Work Mode

VACs support two work modes: standalone mode and VAC mode. The default work mode is the standalone
mode. To establish a VAC, it is necessary to switch ACs from the standalone mode to the VAC mode.

VAC Deployment

Configuring Physical Connections

 All ACs must be configured with VSL member ports. ACs in a VAC must use independent links to communicate
with each other.

 The switch ports connected to VSLs cannot be configured as aggregate ports.

 To ensure load balancing of services among ACs in a VAC, the VAC and the switch need to be connected through
an aggregate port and member ports in the aggregate port must have the same bandwidth.

 The aggregate port at the switch end of a service link needs to use the load balancing policy based on source IP
address and destination IP address.

Setting VAC Parameters

On AC 1, set the domain ID to 1, device ID to 1, and AC priority to 200. Set the priority of AC 1 to a larger value
to make AC 1 become the active AC.

Ruijie(config)# virtual-ac domain 1


Ruijie(config-vac-domain)# device 1
Ruijie(config-vac-domain)# device 1 priority 200

Running the show running-config command in privileged EXEC mode does not display the device 1
command, because the device ID is saved to the flash memory instead of the startup configuration file. If
the device ID is saved to the startup configuration file, the active AC synchronizes configurations to the
candidate ACs after a VAC is established. As a result, the candidate ACs have the same device ID as the
active AC.

The VAC-relevant local AC configurations such as the AC priority and VSL ports are stored in the
dedicated config_vac.dat file. Running the show running-config command in privileged EXEC mode
does not display the configurations. The configurations can be displayed only by running the show
virtual-ac config command in privileged EXEC mode. The VSL ports, AC priority, and other local
configurations are also used in the negotiation phase prior to the VAC establishment. Therefore, they
must be stored in the AC locally. Otherwise, the parameter correctness cannot be guaranteed in the VAC
negotiation phase.

On AC 2, set the domain ID to 1, device ID to 2, and AC priority to 100.

Ruijie(config)# virtual-ac domain 1

www.ruijienetworks.com 7
White Paper for AC Virtualization Technology

Ruijie(config-vac-domain)# device 2
Ruijie(config-vac-domain)# device 2 priority 100

Configuring VSL Ports

Some ports of ACs must be configured as VSL ports, and VSL ports of ACs must be connected through a
switch (direct connection is supported if only two ACs are used), so as to compose a VAC. In standalone mode,
the VSL port configuration takes effect only after ACs switch to VAC mode and are restarted.

Configure GigabitEthernet 0/5 as a VSL port on AC 1.

Ruijie(config)# vac-port
Ruijie(config-vac-port)# port-member interface GigabitEthernet 0/5

Configure GigabitEthernet 0/5 as a VSL port on AC 2.

Ruijie(config)# vac-port
Ruijie(config-vac-port)# port-member interface GigabitEthernet 0/5

Switching from Standalone Mode to VAC Mode

Run the following command in privileged EXEC mode to switch AC 1 from the standalone mode to the VAC
mode:

Ruijie# device convert mode virtual


Are you sure to convert switch to virtual mode[yes/no]: yes

When the message "Are you sure to convert switch to virtual mode" is displayed, if the administrator enters y,
the AC automatically performs the following steps:

(1) Back up the startup configuration file to the standalone.text file.

(2) Store VAC-relevant configurations to the VAC configuration file (config_vac.dat). VAC-irrelevant
configurations are not automatically saved.

(3) If the backup file virtual_switch.text generated when the AC previously switches from the VAC mode to
the standalone mode exists, a message is displayed, querying whether to restore the file to the startup
configuration file config.text.

To restore the startup configuration file config.text, enter y or Y. Pressing any other key will not restore the
startup configuration file.

Do you want to recover "config.text" from "virtual_switch.text" [yes/no]: yes

(4) Restart the AC.

The device mode virtual command is automatically added to the VAC configuration file. After an AC is
started, the AC works in standalone mode only when this command in the configuration file is read.

Likewise, run the following command to switch AC 2 from the standalone mode to the VAC mode:

www.ruijienetworks.com 8
White Paper for AC Virtualization Technology

Ruijie# device convert mode virtual

Initializing VSLs

If ACs at both ends of a physical link work in VAC mode after restart, the ACs first initialize the physical link and
then perform the following operations:

(1) Check whether the physical link is reachable in both directions.

(2) Exchange information such as the domain ID, switch ID, and AC model between the two ACs, to check
whether the ACs at both ends of the physical link meet the following conditions:

 Domain IDs of ACs at both ends must be the same.

 Switch IDs of ACs at both ends must be the same.

 The models of ACs at both ends must be the same.

 The peer AC type specified in the configuration file of any AC must be consistent with the actual peer AC
type.

If the physical link meets the foregoing conditions, it is added to the VSL. Otherwise, the candidate AC elected
according to election rules will be disabled. Different from the dual-active devices in recovery mode, the
disabled AC disables all its local ports, including the VSL port, MGMT port, and excluded port. Users need to
perform processing based on actual conflicts: If a hardware conflict occurs, replace the hardware with proper
ones; if a configuration conflict occurs, disconnect the VSL, restart the disabled the AC separately, modify
relevant configurations, reconnect the VSL, and add the AC to the VAC.

Electing Roles

After VSL initialization is completed, the election of the active AC starts. The process of electing the active AC
is called role election.

The principles of role election are as follows:

 The current active AC is prior to other ACs.


 The AC with a higher priority is prior to other ACs.
 The AC with a smaller switch ID is prior to other ACs.

The election starts from the first rule. If an active AC can be elected based on a rule, the subsequent rules are
not followed.

After an active AC is elected, a standby AC is elected from the remaining ACs. The election rule of the standby
AC is similar to that of the active AC. After the active and standby ACs are elected, other ACs serve as
candidate ACs.

After the standby AC preemption function is enabled, the VAC checks whether a candidate AC has a higher
priority than the standby AC. If yes, the VAC restarts the current standby AC and elects the candidate AC with
the higher priority as the standby AC.

www.ruijienetworks.com 9
White Paper for AC Virtualization Technology

The standby AC preemption function is applied to the VAC composed of ACs in multiple chassis. If the
active AC and standby AC reside in the same chassis and the chassis is restarted, all member ACs in the
VAC will be restarted. The standby AC preemption function is intended to distribute the active and standby
ACs in different chassis.

A VAC is formed after role election is completed and the VAC enters the management and maintenance phase.

VAC Management and Maintenance

Configuration Synchronization

After role election is completed, the active AC synchronizes the service configurations of the VAC to the
candidate ACs in batches. If an administrator modifies the configurations during VAC running, the active AC
synchronizes the configurations to the candidate ACs in real time. The service configurations of the VAC are
stored in the global configuration file config.text and AP configurations are stored in the ap-config.text file,
which are the same as those in standalone mode.

MAC Address Selection

Each AC has one Layer-2 MAC address and one Layer-3 MAC address. The Layer-2 MAC address and
Layer-3 MAC address of each AC in a VAC are different. After ACs compose a VAC, the Layer-2 MAC address
and Layer-3 MAC address need to be determined.

After a VAC elects an active AC for the first time, the VAC uses the Layer-2 MAC address and Layer-3 MAC
address of the active AC, and stores the addresses in the global configuration file. The VAC can still use the
original Layer-2 MAC address and Layer-3 MAC address even if an active/standby switchover occurs. After the
VAC is restarted, even if the elected new AC is not the previous one, the VAC still uses the previous Layer-2
MAC address and Layer-3 MAC address, provided that they are stored in the global configuration file.

Users can run the show run command to display Layer-2 MAC configurations. The sysmac command displays
the Layer-2 MAC address of the elected active AC (the Layer-3 MAC address is the Layer-2 MAC address plus
1). If users do not require these addresses at next startup, run the no sysmac command to delete the
configurations. After the configurations are saved and the VAC is restarted, a new AC will be elected and its
Layer-2 MAC address and Layer-3 MAC address will be used.

Keepalive Mechanism of VSL Physical Links

To identify faults occurring in VSL physical links or the peer AC, the VAC periodically sends keepalive packets
on each VSL physical link. The packets are sent at an interval of 200 ms by default and the default timeout
duration is 1s.

VSLs may be disconnected due to parameters modification errors. For this, the keepalive parameter is
used as an internal system parameter. Administrators cannot modify the transmission interval and
receiving interval of the keepalive packets.

www.ruijienetworks.com 10
White Paper for AC Virtualization Technology

Member AC Adding

Generally, ACs compose a VAC when they are started. Alternatively, an AC may be added to an established
VAC. In this case, the AC added later automatically becomes a candidate AC even if it has a higher priority than
the current active AC.

When an AC is added to expand the capacity, it is recommended to perform the following steps to prevent APs
from dropping out of the network:

(1) Upgrade the software of the new AC to a version same as that of the VAC.

(2) Set VAC parameters for the new AC.

(3) Connect the AC to the switch and add the physical link to the VSL.

(4) Add the service link of the new AC to the aggregate port on the switch and shut down the service link of
the new AC.

(5) Switch the new AC to VAC mode.

(6) Add the service link to the aggregate port on the new AC.

(7) Enable the service link of the new AC on the switch.

Member AC Exit

When a candidate AC exits from a VAC in any of the following cases, the candidate AC is removed from the
VAC in hot mode:

(1) All VSL ports of the candidate AC are disconnected or faulty.

(2) The candidate AC encounters a power failure.

When the active AC exits from a VAC in any of the following cases, the active AC is removed from the VAC in
hot mode and the standby AC becomes the active AC:

(1) All VSL ports of the active AC are disconnected or faulty.

(2) The active AC encounters a power failure.

License Sharing

Different from the hot backup mode, a VAC does not need additional licenses. Users need to import licenses
only to the active AC. Candidate ACs can share the licenses of the active AC to provide the access service for
APs.

The active AC allows importing licenses whose quantity exceeds the capacity of the AC. For example, one
RG-WS5708 device in standalone mode supports 1024 licenses at most, and supports any number of licenses
after it is added to a VAC.

www.ruijienetworks.com 11
White Paper for AC Virtualization Technology

After licenses are imported to the active AC, if the hardware of the active AC is faulty and cannot be in the
up state and the licenses on the standby AC are insufficient, the APs can remain online for only one day.
That is, if the active AC does not join the VAC again after one day, the VAC forces some APs to go offline
based on the current license quality.

Dual-Active Chassis Detection

When all VSL physical links are disconnected, the standby chassis becomes the active chassis, and two active
chassis coexist in the network. The configurations of the two chassis are the same. If Layer-3 virtual interfaces
(for example, VLAN interfaces and loopback interfaces) on the two chassis have the same configurations, an IP
address conflict occurs.

If a pair of ACs both find that the peer is lost, the loss may be caused by the power failure of the peer or the
disconnection of the VSL. The dual-active chassis occurs only when the VSL is disconnected. Therefore, an AC
needs to know the cause for the loss of the peer.

Out-of-Band Management in VAC Mode

In VAC mode, users can perform management operations such as configuration and upgrade on the VAC
through the serial port (console port) of the active AC. Users can neither enter the configuration mode through a
serial port of a candidate AC, nor perform management operations on the VAC. However, users can run the
session master command to connect to the active AC to perform management operations:

Ruijie-STANDBY#session master

The default rate of the console port is 9600 bps.

In VAC mode, users can manage the VAC through the MGMT port. One out-of-band management IP address
can be configured for the MGMT port of each AC in a VAC. Users can manage and upgrade ACs in a VAC
through the management IP address of the active AC or standby AC.

For example, run the following commands to configure the IP address of the MGMT port and the gateway for
AC 1:

Ruijie#configure terminal
Ruijie(config)#interface mgmt 1/0
Ruijie(config-if)#ip address 192.168.1.1 255.255.255.0
Ruijie(config-if)# gateway 192.168.200.1

The MGMT port is isolated from other ports on an AC. Therefore, when the MGMT port is connected to the
dedicated management network, the IP address of the MGMT port can be the same as those of other
ports.

Device Management in VAC Mode

In standalone mode, physical port IDs are represented in the format of slot/port. In VAC mode, port IDs are
represented in the format of device/slot/port in order to differentiate ports of different ACs. This representation

www.ruijienetworks.com 12
White Paper for AC Virtualization Technology

method ensures that configurations of physical ports remain unchanged even if an active/standby switchover
occurs.

In standalone mode, MIB query interfaces are represented using IFXINDEX IDs, which are automatically
allocated by the system based on the creation sequence of upper layer logical interfaces. In VAC mode, this
representation method is retained but IFXINDEX IDs are allocated to physical ports of multiple ACs rather than
one AC.

All device management commands used in standalone mode are still available in VAC mode. For example, the
show power command is used to display power information, the show fan command is used to display fan
information, and the show temperature command is used to display the device temperature. The differences
are that the power ID, fan ID, and slot temperature ID are represented in the 1-dimensional format in
standalone mode whereas they are represented in the 2-dimensional format in VAC mode, and the device ID is
added on the basis of the 1-dimensional format. For example, the show power command displays the following
information:

Ruijie#show power
Switch 1: WS5708
Switch 2: WS5708
slot card-type require(W) allocate(W)
------- ---------------------------- ---------- -----------
1/0 WS5708 10 0
2/0 WS5708 10 0

In standalone mode, users can run the dir, copy, and other file system operation commands to access the file
system of an AC.

In VAC mode, users can run file system operation commands to access the file system of the local AC but
cannot access the file systems of other member ACs. For example, when AC 2 is connected through a serial
port, only the file system of AC 2 is accessible. Users can run the session command to log in to a specified
member AC and access the file system of the AC.

SNMP Cache

In VAC mode, when AC information is obtained via the Simple Network Management Protocol (SNMP), the
information needs to be collected from each member AC, and the information collection speed is low. For this,
the SNMP cache function is added to the AC virtualization. This function periodically caches the SNMP data of
other member ACs to the active AC to improve the data reading efficiency.

Note that the active AC updates the cache every 5 minutes by default after the SNMP cache function is
configured. Therefore, when the server delivers the SNMP GET operation, the data obtained may be generated
in the previous 5 minutes. The update interval can be adjusted based on the frequency of performing the GET
operation by the network management software.

www.ruijienetworks.com 13
White Paper for AC Virtualization Technology

Packet Forwarding

Packet Forwarding Through VSLs

Data packets are forwarded through VSLs in the form of internal frames rather than common Ethernet frames.
This requires the switch to be capable of forwarding packets using this private format.

VSLs mainly forward inter-AC management packets in a VAC but do not forward data packets of STAs.
Management packets include Telnet interaction packets, SNMP interaction packets, EWEB interaction packets,
and Internet Control Message Protocol (ICMP) packets.

MAC Address Learning Mode

In a VAC, new MAC addresses learnt by any new member AC are synchronously learnt by all member ACs.

ARP Learning Mode

Address Resolution Protocol (ARP) packets received by any member AC are forwarded to the active AC for
processing. After learning ARP entries, the active AC deliver them to all other ACs.

Distributed Forwarding

Data packets of STAs are forwarded by ACs in centralized forwarding scenarios.

Uplink packets from STAs are encapsulated by the Control and Provisioning of Wireless Access Points
(CAPWAP) tunnels. The switch selects a member port based on the source IP address and destination IP
address of packets to send the packets to an AC (AC 1 for example). AC 1 decapsulates the packets for service
processing, and forwards the packets. Data packets of STAs are not forwarded through VSLs to another AC for
processing, but are sent out through physical ports of AC 1.

For downlink packets destined for STAs, the switch forwards the packets to an AC (AC 2 for example) based on
the source IP address and destination IP address of packets. AC 2 has complete forwarding entries. Therefore,
AC 2 performs service processing on the packets, performs CAPWAP encapsulation, and then sends the
packets to APs through its physical ports. Downlink packets are not forwarded through VSLs to other ACs for
processing.

Distributed forwarding relies on complete forwarding entries on each AC, including MAC entries, ARP entries,
routing entries, and ACL entries.

It also relies on the aggregate port connection between the VAC and the switch. With the aggregate port, any
AC can forward packets to the switch through its local physical ports (one of the member ports in the aggregate
port), so that the switch sends the packets to APs. When member ports of an aggregate port are selected,
physical ports of local ACs are preferred. Packet loss will occur if the bandwidth exceeds the bandwidth of the
local ACs.

www.ruijienetworks.com 14
White Paper for AC Virtualization Technology

Version Upgrade

AC Version Upgrade

When an installation package is used to upgrade ACs, the active AC automatically synchronizes the installation
package to the candidate ACs and upgrades the candidate ACs.

If an AC is added during VAC running and the software version of the new AC differs from that of the active AC,
the VAC will not upgrade the new AC to a version same as that of the active AC. Therefore, it is necessary to
upgrade an AC to a version same as that of the active AC before adding the AC to the VAC.

When ACs of different version compose a VAC, the VAC will not automatically synchronize their versions.
The ACs need to be manually upgraded to the same version. After ACs compose a VAC, users can run
the upgrade command to upgrade the ACs to the same version.

AP Version Upgrade

After the AP upgrade file is activated via the active-bin-file command, the active AC automatically
synchronizes the file to the candidate ACs to upgrade APs in distributed manner.

The no active-bin-file command deletes the AP upgrade files from the file systems on the candidate ACs, and
the upgrade fie on the active AC will not be automatically deleted.

When the no active-bin-file command is configured, if the upgrade file is being used to upgrade an AP,
the upgrade will be terminated, the AP will be restarted, and the AP version is still the version prior to the
upgrade. The purpose is to ensure a consistent upgrade status after the no active-bin-file command is
configured on each member AC.

Technical Features

High Reliability
The VAC supports the backup between any ACs. When any one or more ACs break down (except that both the
active and standby ACs break down), none of the management plane of the VAC, wireless services, and the
forwarding is interrupted.

Users can configure VSL ports on multiple ports of each box-type AC. In this way, when one VSL malfunctions,
control packets and management packets are transferred to other VSLs, greatly enhancing the reliability of
VSLs.

The interval for detecting whether the link state of a VSL port changes from up to down ranges from 50 ms to
200 ms. Other faults can be detected only by the keepalive mechanism of VSL physical links and the detection
interval is 1s.

www.ruijienetworks.com 15
White Paper for AC Virtualization Technology

Load Balancing
Aggregate ports can be configured on the switch and the balancing policy based on source IP address and
destination IP address can be configured to implement AP load balancing among ACs in a VAC.

When an AC is added to expand the capacity, the load of APs can be automatically balanced to the new AC.

The following figure shows the load balancing in a case that multiple chassis compose a Virtual Switching Unit
(VSU) and multiple WS cards compose a VAC:

Figure 2 Load balancing

VAC service
links –
aggregate port

M18000-WS-ED
downlinks –
aggregate port

Aggregation switch

After the load balancing policy based on the source IP address and destination IP address is configured on the
aggregation switch, the load of APs is balanced to the two M18000-WS-ED devices. The M18000-WS-ED
preferentially forwards local packets, and balances the load of the APs to the WS cards of the local
M18000-WS-ED according to the load balancing policy based on source IP address and destination IP address.
Therefore, in VSU scenarios, configure aggregate ports on the M18000-WS-ED devices and aggregation
switch, and configure the load balancing policy based on the source IP address and destination IP address on
them.

www.ruijienetworks.com 16
White Paper for AC Virtualization Technology

License Sharing
A VAC can share the licenses of all member ACs. Customers do not need to purchase licenses as many as
twice the AP quantity to implement hot backup.

Ease of Management
After multiple ACs compose a VAC, configurations are required only on the active AC and will be automatically
synchronized to candidate ACs, to prevent configuration inconsistency of multiple ACs.

Users do not need to plan an IP address for each AC and all ACs in the VAC share one IP address.

Only one NAS IP address needs to be planned for a VAC.

Typical Applications

Application Solution
Assume that a customer desires to purchase multiple WS cards and use one of them for redundancy. If the
current hot backup networking solution is adopted, the customer needs to purchase six WS cards to deploy
three 1:1 hot backup groups. With the VAC solution, a customer only needs t purchase five WS cards, and can
use the five WS cards to compose a VAC. If any AC malfunctions, the AP load of the AC is balanced to the
other four ACs on the premise that services are not interrupted.

If a customer purchases multiple WS cards to deploy a large-scale wireless network, a VAC can be deployed to
simplify network management, and the customer needs to manage only the VAC.

If ACs of a customer are connected to a public network but the number of IP addresses of the public network is
limited, a VAC can be deployed and only one IP address needs to be configured for the VAC to provide the AP
access and management services.

Restrictions

Hardware Restrictions

Number of Supported Member ACs

Currently, only ACs of the same model can compose a VAC. The following table lists the number of supported
member ACs in a VAC for different AC models.

www.ruijienetworks.com 17
White Paper for AC Virtualization Technology

AC Model Number of Supported


Member ACs
WS5708/M8600-WS/M12000-WS Not Support
M18000-WS-ED/M8600E-WS-ED 8
WS6008 4
WS6108 4
WS6812 8
WS6816 8

VSL Hardware Requirements

At least one 1G or 10G port on each AC needs to be specified as a member port of a VSL.

When only two ACs are used, the two ACs can be directly connected to establish a VSL or the VSL can be
established through a switch. If more than two ACs are used, VSLs need to be established through a switch
and the switch serves as the center of the star topology.

The switch ports that connect to the VSL ports of member ACs must be Layer-2 switching interfaces that belong
to the same native VLAN. These interfaces must support the forwarding of giant frames and the giant frame
forwarding function must be enabled. If the giant frame forwarding is not supported or is disabled, the
communication efficiency inside the VAC will be affected.

Service Link Requirements

The switch used for connecting to service interfaces of a VAC need to connect to the service interfaces of the
VAC through the aggregate port, and the aggregate port uses the load balancing mode based on source IP
address and destination IP address. Otherwise, the service load of member ACs in a VAC may be imbalanced.

M18000-WS-ED/M8600E-WS-ED Deployment Restrictions

The ports 0/3, 0/4, and 0/5 on the M18000-WS-ED and M8600E-WS-ED stay in the up state after being
powered on. They are down only after the boot program is started. When detecting that the ports are in the up
state, the switch sends packets to the AC. The AC, however, is being started and discards the packets,
resulting in short-time traffic interruption. Therefore, it is recommended that ports 0/1 and 0/2 be used as
service ports, port 0/3 be used as a service port only in heavy traffic scenarios, and ports 0/4 and 0/5 be used
as VSL ports.

Software Restrictions

Domain ID Deletion

Administrators are not allowed to delete domain IDs in VAC mode.

www.ruijienetworks.com 18
White Paper for AC Virtualization Technology

AC Priority Modification

The modification of the configured AC priority does not take effect immediately in VAC mode. The run priority is
always the configured priority stored in the configuration file at the startup. The configured priority takes effect
only after the AC is restarted.

Device ID Modification

Device IDs can be modified both in standalone mode and VAC mode. The device ID modified in standalone
mode is available only after the switching to the VAC mode. The device ID modified in VAC mode takes effect
after the VAC is restarted.

Software Upgrade Restrictions

When a new AC is added to a VAC, the VAC does not automatically upgrade the new AC to a version same as
that of the VAC. When ACs of different versions compose a VAC, a syslog is displayed, indicating that AC
versions are inconsistent and need to be manually upgraded to the same version.

VSL Port

In VAC mode, users can enter the VSL port configuration mode but cannot run configuration commands except
the description command.

When the Switched Port Analyzer (SPAN) function is configured, a VSL port can be neither used as the source
port nor the destination port of SPAN.

If a port is configured as an SPAN destination port, SPAN source port, multicast Virtual Private Network (VPN)
reflection port, or Network Load Balance (NLB) reflection port, the port can be used as a VSL member port only
after the configuration is deleted.

A port that is added to an aggregate port can be used as a VSL member port only after it is removed from the
aggregate port.

For a 40G port (regardless of whether the port is split), its member ports (that is, four 10G ports) cannot be used
as VSL member ports.

After a common service port is used as a VSL member port, it cannot be changed back into a common service
port within 6 minutes, and vice versa.

Hot Backup Restrictions

AC hot backup is not supported between VACs or between a VAC and ACs in standalone mode.

www.ruijienetworks.com 19
White Paper for AC Virtualization Technology

Roaming Restrictions

Roaming groups cannot be configured between VACs or between a VAC and ACs in standalone mode.

VACs do not support inter-WLAN roaming in centralized forwarding mode.

Restrictions in AP Configuration Display

The commands in the ap-config.text file can be configured when an AP is offline. When the AP is online, if the
AP does not support the configuration, the VAC automatically deletes the configuration. In this case, the
ap-config.text configurations may be different on different ACs. For example, AC 1 and AC 2 compose a VAC,
AC 1 serves as the active AC while AC 2 serves as the standby AC, and the 11acsupport enable radio 1
command is configured when an AP is offline. When the AP goes online on AC 2, AC 2 deletes the
11acsupport enable radio 1 command because the AP does not support 802.11ac. The command still exists
on AC 1 and is displayed after the show ap-config running command is executed. However, after the session
device 2 command is run to connect to AC 2, and the show ap-config running command is run to display the
AP configurations. The 11acsupport enable radio 1 command does not exist. If the AP is online, when the
11acsupport enable radio 1 command is configured, a prompt is displayed, indicating that the command is not
supported and cannot be configured, regardless of which AC is associated with the AP.

IP Source Guard and ARP-Check

The show wlan arp-check list and show ip verify source commands display the entries that take effect only
on a single AC rather than entries that take effect on global ACs. For example, when the two commands are
executed on the active AC, the entries that take effect on the active AC are displayed. When they are executed
on a candidate AC, the entries that take effect on the candidate AC are displayed.

Conclusion
In conclusion, the VAC technology brings many pragmatic benefits to users. Users can utilize the VAC
technology to easily expand the AC capacity, replace the 1:1 hot backup networking solution to simplify the
network topology, and fully utilize all bandwidth. We are expecting that the VAC technology could be applied
widely in the market.

Appendix

Comparison of Ruijie VAC and H3C WX5500H

www.ruijienetworks.com 20
White Paper for AC Virtualization Technology

Item H3C WX5500H Ruijie WS6816

Stacking cable No special feature No special feature

Capability stacking Supported Supported (up to 10K APs)

Unified management Supported Supported

Supported member ACs 4 8

High reliability 3:1/2:2 hot backup Hot backup of any ratio (7:1/6:2/5:3/4:4)

Dynamic load balancing Unknown Dynamic load balancing among online


APs
Dynamic load balancing of data
forwarding

Dynamic capability Unknown Service continuity upon dynamic adding


expansion of member ACs

License sharing Supported Supported

FAQs

Deployment

Can multiple ACs of different models form a VAC?

No. The model of each member AC in a VAC must be the same.

Even though the WS6008 and WS6108 use the same bin file, they cannot form a VAC.

How to configure the service port on the uplink switch connected to a VAC?

The service port on the uplink switch must be configured as an aggregate interface. To achieve AP load
balancing, the uplink switch needs to specify the load balancing policy of the aggregate interface as source IP
address and destination IP address or source IP address. For example, configure the following command on
Ruijie’s switch.

aggregateport load-balance src-dst-ip

The uplink switch of a member AC must be a single switch or VSU. If AC 1 is connected to switch 1 and AC 2 is
connected to switch 2, switches 1 and 2 need to form a VSU.

www.ruijienetworks.com 21
White Paper for AC Virtualization Technology

What should I pay attention to when configuring the VSL interface on the uplink

switch?

The VSL interface on the uplink switch connected to the VSL interface on an AC: 1. cannot be a member of an
aggregate interface; 2. needs to be configured as an access port; 3. is configured with a specified VLAN that is
not used for normal service packet forwarding to avoid interference between VSL packets and other service
packets; 4. supports jumbo frame forwarding with the maximum MTU value configured.

Can one member AC serve as a backup only without running services?

Currently, it is not supported. All member ACs are in running state. If a service port on an AC is shut down, the
service port will still be in down state when other member ACs fail. This AC cannot manage APs.

Does centralized forwarding support inter-WLAN roaming?

Centralized forwarding in the VAC does not support inter-WLAN roaming, but non-VACs still do.

Inter-WLAN roaming indicates that one SSID is configured with multiple WLANs. When STAs roam between
these WLANs using the same authentication and encryption methods, their IP addresses remain the same (if
the VLAN mappings of STAs are different before and after the roaming), and web-based re-authentication is not
required (if web-based authentication is configured).

Feature Description

When a new AC is added to the VAC, can it be automatically upgraded to the VAC

version?

Currently, a new AC cannot be automatically upgraded. Before being added to the VAC, it needs to be
upgraded to the same version as the VAC.

When the active AC in a VAC is upgraded, all member ACs will be automatically upgraded to the corresponding
version.

If an AC with a license is removed from the VAC, will APs go offline?

If the number of APs exceeds the license limit after an AC is removed from the VAC, the excess APs will be
disconnected after 7 days.

www.ruijienetworks.com 22
White Paper for AC Virtualization Technology

AC Virtualization
Technology White Paper

www.ruijienetworks.com

www.ruijienetworks.com 23

You might also like