Thursday, April 1, 2010

The difference between L2 and L3 Roaming Events


Layer 2 Roam:
A Layer 2 roam occurs when a client leaves one AP and re-associates with a new AP, in the same client subnet. In most cases, the 'roamed to' AP is connected to the same WLC as the original AP.  The description above represents the simplest roaming scenario because a single WLC database maintains all information about the client. Network elements upstream from the WLC are unaffected by the client moving from one AP to another.
Layer 2 Roam Illustration:

 L3 Roam - WLC to WLC Roaming Across Client Subnets:

In cases where a client roams between APs that are connected to different WLCs and the client subnet/VLAN is not the same between the WLCs, then a Layer 3 roam is performed. A mobility announcement is exchanged between the 'roamed to' (foreign) WLC's mobility database and the home (anchor) WLC's mobility database.

A Layer 3 roam is more complex because the wireless client is moving from one VLAN/subnet to another. Unless the WLAN system takes action to make the client subnet change transparent, the Layer 3 roam event has an adverse impact on client communication with upstream services. Existing client sessions will either hang or eventually timeout and disconnect. The Cisco Unified Wireless solution uses mobility tunnels to facilitate Layer 3 roaming that is transparent to the upstream network There are two types of mobility tunnels:

Asymmetrical (default behavior - WLC Releases 4.0 and earlier)
Symmetrical (new option beginning with WLC Release 4.1 and later)
Note In WLC Release 4.1, asymmetrical tunneling is still the default behavior. Administrators must explicitly configure symmetrical tunnel behavior.
L3 Roam Across Subnets Illustration:


Layer 3 Roam—Symmetrical Mobility Tunnel:

Beginning with WLC Release 4.1 and later, the WLCs can be configured to support dynamic, bi-directional tunneling between the foreign AP/WLC and the anchor WLC.  The WLC's Layer 3 mobility handoff procedure remains unchanged. However, WLC Release 4.1 makes use of existing capabilities associated with the solution's auto anchor tunneling mechanism to create a dynamic symmetrical tunnel when a client performs a Layer 3 roam. Symmetrical tunneling is not enabled by default. It must be explicitly configured either through the controller's web configuration interface, WCS template or the controller's CLI. Symmetrical mobility tunnel operation must be enabled for each controller that is a member of a given mobility group, otherwise unpredictable behavior can occur.

L3 Symmetric Mobility Roam Illustration:

6 comments:

  1. Hi Jennifer,

    I'm rater new(bie) to Cisco wireless. But I got a question about this. Do Symmetrical have advantages ore disatvantage in comparison to Asymmetrical roaming?

    And one other little question for layer 3 roaming do you alway's need a two wlc. Ore can you make a trunk to the wlc.

    You got some real good and awsome posts!! I almost read all of them!!!

    With kind regard,
    Niels

    ReplyDelete
  2. Niels,

    Cisco has a good write up on when to use symmetric mobility tunneling & how it works. I'm linking to the latest configuration guide so the configuration details are fresh.

    http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70mobil.html#wp1178110

    For L3 roaming you would have two WLCs and the roam would take place between the two controllers and cross a vlan/ip boundary in order to initiate the L3 roam event.

    ReplyDelete
  3. This comment has been removed by the author.

    ReplyDelete
  4. Hello Jennifer,

    When asymmetric tunneling is used the client keeps it's original address and the IP address and Mac address is spoofed by the foreign controller when sending out the client traffic in the switched network. Only how does this work, when the client keeps it's original address received in Vlan x how does it communicate in Vlan y on the foreign controller with a different IP subnet used in Vlan y?

    If i think about it rpf must be disabled as described and also the foreign Controller need not also spoof the client IP/MAC address but also need to change the destination MAC adress from the default gateway from Vlan x to the MAC adress of the default gateway of Vlan y to get the packets from the client routed out of Vlan y?


    With kind regards,

    Arne

    ReplyDelete
  5. Jennifer,
    Thanks for all of the great posts. Very informative. A question for you though, you mentioned in this post (under Symmetrical Mobility Tunnel) where you mentioned anchor controllers can be configured through a WCS template. I have two redundant anchors for an SSID that I am trying to push out to all of our controllers (~30) and a WCS template would save soooo much time. Do you know where this template is?

    Thanks,
    Taylor

    ReplyDelete
  6. To use WCS to make a WLAN template, first the interface IP address needs to be already present in the controllers preferably with the same interface *name* on each controller. Then to make the template, use WCS / Configure controller template launch pad > WLANs > WLAN Configuration > (from the drop down in the upper RT corner) add new template > Go

    Add the SSID, choose the interface you want to tie it to & set the SSID security parameters for the WLAN. Then you can choose which controllers to apply the template. Should work like a champ :-)

    ReplyDelete