Tunneling SSID's using a VSCG Controller

  • 1
  • Question
  • Updated 7 months ago
  • Answered
Moving from applianced based  3K Zone Directors ( which have been running flawlessly for about 100 years in production so far ) to Virtual Smartzones,

I have a question regarding runnng a VSCG within a Vmware Cluster. I would like some clarification on the ability to tunnel traffic using these new Virtual controllers.

Could someone clarify the roles and differerences of the VSCG and the Virtual SmartZone-Dataplane (vSZ-D). Does one depend on the other ( like the Cisco Nexus virtual switches for Vmware )?

From my understanding only the vSZ-D can performing the actual tunneling and not the VSCG. and are the AP licenses compatible.

Regards

Photo of Jason Simmons

Jason Simmons

  • 4 Posts
  • 0 Reply Likes

Posted 7 months ago

  • 1
Photo of Syamantak Omer

Syamantak Omer, Official Rep

  • 376 Posts
  • 132 Reply Likes
Hi Jason,

If you setup a vSZ on your Vmware, you get two options of vSZ type.

1- vSZ Essentials
2- vSZ High-scale

Upon choosing one of them, further you get below options.

If you choose, vSZ-E, it supports only single interface for Control/Management/Cluster.
If you choose, vSZ-H, it supports single or three interface (Dedicated interface for Control, management and cluster plan).

If you see, still there is no provision for Data interface in vSZ, hence if you really want to tunnel the data to a data interface, you have to also install vSZ-Dataplane and then connect it to your vSZ controller.

Now vSZ controller will take care of APs control/Management and controller's cluster operations/traffic. vSZ-Dataplane will take care of data tunnels traffic.

vSZ controller and vSZ-Dataplane will create a SSH session with each other for control and management. APs will create two tunnels, one with vSZ for AP control/management and other with with vSZ-Dataplane for WLAN data traffic.

Refer this simple topology to understand.



You have to purchase license for vSZ-Dataplane instance but no licenses required to tunnel the APs.

vSZ-D is offered with 1G throughput capacity and you can purchase additional 10G throughput capacity license, if required.

vSZ-D also supports DHCP and NAT features but for that you have to buy additional licenses.

For more information, please refer the data sheet.

https://webresources.ruckuswireless.com/pdf/datasheets/ds-virtual-smartzone-d.pdf 

Hope this will help.

Regards,
Syamantak Omer
Photo of Jason Simmons

Jason Simmons

  • 4 Posts
  • 0 Reply Likes
Syamantak,

Thanks for the excellent clarification. Thanks for taking the time.

I'm however a little disappointed that Ruckus have fractured the functionality of the controllers like this. The DHCP server on the zonedirector was not the mose comprehensive, but at least we had one, and tunneling out the box.

As your explaination will obvioulsy apply to the Phsyical Smatzone appliances as well as the virtual ones.

It does seem a little backwards step, and will miss the tradtional ZoneDirectors as they are aged out.

Thanks again
Photo of Syamantak Omer

Syamantak Omer, Official Rep

  • 351 Posts
  • 126 Reply Likes
Hi Jason,

I have just explained you very initial details of vSZ and vDP.

Let me explain few more points.

- On ZD, all the load is directly on the ZD, when you tunnel the WLAN, so if there is any failure with ZD hardware or network connectivity, you lose everything. However, in vSZ-vDP setup, even if your vSZ goes down due to any issue, APs will still be able to connect to vDP and will function without any service impact.

- In comparison with ZD, vSZ/vDP support a lot of features like DHCP & NAT, AP survivability without vSZ controller, multiple dataplane support (one vSZ can support upto 10 vSZ-D) which improves redundancy and scalability.

- Now talk about our SZ-100 (we also have SZ-300) appliance which is the hardware form of vSZ-Essentials. SZ-100 comes with two interface setup where one physical port can be used as Control/management/Cluster and other interface can be used as Data interface. This means it has inbuilt dataplane.

- Just in case you want to improve dataplane hardware redundancy, Ruckus also has SZ100-D which is the hardware appliance of vSZ-Dataplane.

Let me know if you have more queries.

Regards,
Syamantak Omer
Photo of Jason Simmons

Jason Simmons

  • 4 Posts
  • 0 Reply Likes
To address some of the Single Point Of Failures on the ZoneDirector you could configure them in a active standby configuration.

The ZoneDirectors havesingle interface configuration point, and resource management

We did not have to buy addtional SKU's to perform DHCP, NAT or even bandwidth.

Bandwidth can be consumed based on interface capability, rather than a commercial technical constraint as applied to the vSZ.


ZoneDirectors do fail yes, I have had to RMA a few for customers, but the support that Ruckus provides (Exceptional by the way ) I seen replacement devices next day.

If the customer can not tolerate even this short duration then they must configure HA.

As it stand now, I see no real clear advantage to the VSCG compared to traditional ZoneDirector ( Apart from the provider/ MSP , yes I can see advantages here with the VSCG)

The ZoneDirector is being encouraged to be replaced with the VSCG and this is the encouraged direction moving forward, therefore we should not invest twilight design patterns.

If this is the forced design pattern , then yes I agree the SZ100-D  with the required  "features" may be the better option as this should remove the concern for DPDK interfaces etc.

Thanks once again for your time.