Posted on March 19, 2020 6:11 pm
 |  Asked by Jeff
 |  89 views
0
0
Print Friendly, PDF & Email

I setup the following on 2 cEOS-lab test switches to simulate our production topology, but cannot get the MLAG to get to “active” state only “connecting”. I have included configs below.

Switch1:
vlan 4094
name MLAG
trunk group m1ag
!
interface Port-Channel93
switchport mode trunk
switchport trunk group m1ag
!
interface Ethernet49
mtu 9214
switchport access vlan 4094
switchport mode trunk
channel-group 93 mode active
!
interface Ethernet50
mtu 9214
switchport access vlan 4094
switchport mode trunk
channel-group 93 mode active
!
mlag configuration
domain-id mlag1
local-interface Vlan4094
peer-address 192.168.245.2
peer-link Port-Channel93
reload-delay mlag 360
reload-delay non-mlag 300

switch2:
vlan 4094
name MLAG
trunk group m1ag
!
interface Port-Channel93
switchport mode trunk
switchport trunk group m1ag
!
interface Ethernet49
mtu 9214
switchport access vlan 4094
switchport mode trunk
channel-group 93 mode active
!
interface Ethernet50
mtu 9214
switchport access vlan 4094
switchport mode trunk
channel-group 93 mode active
!
interface Vlan4094
mtu 9214
no autostate
ip address 192.168.245.2/30
!
mlag configuration
domain-id mlag1
local-interface Vlan4094
peer-address 192.168.245.1
peer-link Port-Channel93
reload-delay mlag 360
reload-delay non-mlag 300

Switch 1 MLAG detail:
cEOSlab-a04-40-leaf(config-mlag)#sh mlag detail
MLAG Configuration:
domain-id : mlag1
local-interface : Vlan4094
peer-address : 192.168.245.2
peer-link : Port-Channel93
peer-config :

MLAG Status:
state : Inactive
negotiation status : Connecting
peer-link status : Up
local-int status : Up
system-id : 00:00:00:00:00:00
dual-primary detection : Disabled

MLAG Ports:
Disabled : 0
Configured : 0
Inactive : 0
Active-partial : 0
Active-full : 0

MLAG Detailed Status:
State : inactive
Peer State : unknown
State changes : 7
Last state change time : 0:21:08 ago
Hardware ready : True
Failover : False
Failover Cause(s) : Unknown
Last failover change time : never
Secondary from failover : False
Peer MAC address : 00:00:00:00:00:00
Peer MAC routing supported : False
Reload delay : 360 seconds
Non-MLAG reload delay : 300 seconds
Ports errdisabled : False
Lacp standby : False
Configured heartbeat interval : 4000 ms
Effective heartbeat interval : 4000 ms
Heartbeat timeout : 60000 ms
Last heartbeat timeout : never
Heartbeat timeouts since reboot : 0
UDP heartbeat alive : False
Heartbeats sent/received : 1471/304
Peer monotonic clock offset : unknown
Agent should be running : True
P2p mount state changes : 39
Fast MAC redirection enabled : False

0
Posted by Dmytro Shypovalov
Answered on March 19, 2020 6:54 pm

Hi Jeff,

There are 2 problems with MLAG on cEOS-lab. The first one is when containers are run on a generic linux kernel, dot1q tagging didn\'t work prior to 4.23.1 (it worked only on EOS kernel). So make sure you are running 4.23.1 or later.

The second problem is that MLAG needs system MAC with U/L bit set to 0 (which is true on all switches), then it generates locally administered MAC (U/L bit set to 1) for MLAG operations. Docker generates MAC addresses with U/L bit set to 1, so MLAG cannot work with it. The solution is to create your own mac address and force the container use it, e.g.:

mkdir ~/ceos1
echo \'28:b3:de:ad:be:ef\' > ~/ceos1/system_mac_address
cat ~/ceos1/system_mac_address | tr -d \'\\n\' > ~/ceos1/system_mac_address.corrected
cp ~/ceos1/system_mac_address.corrected ~/ceos1/system_mac_address

Note: you have to remove the \'\\n\' sign as shown above, otherwise it won\'t work.

Then map the directory with the system_mac_address file to /mnt/flash of the container by adding -v ~/ceos1:/mnt/flash

An example of full command:

docker create --name=ceos1 --privileged -v ~/ceos1:/mnt/flash -e INTFTYPE=eth -e ETBA=1 -e SKIP_ZEROTOUCH_BARRIER_IN_SYSDBINIT=1 -e CEOS=1 -e EOS_PLATFORM=ceoslab -e container=docker -i -t ceosimage:4.23.1F /sbin/init systemd.setenv=INTFTYPE=eth systemd.setenv=ETBA=1 systemd.setenv=SKIP_ZEROTOUCH_BARRIER_IN_SYSDBINIT=1 systemd.setenv=CEOS=1 systemd.setenv=EOS_PLATFORM=ceoslab systemd.setenv=container=docker

 

Hope this helps.

Edit: formatting killed backward slash, instead of \'n\' there should be end of the line sign \"\\\n\"

 

 

 

 

Thanks for this! (I remember going through this about a year ago and reverting to vEOS when I couldn’t work out the sytem MAC-address niceties with docker, but I have another piece of work that would benefit greatly from MLAGed cEOS instances.) Do you have any idea if the GNS3 orchestration of docker would play nicely with this strategy? (I tried manually inserting the /mnt/flash/system_mac_address file into an existing image and it didn’t react well. (Ethernet ports all errdisabled and system mac address of all zeroes.) Any assistance greatly appreciated. ETA: Nevermind; I was ignoring all your (repeated, very clear) verbiage about stripping the newline character. Once I stripped it; the GNS-launched cEOS container worked just fine with the ”arbitrary” MAC address (deadbeef!)
(Mencken Davidson at March 21, 2020 5:54 am)
0
Posted by Adam Levin
Answered on March 19, 2020 9:03 pm

In addition to the above, based on what you posted I don't see an SVI configured on switch 1.  Did you configure interface vlan 4094 on switch 1?

Post your Answer

You must be logged in to post an answer.