• MLAG – basic configuration

 
 
Print Friendly, PDF & Email

MLAG overview

LAG or link aggregation is a way of bonding multiple physical links into a combined logical link. MLAG or multi-chassis link aggregation extends this capability allowing a downstream switch or host to connect to two switches configured as an MLAG domain. This provides redundancy by giving the downstream switch or host two uplink paths as well as full bandwidth utilization since the MLAG domain appears to be a single switch to Spanning Tree (STP). Because the MLAG domain appears to STP as a single switch there are no blocked ports.

Configuration

The following will provide instructions on how to configure MLAG on a pair of Arista Networks switches running EOS. MLAG allows one to interconnect two Arista switches and use them as one logical switch for the purpose of L2 protocols. A simple MLAG setup is shown in Figure 1 and 2.

mlag-host


Note: It is highly recommended that both MLAG peer switches run identical EOS images. Running different images result in a failure to form an association with the MLAG peer.


 

Configuring the peer link between switch1 and switch2

On both switches, ensure that the control plane ACL configuration is compatible with MLAG. These two rules exist in the default-control-plane-acl configuration. You can verify with the command: show ip access-lists

permit tcp any any eq mlag ttl eq 255
permit udp any any eq mlag ttl eq 255

If a custom access list is configured, it must also contain these two rules.


Note: The control plane ACL matching on the MLAG port and ttl 255 is used to prevent anyone but the neighbor on the peer link from generating MLAG control traffic.


Create a port-channel for the peer link

Assuming interface eth1 and eth2 connect the two peers, configure the following on both switches:

switch1# config t
switch1(conf)#interface eth1-2
switch1(config-if-Et1-2)# channel-group 10 mode active
switch1(config-if-Et1-2)# interface port-channel 10
switch1(config-if-Po10)# switchport mode trunk

Note: It is recommended, for redundancy reasons to use a port-channel. The peer link is recommended to be at least a two port port-channel to avoid having a single point of failure.


Create a VLAN for MLAG peer communication

On both switches, create a VLAN with an unused vlan-id for the MLAG peers to communicate.

switch1(conf)#vlan 4094
switch1(config-vlan-4094)# trunk group mlagpeer
switch1(config-vlan-4094)# interface port-channel 10
switch1(config-if-Po10)# switchport trunk group mlagpeer
switch1(config-if-Po10)# exit
switch1(conf)#no spanning-tree vlan 4094

Note: The trunk group names for the peer VLAN (mlagpeer in the above example) should be configured to be the same on both switches. In order to successfully establish an MLAG association, the configuration for vlans and vlan trunk groups must be identical


Assigning VLAN4094 and Port-Channel10 to trunk group ‘mlagpeer’ prevents VLAN4094 from being carried on any trunk other than Po10. This allows you to safely disable Spanning-Tree on VLAN4094 (ensuring that the MLAG peers can communicate) without creating a loop through the (other ) trunk links.

Note: The MLAG peer-link VLAN (4094 in this example) should only be carried on the peer-link and not on any other trunks. The trunk group called ‘mlagpeer’ in this example applied to interface port-channel 10, prevents VLAN 4094 from being carried on other trunks. The use of a trunk group simplifies the implementation instead of having to prune VLAN 4094 from all links. To prevent spanning-tree loops do not add ‘trunk group mlagpeer’ to any other links.

Configure the SVI for peer-to-peer communication

On switch 1:

switch1(conf)#int vlan 4094

switch1(config-if-Vl4094)# ip address 10.0.0.1/30

On switch 2:

switch2(conf)#int vlan 4094
switch2(config-if-Vl4094)# ip address 10.0.0.2/30

Test IP connectivity between the two switches by pinging one peer from the other.

Configure the MLAG peering on both switches

MLAG configuration for switch1:

switch1(config)#mlag
switch1(config-mlag)#local-interface vlan 4094
switch1(config-mlag)#peer-address 10.0.0.2
switch1(config-mlag)#peer-link port-channel 10
switch1(config-mlag)#domain-id mlag1

MLAG configuration for Switch2:

switch2(config)#mlag
switch2(config-mlag)#local-interface vlan 4094
switch2(config-mlag)#peer-address 10.0.0.1
switch2(config-mlag)#peer-link port-channel 10
switch2(config-mlag)#domain-id mlag1

The MLAG peer relationship will form once the peer-link is up, the domains match and a bi-directional TCP connection is established between the MLAG peers.

The MLAG association dissolves and both switches revert to their independent state if any one of the following occurs:

  • If the MLAG configuration is changed
  • If the TCP connection is broken
  • If the peer-link or local-interface goes down
  • If one of the peers fails to receive a heartbeat from the other within an interval of time that is equal to 2.5 times the heartbeat interval. The heartbeat interval can be set to a value between 1 and 30 seconds and has a default value of 2 seconds.

Verify MLAG operation

Wait for the peers to form an MLAG association and reach ‘Active’ states. The output of the show mlag command shows configuration and the status.

On switch1:

switch1#show mlag
MLAG Configuration:
domain-id : mlag1
local-interface : Vlan4094
peer-address : 10.0.0.2
peer-link : Port-Channel10
MLAG Status:
state : Active
peer-link status : Up
local-int status : Up
system-id : 00:11:22:01:03:01

On switch2:

switch2#show mlag
MLAG Configuration:
domain-id : mlag1
local-interface : Vlan4094
peer-address : 10.0.0.1
peer-link : Port-Channel10
MLAG Status:
peer-link status : Up
local-int status : Up
system-id : 00:11:22:01:03:01

Create MLAG port-channel interfaces

Configure an MLAG. In this example, a simple two-port mlag is used. One of the ports from Switch3 is connected to Switch1 and the other port is connected to Switch2. The two interfaces on Switch3 or the Host can be configured as a regular port-channel using LACP.

If eth3 on switch1 and switch2 are used in mlag, on both switches configure the following:

switch1(conf)#interface eth3
switch1(config-if-Et3)# channel-group 3 mode active
switch1(config-if-Et3)# interface port-channel 3
switch1(config-if-Po3)# mlag 3

This puts eth3 into Port-Channel3 on both switches and connects the two Port-Channel3 interfaces into MLAG 3. The MLAG peer switches associate the port channels using the mlag identification number.

MLAG identification number

  • The mlag identification number does not have to match the port-channel number
  • The port-channel numbers grouped in an MLAG must match, they cannot be two different values.
  • A port-channel in an MLAG can have multiple members.

Note: The neighbor device (host or switch) connected to the MLAG pair should be configured to negotiate a LAG with LACP (mode: “active”). It is not recommended to use MLAGs in conjunction with static LAGs (mode “on”).


Verify the MLAG port-channels

Confirm that the MLAG has formed on both switches

switch1#sh mlag | grep Active
state               :              Active
Active-partial      :                   0
Active-full         :                   2
switch1#sh mlag interfaces detail
                                       local/remote
 mlag         state   local   remote    oper    config    last change   changes
------ ------------- ------- -------- ------- ---------- -------------- -------
    3   active-full     Po3      Po3   up/up   ena/ena    0:02:17 ago         6

This shows that mlag 3 became active (or changed anyway) 2 minutes and 17 seconds ago. It also shows that it includes port-channel 3 on the local and remote side.

LAG configuration:

  • LACP should be used on all MLAG interfaces.
  • LACP on MLAG interfaces runs with the primary switch bridge id while the switches are MLAG active

Verify spanning-tree on both MLAG peers

Check the status of spanning-tree on both the peers. The Spanning-Tree protocol runs on both of the peers using the negotiated common system ID. The output of ‘show spanning-tree’ shows Peer (e.g. Pet4 and Ppo100) interfaces as well as the local interfaces. Notice that the MLAG created with ‘mlag 3’ shows up under its local Port-Channel name (Po3).

switch11#sh spanning-tree
MST0
  Spanning tree enabled protocol mstp
  Root ID    Priority    16384
             Address     020c.293d.7271
             This bridge is the root

  Bridge ID  Priority    16384  (priority 16384 sys-id-ext 0)
             Address     020c.293d.7271
             Hello Time  2.000 sec  Max Age 20 sec  Forward Delay 15 sec

Interface        Role       State      Cost      Prio.Nbr Type
---------------- ---------- ---------- --------- -------- --------------------
Po3              designated forwarding 1999      128.100  P2p Boundary

‘show spanning-tree’ (and some other bridging-related ‘show’ commands), when run on the MLAG primary peer, will show “PeerEthernet” and “PeerPort-Channel” interfaces corresponding to interfaces on the secondary switch. The CLI “short names” for PeerEthernet1 and PeerPort-Channel1 are “PEt1″ and “PPo1″.

Spanning tree does not run on the peer link, and so it is not listed in the output of ‘show spanning-tree’.

STP considerations and MLAG:

  • Global STP configuration comes from the primary peer,  secondary parameters are ignored.
  • STP runs with the negotiated system-id that is based on the primary switch bridge id while the switches are MLAG active.
  • Port-specific spanning-tree configuration comes from the switch where the port physically resides. This includes spanning-tree port fast, bpduguard and bpdufilter.

Check that the peer interface is part of the MLAG port-channel

Note that Port-Channel3 is the port-channel that we configured to be in an MLAG

switch1#sh port-channel 3 detailed
Port Channel Port-Channel3:
  Active Ports:
       Port                Time became active       Protocol    Mode
    ------------------- ------------------------ -------------- ------
       Ethernet2           13:54:19                 LACP        Active
       PeerEthernet3       13:54:20                 LACP        Active

Notice that we observe a mirror image output on the other MLAG peer (switch2)

switch2#sh port-channel 3 detailed
Port Channel Port-Channel3:
  Active Ports:
       Port                Time became active       Protocol    Mode
    ------------------- ------------------------ -------------- ------
       Ethernet3           13:54:19                 LACP        Active
       PeerEthernet2       13:54:17                 LACP        Active

VLAN configuration and MLAG:

  • VLANs must be created on each MLAG peer. The primary MLAG peer does not communicate VLAN information to the secondary.
  • Port-specific bridging configuration comes from the switch where the port physically lives. This includes switchport access vlan, switchport mode, trunk allowed vlans, trunk native vlan, and switchport trunk groups.
  • Take care to configure VLANs and port settings identically on both MLAG peers.

Static MAC addresses and MLAG:

  • A static mac entry configured on an MLAG interface is automatically configured on the corresponding interface on the peer. If the MLAG peer relationship is broken, or if all local members of an MLAG port-channel go down, the peer will no longer be automatically configured with the static mac address. Configuring static mac addresses on both peers will prevent undesired flooding or learned mac addresses if such a failure occurs.
  • Static mac addresses configured to be dropped are not shared between MLAG peers.
Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: