- MLAG overview
- Configuring the peer link between switch1 and switch2
- Create a port-channel for the peer link
- Create a VLAN for MLAG peer communication
- Configure the SVI for peer-to-peer communication
- Configure the MLAG peering on both switches
- Verify MLAG operation
- Create MLAG port-channel interfaces
LAG or link aggregation is a way of bonding multiple physical links into a combined logical link. MLAG or multi-chassis link aggregation extends this capability allowing a downstream switch or host to connect to two switches configured as an MLAG domain. This provides redundancy by giving the downstream switch or host two uplink paths as well as full bandwidth utilization since the MLAG domain appears to be a single switch to Spanning Tree (STP). Because the MLAG domain appears to STP as a single switch there are no blocked ports.
The following will provide instructions on how to configure MLAG on a pair of Arista Networks switches running EOS. MLAG allows one to interconnect two Arista switches and use them as one logical switch for the purpose of L2 protocols. A simple MLAG setup is shown in Figure 1 and 2.
Note: It is highly recommended that both MLAG peer switches are identical platforms and run identical EOS images. Running different images/platform may result in a failure to form an association with the MLAG peer or see discrepancy in behavior.
On both switches, ensure that the control plane ACL configuration is compatible with MLAG. These two rules exist in the default-control-plane-acl configuration. You can verify with the command: show ip access-lists
permit tcp any any eq mlag ttl eq 255 permit udp any any eq mlag ttl eq 255
If a custom access list is configured, it must also contain these two rules.
Note: The control plane ACL matching on the MLAG port and ttl 255 is used to prevent anyone but the neighbor on the peer link from generating MLAG control traffic.
Assuming interface eth1 and eth2 connect the two peers, configure the following on both switches:
switch1# config t switch1(conf)#interface eth1-2 switch1(config-if-Et1-2)# channel-group 10 mode active switch1(config-if-Et1-2)# interface port-channel 10 switch1(config-if-Po10)# switchport mode trunk
Note: It is recommended, for redundancy reasons to use a port-channel. The peer link is recommended to be at least a two port port-channel to avoid having a single point of failure.
Create a VLAN for MLAG peer communication
On both switches, create a VLAN with an unused vlan-id for the MLAG peers to communicate.
switch1(conf)#vlan 4094 switch1(config-vlan-4094)# trunk group mlagpeer switch1(config-vlan-4094)# interface port-channel 10 switch1(config-if-Po10)# switchport trunk group mlagpeer switch1(config-if-Po10)# exit switch1(conf)#no spanning-tree vlan 4094
Note: The trunk group names for the peer VLAN (mlagpeer in the above example) should be configured to be the same on both switches. In order to successfully establish an MLAG association, the configuration for vlans and vlan trunk groups must be identical
Assigning VLAN4094 and Port-Channel10 to trunk group ‘mlagpeer’ prevents VLAN4094 from being carried on any trunk other than Po10. This allows you to safely disable Spanning-Tree on VLAN4094 (ensuring that the MLAG peers can communicate) without creating a loop through the (other ) trunk links.
Note: The MLAG peer-link VLAN (4094 in this example) should only be carried on the peer-link and not on any other trunks. The trunk group called ‘mlagpeer’ in this example applied to interface port-channel 10, prevents VLAN 4094 from being carried on other trunks. The use of a trunk group simplifies the implementation instead of having to prune VLAN 4094 from all links. To prevent spanning-tree loops do not add ‘trunk group mlagpeer’ to any other links.
Configure the SVI for peer-to-peer communication
On switch 1:
switch1(conf)#int vlan 4094 switch1(config-if-Vl4094)# ip address 10.0.0.1/30
On switch 2:
switch2(conf)#int vlan 4094 switch2(config-if-Vl4094)# ip address 10.0.0.2/30
Test IP connectivity between the two switches by pinging one peer from the other.
Configure the MLAG peering on both switches
MLAG configuration for switch1:
switch1(config)#mlag switch1(config-mlag)#local-interface vlan 4094 switch1(config-mlag)#peer-address 10.0.0.2 switch1(config-mlag)#peer-link port-channel 10 switch1(config-mlag)#domain-id mlag1
MLAG configuration for Switch2:
switch2(config)#mlag switch2(config-mlag)#local-interface vlan 4094 switch2(config-mlag)#peer-address 10.0.0.1 switch2(config-mlag)#peer-link port-channel 10 switch2(config-mlag)#domain-id mlag1
The MLAG peer relationship will form once the peer-link is up, the domains match and a bi-directional TCP connection is established between the MLAG peers.
The MLAG association dissolves and both switches revert to their independent state if any one of the following occurs:
- If the MLAG configuration is changed
- If the TCP connection is broken
- If the peer-link or local-interface goes down
- If one of the peers fails to receive a heartbeat from the other within an interval of time that is equal to 2.5 times the heartbeat interval. The heartbeat interval can be set to a value between 1 and 30 seconds and has a default value of 2 seconds.
Verify MLAG operation
Wait for the peers to form an MLAG association and reach ‘Active’ states. The output of the show mlag command shows configuration and the status.
switch1#show mlag MLAG Configuration: domain-id : mlag1 local-interface : Vlan4094 peer-address : 10.0.0.2 peer-link : Port-Channel10 MLAG Status: state : Active peer-link status : Up local-int status : Up system-id : 00:11:22:01:03:01
switch2#show mlag MLAG Configuration: domain-id : mlag1 local-interface : Vlan4094 peer-address : 10.0.0.1 peer-link : Port-Channel10 MLAG Status: peer-link status : Up local-int status : Up system-id : 00:11:22:01:03:01
Create MLAG port-channel interfaces
Configure an MLAG. In this example, a simple two-port mlag is used. One of the ports from Switch3 is connected to Switch1 and the other port is connected to Switch2. The two interfaces on Switch3 or the Host can be configured as a regular port-channel using LACP.
If eth3 on switch1 and switch2 are used in mlag, on both switches configure the following:
switch1(conf)#interface eth3 switch1(config-if-Et3)# channel-group 3 mode active switch1(config-if-Et3)# interface port-channel 3 switch1(config-if-Po3)# mlag 3
This puts eth3 into Port-Channel3 on both switches and connects the two Port-Channel3 interfaces into MLAG 3. The MLAG peer switches associate the port channels using the mlag identification number.
MLAG identification number
- The mlag identification number does not have to match the port-channel number
- The port-channel numbers grouped in an MLAG must match, they cannot be two different values.
- A port-channel in an MLAG can have multiple members.
Note: The neighbor device (host or switch) connected to the MLAG pair should be configured to negotiate a LAG with LACP (mode: “active”). It is not recommended to use MLAGs in conjunction with static LAGs (mode “on”).
Verify the MLAG port-channels
Confirm that the MLAG has formed on both switches
switch1#sh mlag | grep Active state : Active Active-partial : 0 Active-full : 2
switch1#sh mlag interfaces detail local/remote mlag state local remote oper config last change changes ------ ------------- ------- -------- ------- ---------- -------------- ------- 3 active-full Po3 Po3 up/up ena/ena 0:02:17 ago 6
This shows that mlag 3 became active (or changed anyway) 2 minutes and 17 seconds ago. It also shows that it includes port-channel 3 on the local and remote side.
- LACP should be used on all MLAG interfaces.
- LACP on MLAG interfaces runs with the primary switch bridge id while the switches are MLAG active
Verify spanning-tree on both MLAG peers
Check the status of spanning-tree on both the peers. The Spanning-Tree protocol runs on both of the peers using the negotiated common system ID. The output of ‘show spanning-tree’ shows Peer (e.g. Pet4 and Ppo100) interfaces as well as the local interfaces. Notice that the MLAG created with ‘mlag 3’ shows up under its local Port-Channel name (Po3).
switch11#sh spanning-tree MST0 Spanning tree enabled protocol mstp Root ID Priority 16384 Address 020c.293d.7271 This bridge is the root Bridge ID Priority 16384 (priority 16384 sys-id-ext 0) Address 020c.293d.7271 Hello Time 2.000 sec Max Age 20 sec Forward Delay 15 sec Interface Role State Cost Prio.Nbr Type ---------------- ---------- ---------- --------- -------- -------------------- Po3 designated forwarding 1999 128.100 P2p Boundary
‘show spanning-tree’ (and some other bridging-related ‘show’ commands), when run on the MLAG primary peer, will show “PeerEthernet” and “PeerPort-Channel” interfaces corresponding to interfaces on the secondary switch. The CLI “short names” for PeerEthernet1 and PeerPort-Channel1 are “PEt1″ and “PPo1″.
Spanning tree does not run on the peer link, and so it is not listed in the output of ‘show spanning-tree’.
STP considerations and MLAG:
- Global STP configuration comes from the primary peer, secondary parameters are ignored.
- STP runs with the negotiated system-id that is based on the primary switch bridge id while the switches are MLAG active.
- Port-specific spanning-tree configuration comes from the switch where the port physically resides. This includes spanning-tree port fast, bpduguard and bpdufilter.
Check that the peer interface is part of the MLAG port-channel
Note that Port-Channel3 is the port-channel that we configured to be in an MLAG
switch1#sh port-channel 3 detailed Port Channel Port-Channel3: Active Ports: Port Time became active Protocol Mode ------------------- ------------------------ -------------- ------ Ethernet2 13:54:19 LACP Active PeerEthernet3 13:54:20 LACP Active
Notice that we observe a mirror image output on the other MLAG peer (switch2)
switch2#sh port-channel 3 detailed Port Channel Port-Channel3: Active Ports: Port Time became active Protocol Mode ------------------- ------------------------ -------------- ------ Ethernet3 13:54:19 LACP Active PeerEthernet2 13:54:17 LACP Active
VLAN configuration and MLAG:
- VLANs must be created on each MLAG peer. The primary MLAG peer does not communicate VLAN information to the secondary.
- Port-specific bridging configuration comes from the switch where the port physically lives. This includes switchport access vlan, switchport mode, trunk allowed vlans, trunk native vlan, and switchport trunk groups.
- Take care to configure VLANs and port settings identically on both MLAG peers.
Static MAC addresses and MLAG:
- A static mac entry configured on an MLAG interface is automatically configured on the corresponding interface on the peer. If the MLAG peer relationship is broken, or if all local members of an MLAG port-channel go down, the peer will no longer be automatically configured with the static mac address. Configuring static mac addresses on both peers will prevent undesired flooding or learned mac addresses if such a failure occurs.
- Static mac addresses configured to be dropped are not shared between MLAG peers.