LACP/LAG with 'switches in between' (not true 2-Tier)?

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
I'm drawing a blank as to "do I do this right, or what do I do wrong?". If you look at the following:


Note that there is no ISC/MLAG between the two 460s.

Coworker and I are debating if the two ports on the Cisco stack need to be put in a LACP/channel-group or not. Neither of us has good enough arguments or detailed enough knowledge as to what exactly is happening, so if anyone could help, that'd be awesome!

- Is the above design reasonable/unreasonable/plain wrong?
- Do the Cisco ports need to be configured as two regular normal trunked/tagged ports, or do they need to be configured as channel/lacp/shared ports?
- or would they only need to be lacp ports if (and only if) the 460s would get an ISC/MLAG between them?

At this point I'm not sure if I could be trusted to connect two tin cans with a string!

Thanks for you help,

   Frank
Photo of Frank

Frank

  • 3,836 Points 3k badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of OscarK

OscarK, ESE

  • 7,912 Points 5k badge 2x thumb
Only when you make the X460 do MLAG you can add the ports in a channel group.
If the X460 do not do MLAG you need to have a redundancy protocol to prevent loops.
You can however make the ports a trunk as you will put tagged frames on it.
Photo of Frank

Frank

  • 3,836 Points 3k badge 2x thumb
I did configure ELRP on the respective VLAN on the 460s, hoping that would be sufficient?
(excluding the 460-to-8800 ports so it should only block the ports to the Cisco - because a lot of other VLANs go from the 460 to the 8800)
Photo of Paul Russo

Paul Russo, Alum

  • 9,694 Points 5k badge 2x thumb
Hey Frank

Can I ask why not do MLAG between the two 460s?  I think the two tier design is a better way to go as it provides added bandwidth and redundancy.

How would you handle Cisco port failover in the above design?

P
Photo of Frank

Frank

  • 3,836 Points 3k badge 2x thumb
Single point failure would still be covered in above diagram - if let's say the connection cisco->460-2 fails, packets would still be able to get to everywhere via 460-1 -> 8800 -> somewhere-including-460-2
I understand that an mlag between the 460s would give me multi-point failure resilience plus bandwidth (which, however, in most of our cases is negligible)

Background: the 460s are typically customer-access-port edge switches in a multi-tenant datacenter. While most customers are happy with either one non-redundant connection, or two connections that go into two of their firewalls (active/passive) where I don't have to worry about lag/lacp, there is the occasional scenario as above. Due to the "nobody needed it before" nature, we haven't MLAGed those 460s. "Yet (tm)" :)
Photo of Paul Russo

Paul Russo, Alum

  • 9,694 Points 5k badge 2x thumb
Hey Frank

I guess I am confused on how the two ports on the cisco is configured.  The connections from the cisco would be either a LAG, where the switch determines which link to send the traffic to, or in an active/passive design using a redundant port configuration.  If you can use the redundant port I think that would work here if it is a LAG I don't think that would work as you don't have MLAG on the 460s.

Does that help?

P

Photo of Frank

Frank

  • 3,836 Points 3k badge 2x thumb
The Cisco port configuration was exactly what we were debating :)
And yes, this does help immensely (together with Stephane's comment below)
Photo of Carsten Buchenau

Carsten Buchenau

  • 956 Points 500 badge 2x thumb
Interesting...

Is connecting the Cisco stack directly to the 2 BD chassis not an option? Then you configure a LAG on the Cisco stack and MLAG on the 2 BDs (as already done).

Otherwise, consider a 2-tier-MLAG design. In which case you need another ISC between the 2 460. See this GTAC KB article:
https://gtacknowledge.extremenetworks.com/articles/How_To/Sample-configuration-for-two-tier-MLAG/?q=...
Replace the Server in the diagram with your Cisco stack...
Photo of Frank

Frank

  • 3,836 Points 3k badge 2x thumb
Distances/cabling would make connecting the stack to the BDs - ahem - "challenging".
Photo of Frank

Frank

  • 3,836 Points 3k badge 2x thumb
OK, I see that a standard 2-Tier-MLAG design is the best solution - and it'd require the Cisco ports to be in a channel/LACP group.
That being said, how would you skin that particular cat if you couldn't MLAG the 460s? Would I have to use Spanning-Tree to ensure no loops? Or is there another option?
Photo of Carsten Buchenau

Carsten Buchenau

  • 946 Points 500 badge 2x thumb
How about replacing the Cisco Stack with a Summit Stack, and then you run a nice EAPS ring? :-)
Photo of Frank

Frank

  • 3,836 Points 3k badge 2x thumb
Sadly, the Cisco stack belongs to the customer, and my boss just ran out of SummitStacks to hand out for free. I'm just glad it's not a $50 D-Link :D
Photo of Grosjean, Stephane

Grosjean, Stephane, Employee

  • 13,676 Points 10k badge 2x thumb
On Cisco you should have a feature like "flexlink", or something like that. It will make one of your link active and the other one standby. Once the active link fails, the standby kicks in. This is purely local to the switch.

On Extreme we have it called Software Redundant Port, and with some option it can converge fast.
Photo of Frank

Frank

  • 3,836 Points 3k badge 2x thumb
Sweet! Yes, that!!!
Photo of EtherMAN

EtherMAN, Embassador

  • 7,340 Points 5k badge 2x thumb
Do the cisco support 8032/RPS ... Similar to EAPS but supported by more vendors.  Spanning tree to me will always be last resort.  Hate the idea of flooding the network when you re-converge your network after a failure.  Brings back so many bad memories ::) 
Photo of Brandon Clay

Brandon Clay, Escalation Support Engineer

  • 13,488 Points 10k badge 2x thumb
Even with G.8032, you would need a ring topology and I'm not sure how that would work out with the MLAG between the X460s and BD8ks. I've never tried to set something like that up, but I would be hesitant to put it into production.

That said, I think that in theory you should be able to exclude the 8ks from the ERPS config and just run CFM on the LAGs up from both 460s, ignoring the 8ks in the ERPS ring.
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 13,792 Points 10k badge 2x thumb
Cisco supports ERPS on Metro Ethernet switches (MExxxx), the 7600 router and some ASRs. I would not expect the unnamed Cisco switches considered here to support it.

The interaction of MLAG and ERPS on the BD8ks could be interesting, indeed.
Photo of Frank

Frank

  • 3,836 Points 3k badge 2x thumb
Thank you so much for shedding light on this. Active/Passive/Flexlink is probably what I'll put up there for now, with going for a 2-Tier-MLAG in the future.

And this is why "The Hub" is awesome!
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 13,792 Points 10k badge 2x thumb
Hi Frank,

if (or when) you are migrating this to MLAG, you should consider the interaction of MLAG with STP, because Cisco uses STP by default, including Port-Channels. (STP is disabled with FlexLink.) See the GTAC Knowledge article Can I combine MLAG and STP.

If you do combine STP and MLAG (not supported on EXOS) you need to disable EtherChannel Guard on the Cisco, because the EXOS devices will act as independent switches regarding STP.
no spanning-tree etherchannel guard misconfig
I recommend to always use LACP for port sharing (LAG, Port-Channel) to guard against cabling errors.

Erik

P.S. The network diagram does not look correct, the two ports on each individual BD8k should not be in a sharing group, but one port of each BD8k should be together in an MLAG (with single port LAGs for LACP).
Photo of Frank

Frank

  • 3,836 Points 3k badge 2x thumb
Erik,
Snaps, you are correct! The ports from the BD to the two different 460s are indeed NOT in a shared group. Paint fail, thanks for catching that!

(I guess in my drawing I already wanted to do a 2-tier mlag!)