MLAG health check message configuration

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered
How and where do you configure MLAG health check message config? I have read in the Exos userguide 15_7 that this is now a feature however it does not give to much information on how and where to configure this. Has anyone configured this and had it working? Is this feature available in summitX-15.5.3.4-patch1-5.xos or do i need to upgrade to get this feature?

(page 278 of userguide)
"Starting in ExtremeXOS 15.5, health check messages can also be exchanged on an alternate path byseparate configuration – typically the “Mgmt” VLAN. If the peer is alive when the ISC link alone goes down, one of the MLAG peers disables its MLAG ports to prevent duplicate south-bound traffic to the remote node. To reduce the amount of traffic on the alternate path, health check messages are initiated on the alternate path only when the ISC link goes down. When the ISC link is up, no health check messages are exchanged on the alternate path.

When the MLAG switch misses 3 consecutive health check messages from the peer, it declares that the MLAG peer is not reachable on the ISC link. It then starts sending out health check messages on the alternate path to check if the peer is alive. When the first health check message is received from the MLAG peer on the alternate path, it means that the peer is alive. In this scenario, one of the MLAG peersdisables its MLAG ports to prevent duplication of south-bound traffic to the remote node.

Note
The MLAG switch having the lower IP address for the alternate path VLAN disables its ports.

When the ISC link comes up and the switch starts receiving health check messages on the ISC control VLAN, the ports that were disabled earlier have to be re-enabled. This action is not performed immediately on the receipt of the first health check message on the ISC control VLAN. Instead the switch waits for 2 seconds before enabling the previously disabled ports. This is done to prevent frequent enabling and disabling of MLAG ports due to a faulty ISC link up event.
Photo of Renne Stuart

Renne Stuart

  • 260 Points 250 badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Stephen Williams

Stephen Williams, Employee

  • 9,034 Points 5k badge 2x thumb
Renne,

15 5 does support this feature. 

MLAG relies on the peer communication to prevent duplicate south bound traffic.  If the peer communication is down, and both devices are up, traffic can will be duplicated down to both MLAG ports. 

The ISC is a single point, that can cause this issue.  The alternate path health checks add one more layer of protection.  If the MLAG peer connection is down it will check to see if the MLAG alternate IP address is configured.  If it is, and working then mlag will disable one side of it's mlag ports to prevent this duplicate traffic.

Where to deploy it:  I would deploy it on any other network and connection between the switches, not the MLAG ISC or the ISC vlan.  The documentation recommends the management network.


How to configure it:
Just configure both peers pointing to each other on a different network that uses a path that is not the ISC.  It's almost like when you configured MLAG the first time.

configure { mlag peer } <peer_name> alternate ipaddress [<ip_address> { vr <vr_name> } | none]”


Hope this helps.
(Edited)
Photo of Renne Stuart

Renne Stuart

  • 260 Points 250 badge 2x thumb
Thanks Stephen for the quick reply

so you would need to make sure that the vlan you are using to create the new peers does not traverse the ISC as currently all of my vlan's traverse the ISC. Do i need to upgrade to 15.7 or does it work on 15.5.3.4-patch1-5? What is the most stable version to currently be on for a new deployement?
Photo of Stephen Williams

Stephen Williams, Employee

  • 9,034 Points 5k badge 2x thumb
Renne,

I wouldn't call them new MLAG peers, because you are using your existing peers.  Your just defining another path to reach them. 

Here is a simple setup, but not the best production example:

Plug both mlag switches directly together on the mgmt vlan/port.  Give peer1 mgmt vlan an ip of 1.1.1.1/30 and peer2 mgmt vlan an ip of 1.1.1.2/30.  Then configure the alternate ipaddress like below.

peer1 config:

conf mlag peer peer1 alternate ipaddress 1.1.1.2 vr "VR-Mgmt"

peer2 config:

conf mlag peer peer2 alternate ipaddress 1.1.1.1 vr "VR-Mgmt"


As for your code recommendation.  It depends on what features you are using, and what features you want.  Once you have a version that supports the features you want and use.  I would check the latest minor release of that code for open bugs reported in the release notes.  If nothing looks like it will effect your network go with the latest minor release that has the features you want.
Photo of Renne Stuart

Renne Stuart

  • 260 Points 250 badge 2x thumb
Do i need to be on 15.7 or does this work on 15.5.3.4? When was this feature released?

thanks Stephen, so how would that relate to my network as we have 2x X670 in different locations with 2x10gb MLAG ISC fibre links between them. Each edge switch as a 10gb connection to each X670. School vlan is the schools data vlan and the infrastructure vlan is the switch management vlan.

extracts below:

configure snmp sysName "BHS-Sum-Sw01"
create mlag peer "BHS-Sum-Sw02" configure mlag peer "BHS-Sum-Sw02" ipaddress 1.1.1.2 vr VR-Default 
create vlan "Infrastructure"
configure vlan Infrastructure tag 161
create vlan "ISC"
configure vlan ISC tag 4094
create vlan "School"
configure vlan School tag 10
enable mlag port 1 peer "BHS-Sum-Sw02" id 1 
enable mlag port 2 peer "BHS-Sum-Sw02" id 2 
enable mlag port 3 peer "BHS-Sum-Sw02" id 3 
enable mlag port 4 peer "BHS-Sum-Sw02" id 4 
enable mlag port 5 peer "BHS-Sum-Sw02" id 5 
enable mlag port 6 peer "BHS-Sum-Sw02" id 6 
enable mlag port 9 peer "BHS-Sum-Sw02" id 9 
enable mlag port 10 peer "BHS-Sum-Sw02" id 10 
enable mlag port 11 peer "BHS-Sum-Sw02" id 11 
enable mlag port 17 peer "BHS-Sum-Sw02" id 17 
enable mlag port 18 peer "BHS-Sum-Sw02" id 18 
enable mlag port 19 peer "BHS-Sum-Sw02" id 19 
enable mlag port 25 peer "BHS-Sum-Sw02" id 25 
enable mlag port 26 peer "BHS-Sum-Sw02" id 26 
enable mlag port 27 peer "BHS-Sum-Sw02" id 27 
enable mlag port 31 peer "BHS-Sum-Sw02" id 31 
enable mlag port 33 peer "BHS-Sum-Sw02" id 33 
enable mlag port 37 peer "BHS-Sum-Sw02" id 37 
enable mlag port 38 peer "BHS-Sum-Sw02" id 38
configure vlan Infrastructure add ports 1-6, 9-11, 17-19, 25-27, 31, 33, 37-38, 47 tagged  
configure vlan ISC add ports 47 tagged  
configure vlan School add ports 1-6, 9-11, 17-19, 25-27, 31, 33, 37-38, 47 tagged  
configure vlan Mgmt ipaddress 10.96.0.1 255.255.255.0
configure vlan ISC ipaddress 1.1.1.1 255.255.255.252
configure vlan School ipaddress 10.10.0.4 255.255.248.0
enable ipforwarding vlan School
configure vlan Infrastructure ipaddress 172.16.1.4 255.255.255.0
enable ipforwarding vlan Infrastructure


configure snmp sysName "BHS-Sum-Sw02"
create mlag peer "BHS-Sum-Sw01" configure mlag peer "BHS-Sum-Sw01" ipaddress 1.1.1.1 vr VR-Default 
create vlan "Infrastructure"
configure vlan Infrastructure tag 161
create vlan "ISC"
configure vlan ISC tag 4094
create vlan "School"
configure vlan School tag 10
enable mlag port 1 peer "BHS-Sum-Sw01" id 1 
enable mlag port 2 peer "BHS-Sum-Sw01" id 2 
enable mlag port 3 peer "BHS-Sum-Sw01" id 3 
enable mlag port 4 peer "BHS-Sum-Sw01" id 4 
enable mlag port 5 peer "BHS-Sum-Sw01" id 5 
enable mlag port 6 peer "BHS-Sum-Sw01" id 6 
enable mlag port 9 peer "BHS-Sum-Sw01" id 9 
enable mlag port 10 peer "BHS-Sum-Sw01" id 10 
enable mlag port 11 peer "BHS-Sum-Sw01" id 11 
enable mlag port 17 peer "BHS-Sum-Sw01" id 17 
enable mlag port 18 peer "BHS-Sum-Sw01" id 18 
enable mlag port 19 peer "BHS-Sum-Sw01" id 19 
enable mlag port 25 peer "BHS-Sum-Sw01" id 25 
enable mlag port 26 peer "BHS-Sum-Sw01" id 26 
enable mlag port 27 peer "BHS-Sum-Sw01" id 27 
enable mlag port 31 peer "BHS-Sum-Sw01" id 31 
enable mlag port 33 peer "BHS-Sum-Sw01" id 33 
enable mlag port 37 peer "BHS-Sum-Sw01" id 37 
enable mlag port 38 peer "BHS-Sum-Sw01" id 38 
configure vlan Infrastructure add ports 1-6, 9-11, 17-19, 25-27, 31, 33, 37-38, 47 tagged  
configure vlan ISC add ports 47 tagged  
configure vlan School add ports 1-6, 9-11, 17-19, 25-27, 31, 33, 37-38, 47 tagged  
configure vlan Mgmt ipaddress 10.96.0.1 255.255.255.0
configure vlan ISC ipaddress 1.1.1.2 255.255.255.252
configure vlan Infrastructure ipaddress 172.16.1.5 255.255.255.0
enable ipforwarding vlan Infrastructure
configure vlan School ipaddress 10.10.0.5 255.255.248.0
enable ipforwarding vlan School
Photo of Stephen Williams

Stephen Williams, Employee

  • 9,034 Points 5k badge 2x thumb
15 5 does support MLAG alternate ipaddress.

If the connection between IP 172.16.1.5 and IP 172.16.1.4 can still be active when the ISC is failed I would use this configuration.


BHS-Sum-Sw01:
conf mlag peer BHS-Sum-Sw02 alternate ipaddress 172.16.1.5 vr "VR-Default"



BHS-Sum-Sw02:
conf mlag peer BHS-Sum-Sw01 alternate ipaddress 172.16.1.4 vr "VR-Default"
Photo of Renne Stuart

Renne Stuart

  • 260 Points 250 badge 2x thumb
Hi Stephen,

this is the config i thought we would have to use however was concerned that due to the 172.16.1.0/24 subnet being tagged already across the ISC it would send its alternate peer test across this link as its default route for the traffic. Would this matter with the above config or would we need to configure a vlan that does not traverse the ISC link but is tagged through the edge switches to each core and use this for the alternate peer IP addresses?
Photo of OscarK

OscarK, ESE

  • 7,912 Points 5k badge 2x thumb
The alternate path should not go over the same ISC link that the mlag peers are already using. Normally if you use the vr-MGMT ports you could use those IP addresses for alternate path. If you want to use another vlan be sure that vlan does not span the ISC ports.
(Edited)
Photo of Grosjean, Stephane

Grosjean, Stephane, Employee

  • 13,346 Points 10k badge 2x thumb
I'd like to stress out a few things, following Oscar's comment:

- indeed, the role of the alternate path is to use... an alternate physical path. So it makes no sense to have it configured if it follows the same path (both physical - the same cable - than "geographical" - the same conduit). You want to be sure a cable fault or an accidental "cut" will not have the same impact on that alternate path.

- if you use the Mgmt network for it, which seems a natural thing to do, there's one caveat you need to be aware of: if someone issue a "disable port all" on the mlag peer having the higher IP address, it will not affect the Mgmt port, and so the mlag peer with the lowest IP address would disable its ports as well, leading in a bad situation.