mlag port blocked

  • 0
  • 1
  • Problem
  • Updated 3 years ago
  • Solved
I have the following mlag configuration:

I have created an mlag with a Juniper router with no problems.  However, on the mlag 2 with the Dell server, port 2 on R1484 is "blocked on the vlan".  Here is my config on R1484:
# R1484 config

create vlan "contrail"
configure vlan contrail tag 10

create vlan "R1484-R1485-IRL"
configure vlan R1484-R1485-IRL tag 974

configure ports 2 auto off speed 10000 duplex full
configure ports 46 auto off speed 10000 duplex full
configure ports 47 auto off speed 10000 duplex full

enable sharing 46 grouping 46-47 algorithm address-based L2 lacp
enable sharing 2 grouping 2 algorithm address-based L2 lacp

configure vlan contrail add ports 46, 48 tagged
configure vlan contrail add ports 2 untagged
configure vlan R1484-R1485-IRL add ports 46 tagged
configure vlan R1484-R1485-IRL ipaddress

# Module lacp configuration.
configure sharing 2 lacp timeout short

# Module vsm configuration.
create mlag peer "R1485"
configure mlag peer "R1485" ipaddress vr VR-Default
enable mlag port 2 peer "R1485" id 2

Here's the config on the Dell:
auto em1
iface em1 inet manual
bond-master bond1

auto em2
iface em2 inet manual
bond-master bond1

auto bond1
iface bond1 inet static
#use standard IEEE 802.3ad LACP bonding protocol
bond-mode 4
bond-miimon 100
bond-lacp-rate 1
bond-slaves em1 em2

Does anyone have any suggestions as to why port 2 on R1484 is blocked?
This only happens with mlag.  If I do a single link bond to R1484, no issues.  Is there some
sort of looping going on here?

Thanks in advance,

Photo of Tim Welch

Tim Welch

  • 80 Points 75 badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Patrick Voss

Patrick Voss, Alum

  • 11,594 Points 10k badge 2x thumb
Hello Tim,

Can you show us the output where you are seeing the port blocked. MLAG should not block ports so it may be another protocol doing this.
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 13,752 Points 10k badge 2x thumb
Hello Tim,

can you provide some additional info?

In addition to the info asked for by Patrick, I would recommend to look at the active settings on both the Dell server and the X670V switches:

Commands on the server:
  • ip link show
  • cat /proc/net/bonding/bond1
Commands on the switches:
  • show lacp
  • clear lacp counters
  • show lacp counters
  • show lacp lag 2
  • show lacp member-port 2 detail
  • show mlag peer R1484 (resp. R1485)
You did not manually configure an MLAG LACP MAC address (configure mlag peer R1484 lacp-mac <MAC>). Thus the server might have seen different LACP addresses on the two ports.

Photo of Derek Bird

Derek Bird, Employee

  • 576 Points 500 badge 2x thumb
Just as a clarification:  if one does not manually configure an MLAG LACP MAC, the default config is:
configure mlag peer lacp-mac auto
This sets the mac in the LACPDU to the switch MAC of the MLAG peer with the highest IP address for the ISC control VLAN.

If one does choose to manually configure the MLAG LACP MAC, one must be sure to do so on both MLAG peers or MLAG will break.

In this case, it looks like the x670 named R1485 has the highest ipaddr on the ISC, so the LACPDUs should be sent with his MAC.
Photo of Jan Steinbach

Jan Steinbach

  • 1,192 Points 1k badge 2x thumb
Maybe you could check/verify your MLAG config with this Phyton Script:

Photo of Tim Welch

Tim Welch

  • 80 Points 75 badge 2x thumb

Patrick, Erik, Derek, Jan,

Thanks so much for your input.  We now have mlag 2 UP.  The behavior is a bit flakey. I had to manually bounce the port on R1484.  After that, LACP communication started on the link between R1484 and Server 6612.

I did observe that when doing a "show vlan...." and if you see the small "b" in the ports output, that it is really an indication of what is happening on the far end (i.e. Untag:  *2bgG ).  For example,  when rebooting Server 6612 and both em1 and em2 ports were down, both R1484 and R1485 showed "Untag:  *2bgG" in the Ports section of the "show vlan"command.  I had originally mis-interpreted this indication to mean the Extreme was blocking the port.

During troubleshooting of the "Untag: *2bgG" condition, we did a tcpdump on 6612 and noticed that we were seeing LACP messages from the Extreme, but not from Server 6612.  Bouncing ports on the Server didn't change the condition.  However, once we bounced port 2 on R1484, then link came up.

Weird.  Anyway, thanks again for the help.