LACP/LAG with 'switches in between' (not true 2-Tier)?

  • 28 September 2016
  • 19 replies
  • 1981 views
Frank
Userlevel 5
I'm drawing a blank as to "do I do this right, or what do I do wrong?". If you look at the following:


Note that there is no ISC/MLAG between the two 460s.

Coworker and I are debating if the two ports on the Cisco stack need to be put in a LACP/channel-group or not. Neither of us has good enough arguments or detailed enough knowledge as to what exactly is happening, so if anyone could help, that'd be awesome!

- Is the above design reasonable/unreasonable/plain wrong?
- Do the Cisco ports need to be configured as two regular normal trunked/tagged ports, or do they need to be configured as channel/lacp/shared ports?
- or would they only need to be lacp ports if (and only if) the 460s would get an ISC/MLAG between them?

At this point I'm not sure if I could be trusted to connect two tin cans with a string!

Thanks for you help,

Frank

19 replies

Frank
Userlevel 5
Thank you so much for shedding light on this. Active/Passive/Flexlink is probably what I'll put up there for now, with going for a 2-Tier-MLAG in the future.

And this is why "The Hub" is awesome!
S
Rank
Userlevel 7
OK, I see that a standard 2-Tier-MLAG design is the best solution - and it'd require the Cisco ports to be in a channel/LACP group.
That being said, how would you skin that particular cat if you couldn't MLAG the 460s? Would I have to use Spanning-Tree to ensure no loops? Or is there another option?
On Cisco you should have a feature like "flexlink", or something like that. It will make one of your link active and the other one standby. Once the active link fails, the standby kicks in. This is purely local to the switch.

On Extreme we have it called Software Redundant Port, and with some option it can converge fast.
C
Userlevel 3
Interesting...

Is connecting the Cisco stack directly to the 2 BD chassis not an option? Then you configure a LAG on the Cisco stack and MLAG on the 2 BDs (as already done).

Otherwise, consider a 2-tier-MLAG design. In which case you need another ISC between the 2 460. See this GTAC KB article:
https://gtacknowledge.extremenetworks.com/articles/How_To/Sample-configuration-for-two-tier-MLAG/?q=...
Replace the Server in the diagram with your Cisco stack...

P
Userlevel 6
Hey Frank

Can I ask why not do MLAG between the two 460s? I think the two tier design is a better way to go as it provides added bandwidth and redundancy.

How would you handle Cisco port failover in the above design?

P
P
Userlevel 6
Hey Frank

Can I ask why not do MLAG between the two 460s? I think the two tier design is a better way to go as it provides added bandwidth and redundancy.

How would you handle Cisco port failover in the above design?

P
Hey Frank

I guess I am confused on how the two ports on the cisco is configured. The connections from the cisco would be either a LAG, where the switch determines which link to send the traffic to, or in an active/passive design using a redundant port configuration. If you can use the redundant port I think that would work here if it is a LAG I don't think that would work as you don't have MLAG on the 460s.

Does that help?

P

EtherMAN
Userlevel 6
Do the cisco support 8032/RPS ... Similar to EAPS but supported by more vendors. Spanning tree to me will always be last resort. Hate the idea of flooding the network when you re-converge your network after a failure. Brings back so many bad memories ::)
www.pslightwave.com
O
Rank
Userlevel 6
Only when you make the X460 do MLAG you can add the ports in a channel group.
If the X460 do not do MLAG you need to have a redundancy protocol to prevent loops.
You can however make the ports a trunk as you will put tagged frames on it.
C
Userlevel 3
OK, I see that a standard 2-Tier-MLAG design is the best solution - and it'd require the Cisco ports to be in a channel/LACP group.
That being said, how would you skin that particular cat if you couldn't MLAG the 460s? Would I have to use Spanning-Tree to ensure no loops? Or is there another option?
How about replacing the Cisco Stack with a Summit Stack, and then you run a nice EAPS ring? :-)
Frank
Userlevel 5
I did configure ELRP on the respective VLAN on the 460s, hoping that would be sufficient?
(excluding the 460-to-8800 ports so it should only block the ports to the Cisco - because a lot of other VLANs go from the 460 to the 8800)
Frank
Userlevel 5
Hey Frank

Can I ask why not do MLAG between the two 460s? I think the two tier design is a better way to go as it provides added bandwidth and redundancy.

How would you handle Cisco port failover in the above design?

P
Single point failure would still be covered in above diagram - if let's say the connection cisco->460-2 fails, packets would still be able to get to everywhere via 460-1 -> 8800 -> somewhere-including-460-2
I understand that an mlag between the 460s would give me multi-point failure resilience plus bandwidth (which, however, in most of our cases is negligible)

Background: the 460s are typically customer-access-port edge switches in a multi-tenant datacenter. While most customers are happy with either one non-redundant connection, or two connections that go into two of their firewalls (active/passive) where I don't have to worry about lag/lacp, there is the occasional scenario as above. Due to the "nobody needed it before" nature, we haven't MLAGed those 460s. "Yet (tm)" :)
Frank
Userlevel 5
Interesting...

Is connecting the Cisco stack directly to the 2 BD chassis not an option? Then you configure a LAG on the Cisco stack and MLAG on the 2 BDs (as already done).

Otherwise, consider a 2-tier-MLAG design. In which case you need another ISC between the 2 460. See this GTAC KB article:
https://gtacknowledge.extremenetworks.com/articles/How_To/Sample-configuration-for-two-tier-MLAG/?q=...
Replace the Server in the diagram with your Cisco stack...

Distances/cabling would make connecting the stack to the BDs - ahem - "challenging".
Frank
Userlevel 5
OK, I see that a standard 2-Tier-MLAG design is the best solution - and it'd require the Cisco ports to be in a channel/LACP group.
That being said, how would you skin that particular cat if you couldn't MLAG the 460s? Would I have to use Spanning-Tree to ensure no loops? Or is there another option?
Frank
Userlevel 5
OK, I see that a standard 2-Tier-MLAG design is the best solution - and it'd require the Cisco ports to be in a channel/LACP group.
That being said, how would you skin that particular cat if you couldn't MLAG the 460s? Would I have to use Spanning-Tree to ensure no loops? Or is there another option?
Sadly, the Cisco stack belongs to the customer, and my boss just ran out of SummitStacks to hand out for free. I'm just glad it's not a $50 D-Link :D
Frank
Userlevel 5
Hey Frank

Can I ask why not do MLAG between the two 460s? I think the two tier design is a better way to go as it provides added bandwidth and redundancy.

How would you handle Cisco port failover in the above design?

P
The Cisco port configuration was exactly what we were debating :)
And yes, this does help immensely (together with Stephane's comment below)
Frank
Userlevel 5
OK, I see that a standard 2-Tier-MLAG design is the best solution - and it'd require the Cisco ports to be in a channel/LACP group.
That being said, how would you skin that particular cat if you couldn't MLAG the 460s? Would I have to use Spanning-Tree to ensure no loops? Or is there another option?
Sweet! Yes, that!!!
Frank
Userlevel 5
Hi Frank,

if (or when) you are migrating this to MLAG, you should consider the interaction of MLAG with STP, because Cisco uses STP by default, including Port-Channels. (STP is disabled with FlexLink.) See the GTAC Knowledge article Can I combine MLAG and STP.

If you do combine STP and MLAG (not supported on EXOS) you need to disable EtherChannel Guard on the Cisco, because the EXOS devices will act as independent switches regarding STP.
no spanning-tree etherchannel guard misconfig[/code]I recommend to always use LACP for port sharing (LAG, Port-Channel) to guard against cabling errors.

Erik

P.S. The network diagram does not look correct, the two ports on each individual BD8k should not be in a sharing group, but one port of each BD8k should be together in an MLAG (with single port LAGs for LACP).Erik,
Snaps, you are correct! The ports from the BD to the two different 460s are indeed NOT in a shared group. Paint fail, thanks for catching that!

(I guess in my drawing I already wanted to do a 2-tier mlag!)
Brandon Clay
Rank
Userlevel 7
Do the cisco support 8032/RPS ... Similar to EAPS but supported by more vendors. Spanning tree to me will always be last resort. Hate the idea of flooding the network when you re-converge your network after a failure. Brings back so many bad memories ::) Even with G.8032, you would need a ring topology and I'm not sure how that would work out with the MLAG between the X460s and BD8ks. I've never tried to set something like that up, but I would be hesitant to put it into production.

That said, I think that in theory you should be able to exclude the 8ks from the ERPS config and just run CFM on the LAGs up from both 460s, ignoring the 8ks in the ERPS ring.
Erik Auerswald
Userlevel 7
Do the cisco support 8032/RPS ... Similar to EAPS but supported by more vendors. Spanning tree to me will always be last resort. Hate the idea of flooding the network when you re-converge your network after a failure. Brings back so many bad memories ::) Cisco supports ERPS on Metro Ethernet switches (MExxxx), the 7600 router and some ASRs. I would not expect the unnamed Cisco switches considered here to support it.

The interaction of MLAG and ERPS on the BD8ks could be interesting, indeed.
Erik Auerswald
Userlevel 7
Hi Frank,

if (or when) you are migrating this to MLAG, you should consider the interaction of MLAG with STP, because Cisco uses STP by default, including Port-Channels. (STP is disabled with FlexLink.) See the GTAC Knowledge article Can I combine MLAG and STP.

If you do combine STP and MLAG (not supported on EXOS) you need to disable EtherChannel Guard on the Cisco, because the EXOS devices will act as independent switches regarding STP.
no spanning-tree etherchannel guard misconfig[/code]I recommend to always use LACP for port sharing (LAG, Port-Channel) to guard against cabling errors.

Erik

P.S. The network diagram does not look correct, the two ports on each individual BD8k should not be in a sharing group, but one port of each BD8k should be together in an MLAG (with single port LAGs for LACP).

Reply