This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

MLAG setup - looks like hitting a L2 loop

MLAG setup - looks like hitting a L2 loop

zerodivisionerr
New Contributor

‎07-29-2019 11:22 AM

Hello,

We tried to set up a MLAG between 2 x670 switches and once we enabled the second "leg" (port 41 on sw1) looks like we did hit a loop. Unfortunately it's a production network and we are very limited in opportunities to reproduce it.

MLAG related configs are as follows:

sw1:
code:
create mlag peer "sw2" 
configure mlag peer "sw2" ipaddress 192.168.128.242 vr VR-Default 
enable mlag port 41 peer "sw2" id 202 
enable sharing 41 grouping 41-48 algorithm address-based L2 lacp




sw2:
code:
create mlag peer "sw1" 
configure mlag peer "sw1" ipaddress 192.168.128.241 vr VR-Default 
enable mlag port 41 peer "sw1" id 202 
enable sharing 41 grouping 37-48 algorithm address-based L2 lacp





MLAG peers see each other, checkpoint status is 'Up'. What caught my attention is this. On sw1:

code:
sw1.118 # debug hal show vsm 

VSM Blocking Filters:
  Ingress port: 1:1
    Blocked ports:
      Unit 1 (inst 1 Fid A553 l3_inst 1 l3_Fid A551 l3rem_inst 1 l3rem_Fid A552 pend 0):
           41 42 43 44 45 46 47 48 

VSM Redirection: (Enabled)




But on sw2:

code:
sw2.29 # debug hal show vsm 

VSM Blocking Filters:
  Ingress port: 1:1
    Blocked ports:

VSM Redirection: (Enabled)




Could this be the cause of the problem (that there're no blocked ports for the filter)? If so, why they could've not been added?

Both switches are running 16.2.4.5-patch1-6.
0 Kudos
9 REPLIES 9

FES
New Contributor III

‎02-06-2020 02:48 PM

Hi, we have resolve the problem.

We upgrade to 30.4.1.2 to resolve a bug in mlag with arp patckets.

Algo we have disable policy to free resources to acls.

 

At the moment all is working. 

 

Now we are looking to force mlag to use local links instead peer links to avoid pass traffic through ISC.

0 Kudos

FES
New Contributor III

‎10-11-2019 11:56 AM

Hi,
Does anybody knows how to show acl resources used by mlag?

The command " show policy resource-profile" does nos show any used resource by L2

show policy resource-profile

Current Configured Profile: default
Current Profile Modifier : none

MAC IPv6 IPv4 L2
Rules Rules Rules Rules
----- ----- ----- -----
Max 512 512 512 440
Used 0 0 53 0


Someone have tested the command " configure policy resource-profile more-mac-no-ipv6 " ??
0 Kudos

FES
New Contributor III

‎10-02-2019 07:59 AM

Hi,
finally we think that we have reached the problem. We need test it yet, but Im sure that this is the problem.

We have all devices updated to 30.2.1.8. I have seen that 30.3 fix some mlag bugs. We have seen in logs that the x870 devices dont have enough resources to manage MLAG ACL.

In this post are some information:
https://gtacknowledge.extremenetworks.com/pkb_mobile#/articles/en_US/Solution/MLAG-possible-loop-for...

We are going to asign ipv6 resources to mac resources to test again the mlag behaviour.

I hope this resolve the problem
0 Kudos

Tomasz
Valued Contributor II

‎09-20-2019 09:21 AM

Hi FES,

You might want to try and use ELRP to spot the loop when it happens. Have a look at these:
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-ELRP-to-disable-ports
https://gtacknowledge.extremenetworks.com/articles/Q_A/do-I-need-to-enable-ELRP-on-all-the-VLANs-where-physical-ports-are-identical

FYI, with EXOS 30.2 and older ELRP periodic test interval can be as small as 100 ms. With EXOS 30.3, hardware can be used for these tests, which allows to decrease the interval to just few milliseconds.

Hope that helps,
Tomasz
0 Kudos
GTM-P2G8KFN