cancel
Showing results for 
Search instead for 
Did you mean: 

MLAG+VRRP is not works properly

MLAG+VRRP is not works properly

Lexus92008
New Contributor
Hello, community!

I have some trouble in work two X690 like core switches, First is HQ-690, second is TR-690.
They are MLAG-peers, VRRP-peers.

We have VLAN 100, HQ-690 has ip 192.168.100.253, TR-690 has ip 192.168.100.252, VIP is 192.168.100.254.
MLAG VLAN has tag 2000, HQ-690 has ip 172.16.0.1/30, TR-690 has ip 172.16.0.2/30.

Then the problem:
When I connecting to HQ-690 via 192.168.100.253 through telnet, it has greate delays for inputed commands or close connection at all.
When I connecting to TR-690 via 192.168.100.252 through telnet, it has no delays. Then I connecting from TR-690 to HQ-690 via 172.16.0.1. It has no delays too.

Another devices in VLAN 100 has the same delays in work.

Both switches has the same EXOS 22.4.1.4 patch1-2

Config of HQ-690:
Module vrrp configuration. # create vrrp vlan VLAN_0099 vrid 100 configure vrrp vlan VLAN_0099 vrid 100 priority 200 create vrrp vlan VLAN_0095 vrid 100 configure vrrp vlan VLAN_0095 vrid 100 priority 200 create vrrp vlan VLAN_0100 vrid 100 configure vrrp vlan VLAN_0100 vrid 100 priority 200 create vrrp vlan VLAN_0101 vrid 100 configure vrrp vlan VLAN_0101 vrid 100 priority 200 create vrrp vlan VLAN_0103 vrid 100 configure vrrp vlan VLAN_0103 vrid 100 priority 200 create vrrp vlan VLAN_0105 vrid 100 configure vrrp vlan VLAN_0105 vrid 100 priority 200 create vrrp vlan VLAN_0106 vrid 100 configure vrrp vlan VLAN_0106 vrid 100 priority 200 create vrrp vlan VLAN_0210 vrid 100 configure vrrp vlan VLAN_0210 vrid 100 priority 200 create vrrp vlan VLAN_0114 vrid 100 configure vrrp vlan VLAN_0114 vrid 100 priority 200 configure vrrp vlan VLAN_0099 vrid 100 add 192.168.99.254 configure vrrp vlan VLAN_0095 vrid 100 add 192.168.95.254 configure vrrp vlan VLAN_0100 vrid 100 add 192.168.100.254 configure vrrp vlan VLAN_0101 vrid 100 add 192.168.102.254 configure vrrp vlan VLAN_0101 vrid 100 add 192.168.101.254 configure vrrp vlan VLAN_0103 vrid 100 add 192.168.104.254 configure vrrp vlan VLAN_0103 vrid 100 add 192.168.103.254 configure vrrp vlan VLAN_0105 vrid 100 add 192.168.105.254 configure vrrp vlan VLAN_0106 vrid 100 add 192.168.106.254 configure vrrp vlan VLAN_0210 vrid 100 add 192.168.210.254 configure vrrp vlan VLAN_0114 vrid 100 add 192.168.114.254 enable vrrp vlan VLAN_0099 vrid 100 enable vrrp vlan VLAN_0095 vrid 100 enable vrrp vlan VLAN_0100 vrid 100 enable vrrp vlan VLAN_0101 vrid 100 enable vrrp vlan VLAN_0103 vrid 100 enable vrrp vlan VLAN_0105 vrid 100 enable vrrp vlan VLAN_0106 vrid 100 enable vrrp vlan VLAN_0210 vrid 100 enable vrrp vlan VLAN_0114 vrid 100
# # Module vsm configuration. # create mlag peer "TR-690" configure mlag peer "TR-690" ipaddress 172.16.0.2 vr VR-Default enable mlag port 11 peer "TR-690" id 6 enable mlag port 12 peer "TR-690" id 7 enable mlag port 22 peer "TR-690" id 2 enable mlag port 23 peer "TR-690" id 5 enable mlag port 31 peer "TR-690" id 1 enable mlag port 47 peer "TR-690" id 4 enable mlag port 48 peer "TR-690" id 3 Conf of TR-690:

# # Module vrrp configuration. # create vrrp vlan VLAN_0099 vrid 100 create vrrp vlan VLAN_0095 vrid 100 create vrrp vlan VLAN_0100 vrid 100 create vrrp vlan VLAN_0101 vrid 100 create vrrp vlan VLAN_0103 vrid 100 create vrrp vlan VLAN_0105 vrid 100 create vrrp vlan VLAN_0106 vrid 100 create vrrp vlan VLAN_0210 vrid 100 create vrrp vlan VLAN_0114 vrid 100 configure vrrp vlan VLAN_0099 vrid 100 add 192.168.99.254 configure vrrp vlan VLAN_0095 vrid 100 add 192.168.95.254 configure vrrp vlan VLAN_0100 vrid 100 add 192.168.100.254 configure vrrp vlan VLAN_0101 vrid 100 add 192.168.102.254 configure vrrp vlan VLAN_0101 vrid 100 add 192.168.101.254 configure vrrp vlan VLAN_0103 vrid 100 add 192.168.104.254 configure vrrp vlan VLAN_0103 vrid 100 add 192.168.103.254 configure vrrp vlan VLAN_0105 vrid 100 add 192.168.105.254 configure vrrp vlan VLAN_0106 vrid 100 add 192.168.106.254 configure vrrp vlan VLAN_0210 vrid 100 add 192.168.210.254 configure vrrp vlan VLAN_0114 vrid 100 add 192.168.114.254 enable vrrp vlan VLAN_0099 vrid 100 enable vrrp vlan VLAN_0095 vrid 100 enable vrrp vlan VLAN_0100 vrid 100 enable vrrp vlan VLAN_0101 vrid 100 enable vrrp vlan VLAN_0103 vrid 100 enable vrrp vlan VLAN_0105 vrid 100 enable vrrp vlan VLAN_0106 vrid 100 enable vrrp vlan VLAN_0210 vrid 100 enable vrrp vlan VLAN_0114 vrid 100 # # Module vsm configuration. # create mlag peer "HQ-690" configure mlag peer "HQ-690" ipaddress 172.16.0.1 vr VR-Default enable mlag port 11 peer "HQ-690" id 6 enable mlag port 12 peer "HQ-690" id 7 enable mlag port 22 peer "HQ-690" id 2 enable mlag port 23 peer "HQ-690" id 5 enable mlag port 31 peer "HQ-690" id 1 enable mlag port 47 peer "HQ-690" id 4 enable mlag port 48 peer "HQ-690" id 3
17 REPLIES 17

Hence one of your x870 should be the EAPS Master with blocking port, not the x690 - assuming that you have no MLAG configuration on the x870s?
Yes, i have no MLAG configuration on X870 switches at all.
I will try to divide EAPS and MLAG in different physical links.

What I remember is that the EAPS Master cannot / must not be a Switch with MLAG enabled:

"MLAG ports cannot be configured to be EAPS ring ports. Configuration of the ISC port as an EAPS blocked port is disallowed."

https://documentation.extremenetworks.com/exos_22.2/exos_21_1/slots_and_ports/r_limitations-and-requ...

Hence one of your x870 should be the EAPS Master with blocking port, not the x690 - assuming that you have no MLAG configuration on the x870s?

See also this thread:
https://community.extremenetworks.com/extreme/topics/eaps_and_mlag

I don't have enough experience with EAPS to tell if this could be the source of your issues, but it should be worth to get it sorted anyway.

cbuchenau
Contributor
First thoughts that come to my mind:

It looks like you are running and EAPS ring as well. The EAPS master switch with blocking port cannot be an MLAG peer as well, see also this thread: https://community.extremenetworks.com/extreme/topics/eaps_and_mlag
Your ISC should always be redundant, so ideally a sharing group over 2 ports with LACP enabled. Not relevant for your issue, but important for your overall design.
What are HV0 and HV1 (servers?), and how are they connected with the "brown" link to the x690 (port 65) and the x870? Is this supposed to be another LAG / MLAG??
Where is your upstream connectivity connected to, and how?

Overall... I don't get your design with the 2 x870 and the 2 x690, what their roles are and how they are connected and why. What exactly do you want to achieve? At the moment it looks like you have added several redundancy concepts just because, adding way too much complexity.

Main idea of double X870 is to transport lossless traffic between servers HV01 and HV02. They connected to X870 with 100G DAC-cables. This way has 3 VLANs for HV01 and HV02. Another link from HV01 and HV02 to 65 ports is 100G DAC-cables too. This is alternative way in situation of link failure between X870 switches. I am using EAPS only for those 3 VLANs, in EAPS ring link between X690 and X870 in HQ is blocked, so link between X690 switches is always up. Another links from HV01 and HV02 to X690 (47,48 ports) are in MLAG and used for user access to VMs on servers.

HQ and TR is different buildings, so it a little expensive to have 2 ports in LAG between X690 switches.

Frank
Contributor
But if I understand correctly, when you group ports on HP switches (or basically anything non-Extreme), you're running LACP.
If I see this right, then there's no LACP configured on the Extreme 690s at all.
I would think it "works" because it's not properly configured on the Extreme side and basically you're only using one link (the one where telnet works), the other link gives issues because it would want to play LACP but can't.

But I have to admit that at this point (why does it work?), I'm mostly guessing. Maybe someone with deeper understanding on the interactions of HP and Extreme will pop up in the thread with a better explanation. As it's all in production and everything works right now, I'd wait for a guru to put in his/her two cents. Especially with tips on how to fix things properly while everything's running...

If nobody shows up, you might have to open a case - those guys would know for sure!
GTM-P2G8KFN