CCIE 400-101: Layer 2 Technologies - LACP, PAgP, manual, load balancing, EtherChannel misconfiguration guard

on

Overview

  • EtherChannel allows multiple physical links to combine into one logical channel. 
  • This allows load sharing of traffic among the links in the channel as well as redundancy in the event that one or more links in the channel fail. 
  • Each EtherChannel can consist of up to eight compatibly configured Ethernet ports.
  • The following settings must be identical for all EtherChannel member ports :
    • Speed settings
    • Duplex settings
    • STP settings
    • VLAN membership (for access ports)
    • Native VLAN (for trunk ports)
    • Allowed VLANs (for trunk ports)
    • Trunking encapsulation protocol (for trunk ports) 
  • When an EtherChannel is configured in either PAgP or LACP mode, the system negotiates with the other end of the channel to determine which ports should become active. If the remote port cannot negotiate an EtherChannel, the local port is put into an independent state and continues to carry data traffic as would any other single link. 
  • When an EtherChannel is in the on mode, no negotiations take place. The switch forces all compatible ports to become active in the EtherChannel. 
  • After an EtherChannel is configured, the physical ports assigned to the port-channel inherit configuration changes applied to the port-channel. 
  • Configuration changes applied to the physical port affect only the port where you apply the configuration.

PAgP

  • PAgP is a Cisco-proprietary protocol. 
  • PAgP has two modes: auto and desirable. 
  • auto: Places a port into a passive negotiating state, in which the port responds to PAgP packets it receives but does not start PAgP packet negotiation. 
  • desirable: Places a port into an active negotiating state, in which the port starts negotiations with other ports by sending PAgP packets. 
  • A port in the auto mode cannot form an EtherChannel with another port that is also in the auto mode because neither port starts PAgP negotiation.
  • The PAgP silent/non-silent submode is a complete mystery. The documentation says that silent mode should be used for connections to servers that do not support PAgP. This silent mode would allow the channel to form without receiving any PAgP packets from the other side. This does not make any sense! How can a channel be negotiated if the other device does not speak PAgP? The documentation further states that if not specified, silent mode is assumed. In that case, auto and auto should be able to form an EtherChannel (not tested). 
  • Trunk ports send and receive PAgP protocol data units (PDUs) on the lowest numbered VLAN.  
  • In Layer 2 EtherChannels, the first port in the channel that comes up provides its MAC address to the EtherChannel. If this port is removed from the bundle, one of the remaining ports in the bundle provides its MAC address to the EtherChannel. 
  • For Layer 3 EtherChannels, the MAC address is allocated by the stack master as soon as the interface is created. 
  • Configure: channel-group number mode [auto | desirable]

LACP

  • LACP is the standards-based equivalent of PAgP, defined in IEEE 802.3ad. 
  • Two modes: active and passive. 
  • active: Places a port into an active negotiating state in which the port starts negotiations with other ports by sending LACP packets. 
  • passive: Places a port into a passive negotiating state in which the port responds to LACP packets that it receives, but does not start LACP packet negotiation. This setting minimizes the transmission of LACP packets. 
  • Ports can form an EtherChannel when they are in different LACP modes as long as the modes are compatible.
    • active and active/passive will form an EtherChannel 
    • passive and passive will not because neither port starts LACP negotiation. 
  • Configure a LACP EtherChannel with up to16 Ethernet ports of the same type. Up to eight ports can be active, and up to eight ports can be in standby mode. 
  • If you configure more than eight links for an EtherChannel group, the software automatically decides which of the hot-standby ports to make active.  
  • Four elements affect this decision:
    • LACP system priority
    • System ID (the switch MAC address)
    • LACP port priority
    • Port number 
  • Numerically lower values have higher priority. 
  • Determining which ports are active and which are hot standby is a two-step procedure. 
    • First, the system looks at the system priority and system ID to choose a "master" switch. 
    • Second, active and standby ports are decided based on the "master's" port priority and port number values. 
    • The port priority and port number of the other switch are not used.
  • Configure: channel-group number mode [active | passive]

Manual

  • EtherChannel on mode can be used to manually configure an EtherChannel.
  • The on mode forces a port to join an EtherChannel without negotiations.
  • Useful if the remote device does not support PAgP or LACP.
  • Caution: If the group is misconfigured, packet loss or spanning-tree loops can occur.
  • Configure: channel-group number mode on.

Layer 2, Layer 3

  • The main difference between configuring a Layer 2 or Layer 3 EtherChannel is using the no switchport command to change the interfaces from Layer 2 to Layer 3 mode.
  • In Layer 3 EtherChannels, the IP address is configured under the logical port-channel interface.

Example:

-- Layer 2 --

interface range fa0/13 - 15
 switchport mode access
 switchport access vlan 10
 channel-group 1 mode active

S1# show etherchannel summary
Flags:  D - down        P - bundled in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      f - failed to allocate aggregator

M - not in use, minimum links not met
        u - unsuitable for bundling
        w - waiting to be aggregated
        d - default port

Number of channel-groups in use: 1
Number of aggregators:           1

Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
1      Po1(SU)         LACP      Fa0/13(P)   Fa0/14(P)   Fa0/15(P)


-- Layer 3 --

interface range fa0/13 - 15
 no switchport
 channel-group 1 mode active

interface Po1
 ip address 192.168.100.1 255.255.255.0
 no shutdown

S1# show etherchannel summary
Flags:  D - down        P - bundled in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      f - failed to allocate aggregator

M - not in use, minimum links not met
        u - unsuitable for bundling
        w - waiting to be aggregated
        d - default port

Number of channel-groups in use: 1
Number of aggregators:           1

Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
1      Po1(RU)         LACP      Fa0/13(P)   Fa0/14(P)   Fa0/15(P)


Load Balancing

  • EtherChannel frame distribution uses a Cisco-proprietary hashing algorithm.
  • The algorithm is deterministic; if you use the same addresses and session information, you always hash to the same port in the channel.
  • This method prevents out-of-order packet delivery.
  • The Cisco-proprietary hash algorithm computes a value in the range 0 to 7.
  • With this value as a basis, a particular port in the EtherChannel is chosen.
  • This table lists the ratios of the values that each port accepts, which depends on the number of ports in the EtherChannel: 

  • Hence, in essence, you can only achieve perfect load balancing, even with random addresses, if you have two, four, or eight ports in the port channel.
  • EtherChannel load balancing can use MAC addresses, IP addresses, or Layer 4 port numbers and either source mode, destination mode, or both.
  • The mode you select applies to all EtherChannels that you configure on the switch.
  • Use the option that provides the greatest variety in your configuration.
  • Issue the port-channel load-balance {src-mac | dst-mac | src-dst-mac | src-ip | dst-ip | src-dst-ip | src-port | dst-port | src-dst-port | mpls} global configuration command in order to configure the load balancing.

EtherChannel Misconfiguration Guard

  • A misconfiguration can occur if the interfaces on the local switch are configured in an EtherChannel, but the interfaces on the other device are not.
  • The misconfiguration is detected by comparing the source MAC address of the incoming BPDUs.
  • If the switch sees different source MAC addresses (correctly bundled ports share a common MAC address), the ports are put in the err-disabled state and an error message is logged.
  • Use the spanning-tree etherchannel guard misconfig command to enable the feature (enabled by default).

Documentation

Configuring EtherChannels
Understanding EtherChannel Load Balancing and Redundancy on Catalyst Switches
EtherChannel Considerations

Comments

Post a Comment