Stacking switches Part - VI (Dell OS10 VLT - Virtual Link Trunking)
In this blog I will configure MLAG (multi chassis link aggregation) for Dell OS10 switches. As every other vendor choses a fancy name of their implementation of MLAG; Dell is no exception to this. Dell calls their implementation VLT - Virtual Link Trunking.
- Two Dell OS10 switches will run peering between them and will run VLT/MLAG between them.
- Two Debian 10 linux machine will be connected with LACP bonding with both switches. They will simulate the client connection.
Our topology looks like below -
01 - Dell OS10 VLT Topology
- VLT peer – The two switches participating in VLT are peer to each other. In a VLT domain a maximum of two switches are allowed.
- VLT interconnect (VLTi) – VLTi synchronizes state information between VLT peers. It synchronizes layer 2 and layer 3 control-plane information. These state/control-plane information includes MAC table, ARP table, IPv6 neighbors etc.
- VLT backup link – A heartbeat link to send keep-alive messages between two VLT peer switches. This backup link is used to identify switch state when VLTi link fails. It is recommended to use the OOB-Mgmt interface as backup link.
- VLT port-channel - This is the port-channel interface that spans between two VLT peers. This is the aggregation interface where the end-devices are connected to the switch.
- VLT node priority - Based on the priority; primary and secondary VLT nodes are selected. Without explicit configuration of priority; the switch with lowest MAC address is selected as the primary VLT node.
- VLT MAC address - A unique MAC address that is assigned to the VLT domain. The same MAC address is used by all the VLT peers. When not configured, the primary peer's MAC adress is used by both peers. It is recommended to manually set VLT MAC address to avoid traffic disruption in case of primary/secondary failover in VLT domain.
- VLT domain – The domain is the placeholder for all the features above. It includes peers, interconnects, port-channels in the VLT.
Now is the time to leave the theory and start doing the actual configuration.
VLT Configuration
In our topology -
- VLT interconnect (VLTi) - are interfaces eth 1/1/14 and eth 1/1/15 in both switches.
- VLT backup link - is OOB-Mgmt interface; mgmt 1/1/1 in both switches. We are directly connecting them over 10.1.1.0/24 network for simplicity. In production, it depends on how one is implementing their MGMT network.
- VLT port-channel - We will create two VLT port-channels (MLAGs) which will carry VLAN 101 (Server-Vlan) in access mode. We will have two Debian Linux servers connected with those port-channels with IP address 192.168.101.5/24 (Srv-01) and 192.168.101.6/24 (Srv-02).
SW-VLT-01 (Primary) Configuration
!!! Configure OOB-Mgmt interface
interface mgmt1/1/1
no shutdown
!!! Configure IP address for mgmt
ip address 10.1.1.1/24
!!! Configure VLTi interfaces
interface ethernet1/1/14
no shutdown
!!! VLTi interfaces must be layer 3 port
no switchport
!
interface ethernet1/1/15
no shutdown
!!! VLTi interfaces must be layer 3 port
no switchport
!!! VLT domain configuration.
!!! Domain-Id is 1 which must be same in both switches.
vlt-domain 1
!!! Remote VLT peer IP adress for VLT backup interface
backup destination 10.1.1.2
!!! VLTi interfaces configured for VLT synchronization
discovery-interface ethernet1/1/14-1/1/15
!!! Actively selecting this switch as primary by setting lowest priority
primary-priority 1
!!! Setting a vlt-mac adress to avoid traffic disruption during VLT failover.
!!! Same mac-address is used in both peers; we just use a unique mac-address.
!!! Optional but recommended step.
vlt-mac 30:c8:fd:52:cd:82
SW-VLT-02 (Secondary) Configuration
interface mgmt1/1/1
no shutdown
no ip address dhcp
ip address 10.1.1.2/24
interface ethernet1/1/14
no shutdown
no switchport
!
interface ethernet1/1/15
no shutdown
no switchport
vlt-domain 1
backup destination 10.1.1.1
discovery-interface ethernet1/1/14-1/1/15
!!! Actively selecting this switch as secondary by setting higher priority
primary-priority 10
!!! Using the same mac-address for vlt-mac
vlt-mac 30:c8:fd:52:cd:82
At this stage; our switches should form VLT-Peer relationship with each other. We can verify using commands below that our VLT-domain is now operational.
SW-VLT-01# show vlt 1
Domain ID : 1
Unit ID : 1
Role : primary
Version : 3.1
Local System MAC address : 50:23:33:00:0b:00
Role priority : 1
VLT MAC address : 30:c8:fd:52:cd:82
IP address : fda5:74c8:b79e:1::1
Delay-Restore timer : 90 seconds
Peer-Routing : Disabled
Peer-Routing-Timeout timer : 0 seconds
Multicast peer-routing timer : 300 seconds
VLTi Link Status
port-channel1000 : up
VLT Peer Unit ID System MAC Address Status IP Address Version
------------------------------------------------------------------------------------
2 50:99:de:00:0c:00 up fda5:74c8:b79e:1::2 3.1
SW-VLT-01# show vlt 1 backup-link
VLT Backup Link
------------------------
Destination : 10.1.1.2
Peer Heartbeat status : Up
Heartbeat interval : 30
Heartbeat timeout : 90
Destination VRF : default
SW-VLT-01# show vlt 1 role
VLT Unit ID Role
------------------------
* 1 primary
2 secondary
We need to be aware of two things; upon successful VLT-peer formation; the switches creates automatically a non-configurable port-channel 1000 interface (consists of our VLTi interfaces) and vlan 4094 for VLT communication. So, port-channel 1000 and vlan 4094 is reserved and created by the switches for internal VLT communication. They are shown below -
SW-VLT-01# show port-channel summary
Flags: D - Down I - member up but inactive P - member up and active
U - Up (port-channel) F - Fallback Activated
--------------------------------------------------------------------------------
Group Port-Channel Type Protocol Member Ports
--------------------------------------------------------------------------------
1000 port-channel1000 (U) Eth STATIC 1/1/14(P) 1/1/15(P)
SW-VLT-01# show vlan
Codes: * - Default VLAN, M - Management VLAN, R - Remote Port Mirroring VLANs,
@ - Attached to Virtual Network, P - Primary, C - Community, I - Isolated
Q: A - Access (Untagged), T - Tagged
NUM Status Description Q Ports
* 1 Active A Eth1/1/1-1/1/13,1/1/16-1/1/30
A Po1000
4094 Active T Po1000
VLT port-channel configuration
The only thing left is to create VLT port-channels (MLAGs) for our two server. For Srv-01; interface eth 1/1/1 from both peer will form one VLT port-channel and for Srv-02; interface eth 1/1/2 from both peer will form another VLT port-channel.
Below configuration in exactly same for both switches. We need to configure it in both the VLT peers.
!!! Create vlan 101 in the switch.
interface vlan101
description Server-Vlan-192.168.101.0/24
no shutdown
!!! Create port-channel 5 for Srv-01.
interface port-channel5
no shutdown
!!! Assign the interface to vlan 101
switchport access vlan 101
!!! Configure the port-channel as VLT port-channel.
!!! Use the same channel identifier for both channel-interface and vlt-port- channel (here it is 5).
vlt-port-channel 5
interface port-channel6
no shutdown
switchport access vlan 101
!!! Configure the port-channel as VLT port-channel.
!!! Use the same channel identifier for both channel-interface and vlt-port- channel (here it is 6).
vlt-port-channel 6
interface ethernet1/1/1
no shutdown
!!! Assign the individual physical port to the proper channel-interface
channel-group 5 mode active
interface ethernet1/1/2
no shutdown
!!! Assign the individual physical port to the proper channel-interface
channel-group 6 mode active
Verification
At this stage both of our VLT channel-interfaces in the switches (po5 and po6) should be up and running. Let's verify it from the primary switch -
SW-VLT-01# show vlt 1 vlt-port-detail
vlt-port-channel ID : 5
VLT Unit ID Port-Channel Status Configured ports Active ports
-------------------------------------------------------------------------------
* 1 port-channel5 up 1 1
2 port-channel5 up 1 1
vlt-port-channel ID : 6
VLT Unit ID Port-Channel Status Configured ports Active ports
-------------------------------------------------------------------------------
* 1 port-channel6 up 1 1
2 port-channel6 up 1 1
SW-VLT-01# show port-channel summary
Flags: D - Down I - member up but inactive P - member up and active
U - Up (port-channel) F - Fallback Activated
--------------------------------------------------------------------------------
Group Port-Channel Type Protocol Member Ports
--------------------------------------------------------------------------------
5 port-channel5 (U) Eth DYNAMIC 1/1/1(P)
6 port-channel6 (U) Eth DYNAMIC 1/1/2(P)
1000 port-channel1000 (U) Eth STATIC 1/1/14(P) 1/1/15(P)
SW-VLT-01# show interface port-channel 5 (output truncated)
Port-channel 5 is up, line protocol is up
Address is 50:23:33:00:0b:2a, Current address is 50:23:33:00:0b:2a
Interface index is 62
Internet address is not set
Mode of IPv4 Address Assignment: not set
Interface IPv6 oper status: Disabled
MTU 1532 bytes, IP MTU 1500 bytes
LineSpeed 10M
Minimum number of links to bring Port-channel up is 1
Maximum active members that are allowed in the portchannel is 32
Members in this channel: Eth 1/1/1
Now we will do the verification from our linux server; Srv-01 -
root@Srv-01:~# cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
Bonding Mode: IEEE 802.3ad Dynamic link aggregation
Transmit Hash Policy: layer2 (0)
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0
802.3ad info
LACP rate: slow
Min links: 0
Aggregator selection policy (ad_select): stable
System priority: 65535
System MAC address: 50:eb:e6:00:0d:00
Active Aggregator Info:
Aggregator ID: 1
Number of ports: 2
Actor Key: 9
Partner Key: 5
Partner Mac Address: 30:c8:fd:52:cd:82
root@Srv-01:~# ping 192.168.101.6 (Srv-02 IP address)
PING 192.168.101.6 (192.168.101.6) 56(84) bytes of data.
64 bytes from 192.168.101.6: icmp_seq=1 ttl=64 time=1.48 ms
64 bytes from 192.168.101.6: icmp_seq=2 ttl=64 time=1.69 ms
64 bytes from 192.168.101.6: icmp_seq=3 ttl=64 time=1.36 ms
64 bytes from 192.168.101.6: icmp_seq=4 ttl=64 time=1.40 ms
In above we have verified our MLAGs (VLT port-channel) are running and operational.
If one is interested in debugging VLT activity in a switch; they can use the below command also -
SW-VLT-01# debug vlt events all
SW-VLT-01 dn_app_vlt 1819 - - Node.1-Unit.1:PRI [debug], Local role is primary
SW-VLT-01 dn_alm 1100 - - Node.1-Unit.1:PRI [event], Dell EMC (OS10) %VLT_ELECTION_ROLE: VLT unit 2 is elected as secondary
SW-VLT-01 dn_app_vlt 1819 - - Node.1-Unit.1:PRI [debug], VLAN info MAC addres publication Succeeded
SW-VLT-01 dn_app_vlt 1819 - - Node.1-Unit.1:PRI [debug], MAC addr 50:23:33:00:0b:49 to be added into CPS DB obj for vlan : 1
SW-VLT-01 dn_app_vlt 1819 - - Node.1-Unit.1:PRI [debug], VLAN info MAC addres updation Succeeded for VLAN ID : 1
SW-VLT-01 dn_app_vlt 1819 - - Node.1-Unit.1:PRI [debug], Published Neighbor info
<165>1 2021-07-13T13:28:17.911705+00:00 SW-VLT-01 dn_alm 1100 - - Node.1-Unit.1:PRI [event], Dell EMC (OS10) %VLT_HB_UP: VLT peer heartbeat link is up
References
Comments
Post a Comment