Arista Essentials

Multi Chassis Link Aggregation (MLAG)

MLAG Operation
Peer Link
• 2 types of peerlink traffic
• Coordination – Keepalives, L2 information between 2 switches
• Data – For single attached hosts or during a failed state
Leaf-01#sh mlag detail
MLAG Configuration:
domain-id : mlagZurien
local-interface : Vlan4094
peer-address : 10.100.100.2
peer-link : Port-Channel1000
MLAG Operation
Election
• Negotiate primary and secondary status
• Participating switch advertises MLAG System ID (MSI) which is the local MAC Address
• Lowest MAC Address becomes the primary

STP
• Primary MLAG Peer – STP agent is active
• Primary MLAG Peer – responsible for sending and processing STP BPDUs and STP calculations of port on both MLAG peers
• Secondary MLAG Peer – STP agent is inactive
• Secondary MLAG Peer – has complete knowledge of STP device and port status
MLAG Operation
LACP and IGMP
• Both MLAG peers has an active LACP and IGMP
• Sends LACPDUs with the same system-ID / MSI
• Status of any LAG port is synchronized over peer link
• End result is the MLAG pair appears as single switch and both pairs handles LACP, IGMP and multicast streams
Student-03#sh mlag interfaces
local/remote
mlag desc state local remote status
---------- ---------- ----------------- ----------- ------------ ------------
999 active-full Po999 Po999 up/up

Student-03#sh int p999 | grep -A 4 Active

Active members in this channel: 4
... Ethernet21 , Full-duplex, 10Gb/s
... Ethernet22 , Full-duplex, 10Gb/s
... PeerEthernet21 , Full-duplex, 10Gb/s
... PeerEthernet22 , Full-duplex, 10Gb/s
MLAG Stateful Switchover (SSO)
MLAG SSO Concepts
• can sustain failure of one MGLAG peer switch with minimal impact on layer 2 protocols and traffic forwarding plane
• Failure scenarios includes Hardware and Scheduled rebooting
• Both devices must be running equal software levels, SSO doesn’t cover software upgrade on an MLAG peer.
• First introduced in the 4.7.3 EOS software release.

Secondary MLAG Peer

• STP again is inactive but maintains a real-time synchronized STP table with the primary peer.
• Has full knowledge of STP status within an MLAG domain
• Secondary immediately becomes active when primary fails or reloads (no need for STP recalculation)
• STP – continue sending negotiated MAC address / MSI
• LACP – continue sending LACPD with the same System-ID /MSI
• IGMP – retain its own local group table but flush peer link entries
MLAG Stateful Switchover (SSO)
Failure and Failback
• When primary (Leaf-01) fails or reload, the secondary (Leaf-02) becomes thew new primary
• When the old primary (Leaf-01) comes back up, new primary (Leaf-02) stays primary
• MLAG session is re-stablished when MLAG peer comes backup

Reload-delay timer
• When MLAG peer switch comes back up, primary switch MLAG/LACP interface are placed in temporary errdisabled state
• Interval that non-peer links are disabled after an MLAG peer reboots, default value is 300 seconds
• When it expires, primary continues to run active STP again

Split Brain
• Both MLAG peer becomes primary when all link fails
• old secondary will begin transmitting BPDU using negotiated MSI
• Spilt brain scenario should be avoided if possible
MLAG Configuration

Steps VLAN Configuration Requirement

1. Configure a VLAN used for MLAG peer communications • create VLAN X
assign trunk group to VLAN X
2. Create a port channel for your peer link •
• create SVI for VLAN X
3. Set port channel to trunk mode
• disable STP for VLAN X
4. Assign trunk group to port channel
5. Configure MLAG interface
• Create Port Channel on Participating Interface of both Switches
• Add MLAG ID on created Port Channel Interface

6. Enter MLAG configuration mode

• assign VLAN 4049
• Add peer IP address
• Add peer-link port channel ID
• Create MLAG domain-id
• Optional: Configure heartbeat
• Optional: Configure reload-delay
MLAG Configuration

e23 e23

Spine-01 e24 e24 Spine-02

e1 e2 e1 e2

e21 e22 e21 e22

e23 e23

Leaf-01 e24 e24 Leaf-02

MLAG Configuration
Verification
1. Verify MLAG Status
Leaf-01# show mlag

2. Use Sanity check for configuration inconsistencies

Leaf-01# show mlag config-sanity

3. Verify MLAG interface

Leaf-01# show mlag interface

4. Verify MLAG Port Channel

Leaf-01# show port-channel 3
MLAG In-Service Software Upgrade (ISSU)
Benefits
• Automatically checks if EOS version is compatible with the current running EOS version
• Allows MLGAG to functions between two different (but compatible) software versions
Leaf-01#show mlag issu warnings

If you are performing an upgrade, and the Release Notes for the new version of EOS indicate

that MLAG is not backwards-compatible with the currently installed version (4.13.1F), the

upgrade will result in packet loss.

EOS upgrade Procedure

• Load EOS image to flash
• Change boot-config file
• Reload
MLAG In-Service Software Upgrade (ISSU)
Other Commands
Leaf-01#sh mlag issu compatibility flash:EOS-4.12.1.swi

/mnt/flash/EOS-4.12.1.swi (4.12.1) is MLAG ISSU incompatible with thecurrentimage(4.15.2F).

A reboot with this image may cause packet loss. Please consult the release notes

to find a compatible image. The new image is compatible with these releases, which may also

be compatible with the current version:

EOS-4.12.10
MLAG In-Service Software Upgrade (ISSU)
Other Commands
PeerB#reload

If you are performing an upgrade, and the Release Notes for the new version of EOS indicate
that MLAG is not backwards-compatible with the currently installed version (4.9.2), the
upgrade will result in packet loss.

The following MLAGs are not in Active mode. Traffic to or from these ports will be lost
during the upgrade process.

mlag desc state local remote status

---------- ---------- ----------------- ----------- ------------ ------------

10 active-partial Po10 Po10 up/down

Stp is not restartable. Topology changes will occur during the upgrade process.

The configured reload delay of 120 seconds is below the default value of 300 seconds. A
longer reload delay allows more time to rollback an unsuccessful upgrade due to
incompatibility.

The other MLAG peer has errdisabled interfaces. Traffic loss will occur during the upgrade
process.

Proceed with reload? [confirm]

MLAG In-Service Software Upgrade (ISSU)
MLAG ISSU Negotiation Status

Status Definition
Connecting MLAG is trying to contact the peer
In negotiation MLAG is actively negotiating with the peer
Domain mismatch MLAG has detected a domain-id mismatch with the peer
Invalid peer MLAG has detected an invalid peer (e.g. peer is trying to form MLAG
with a third switch)
Version incompatible MLAG has detected a version incompatibility with the peer
Connected MLAG has successfully negotiated with peer
MLAG and Virtual ARP (VARP)
What is VARP?
• First Hop Redundancy Protocol
• Active/active default gateway redundancy protocol
• Both switches in MLAG pair are configured for the same virtual gateway IP and MAC
• Both switch appears as a single default gateway

Why VARP?
• Beneficial when Switches are the default gateway
• Without MLAG it A/S, becomes A/A in combination with MLAG
• no data traffic traverses the peerlink in steady state
• Simpler traffic patterns and simpler bandwidth management
MLAG and Virtual ARP (VARP)
Configuration
1. Configure SVI with a unique IP address per switch
Leaf-01(config)# int vlan 100
Leaf-01(config-if-Vl100)# ip add 10.10.1.1/24

2. Configure Virtual Router IP address on both switches

Leaf-01(config-if-Vl100)# ip virtual-router address 10.10.1.254
Leaf-01(config-if-Vl100)# exit

3. Configure Virtual MAC address on both switches

Leaf-01(config)# ip virtual-router mac-address 001c.7300.0099

4. Configure the Virtual MAC address

Leaf-01(config)# sh ip virtual-router
IP virtual router is configured with MAC address: 001c.7300.0099
MAC address advertisement interval: 30 seconds
Interface IP Address Virtual IP Address Status Protocol
Vlan100 10.100.1.1/24 10.100.1.254 up up
Python for Network Engineer
Course Introduction