Wired Intelligent Edge

 View Only
Expand all | Collapse all

VSX active-gateway and MCLAG question

This thread has been viewed 68 times
  • 1.  VSX active-gateway and MCLAG question

    Posted Mar 18, 2022 11:21 AM
      |   view attached
    It has taken awhile to get some of the equipment so I am starting to actually configure things now. All I have are the 8320 Series switches.

    I have them configured with VSX, OSPF and each switch is running dhcp-server. The blue cable is the keepalive. The two red connecting
    the Upper and Lower are the VSX Links. All others are the OSPF links. As of how it is configured now, I am able to ping everything
    and my VSX status is showing up, established, operational and in-sync. As far as I can tell, I feel like I have everything configured
    correclty. My issue is I am not very familiar with VSX and have been trying to learn more from documentation, but I still have some
    questions that I am not sure about...

    1) I will need to configured the two links between the two clusters and each 8320 in each cluster as an MCLAG I believe, but the connection from each cluster going
    to SW3 and SW5 I can keep as a regular uplink?

    2) With using dhcp-server on the 8320 switches, each SVI needs to be configured as the active-gateway on each switch?

    ------------------------------
    rford1219
    ------------------------------


  • 2.  RE: VSX active-gateway and MCLAG question

    Posted Mar 19, 2022 11:47 AM
    Hi,

    First thing: given the network topology drawing you posted your're going to create a loop (VSX Cluster SW1 Top/Bottom + VSX Cluster SW2 Top/Bottom both linked to VSF made of SW3, SW4 and SW5).

    Second thing: I don't understand what is the meaning of those "MLAG" links between each VSX Member (See, as example, SW1-UPPER to SW1-LOWER MCLAG on the left, the very same can be seen on the other VSX Cluster): Once a VSX is formed (VSX ISL + VSX Keepalive links) you DON'T want to interlink VSX Members together with anything.

    ------------------------------
    Davide Poletto
    ------------------------------



  • 3.  RE: VSX active-gateway and MCLAG question

    Posted Mar 21, 2022 05:28 AM
    I would agree that these 2 very first questions are important.

    ------------------------------
    Vincent Giles
    ------------------------------



  • 4.  RE: VSX active-gateway and MCLAG question

    Posted Mar 22, 2022 04:16 PM
    I removed the link between the two members on each cluster. I think I am getting the MCLAG and VSX LAG confused....I think I understand now, the links between the two clusters needs to be a LAG link. If it is between a cluster and regular switch, it does not need to be a LAG.

    I am using OSPF and the link between each device is using a /30 subnet. I am trying to have a similar configuration like the post below with 2 VSX Clusters connected to each other. Interconnect 2 ArubaOS-CX VSX clusters with LACP | Wired Intelligent Edge (arubanetworks.com) and Aruba CX VSX Connection between two pair of VSX cluster | Wired Intelligent Edge (arubanetworks.com)

    ------------------------------
    rford1219
    ------------------------------



  • 5.  RE: VSX active-gateway and MCLAG question

    Posted Mar 23, 2022 04:04 AM
    Edited by parnassus Mar 23, 2022 10:02 AM
    Hi!

    "I removed the link between the two members on each cluster."

    That's a good thing.

    "I think I understand now, the links between the two clusters needs to be a LAG link."

    On the contrary, the links between the two VSX Clusters need to be part of VSX LAGs (Grammar: VSX LAG = Multi-Chassis LAG) so each VSX Member of the VSX Cluster has a physical link to any other VSX member of the peer VSX Cluster.

    The first link you referenced points to a scenario where you have just 2 physical links between VSX Clusters...but, really, the best practice reports - and it's quite easy to understand why - that you 4 physical links are needed, so - just as an example - the whole interconnection between the two VSX Clusters should appear like a full mesh to have full resiliency and redundancy:

    • Site 1 VSX-1 (VSX LAG 1) port 1/1/1 <--> port 1/1/1 (VSX LAG 1) VSX-1 Site 2
    • Site 1 VSX-1 (VSX LAG 1) port 1/1/2 <--> port 1/1/1 (VSX LAG 1) VSX-2 Site 2
    • Site 1 VSX-2 (VSX LAG 1) port 1/1/1 <--> port 1/1/2 (VSX LAG 1) VSX-1 Site 2
    • Site 1 VSX-2 (VSX LAG 1) port 1/1/2 <--> port 1/1/2 (VSX LAG 1) VSX-2 Site 2
    and VSX LAG 1 on VSX Cluster on Site 1 is made of 1/1/1 + 1/1/2 on VSX-1 and 1/1/1 + 1/1/2 on VSX-2 while VSX LAG 1 on VSX Cluster on Site 2 is made of 1/1/1 + 1/1/2 on VSX-1 and 1/1/1 + 1/1/2 on VSX-2. As you see you can also change the order of connectivity between VSX Cluster but the important thing is that, on each Site, the VSX Cluster of that site has a 4 ports VSX LAG (2 ports on 1st VSX member and 2 ports on 2nd VSX member).


    "If it is between a cluster and regular switch, it does not need to be a LAG."

    On the contrary, it needs to be a VSX LAG (VSX Cluster side) and a LAG (standalone/cluster peer switch side). And, as a best practice, any LAG (VSX or not) should use LACP. The same between a VSX Cluster and a physical server connected to both VSX Cluster's members.

    Clearly if you're trying to interconnect your two VSX Clusters each others "back-to-back" have a look at VSX Configuration Guide various examples (here).


    ------------------------------
    Davide Poletto
    ------------------------------



  • 6.  RE: VSX active-gateway and MCLAG question

    Posted Mar 25, 2022 07:39 PM
    I made some changes and made it more of a mesh. 

    I did have a question about my configurations for the Multi Chassis LAGs. This is the configuration I am using:

    On SW1-UPPER
    interface lag 1 multi-chassis
    vsx-sync vlans
    description SW1-UPPER <--> SW2-LOWER
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed all
    lacp mode active

    interface 1/1/45
    no shutdown
    lag 1

    On SW2-LOWER:
    interface lag 1 multi-chassis
    description SW1-UPPER <--> SW2-LOWER
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed all
    lacp mode active

    interface 1/1/45
    No shutdown
    lag 1

    I know I will need to go back and prune the VLANs instead of allowing all, but I have noticed the LAGs are showing enabled/ status blocked and speed auto when I issue the show interface lag br and when I do the show interface lag # the aggregate shows down, admin state up and state information : disabled by LACP or LAG.

    I am using fiber to ethernet transceivers on the ​JL581A to connect to the Jl479A. The transceivers are only 1G. I found a post from awhile back that mentioned that it would be best to force the links to use 1G instead of auto negotiate. I am going to do this, but was wondering if the configs look correct that I am using?

    Side note, thank you for all the help, for some reason I am having trouble grasping all the VSX features and configs (A blonde moment you could say)...

    ------------------------------
    rford1219
    ------------------------------



  • 7.  RE: VSX active-gateway and MCLAG question

    Posted Mar 27, 2022 07:12 PM
    Hi, configuration apart (we can discuss it further once clarified few things)...so you have a JL479A VSX (Top) and a JL581A VSX (Bottom), interconnected together through a VSX LAG (on each end) with involved - say - a minimum of 2 interfaces per VSX Cluster or a maximum of 4 interfaces per VSX Cluster (in case of full-mesh).

    What types of supported Transceivers are you using on each end if you're playing with 1G (so we have to consider that you're going to end up with a minimum of 2x1G or, at best, with a maximum of 4x1G)?

    ------------------------------
    Davide Poletto
    ------------------------------



  • 8.  RE: VSX active-gateway and MCLAG question

    Posted Mar 28, 2022 12:57 PM
    A coworker requested I change it, It is now two JL581A in one VSX Cluster and two JL479A in the other cluster...


    The transceivers are only on the JL479A. I was going to use 10G Media Converters, but was got J8177D transceivers (Fiber to Ethernet). I found an example of the VSX setup on page 52 in the VSX Best Practices that I am using.


    ------------------------------
    rford1219
    ------------------------------



  • 9.  RE: VSX active-gateway and MCLAG question

    Posted Mar 28, 2022 03:51 PM
    What your coworker suggested is pretty counter-intuitive (but supported): is unusual to see a VSX Cluster formed by members of the same Switch Series with different SKUs (e.g. JL479A+JL581A), you should have good reasons to do so.

    Anyway I still don't understand why there are so many links (yellow ones and red ones) between VSX Cluster on the left and VSX Cluster on the right...the four yellow links should be enough provided that they are all fully compliant with typical LAG requirements (AFAIK same speed, same media type and same duplex mode).





  • 10.  RE: VSX active-gateway and MCLAG question

    Posted Mar 28, 2022 04:23 PM
    I agree, I had 1/1, but unfortunately I am a little lower on the ladder...

    The red links are Point to Point L3 links. I left them from when I was playing with it awhile back trying somethin with OSPF...

    The two yellow links on 1/1/50 and 1/1/53 are the ISL links between the members on the cluster. 

    The other yellow links are the ones for the mesh LAG links.

    I was looking at some of my configs, if I am starting to get it, the connections between VSX Clusters should be VSX LAGs (I think the way I did it was different and is more for a VSX Cluster to Non-VSX Cluster...) and the connection between VSX CLuster and Non-VSX Cluster is VSX LAG on Cluster side and normal LAG on NON-Cluster side...

    ------------------------------
    rford1219
    ------------------------------



  • 11.  RE: VSX active-gateway and MCLAG question

    Posted Apr 03, 2022 07:44 PM
    Hello,

    "I was looking at some of my configs, if I am starting to get it, the connections between VSX Clusters should be VSX LAGs (I think the way I did it was different and is more for a VSX Cluster to Non-VSX Cluster...) and the connection between VSX CLuster and Non-VSX Cluster is VSX LAG on Cluster side and normal LAG on NON-Cluster side..."

    Basically correct.


    ------------------------------
    Davide Poletto
    ------------------------------