ArubaOS-CX 10.01 VSX: VLAN vsx-sync weirdness
09-05-2018 04:15 AM - last edited on 12-28-2018 02:56 PM by nerdblurt
On two Aruba 8320 VSX (ArubaOS-CX 10.01.0011) I'm noticing this oddity:
I started from this VSX LAG configuration for my lag1:
interface lag 1 multi-chassis vsx-sync vlans description 8320-1-VSX-LAG-TSM no shutdown no routing vlan trunk native 20 vlan trunk allowed 20 lacp mode active loop-protect loop-protect vlan 20
to this configuration:
interface lag 1 multi-chassis vsx-sync vlans description 8320-1-VSX-LAG-TSM no shutdown no routing vlan trunk native 1 vlan trunk allowed 1,20,30,40 lacp mode active loop-protect loop-protect vlan 1,20,30,40
by executing - at level of interface lag 1 - these commands:
vlan trunk native 1 vlan trunk allowed 1,20,30,40 loop-protect vlan 1,20,30,40
this to change, respectively, native VLAN from 20 to 1, allowed VLANs from 20 only to 1, 20, 30 and 40 and finally loop-protect from 20 only to 1, 20, 30 and 40.
The strangeness is that - since vsx-sync is enabled on lag1 interface, I expected to see the same exact configuration (description apart) on Secondary VSX node...BUT what I see is currently this:
interface lag 1 multi-chassis vsx-sync vlans description 8320-2-VSX-LAG-TSM no shutdown no routing vlan trunk native 1 vlan trunk allowed 20,30,40 lacp mode active loop-protect
What worries me is not the absence of loop-protect with specified VLANs (that one is going to be added manually since it is not a synced status)...what worries me really is the fact I see this row:
vlan trunk allowed 20,30,40
and not the one I expect:
vlan trunk allowed 1,20,30,40
Is there a reason to not see 1 as VLAN ID allowed explicitly for the lag 1 interface on trunk mode?
This make me think both nodes - from the point of view of VLANs - are not totally synched even if synchronization seems to have happened (vsx status looks good to me):
Aruba-8320-1(config-lag-if)# do show vsx status VSX Operational State --------------------- ISL channel : In-Sync ISL mgmt channel : operational Config Sync Status : in-sync NAE : peer_reachable HTTPS Server : peer_reachable Attribute Local Peer ------------ -------- -------- ISL link lag128 lag128 ISL version 2 2 System MAC d0:67:26:xx:xx:xx d0:67:26:yy:yy:yy Platform 8320 8320 Software Version TL.10.01.0011 TL.10.01.0011 Device Role primary secondary
The fact is that there is a big difference on Secondary Aruba 8320 (8320-2) if VLAN 1 is not allowed in trunk mode as it is instructed to happen on Primary Aruba 8320 (8320-1)...untagged traffic will be dropped on lag1 on Secondary. Isn't it?
Is this a bug?
Or this behaviour could be related that I didn't added vsx-sync to VLAN 1 (I added vsx-sync only to VLAN 20, 30 and 40)? if so...should I add the vsx-sync option also to VLAN 1?
Re: ArubaOS-CX 10.01 VSX: VLAN vsx-sync weirdness
09-05-2018 05:09 AM
Probably I give myself the answer:
The vsx-sync option is needed also (clearly) also on VLAN 1...otherwise the vlan trunk allowed option will not be synchronized on Secondary if the specified VLAN Id is 1.
What is strange is that vlan trunk native option was correctly synched changing from vlan trunk native 20 to vlan trunk native 1...so I'm asking why vlan trunk allowed 20 didn't changed to vlan trunk allowed 1,20,30,40 instead of only vlan trunk allowed 20,30,40?
Is it really an issue related to vsx-sync feature missing on VLAN 1?
If so it looks it affects vlan trunk allowed option and not the vlan trunk native option as well.