In my previous article, I talked about the basic concept of etherchannels and how they work to provide additional redundancy and bandwidth in our networks. I also talked about how to configure an always on etherchanel. In this article, I will talk about how to dynamically establish an etherchannel using LACP (Link Aggregation Control Protocol)
LACP is an industry standard etherchannel protocol that sends messages to it's neighbouring switch in order to determine if an etherchannel bundle should be established by advertising the switches port-channel capabilities. LACP also assigns roles to switches and ports. The switch with the lowest system priority (2 byte priority value and 6 byte system MAC address) is assigned the role of deciding which links are actively used in an etherchannel bundle. LACP also assigns ports a priority value (2 byte priority followed by 2 byte port number) where a lower value indicates a higher priority. The ports with the lowest priority are enabled and actively used in the LACP bundle. LACP allows for up to 16 ports to be configured in a port-channel, but only 8 can be active at any given time.
The same rules apply for LACP as with any etherchannel bundle as far as what port configuration must match in order for physical interfaces to become members of the etherchannel bundle. You can find this info in my previous article here.
When you configured LACP, there are two modes that can be configured:
- Passive: In this mode, the switch will not actively send LACP packets to try to establish an etherchannel bundle but will respond to LACP packets if one is heard on the link.
- Active: In this mode the switch will actively send LACP packets to attempt to establish an etherchannel bundle with the neighbouring switch.
To configure a switch port for LACP, use the interface subconfiguration commands channel-protocol lacp followed by channel-group <num> mode <active|passive>. The channel-protocol command provides a mechanism to prevent accidentally configuring the port to use the wrong protocol (PAgP or on). If you configure the port to use channel-protocol lacp you cannot then configure an PAgP commands on the interface.
Once again, I'm using the same 3 switch topology as before and will be configuring SW2 G1/0/3 and G1/0/4 interfaces and SW3 G1/0/2 and G1/0/3 interfaces in an etherchannel bundle using LACP.
Let's go ahead and configure interface G1/0/3 and G1/0/4 on SW2 to use the channel-protocol LACP in the channel-group 1 and we will set the mode to passive.
Notice the error stating that LACP is currently not enabled on the remote port and that the port-channel is in the suspended state? We can view that status of the port channel using the show command show etherchannel summary.
To resolve this issue, we need to enable LACP on SW3 as well. We will use the exact same configuration on SW3 including the passive command. This is just to show you that no LACP etherchannel will form.
As you can see, we still get the error about there not being a remote port configured for LACP. This is due to the mode being set as passive, and no LACP messages are being sent. I will now change SW3 to be in active mode for LACP.
Now the etherchannel has formed and we have both G1/0/2 and G1/0/3 on SW3 in a bundled state as shown in the output of the show etherchannel summary command.
LACP also allows you to configure the minimum and maximum number of links in an ether channel. To configure the maximum number of links, use the Port-channel interface subcommand lacp max-bundle <num> where num is a value between 1 and 8. When you configure an LACP switch with the maximum number of links you only need to configure it on the primary switch. You should still configure it on both however as having different configurations on each end of the etherchannel could be confusing when troubleshooting. Once you have configured the maximum number of active links, anything above that will be hot standby. To configure the minimum number of links in the port channel use the port channel interface subcommand port-channel min-links <num> where num is a value between 2 and 8. The minimum number of links refers to how many active links are required before the physical ports will become active as a logical port-channel interface.
Notice the error regarding the confliction between the min and max links. Configuring this actually shut the interface down. As I've mentioned earlier, LACP can be configured with up to 16 member interfaces however only 8 (by default 8 is the max number of active links) of those can be active at any given time. The additional interfaces are in a standby state until such time they can become active. To show this, I've left the max number of links configured as 1 and removed the min-links configuration.
Let's check the configuration on SW3 and fail over the active port but shutting the G1/0/2 interface on SW3.
The failover time in that example for a direct link failure was less than a second. When an LACP port goes recognizes a port as down in a bundle and there are hot standby ports available, the default time out is 2 seconds. This may seem quite slow and cause network disruptions for that period. LACP supports a fast-switch over feature that reduces the time out to 50ms. To configure fast-switchover use the Port-channel interface configuration subcommand lacp fast-switchover. Unfortunately my switches don't support this feature so I can't show it enabled.
By default, the switches will determine which of them will make the decisions about which ports are active. In my example, it would be SW2 as it has the lowest system priority (32768.0062.ec57.8580). But what if I wanted SW3 to be the decision maker? For this, I would need to lower the system priority on SW3. To do this, use the global configuration command lacp system-priorty <value>. The System priority can be a number from 0-65535.
Okay, now SW3 will be the switch to make the decisions about which ports become active. Let's try changing the port priority on the suspended port on SW2 to see if it influences the active ports using the member interface configuration subcommand lacp port-priority <value>.
As you can see, once the interface priority was changed, G1/0/3 port was bought down, and the G1/0/4 interface was bought up.
When an LACP etherchannel forms, the information that is sent in the LACP messages between switches is stored. You can view this information by using the command show lacp neighbor or for more detailed information you can add the detail keyword.
From this output we can confirm that the device connected to the other end of the LACP etherchannel is the same (We can determine this by the Dev ID). We can also see by looking at the neighbour flags, that the neighbour switch is configured to use Slow LACPDUs, and is configured in Passive mode. If you want to ensure that LACPDUs are being sent and received from the neighbour, you can view the LACP counters using the command show lacp counter.
By default, LACP is configured to send messages in slow mode, and sends them every 30 seconds. However, in the event of an indirect failure, this could impact network performance as the switch must miss 3 consecutive LACP messages in order to mark the link as down. This could result in an outage of up to 90 seconds. In a large production network this might not be acceptable. To resolve this issue, you can enable LACP fast mode on Cisco switches. LACP fast sends messages every 1 second. This reduces the failure time from 90 seconds to 3. To enable LACP fast mode, use the interface configuration subcommand lacp rate fast. This must be configured on all ports in the LACP bundle. The best way to do this is by specifying the entire range and enabling it.
Notice this command is disruptive and brings down all the member interfaces and the Port-Channel interface. From the show lacp neighbor output we can see that the etherchannel is still using Slow messaging. This is because SW3 is still not configured to use LACP fast. Let's configure SW3, and check again. (Note that configuring LACP fast on the switch with the lowest system priority, does not force the other end to use LACP fast mode)
I would also like to add, that if you are having issues with your LACP etherchannel, one additional command you can use to see the status of the link is the show etherchannel port-channel. This command allows you to see the status of the links and when they were last bundled/unbundled. In the below output the time coincides with the enabling of LACP fast mode.