...
MLAG (Multi-chassis Link Aggregation) as the name suggests, allows different member ports of a LAG interface to be deployed on two different devices which appear to be on a single device. The two peer devices maintain communication by exchanging hello packets and MAC address learning of the LAG interface to ensure MAC synchronization using L2 multicast packets with the destination address 01:80:c2:00:00:0f. A downstream switch or host of the other end of the LAG link doesn’t get a feel that there are two devices linked with it on the other side of the link. The figure below shows the basic MLAG networking example.
Figure 1 MLAG Networking
MLAG is mainly applied in scenarios where a downstream switch or host has or needs dual-access to the network. In Figure 1, without deploying MLAG, SwitchB can only connect to SwitchA1 using an LACP link. If the LACP link or SwitchA1 fails, SwitchB cannot communicate with the network. By using MLAG, the downstream switch or host can have dual-access to the network, enabling link and device-level redundancy and protection.
...
Figure 2. Multiple MLAGs Networking
• MLAG peer
MLAG peer devices, a pair of switches that enables the MLAG function.
...
System priority will be compared first, a smaller system priority value takes precedence over a higher system priority value. The device with a lower priority becomes the Master and the other MLAG peer device becomes the Slave. If the system priorities are the same, then the system MACs are compared, device with a smaller system MAC becomes the Master, and the other MLAG peer device becomes the Slave.
NOTE: Master and Slave are defined for each MLAG domain. You can configure different MLAG on the same device of MLAG peer, so the device may be Master or Slave for different MLAGs. |
Hello Packets
Hello packets are sent periodically through the layer-3 network, for discovering and maintaining neighbor relationships for MLAG. The main parameters in a hello packet are: domain ID, system MAC, system priority, MLAG interface state, MLAG peer specified IP, MLAG peer system priority, MLAG peer system MAC, and MLAG peer LAG ID.
...
Figure 3. MLAG Networking for MAC Synchronization
As shown in Figure 3, Switch1, Switch2 and the member ports connected to Switch3 form an MLAG, MLAG Domain 1; Switch1, Switch2 and the member ports connected to Switch4 form another MLAG, MLAG Domain 2. However, as Te-1/1/1 interface on Switch1 that connected to Switch5 does not belong to any MLAG domain, so the dynamic MAC address learned on Te-1/1/1 will not be synchronized to the MLAG member port ae1 on Switch2 during MLAG MAC synchronization. But as Te-1/1/1 is a single-homed port, it will be synchronized to the MLAG peer device on the MLAG peer-link port, and the address type is Peer-Sync in the MAC address table. For details about single-homed port, see Single-homed Port.
...
4094 cc:37:ab:56:6e:81 Dynamic 300 ae3 xorp
NOTE:
|
Anchor single port single port
Single-homed Port
| single port | |
| single port |
Single-homed port is a port on the MLAG peer device which provides access device single-access to the network through either MLAG master or slave device. The single-homed port on the MLAG peer devices can connect to both hosts or servers and it can also be connected to other access switch devices. As shown in Figure 4, Switch 1 and Switch 3 are single-homed devices, the ports on the MLAG peer devices connected to Switch 1 and Switch 3 are called single-homed ports. Traffic between Switch1 and Switch3 always crosses the MLAG peer-link as Switch1 and Switch3 are active on different switches. With single-homed ports, hosts and other standalone switches are able to single-home into the network.
Figure 4. MLAG network
The MAC address entries learned on the single-homed port will be synchronized to the MLAG peer device on the MLAG peer-link port, and the address type is Peer-Sync in the MAC address table. However, the MAC synchronization on the single-homed port will be done only when there is at least one MLAG that its MLAG neighbor state is TWO-WAY or FULL. This MAC synchronization ensures that the devices connected to the single-homed port can communicate normally.
...
MLAG member port is a single-homed port when one LAG port of the dual-homed access device is down, then the other LAG port becomes a single-homed port. We can also say that when MLAG interface state is ASY_LOCAL, then MLAG member port on local MLAG device is a single-homed port. MAC address entry learned on this port will be synchronized to the MLAG peer device on the MLAG peer-link port.
NOTE:
|
Application Scenarios
As shown in Figure 5, PC 2 connects to the MLAG downlink switch (Switch 2), and communicates with PC 1 through the MLAG peer devices.
Figure 5. Network 1 of PC 1 and PC 2 Communication in MLAG Topology
Normally, the traffic from PC 1 to PC 2 will go out of Port 1 to Switch 2. Any packet received from peer-link on MLAG slave device will be blocked to all MLAG member ports.
...
Figure 6. Network 2 of PC 1 and PC 2 Communication in MLAG Topology
When considering the case of IP routing communication, as shown in Figure 7, PC1 and PC2 belong to different subnets. In this scenario, you can apply VRRP in the MLAG topology to make PC1 and PC2 can communicate with each other through IP routing. Configure two VRRP groups on the two VRRP group devices which belongs to different L3 VLAN interfaces. Configure a different virtual IP address for each VRRP group, virtual IP address 10.10.10.1 is used as the gateway for PC1 access network, and virtual IP address 20.20.20.1 is used as the gateway for PC2 access network.
Figure 7. Network 3 of PC 1 and PC 2 Communication in MLAG with VRRP Topology
Configuration Consistency
...
Figure 8. MLAG Flood Control
1. All packets (Unicast, multiacst or broadcast) received from SwitchB on SwitchA1 will be flooded to any ports in the specified vlan, peer-link included.
...
Flood control process of traffic from uplink is similar to that of traffic from downlink, and is not mentioned here.
NOTE: All the packets received from peer-link shall be blocked to all MLAG member ports except the DHCP Offer/Ack packets. |
You can run the run show mlag internal command to view the status of flood control. For example:
...
Figure 9. Network of IGMP Snooping Interoperation with MLAG
When the MLAG member port (ae1) on Switch A2 receives an IGMP report message from the Host, Switch A2 generates an IGMP member port multicast forwarding entry of ae1 and floods this IGMP report message to all the router ports of the same multicast group.
...
Figure 10. Typical Fault Scenario of Downstream Link Down
Upstream Link to Layer-3 Device Down
...
Figure 11. Typical Fault Scenario of Upstream Link Down
MLAG Peer-link Down
MLAG peer device checks the peer-link status by exchanging hello packets, if same MLAG system ID is configured on both sides of MLAG peer-link, the access switch will not be able to sense peer-link down. So the traffic will go through both links. However, if MLAG system ID is not configured, the access switch will choose the Master to transmit uplink traffic.
Figure 12. Typical Fault Scenario of Peer-link Down
MLAG Master Device Fault
When master switch reboot/shutdown, and system ID is configured, the slave device continuously uses configured system ID as the system MAC for LACP. Since system MAC for LACP has not changed, all traffic is forwarded from this functional device.
...
Figure 13. Typical Fault Scene of MLAG Master Fault
