Categories
CCNP Enterprise Core (350-401) Cisco Datalink Layer

Load Balancing Traffic with Etherchannel

Traffic that flows across a port-channel is not forwarded out member links in a round robin basis. A hash is calculated and packets are consistently forwarded across a link based on that calculated hash.

The load balancing hash is a system wide configuration that uses a global command: port-channel load-balance X where X is the hash from the following selections:

Hash algorithmDescription
dst-ipBalances based on destination IP and MAC address only
dst-macBalances based on destination MAC address only
dst-mixed-ip-portBalances based on destination IP and MAC address and TCP/UDP port
dst-portBalances based on destination port only
src-dst-ipBalances based on source IP and destination IP address and MAC addresses
src-dst-ip-onlyBalances based on source IP and destination IP address without MAC address information
src-dst-macBalances based on source and destination MAC addresses
src-dst-mixed-ip-portBalances based on source and destination IP addresses along with source and destination TCP/UDP ports
src-dst-portBalances based on source and destination TCP/UDP ports only
src-ipBalances based on source IP address only
src-macBalances based on source MAC address only
src-mixed-ip-portBalances based on source IP address and TCP/UDP port
src-portBalances on source port only
Types of hash algorithms that may be available on a Cisco switch

Changing the hash may be beneficial to systems that see very high utilisation on one or two member links in a port channel.

Hashing is a binary function; it is important to note that load balancing works best in situations where the number of links are in powers of two. A two or four link etherchannel will load balance better than a three or five link etherchannel.

The command show etherchannel load-balance will display how the switch will load balance its network traffic.

Categories
CCNP Enterprise Core (350-401) Cisco Datalink Layer

Troubleshooting Etherchannel

With the port channel being a logic interface, problems can occur if the physical member interfaces are not configured similarly.

Generally each member state must all be in either in a layer 2 or layer 3 port type, then associated with the port channel. The rest of the configuration should be done from the logical port channel interface.

There is a risk if configuration is done on individual member interfaces, they will no longer match with the rest of the interfaces. Here are factors that must be the same across all members of the port channel:

FactorDescription
Port TypeAll ports must be ethier in a Layer 2 switch port mode or Layer 3 routed port mode.
Port ModeLayer 2 ports must be configured as all access ports or all trunk ports, no mixing.
Native VLANLayer 2 ports must be configured with the same native VLAN across all members.
Allowed VLANsLayer 2 ports must have the same VLANs permitted across all members
SpeedAll member interfaces must have the same speed
DuplexAll member interfaces must have the same duplex
MTUAll Layer 3 interfaces must have the same MTU configured
Load intervalThe load interval must be configured consistently across all member interfaces
Storm ControlStorm control will need to be the same across all member interfaces.

In addition to the configuration settings matching, there are other factors in troubleshooting the establishment of an Etherchannel:

  • The link is directly attached between two devices
  • All the member ports are in an active state
  • Both ends are statically set to on, or:
    • If using LACP, one side is configured as active
    • If using PaGP, one side is configured as desirable

Categories
CCNP Enterprise Core (350-401) Cisco Datalink Layer

LACP Interface Priority

LACP interface priority enables the master switch to choose which member interfaces are active in a port channel when there are more member interfaces than the maximum permitted.

A port with a lower priority number is preferred.

The interface priority can be set in interface configuration mode, with the command lacp port-priority 1

Categories
CCNP Enterprise Core (350-401) Cisco Datalink Layer

LACP System Priority

The LACP system priority identifies the master switch for a port channel.

The master switch is responsible for choosing the interfaces that are active in a port channel, and if there are more than the maximum number configured which interfaces are disabled.

The system with the lower system priority is preferred.

The system priority can be viewed with the command show lacp sys-id and changed with the command lacp system-priority X where X is the system priority.

Categories
CCNP Enterprise Core (350-401) Cisco Datalink Layer

LACP: Set Maximum Number of Interfaces

An etherchannel can be configured to have a specific maximum number of interfaces. A scenario where this can be useful is ensure the active member count is within the powers of two. (2 links, 4 links, 8 links) for load balancing algorithm purposes.

To set the maximum number of member interfaces in a port-channel, configure the port-channel interface with the command lacp max-bundle X where X is the number of links.

Categories
CCNP Enterprise Core (350-401) Cisco Datalink Layer

LACP: Set Minimum Number of Member Interfaces

An etherchannel typically comes online when only one member interface can successfully form an adjacency with a remote device.

In some network design scenarios there may be a situation where a single member interface won’t provide enough bandwidth to serve traffic effectively. A minimum number of member interfaces to be established can be set in the port-interface with the command port-channel min-links X where X represents the number of member interfaces required.

Categories
CCNP Enterprise Core (350-401) Cisco Datalink Layer

Etherchannel: LACP Fast

The original LCP standards sent out a LACP protocol packet every 30 seconds; if a LACP packet is not received three times then the link is deemed unusable. This may result in up to a 90 second delay before a problematic link is removed from the port channel.

An amendment was made to the standards so that LACP packets are sent every 1 second. This amendment is known as LACP fast as it means a faulty link can be identified in 3 seconds instead of 90.

LACP Fast can enabled on member interfaces with the command lacp rate fast. Both ends of the link need to have this command enabled in order for the link to successfully come online.

Categories
CCNP Enterprise Core (350-401) Cisco Datalink Layer

Viewing Neighbor Information in a Etherchannel

The command show etherchannel port can display detailed information on the local configuration and information from the packets received. This in some cases can provide too much information and slow down the network administrators troubleshooting efforts. Commands exist to be more specific in troubleshooting efforts.

show lacp neighbor with the optional suffix detail provides additional information about the LACP neighbour and includes their system ID, priority, and whether it is using fast or slow LACP packets.

The system identifier is used to ensure that all member links connect to the same remote device, and not split between different devices. The local system ID can be viewed with the command show lacp system-id.

show pagp neighbor will display information regarding the PAgP neighbour and includes the system ID, remote port number, and if it is using fast or slow PAgP packet intervals.

Verifying Etherchannel Packets

An additional helpful tool in troubleshooting the establishment of etherchannels is checking the LACP or PAgP packets that are transmitted across the links.

LACP counters can be viewed with the command show lacp counters. The output will include a list of Etherchannel interfaces, their member interfaces, and counters for LACP packets that are sent or received plus any errors.

A working LACP link should see the counters increase over an interval of time, with no increments in counters indicating towards a possible issue.

PAgP counters can be viewed with the command show pagp counters. Similar to LACP, it will show Etherchannel interfaces, their member interfaces and counters for PAgP packets sent or received.

Categories
CCNP Enterprise Core (350-401) Cisco Datalink Layer

Verifying Etherchannel Status

Once a port channel has established, it is important to check that it is operating optimally. The command show etherchannel summary provides a summary of configured port channels on the switch along with its status.

Status CodeDescription
UThe Etherchannel is up and working correctly
DThe Etherchannel is down and not working
MThe Etherchannel has succesfully as established a link using at least one member, however the minimum number of links required as configured by the user on the switch has not been met. This is configured using the command port-channel min-links X in interface configuration mode
SThe port channel is configured on a Layer 2 level (access or trunk)
RThe port-channel is configured on a Layer 3 level
Status codes of an Etherchannel
Status CodeDescription
PThe member interface is actively participating in the Etherchannel
HThe port channel is configured with the maximum number of active members. This member is not operating and forwarding traffic but is in a hot standby state ready to take over if an interface fails.
IThe member interface has not picked up on any LACP traffic and is operating individually.
wThe interface is waiting for a packet to arrive from its neighbour to ensure the link is still alive.
sThis member interface is in a suspended state
rThe switch module associated with the member interface has been removed.
Status codes of a member interface on a Etherchannel
Categories
CCNP Enterprise Core (350-401) Cisco Datalink Layer

Configuration of Etherchannel

Etherchannel is configured in the interface configuration mode of the switch. There are three ways that it can be configured: statically, LACP, or PAgP. X in the examples below are the channel-group number.

Statically

channel-group X mode on

LACP Etherchannel

Active Mode

channel-group X mode active

Passive Mode

channel-group X mode passive

PAgP Etherchannel

Desirable Mode

channel-group X mode desirable

Auto Mode

channel-group X mode auto

Non-silent mode

PAgP has an additional suffix of non-silent. Non-silent prevents the PAgP from operating in silent mode which is enabled by default. Silent mode allows the port channel to establish with a remote device that is not a PAgP capable and rarely sends packets. Non-silent requires the local interface to receive PAgP packets first before being added into the etherchannel. Non-silent is recommended to be used between PAgP compliant devices and allows links to be established more quickly than if the keyword was not used.