MC-LAG Concepts
ICCP and ICL
The MC-LAG peers use the Inter-Chassis Control Protocol (ICCP) to exchange control information and coordinate with each other to ensure that data traffic is forwarded properly. ICCP replicates control traffic and forwarding states across the MC-LAG peers and communicates the operational state of the MC-LAG members. Because ICCP uses TCP/IP to communicate between the peers, the two peers must be connected to each other. ICCP messages exchange MC-LAG configuration parameters and ensure that both peers use the correct LACP parameters.
The interchassis link (ICL), also known as the interchassis link-protection link (ICL-PL), is used to forward data traffic across the MC-LAG peers. This link provides redundancy when a link failure (for example, an MC-LAG trunk failure) occurs on one of the active links. The ICL can be a single physical Ethernet interface or an aggregated Ethernet interface.
You can configure multiple ICLs between MC-LAG peers. Each ICL can learn up to 512K MAC addresses. You can configure additional ICLs for virtual switch instances.
Multichassis Link Protection
Multichassis link protection provides link protection between the two MC-LAG peers that host an MC-LAG. If the ICCP connection is up and the ICL comes up, the peer configured as standby brings up the multichassis aggregated Ethernet interfaces shared with the peer. Multichassis protection must be configured on each MC-LAG peer that is hosting an MC-LAG.
Service ID
You must configure the same service ID on each MC-LAG peer when
the MC-LAG logical interfaces are part of a bridge domain. The service
ID, which is configured under the switch-options
hierarchy,
is used to synchronize applications such as IGMP, ARP, and MAC learning
across MC-LAG members. If you are configuring virtual switch instances,
configure a different service ID for each virtual switch instance.
Failure Handling
Configuring ICCP adjacency over an aggregated interface with child links on multiple FPCs mitigates the possibility of a split-brain state. A split-brain occurs when ICCP adjacency is lost between the MC-LAG peers. To work around this problem, enable backup liveness detection. With backup liveness detection enabled, the MC-LAG peers establish an out-of-band channel through the management network in addition to the ICCP channel.
During a split-brain state, both active and standby peers change LACP system IDs. Because both MC-LAG peers change the LACP system ID, the customer edge (CE) device accepts the LACP system ID of the first link that comes up and brings down other links carrying different LACP system IDs. When the ICCP connection is active, both of the MC-LAG peers use the configured LACP system ID. If the LACP system ID is changed during failures, the server that is connected over the MC-LAG removes these links from the aggregated Ethernet bundle.
When the ICL is operationally down and the ICCP connection is active, the LACP state of the links with status control configured as standby is set to the standby state. When the LACP state of the links is changed to standby, the server that is connected over the MC-LAG makes these links inactive and does not use them for sending data.
Recovery from the split-brain state occurs automatically when the ICCP adjacency comes up between MC-LAG peers.
If only one physical link is available for ICCP, then ICCP might go down due to link failure or FPC failure, while the peer is still up. This results in a split-brain state. If you do not set a special configuration to avoid this situation, the MC-LAG interfaces change the LACP sytem ID to their local defaults, thus ensuring that only one link (the first) comes up from the downstream device. A convergence delay results from the LACP state changes on both active and standby peers.
Load Balancing
Load balancing of network traffic between MC-LAG peers is 100 percent local bias. Load balancing of network traffic between multiple LAG members in a local MC-LAG node is achieved through a standard LAG hashing algorithm.
MC-LAG Packet Forwarding
To prevent the server from receiving multiple copies from both of the MC-LAG peers, a block mask is used to prevent forwarding of traffic received on the ICL toward the multichassis aggregated Ethernet interface. Preventing forwarding of traffic received on the ICL interface toward the multichassis aggregated Ethernet interface ensures that traffic received on MC-LAG links is not forwarded back to the same link on the other peer. The forwarding block mask for a given MC-LAG link is cleared if all of the local members of the MC-LAG link go down on the peer. To achieve faster convergence, if all local members of the MC-LAG link are down, outbound traffic on the MC-LAG is redirected to the ICL interface on the data plane.
Virtual Router Redundancy Protocol (VRRP) over IRB and MAC Address Synchronization
There are two methods for enabling Layer 3 routing functionality across a multichassis link aggregation group (MC-LAG). You can choose either to configure the Virtual Router Redundancy Protocol (VRRP) over the integrated routing and bridging (IRB) interface or to synchronize the MAC addresses for the Layer 3 interfaces of the switches participating in the MC-LAG.
VRRP over IRB or RVI requires that you configure different IP addresses on IRB or RVI interfaces, and run VRRP over the IRB or RVI interfaces. The virtual IP address is the gateway IP address for the MC-LAG clients.
If you have Junos OS Release 15.2R1 or earlier installed in your device, you must configure
static ARP entries for the IRB interface of the remote MC-LAG peer to allow routing
protocols to run over the IRB interfaces. This step is required so you can issue the
ping
command to reach both the physical IP addresses and virtual IP
addresses of the MC-LAG peers.
For example, you can issue the set interfaces irb unit 18 family inet address 10.181.18.3/8 arp 10.181.18.2 mac 00:00:5E:00:2f:f0 command.
If you have already manually configured a static ARP or ND entry and upgrade to a later release, the static entry is deleted when ICCP goes down. If you configured ICCP on the IRB static entry, then ICCP might not come up. As a workaround, you can disable the automatic creation of static ARP and ND entries by issuing the following command: set protocols l2-learning no-mclag-ifa-sync.
When you issue the show interfaces irb
command after
you have configured VRRP over IRB, you will see that the static ARP
entries are pointing to the IRB MAC addresses of the remote MC-LAG
peer:
user@switch> show interfaces irb Physical interface: irb, Enabled, Physical link is Up Interface index: 180, SNMP ifIndex: 532 Type: Ethernet, Link-level type: Ethernet, MTU: 1514 Device flags : Present Running Interface flags: SNMP-Traps Link type : Full-Duplex Link flags : None Current address: 00:00:5E:00:2f:f0, Hardware address: 00:00:5E:00:2f:f0 Last flapped : Never Input packets : 0 Output packets: 0
MAC address synchronization enables MC-LAG peers to forward Layer 3 packets arriving on multichassis aggregated Ethernet interfaces with either their own IRB or RVI MAC address or their peer’s IRB or RVI MAC address. Each MC-LAG peer installs its own IRB or RVI MAC address as well as the peer’s IRB or RVI MAC address in the hardware. Each MC-LAG peer treats the packet as if it were its own packet. If MAC address synchronization is not enabled, the IRB or RVI MAC address is installed on the MC-LAG peer as if it were learned on the ICL.
MAC address synchronization requires you to configure the same
IP address on the IRB interface in the VLAN on both MC-LAG peers.
To enable the MAC address synchronization feature using the standard
CLI, issue the set vlan vlan-name mcae-mac-synchronize
command on each MC-LAG peer. If you are using the Enhanced Layer
2 CLI, issue the set bridge-domains name mcae-mac-synchronize
command on each MC-LAG peer. Configure
the same IP address on both MC-LAG peers. This IP address is used
as the default gateway for the MC-LAG servers or hosts.