Comware

 View Only

  • 1.  HPE 5940 SWITCH: Cannot ping after configure bond LACP Layer3/4 with linux host

    Posted Oct 20, 2022 10:26 AM

    Hi Everyone,

    I'm facing an issue when configuring bond LACP Layer3/4 with Linux host.

    The bond0 configuration in the Linux node:

    # cat /etc/sysconfig/network-scripts/ifcfg-bond0
    BONDING_OPTS="mode=4 miimon=100 xmit_hash_policy=layer3+4"
    MTU=1500
    DEVICE=bond0
    BOOTPROTO=none
    IPADDR=10.0.0.15
    NETMASK=255.255.255.0
    NETWORK=10.0.0.0
    BROADCAST=10.0.0.255
    NM_CONTROLLED=no
    IPV6_AUTOCONF=no
    ONBOOT=yes

    The switch configuration:

    #
    vlan 102
    name TEST

    #
    interface Vlan-interface102
    ip address 10.0.0.1 255.255.255.0

    #
    interface Route-Aggregation39
    link-aggregation mode dynamic
    link-aggregation load-sharing mode flexible

    #
    interface Route-Aggregation39.102

    #
    interface Ten-GigabitEthernet1/0/39
    port link-mode route
    port link-aggregation group 39
    #
    interface Ten-GigabitEthernet1/0/40
    port link-mode route
    port link-aggregation group 39
    #
    interface Ten-GigabitEthernet1/0/41
    port link-mode route
    port link-aggregation group 39
    #
    interface Ten-GigabitEthernet1/0/42
    port link-mode route
    port link-aggregation group 39
    #

    I could see Current state is UP and Line protocol state is UP for RAGG39 but still could not ping from Linux host (10.0.0.15) to Vlan-interface102 (10.0.0.1).

    1_I did not configure IP address for RAGG39 because I think it will use IP of Vlan-interface102 (10.0.0.1) for load balancing, please correct me if I was wrong.

    2_Is traffic from VLAN 102 will go through subinterface Route-Aggregation39.102 ?

    Many thanks for any help!



  • 2.  RE: HPE 5940 SWITCH: Cannot ping after configure bond LACP Layer3/4 with linux host

    Posted Oct 20, 2022 01:19 PM
    Hi, can you explain why you're setting up a BAGG (L2 bond) with LACP host side and a RAGG (L3 bond) with LACP switch side? I ask that especially considering the associated net IP addressing used on both interfaces.

    Isn't better to go with a normal L2 bond switch side too?
    Original Message


  • 3.  RE: HPE 5940 SWITCH: Cannot ping after configure bond LACP Layer3/4 with linux host

    Posted Oct 20, 2022 04:06 PM
    Hi Parnassus,

    I'm trying to set up RAGG on both sides (xmit_hash_policy=layer3+4). The problem is our software on the host side only supports LACP layer3+4 type.
    Normal L2 bond on both sides definitely work, but this is not what I expect.
    Original Message


  • 4.  RE: HPE 5940 SWITCH: Cannot ping after configure bond LACP Layer3/4 with linux host

    Posted Oct 20, 2022 03:00 PM
    Edited by Ivan_B Oct 20, 2022 03:01 PM
    Hi,

    There is a configuration mistake on the switch side. The problem is that SVI Vlan120 does not have anything to do with RAGG39.120 L3 interface. Yes, RAGG39.120 will tag it's traffic with VLAN ID 120 and traffic received on the RAGG39 with VLAN ID 120 will be terminated on the RAGG39.120 sub-interface, but there is no bridging between RAGG39.120 and VLAN120, therefore when you ping, ICMP echo requests from the Linux hosts do not reach 'interface Vlan-interface120' and therefore you see no reply. Traffic is just dropped on the RAGG39.120 and that's it.

    Now you have two options:

    1. Delete 'interface Vlan-interface120' and assign ip address 10.0.0.1 to the 'interface RAGG39.120'
    2. As per Parnassus' suggestion - use Bridge-aggregation instead of Route-aggregation, it makes much more sense in your case.


    ------------------------------
    Ivan Bondar
    ------------------------------

    Original Message


  • 5.  RE: HPE 5940 SWITCH: Cannot ping after configure bond LACP Layer3/4 with linux host

    Posted Oct 20, 2022 04:27 PM
    Edited by son.h.nguyen@ericsson.com Oct 20, 2022 04:37 PM
    Hi Ivan_B,

    Thank you a lot for your great explaination. Now I understand why packet from RAGG39.102 cannot reach SVI Vlan102.

    1. Delete 'interface Vlan-interface102' and assign ip address 10.0.0.1 to the 'interface RAGG39.102'
    - Actually, I have 2 Switches and planned to run VRRP between them. Therefore, I don't want to change IP of SVI Vlan102 to RAGG39.102

    Switch1#
    interface Vlan-interface102
    ip address 10.0.0.1 255.255.255.0
    vrrp vrid 102 virtual-ip 10.0.0.3


    Switch2#
    interface Vlan-interface102
    ip address 10.0.0.2 255.255.255.0
    vrrp vrid 102 virtual-ip 10.0.0.3


    2. As per Parnassus' suggestion - use Bridge-aggregation instead of Route-aggregation, it makes much more sense in your case.
     - This is not what I want to achieve, because our software on the host side only supports LACP layer3+4 type.

    3. Is there any way to bridge between RAGG39.102 and Vlan102?
    Original Message


  • 6.  RE: HPE 5940 SWITCH: Cannot ping after configure bond LACP Layer3/4 with linux host

    Posted Oct 21, 2022 01:03 AM
    (1) VRRP? then, host side, the LACP bond will never work (that bond needs to terminate its member links against a single logical entity and two simple switches just running VRRP are two different logical entities).

    (2) The "xmit_hash_policy=layer3+4" your are referring to (as per configuration of the host's bond you posted) has nothing to do with routing in the sense you are referring to: that parameter represents the Hashing Algorithm policy used by LACP to calculate Bond links utilization (which member link to pick up, to simplify) for egressing traffic, Layer 4 with fallback to Layer 3 with fallback to Layer 2 with fallback to Layer 1 (a similar policy is used on Switch side and can be different).



    Original Message


  • 7.  RE: HPE 5940 SWITCH: Cannot ping after configure bond LACP Layer3/4 with linux host
    Best Answer

    Posted Oct 21, 2022 02:19 AM
    Hi Son,

    No, there is no way to bridge Vlan-interface and sub-interface of a routed port/aggregation.

    BTW, I still insist that a RAGG with sub-interfaces can be absolutely safely replaced by a BAGG in a 'port link-type trunk' mode with Vlan-interfaces for each VLAN. I really see no difference here, just different way to configure things. If your plan is to have transit networks on sub-interfaces (to avoid bridging on Layer 2 traffic from internal VLANs to the RAGG) you can use so called 'transit VLANs' on the BAGG, they are normal VLANs with SVIs, but they exist only on the BAGG. Like in the example below:
    FYI, LACP doesn't care if there is a 'mismatch' of aggregation types on both sides (Layer2 BAGG vs Layer3 RAGG), it doesn't know nothing about switching or routing, so it is perfectly fine to have such BAGG-to-RAGG setup if needed. Sometimes such setups are needed when we connect switch to a router when router interfaces don't support VLAN bridging.
    In your case your host will be in place of 'R1' tagging its traffic with the VLAN ID expected on the BAGG39 of 'SW1'.


    ------------------------------
    Ivan Bondar
    ------------------------------

    Original Message


  • 8.  RE: HPE 5940 SWITCH: Cannot ping after configure bond LACP Layer3/4 with linux host

    Posted Oct 21, 2022 03:14 AM
    Edited by parnassus Oct 21, 2022 03:23 AM
    Hi Ivan, your one is a very reasonable approach/scenario...but the OP, at some point, specified "Actually, I have 2 Switches and planned to run VRRP between them" without explicitly saying also that it is working with two switches deployed in a IRF stack (so two switches forming a single logical entity as can be seen by connected peers), without this details we should simply imply that the OP is working with two separate switches (say two HPE 5940) and it is going to deploy a VRRP configuration between them. No more. This at least without other explanations from the OP.

    Given that, links of the bond configured on the Linux host can't be terminated on both standalone switches concurrently (they can terminate to one of them, not both <- that is a LAG strict requirement), no matter the status of the higher level VRRP implementation on those Switches.

    The only way it can work (as per your scenario with a Transit VLAN between the host and a Switch acting as a Router or simply just without it, BAGG to BAGG with transported tagged VLANs) is that involved Switches are deployed into an IRF stack, otherwise there is no way to proceed.

    Here, I believe, we are missing the exact scenario and the real OP's purposes (I mean: as far as we know, considering what the OP posted above, we only know that two L3 capable Switches, not simply one, one Linux host are involved and we also know that the OP wants the links between the host and the Switches to be aggregated together in a logical interface defined on both ends).


  • 9.  RE: HPE 5940 SWITCH: Cannot ping after configure bond LACP Layer3/4 with linux host

    Posted Oct 21, 2022 03:28 AM
    I agree, we are missing a lot of details here, I also don't understand the final design... If the second VRRP peer is also 5940, IRF seems to be very suitable solution, at least I'd prefer it over VRRP. Maybe it's my bias, maybe it's a habit, but 'Active/Standby' forwarding model of the standard VRRP (putting aside different vendors hacks to make it 'Active/Active') looks awkward and inconvenient to me.

    ------------------------------
    Ivan Bondar
    ------------------------------

    Original Message


Related Content