Hi all,
today I’m gonna show you how to implement MC-LAG on the vQFX (QFX10k codebase) on EVE-NG. I personally found this pretty straight forward to configure but since I recieved so many Mails asking me to show this, I will do.
Here’s the very simple Topology (click to enlarge):
And here’s the Code – as you can see it’s not that hard but you have to remember some things:
vQFX-RE7 set chassis aggregated-devices ethernet device-count 2 set interfaces xe-0/0/1 ether-options 802.3ad ae0 set interfaces xe-0/0/2 ether-options 802.3ad ae0 set interfaces xe-0/0/0 ether-options 802.3ad ae1 set interfaces ae0 unit 0 family ethernet-switching interface-mode trunk set interfaces ae0 unit 0 family ethernet-switching vlan members v500 set interfaces ae1 aggregated-ether-options lacp active set interfaces ae1 aggregated-ether-options lacp system-id 00:01:01:01:01:01 set interfaces ae1 aggregated-ether-options lacp admin-key 1 set interfaces ae1 aggregated-ether-options mc-ae mc-ae-id 1 set interfaces ae1 aggregated-ether-options mc-ae chassis-id 1 set interfaces ae1 aggregated-ether-options mc-ae mode active-active set interfaces ae1 aggregated-ether-options mc-ae status-control standby set interfaces ae1 aggregated-ether-options mc-ae init-delay-time 240 set interfaces ae1 aggregated-ether-options mc-ae redundancy-group 1 set interfaces ae1 unit 0 family ethernet-switching interface-mode trunk set interfaces ae1 unit 0 family ethernet-switching vlan members v100 set interfaces irb unit 500 family inet address 3.3.3.1/24 set vlans v100 vlan-id 100 set vlans v500 vlan-id 500 set vlans v500 l3-interface irb.500 set protocols iccp local-ip-addr 3.3.3.1 set protocols iccp peer 3.3.3.2 redundancy-group-id-list 1 set protocols iccp peer 3.3.3.2 liveness-detection minimum-receive-interval 9000 set protocols iccp peer 3.3.3.2 liveness-detection transmit-interval minimum-interval 9000 set protocols rstp interface ae0 disable set protocols rstp interface ae0 mode point-to-point set protocols rstp interface ae1 edge set protocols rstp interface ae1 mode point-to-point set protocols rstp bpdu-block-on-edge set multi-chassis multi-chassis-protection 3.3.3.2 interface ae0 set switch-options service-id 1 vQFX-RE8: set chassis aggregated-devices ethernet device-count 2 set interfaces xe-0/0/1 ether-options 802.3ad ae0 set interfaces xe-0/0/2 ether-options 802.3ad ae0 set interfaces xe-0/0/0 ether-options 802.3ad ae1 set interfaces ae0 unit 0 family ethernet-switching interface-mode trunk set interfaces ae0 unit 0 family ethernet-switching vlan members v500 set interfaces ae1 aggregated-ether-options lacp active set interfaces ae1 aggregated-ether-options lacp system-id 00:01:01:01:01:01 set interfaces ae1 aggregated-ether-options lacp admin-key 1 set interfaces ae1 aggregated-ether-options mc-ae mc-ae-id 1 set interfaces ae1 aggregated-ether-options mc-ae chassis-id 0 set interfaces ae1 aggregated-ether-options mc-ae mode active-active set interfaces ae1 aggregated-ether-options mc-ae status-control active set interfaces ae1 aggregated-ether-options mc-ae init-delay-time 240 set interfaces ae1 aggregated-ether-options mc-ae redundancy-group 1 set interfaces ae1 unit 0 family ethernet-switching interface-mode trunk set interfaces ae1 unit 0 family ethernet-switching vlan members v100 set interfaces irb unit 500 family inet address 3.3.3.2/24 set interfaces irb unit 500 mac 00:00:00:00:00:05 set vlans v100 vlan-id 100 set vlans v500 vlan-id 500 set vlans v500 l3-interface irb.500 set protocols iccp local-ip-addr 3.3.3.2 set protocols iccp peer 3.3.3.1 redundancy-group-id-list 1 set protocols iccp peer 3.3.3.1 liveness-detection minimum-receive-interval 9000 set protocols iccp peer 3.3.3.1 liveness-detection transmit-interval minimum-interval 9000 set protocols rstp interface ae0 disable set protocols rstp interface ae0 mode point-to-point set protocols rstp interface ae1 edge set protocols rstp interface ae1 mode point-to-point set protocols rstp bpdu-block-on-edge set multi-chassis multi-chassis-protection 3.3.3.1 interface ae0 set switch-options service-id 1 Server (in this case shown via vQFX-RE): set vlans v100 vlan-id 100 set vlans v500 vlan-id 500 set interfaces ae0 unit 0 family ethernet-switching interface-mode trunk set interfaces ae0 unit 0 family ethernet-switching vlan members v500 set interfaces ae0 unit 0 family ethernet-switching vlan members v100 set chassis aggregated-devices ethernet device-count 1 set interfaces xe-0/0/1 ether-options 802.3ad ae0 set interfaces xe-0/0/2 ether-options 802.3ad ae0 set protocols rstp interface ae0 edge set protocols rstp interface ae0 mode point-to-point
When configuring MC-LAG always remember that the following settings must match on both Members of the MC-LAG:
LACP System-ID + Key
MC-AE ID + Mode
VLAN’s (ICL and Member VLAN’s)
ย
The following settings must be unique for each Member of the MC-LAG:
MC-AE Chassis-ID + Status Control
ICCP IP (Local) and Peer IP (who would have guessed this…)
MC-LAG Protectionย
ย
I will give you more explanation on this Topic later because as you might have heard my JNCIE-DC is booked for the 14th of February (therefore not so much time to write detailed Blogposts) and time is slowly running away… Okay just kidding – time just took a SPRINT towards my deadline… However, my beard looks fine so far…
Update 15.02.2019:
It can happen, that your vQFX-Devices all have the same MAC! Therefore (as a workaround) you can set the irb-mac static on one of the MC-LAG “Core” Devices:
set interfaces irb unit 500 mac 00:00:00:00:00:05
This way your MC-LAG will come up as expected ๐
What version are you running in Eve? I’m having a heck of a time with 18.4r2 and 19.4r2 +don’t recall the rev/spin versions).
That was done with 17.4
18.4 and 19.4 seem to have some bugs that I’m currently investigating.
Thank you for a great post. Being new to the concept of MC-LAG with Juniper (and likewise for other vendors e.g. vPC) I have two questions:
Q1) Would you expect to see “live traffic” from the vQFX-RE (the server) to cross the ICCP link ae0 between vQFX-RE7 and vQFX-RE8 or just control traffic to keep the MC-LAG up? I am asking to see if there are special requirements when sizing the ICCP links, for either path redundancy of to guarantee that traffic can do east-west without congestion.
Q2) I have read and you mention that your VLANs must always match on both devices (vQFX-RE7 and vQFX-RE8 in this case), but what happens if you need to add a VLAN, will it take the MC-LAG down and blackhole the traffic toward the server? Assuming you do one device at a time, you will have a short inconsistency. Is there any mechanism to avoid this, such as a way to replicate the settings?
Thank you for your insightful posts, you are one of the few blogs that is really helping people out there even if we do not always comment articles!
Hi Simon,
on the ICCP you should only see “Control Traffic” to keep the MC-LAG up.
The User-Traffic will flow across the ICL if needed.
If you forget to add the vlan on the other side, traffic for that vlan will not work. If your MC-LAG is running over this vlan, it will not show as “up”.
Usually, you configure MC-LAG once and only add “new” VLANs after some time – the traffic inside the already used VLANs will not be interrupted.
You can also configure “commit synchronize” depending on the model you use: https://www.juniper.net/documentation/en_US/junos/topics/concept/mc-lag-feature-additional-concepts.html
This helps to address exactly what you mentioned ๐
–Christian
Does eve-ng needs to be configured to allow 802.1d to pass across the bridge or the install will work without any kernel modification? I am running 18.2 and having problem on getting LAG to be up/up.
18.x and 19.x seem to have some bugs that Iโm currently investigating.