MC-LAG on vQFX (EVE-NG)

      6 Comments on MC-LAG on vQFX (EVE-NG)

Hi all,

today I’m gonna show you how to implement MC-LAG on the vQFX (QFX10k codebase) on EVE-NG. I personally found this pretty straight forward to configure but since I recieved so many Mails asking me to show this, I will do.

Here’s the very simple Topology (click to enlarge):

And here’s the Code – as you can see it’s not that hard but you have to remember some things:

vQFX-RE7
set chassis aggregated-devices ethernet device-count 2
set interfaces xe-0/0/1 ether-options 802.3ad ae0
set interfaces xe-0/0/2 ether-options 802.3ad ae0
set interfaces xe-0/0/0 ether-options 802.3ad ae1
set interfaces ae0 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae0 unit 0 family ethernet-switching vlan members v500
set interfaces ae1 aggregated-ether-options lacp active
set interfaces ae1 aggregated-ether-options lacp system-id 00:01:01:01:01:01
set interfaces ae1 aggregated-ether-options lacp admin-key 1
set interfaces ae1 aggregated-ether-options mc-ae mc-ae-id 1
set interfaces ae1 aggregated-ether-options mc-ae chassis-id 1
set interfaces ae1 aggregated-ether-options mc-ae mode active-active
set interfaces ae1 aggregated-ether-options mc-ae status-control standby
set interfaces ae1 aggregated-ether-options mc-ae init-delay-time 240
set interfaces ae1 aggregated-ether-options mc-ae redundancy-group 1
set interfaces ae1 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae1 unit 0 family ethernet-switching vlan members v100
set interfaces irb unit 500 family inet address 3.3.3.1/24
set vlans v100 vlan-id 100
set vlans v500 vlan-id 500
set vlans v500 l3-interface irb.500
set protocols iccp local-ip-addr 3.3.3.1
set protocols iccp peer 3.3.3.2 redundancy-group-id-list 1
set protocols iccp peer 3.3.3.2 liveness-detection minimum-receive-interval 9000
set protocols iccp peer 3.3.3.2 liveness-detection transmit-interval minimum-interval 9000
set protocols rstp interface ae0 disable
set protocols rstp interface ae0 mode point-to-point
set protocols rstp interface ae1 edge
set protocols rstp interface ae1 mode point-to-point
set protocols rstp bpdu-block-on-edge
set multi-chassis multi-chassis-protection 3.3.3.2 interface ae0
set switch-options service-id 1





vQFX-RE8:
set chassis aggregated-devices ethernet device-count 2
set interfaces xe-0/0/1 ether-options 802.3ad ae0
set interfaces xe-0/0/2 ether-options 802.3ad ae0
set interfaces xe-0/0/0 ether-options 802.3ad ae1
set interfaces ae0 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae0 unit 0 family ethernet-switching vlan members v500
set interfaces ae1 aggregated-ether-options lacp active
set interfaces ae1 aggregated-ether-options lacp system-id 00:01:01:01:01:01
set interfaces ae1 aggregated-ether-options lacp admin-key 1
set interfaces ae1 aggregated-ether-options mc-ae mc-ae-id 1
set interfaces ae1 aggregated-ether-options mc-ae chassis-id 0
set interfaces ae1 aggregated-ether-options mc-ae mode active-active
set interfaces ae1 aggregated-ether-options mc-ae status-control active
set interfaces ae1 aggregated-ether-options mc-ae init-delay-time 240
set interfaces ae1 aggregated-ether-options mc-ae redundancy-group 1
set interfaces ae1 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae1 unit 0 family ethernet-switching vlan members v100
set interfaces irb unit 500 family inet address 3.3.3.2/24
set interfaces irb unit 500 mac 00:00:00:00:00:05
set vlans v100 vlan-id 100
set vlans v500 vlan-id 500
set vlans v500 l3-interface irb.500
set protocols iccp local-ip-addr 3.3.3.2
set protocols iccp peer 3.3.3.1 redundancy-group-id-list 1
set protocols iccp peer 3.3.3.1 liveness-detection minimum-receive-interval 9000
set protocols iccp peer 3.3.3.1 liveness-detection transmit-interval minimum-interval 9000
set protocols rstp interface ae0 disable
set protocols rstp interface ae0 mode point-to-point
set protocols rstp interface ae1 edge
set protocols rstp interface ae1 mode point-to-point
set protocols rstp bpdu-block-on-edge
set multi-chassis multi-chassis-protection 3.3.3.1 interface ae0
set switch-options service-id 1





Server (in this case shown via vQFX-RE):
set vlans v100 vlan-id 100
set vlans v500 vlan-id 500
set interfaces ae0 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae0 unit 0 family ethernet-switching vlan members v500
set interfaces ae0 unit 0 family ethernet-switching vlan members v100
set chassis aggregated-devices ethernet device-count 1
set interfaces xe-0/0/1 ether-options 802.3ad ae0
set interfaces xe-0/0/2 ether-options 802.3ad ae0
set protocols rstp interface ae0 edge
set protocols rstp interface ae0 mode point-to-point

When configuring MC-LAG always remember that the following settings must match on both Members of the MC-LAG:

LACP System-ID + Key
MC-AE ID + Mode
VLAN’s (ICL and Member VLAN’s)

 

The following settings must be unique for each Member of the MC-LAG:

MC-AE Chassis-ID + Status Control
ICCP IP (Local) and Peer IP (who would have guessed this…)
MC-LAG Protection 

 

I will give you more explanation on this Topic later because as you might have heard my JNCIE-DC is booked for the 14th of February (therefore not so much time to write detailed Blogposts) and time is slowly running away… Okay just kidding – time just took a SPRINT towards my deadline… However, my beard looks fine so far…

Update 15.02.2019:
It can happen, that your vQFX-Devices all have the same MAC! Therefore (as a workaround) you can set the irb-mac static on one of the MC-LAG “Core” Devices:

set interfaces irb unit 500 mac 00:00:00:00:00:05

This way your MC-LAG will come up as expected 😉

6 thoughts on “MC-LAG on vQFX (EVE-NG)

  1. Colin

    What version are you running in Eve? I’m having a heck of a time with 18.4r2 and 19.4r2 +don’t recall the rev/spin versions).

    Reply
    1. christianscholz Post author

      That was done with 17.4
      18.4 and 19.4 seem to have some bugs that I’m currently investigating.

      Reply
  2. Simon

    Thank you for a great post. Being new to the concept of MC-LAG with Juniper (and likewise for other vendors e.g. vPC) I have two questions:

    Q1) Would you expect to see “live traffic” from the vQFX-RE (the server) to cross the ICCP link ae0 between vQFX-RE7 and vQFX-RE8 or just control traffic to keep the MC-LAG up? I am asking to see if there are special requirements when sizing the ICCP links, for either path redundancy of to guarantee that traffic can do east-west without congestion.

    Q2) I have read and you mention that your VLANs must always match on both devices (vQFX-RE7 and vQFX-RE8 in this case), but what happens if you need to add a VLAN, will it take the MC-LAG down and blackhole the traffic toward the server? Assuming you do one device at a time, you will have a short inconsistency. Is there any mechanism to avoid this, such as a way to replicate the settings?

    Thank you for your insightful posts, you are one of the few blogs that is really helping people out there even if we do not always comment articles!

    Reply
    1. christianscholz Post author

      Hi Simon,
      on the ICCP you should only see “Control Traffic” to keep the MC-LAG up.
      The User-Traffic will flow across the ICL if needed.

      If you forget to add the vlan on the other side, traffic for that vlan will not work. If your MC-LAG is running over this vlan, it will not show as “up”.
      Usually, you configure MC-LAG once and only add “new” VLANs after some time – the traffic inside the already used VLANs will not be interrupted.
      You can also configure “commit synchronize” depending on the model you use: https://www.juniper.net/documentation/en_US/junos/topics/concept/mc-lag-feature-additional-concepts.html
      This helps to address exactly what you mentioned 🙂

      –Christian

      Reply
  3. pg007

    Does eve-ng needs to be configured to allow 802.1d to pass across the bridge or the install will work without any kernel modification? I am running 18.2 and having problem on getting LAG to be up/up.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Captcha * Time limit is exhausted. Please reload CAPTCHA.