Relentless Coding

A Developer’s Blog

EtherChannel

Let’s have a look at how we can use redundant layer-2 links between 2 Cisco devices.

Benefits of Using EtherChannel

A layer-2 EtherChannel aggregates up to 8 links. This provides redundancy, because 1 of the links can fail or go down, and traffic will still flow over the other links. It also provides greater bandwidth, which is especially important over a trunk link, such as in a Router-on-a-Stick (ROAS) configuration.

Without an EtherChannel, the redundant links would still work and, in case of a link failure, the other link would spring into action. But STP would block all but 1 link. So, in order to increase bandwidth, we need EtherChannel.

Configure a Layer-2 EtherChannel

Let’s create a layer-2 EtherChannel between a multilayer switch called L3 and a switch. First, a couple of things should match on the physical ports, specifically:

  1. speed
  2. duplex
  3. switchport access vlan <n> and
  4. spanning-tree cost <n>
L3(config)#int range f 0/1-2
L3(config)#speed auto
L3(config)#duplex auto
L3(config)#mdix auto
L3(config-if-range)#channel-group 1 mode ?
  active     Enable LACP unconditionally
  auto       Enable PAgP only if a PAgP device is detected
  desirable  Enable PAgP unconditionally
  on         Enable Etherchannel only
  passive    Enable LACP only if a LACP device is detected

Confusingly, you configure EtherChannels from global config mode under channel-group.

A channel-group takes a number. These numbers do not need to be the same on both sides of the link.

We can let the devices negotiate the EtherChannel by using Cisco’s proprietary PAgP or the standard LACP. Make sure to use the same protocol on both ends of the links. LACP active and PAgP desirable initiate link aggregation. LACP passive and PAgP auto will create an EtherChannel if the other end initiates it but will do nothing otherwise. on always creates the EtherChannel regardless of what the other end does. I do not think this should be used, though, because you might forget to configure the other end. The result will be that you have a device that load balances over 2 links, while the other end treats them as separate links. This might result in STP blocking a port, out-of-order packets and layer-2 loops (in short, an unstable network).

L3(config-if-range)#channel-group 1 mode active
Creating a port-channel interface Port-channel 1
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up

Verify that the port-channel got created and is working:

L3#sh ether summary
Flags:  D - down        P - in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      f - failed to allocate aggregator
        u - unsuitable for bundling
        w - waiting to be aggregated
        d - default port

Number of channel-groups in use: 1
Number of aggregators:           1

Group  Port-channel  Protocol    Ports
------+-------------+-----------+----------------------------------------------

1      Po1(SD)           LACP   Fa0/1(I) Fa0/2(I)

This is not good. The Port-channel indicates the link is down. That is because we have not configured the other side yet. Yet another indication is the spanning-tree status, where our port-channel does not show up and instead we see the composing interfaces Fa0/1 and Fa0/2.

#sh spanning-tree 
VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    32769
             Address     0001.640A.DB74
             Cost        19
             Port        1(FastEthernet0/1)
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     0001.649C.A46E
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  20

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1            Root FWD 19        128.1    P2p
Fa0/2            Altn BLK 19        128.2    P2p

Let’s configure our switch:

Switch(config)#int range f 0/1-2
Switch(config-if-range)#channel-group 1 mode passive
Creating a port-channel interface Port-channel 1
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up
%SYS-5-CONFIG_I: Configured from console by console
%LINK-5-CHANGED: Interface Port-channel1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up

The console message inform us that the EtherChannel was created and that it is up.

Verify:

L3#sh etherchannel summary 
! ... snip ...
Number of channel-groups in use: 1
Number of aggregators:           1

Group  Port-channel  Protocol    Ports
------+-------------+-----------+----------------------------------------------
1      Po1(SU)           LACP   Fa0/1(P) Fa0/2(P)

If this is indeed a trunk port, we ensure that trunking is enabled.

First, configure both ends:

L3(config)#int port-channel 1
L3(config-if)#switchport trunk encapsulation dot1q
L3(config-if)#switchport mode trunk

Switch(config)#int port-channel 1
L3(config-if)#switchport mode trunk

Notice that switchport trunk encapsulation dot1q is not necessary (or even available) on a 2940 switch.

Verify both ends:

L3#sh int trunk
Port        Mode         Encapsulation  Status        Native vlan
Po1         on           802.1q         trunking      1 

Switch#sh int trunk
Port        Mode         Encapsulation  Status        Native vlan
Po1         on           802.1q         trunking      1

Load Balancing

The device needs a way to determine which link to use to send PDUs over. It could look at the destination MAC address for example. If we have a total of 2 redundant links, it looks at the last bit of the MAC address. This could be either a 0 or a 1. If the last bit is 0, it sends it over one link, if the bit is 1, it will send it over the other. We want these bits to be as random as possible so that both links are utilized equally. We can do this by setting the load balancing algorithm, such as src-dst-mac:

Router(config)#port-channel load-balance ?
dst-ip       Dst IP Addr
dst-mac      Dst Mac Addr
src-dst-ip   Src XOR Dst IP Addr
src-dst-mac  Src XOR Dst Mac Addr
src-ip       Src IP Addr
src-mac      Src Mac Addr