Arista EOSでMLAG(Multi-chassis Link Aggregation)を設定する方法を説明します。MLAGとは文字通り、ピアとなる2台の機器(Multi-chassis)でLing Aggregtionを実現する機能です。細かな実装はベンダーによって異なりますが、いずれのベンダーでもピアとなる機器の間には設定を同期するためのリンクが必要です。
- Arista vEOSの基本的な使い方
- Arista cEOSの基本的な使い方
- Arista cEOS docker-composeを使った操作例
- Arista cEOS docker-topoを使った操作例
- Arista EOSの基本操作 SSHログインが出来るようになるまで
- Arista EOS vxlanの設定紹介
- Arista EOS Layer2 EVPNの設定紹介
- Arista EOS Layer3 EVPNの設定紹介
- Arista EOS Layer3 EVPNとダイナミックルーティングの併用
- Arista EOS MLAGの設定方法 (いまここ)
- Arista EOS 実践的なvxlan設定
- Arista EOS 実践的なLayer2 EVPN設定
- Arista EOS アップリンク二重障害の対応
- Arista EOS 実践的なLayer3 EVPN設定
- Arista EOS 実践的なEVPNとダイナミックルーティング併用例
- Arista EOS ゼロタッチプロビジョニングの設定
構成図
以下の環境で動作確認を行います。
+------------------------------+ +------------------------------+
| leaf01 |e3 e3| leaf02 |
| Lo0:10.1.1.1/32 +-------+ Lo0:10.2.2.2/32 |
| vlan12:192.168.12.1/24 | | vlan12:192.168.12.2/24 |
| vlan70:192.168.70.254/24 | | vlan70:192.168.70.254/24 |
| vlan71:192.168.71.254/24 | | vlan71:192.168.71.254/24 |
+-------------+----------------+ +-------------+----------------+
e4 | trunk e4 | trunk
| |
e1 | trunk |
+-------------+----------------+ |
| host07 | e4 |
| vlan70:192.168.70.7/24 +---------------------+
| vlan71:192.168.71.7/24 | trunk
| Lo0:10.77.77.77/32 |
+------------------------------+
初期設定
初期設定はマネジメントポートに対するIPアドレス設定のみです。
動作確認
MLAG同期用のvlanインターフェース作成
MLAG同期用のvlanインターフェースを作成します。
# leaf01 vlan 12 ! interface Vlan12 ip address 192.168.12.1/24 # leaf01 vlan 12 ! interface Vlan12 ip address 192.168.12.2/24
ワタリとなるリンクに対しては、MLAGとなるvlanだけでなくリーフスイッチ配下に収容されるvlanも併せて許可します。
switch trunk allowed vlanは必須設定ではありません。手堅い設定を求めない方は省略しても差し支えございません。
# leaf01 interface Ethernet3 switchport trunk allowed vlan 12,70-71 switchport mode trunk # leaf02 interface Ethernet3 switchport trunk allowed vlan 12,70-71 switchport mode trunk
leaf01とleaf02の間で互いに疎通可能である事を確認します。
leaf01#ping 192.168.12.2 PING 192.168.12.2 (192.168.12.2) 72(100) bytes of data. 80 bytes from 192.168.12.2: icmp_seq=1 ttl=64 time=4.29 ms 80 bytes from 192.168.12.2: icmp_seq=2 ttl=64 time=3.24 ms 80 bytes from 192.168.12.2: icmp_seq=3 ttl=64 time=3.17 ms 80 bytes from 192.168.12.2: icmp_seq=4 ttl=64 time=3.17 ms 80 bytes from 192.168.12.2: icmp_seq=5 ttl=64 time=3.17 ms --- 192.168.12.2 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 16ms rtt min/avg/max/mdev = 3.172/3.412/4.296/0.442 ms, ipg/ewma 4.106/3.837 ms leaf01#
MLAG設定
MLAGの設定を投入します。domai-idはMLAGピアの間で同じ値を設定する必要があります。
# leaf01 mlag configuration domain-id domain12 local-interface Vlan12 peer-address 192.168.12.2 peer-link Ethernet3 # leaf02 mlag configuration domain-id domain12 local-interface Vlan12 peer-address 192.168.12.1 peer-link Ethernet3
MLAGの状態がActiveとなっている事を確認します。
leaf01#show mlag
MLAG Configuration:
domain-id : domain12
local-interface : Vlan12
peer-address : 192.168.12.2
peer-link : Ethernet3
peer-config : consistent
MLAG Status:
state : Active
negotiation status : Connected
peer-link status : Up
local-int status : Up
system-id : 02:50:56:03:94:09
dual-primary detection : Disabled
dual-primary interface errdisabled : False
MLAG Ports:
Disabled : 0
Configured : 0
Inactive : 0
Active-partial : 0
Active-full : 0
leaf01#
定期的にconfig-sanityを確認しましょう。MLAGのピアとなるデバイス同士は同一のvlanを設定する事が望まれます。特に異常(inconsistencies)が見られない場合は、以下のような出力になります。
leaf01#show mlag config-sanity No global configuration inconsistencies found. No per interface configuration inconsistencies found. leaf01#
異常(inconsistencies)がある場合は、以下のように非対称になっているvlanなどが出力されます。
leaf01#show mlag config-sanity
No per interface configuration inconsistencies found.
Global configuration inconsistencies:
Feature Attribute Local value Peer value
-------------- --------------------------- ----------------- ----------
bridging admin-state vlan 333 active -
bridging mac-learning vlan 333 True -
leaf01#
Link Aggregationの設定
MLAGの設定はLAG(Link Aggregation)とほぼ同じです。ピアとなる機器同士でMLAGを構成するポートに「mlag 4」のように同一のIDを付与するのが、MLAGとLAGの唯一の違いです。
ESXiのvSwitchを用いた動作確認のためstaticな設定(channel-group XX mode on)にしています。LACPフレームはvSwitchを経由させる事はできません。
# leaf01 interface Ethernet4 switchport trunk allowed vlan 70-71 switchport mode trunk channel-group 4 mode on ! interface Port-Channel4 switchport trunk allowed vlan 70-71 switchport mode trunk mlag 4 # leaf02 interface Ethernet4 switchport trunk allowed vlan 70-71 switchport mode trunk channel-group 4 mode on ! interface Port-Channel4 switchport trunk allowed vlan 70-71 switchport mode trunk mlag 4 # host07 interface Ethernet1,2 switchport trunk allowed vlan 70-71 switchport mode trunk channel-group 12 mode on ! interface Port-Channel12 switchport trunk allowed vlan 70-71 switchport mode trunk
リーフスイッチから見て、MLAGがUP状態である事を確認します。
leaf01#show port-channel summary
Flags
------------------------ ---------------------------- -------------------------
a - LACP Active p - LACP Passive * - static fallback
F - Fallback enabled f - Fallback configured ^ - individual fallback
U - In Use D - Down
+ - In-Sync - - Out-of-Sync i - incompatible with agg
P - bundled in Po s - suspended G - Aggregable
I - Individual S - ShortTimeout w - wait for agg
E - Inactive. The number of configured port channels exceeds the config limit
Number of channels in use: 1
Number of aggregators: 1
Port-Channel Protocol Ports
------------------ -------------- ---------------
Po4(U) Static Et4(P) PEt4(P)
leaf01#
ホストから見てLAGがUP状態である事を確認します。
host07#show port-channel summary
Flags
------------------------ ---------------------------- -------------------------
a - LACP Active p - LACP Passive * - static fallback
F - Fallback enabled f - Fallback configured ^ - individual fallback
U - In Use D - Down
+ - In-Sync - - Out-of-Sync i - incompatible with agg
P - bundled in Po s - suspended G - Aggregable
I - Individual S - ShortTimeout w - wait for agg
E - Inactive. The number of configured port channels exceeds the config limit
Number of channels in use: 1
Number of aggregators: 1
Port-Channel Protocol Ports
------------------ -------------- --------------
Po12(U) Static Et1(P) Et2(P)
host07#
疎通確認用 IPアドレスの付与
疎通確認用途のIPアドレスを付与します。LAGの構成となる場合は、host07からの通信がleaf01に向くかleaf02に向くかは不定です。どちらに向いてもMACアドレスが同じになるよう、ip virtual-router mac-addressコマンドでMACアドレスを固定します。
# leaf01 vlan 70,71 ! ip routing ! interface Vlan70 ip address 192.168.70.1/24 ip virtual-router address 192.168.70.254 ! interface Vlan71 ip address 192.168.71.1/24 ip virtual-router address 192.168.71.254 ! ip virtual-router mac-address 00:00:00:00:00:0a # leaf02 vlan 70,71 ! ip routing ! interface Vlan70 ip address 192.168.70.2/24 ip virtual-router address 192.168.70.254 ! interface Vlan71 ip address 192.168.71.2/24 ip virtual-router address 192.168.71.254 ! ip virtual-router mac-address 00:00:00:00:00:0a # host07 vlan 70,71 ! interface Vlan70 ip address 192.168.70.7/24 ! interface Vlan71 ip address 192.168.71.7/24
疎通確認 正常系
host07からleaf01とleaf02が共有するIPアドレス宛にping疎通を確認します。
host07#ping 192.168.70.254 PING 192.168.70.254 (192.168.70.254) 72(100) bytes of data. 80 bytes from 192.168.70.254: icmp_seq=1 ttl=64 time=4.12 ms 80 bytes from 192.168.70.254: icmp_seq=2 ttl=64 time=3.58 ms 80 bytes from 192.168.70.254: icmp_seq=3 ttl=64 time=3.13 ms 80 bytes from 192.168.70.254: icmp_seq=4 ttl=64 time=3.01 ms 80 bytes from 192.168.70.254: icmp_seq=5 ttl=64 time=3.03 ms --- 192.168.70.254 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 16ms rtt min/avg/max/mdev = 3.019/3.380/4.127/0.429 ms, ipg/ewma 4.043/3.729 ms host07# host07# host07#ping 192.168.71.254 PING 192.168.71.254 (192.168.71.254) 72(100) bytes of data. 80 bytes from 192.168.71.254: icmp_seq=1 ttl=64 time=4.07 ms 80 bytes from 192.168.71.254: icmp_seq=2 ttl=64 time=3.11 ms 80 bytes from 192.168.71.254: icmp_seq=3 ttl=64 time=3.36 ms 80 bytes from 192.168.71.254: icmp_seq=4 ttl=64 time=3.14 ms 80 bytes from 192.168.71.254: icmp_seq=5 ttl=64 time=3.17 ms --- 192.168.71.254 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 16ms rtt min/avg/max/mdev = 3.111/3.373/4.077/0.365 ms, ipg/ewma 4.088/3.712 ms host07#
leaf01, leaf02のMACアドレスがip virtual-router mac-addressコマンドで指定した値になっている事を確認します。
host07#show arp Address Age (sec) Hardware Addr Interface 192.168.70.1 0:04:06 0050.5603.9409 Vlan70, Port-Channel12 192.168.70.2 0:02:38 0050.561b.0c4b Vlan70, Port-Channel12 192.168.70.254 0:00:58 0000.0000.000a Vlan70, Port-Channel12 192.168.71.254 0:00:38 0000.0000.000a Vlan71, Port-Channel12 host07#
疎通確認 障害系
host07 e1障害発生時でも疎通に問題ない事を確認します。
host07(config)#int e1 host07(config-if-Et1)#shut host07(config-if-Et1)#Oct 10 10:25:45 host07 Ebra: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet1, changed state to down Oct 10 10:25:45 host07 Lag: %LAG-5-MEMBER_REMOVED: Interface Ethernet1 has left Port-Channel12 due to: not link up host07(config-if-Et1)# host07(config-if-Et1)# host07(config-if-Et1)# host07(config-if-Et1)#ping 192.168.70.254 PING 192.168.70.254 (192.168.70.254) 72(100) bytes of data. 80 bytes from 192.168.70.254: icmp_seq=1 ttl=64 time=4.97 ms 80 bytes from 192.168.70.254: icmp_seq=2 ttl=64 time=3.59 ms 80 bytes from 192.168.70.254: icmp_seq=3 ttl=64 time=3.41 ms 80 bytes from 192.168.70.254: icmp_seq=4 ttl=64 time=3.37 ms 80 bytes from 192.168.70.254: icmp_seq=5 ttl=64 time=3.39 ms --- 192.168.70.254 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 19ms rtt min/avg/max/mdev = 3.378/3.750/4.973/0.616 ms, ipg/ewma 4.763/4.336 ms host07(config-if-Et1)#
host07 e2障害発生時でも疎通に問題ない事を確認します。
host07(config)#int e1 host07(config-if-Et1)#no shut host07(config-if-Et1)#Oct 10 10:26:13 host07 Ebra: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet1, changed state to up Oct 10 10:26:13 host07 Lag: %LAG-5-MEMBER_ADDED: Interface Ethernet1 has joined Port-Channel12 host07(config-if-Et1)#Oct 10 10:26:15 host07 Lldp: %LLDP-5-NEIGHBOR_NEW: LLDP neighbor with chassisId 0050.5603.9409 and portId "Ethernet4" added on interface Ethernet1 host07(config-if-Et1)# host07(config-if-Et1)# host07(config-if-Et1)# host07(config-if-Et1)#int e2 host07(config-if-Et2)#shut Oct 10 10:26:32 host07 Ebra: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet2, changed state to down host07(config-if-Et2)#Oct 10 10:26:32 host07 Lag: %LAG-5-MEMBER_REMOVED: Interface Ethernet2 has left Port-Channel12 due to: not link up host07(config-if-Et2)# host07(config-if-Et2)# host07(config-if-Et2)#ping 192.168.70.254 PING 192.168.70.254 (192.168.70.254) 72(100) bytes of data. 80 bytes from 192.168.70.254: icmp_seq=1 ttl=64 time=6.66 ms 80 bytes from 192.168.70.254: icmp_seq=2 ttl=64 time=5.74 ms 80 bytes from 192.168.70.254: icmp_seq=3 ttl=64 time=3.13 ms 80 bytes from 192.168.70.254: icmp_seq=4 ttl=64 time=3.13 ms 80 bytes from 192.168.70.254: icmp_seq=5 ttl=64 time=4.13 ms --- 192.168.70.254 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 26ms rtt min/avg/max/mdev = 3.132/4.563/6.668/1.421 ms, ipg/ewma 6.500/5.549 ms host07(config-if-Et2)#
