Using LACP to create a backup link

Background

Let’s say you have a layer 2 firewall and you wish traffic to still be forwarded in the event it fails. One way of achieving this is to use LACP and limit the number of links in the path to one.

Diagram

Config

! SWITCH1
interface po1
lacp fast-switchover
lacp max-bundle 1
!
interface Gi0/1
channel-protocol lacp
channel-group 1 mode active
!
interface Gi0/2
channel-protocol lacp
channel-group 1 mode active
lacp port-priority 65535 
!
!SWITCH2
interface po2
lacp fast-switchover
lacp max-bundle 1
!
interface Gi0/1
channel-protocol lacp
channel-group 2 mode active
!
interface Gi0/2
channel-protocol lacp
channel-group 2 mode active
lacp port-priority 65535
!

Notes

  • The max-bundle command specifies how many active links the channel-group can have, we limit this to one.
  • With LACP the priority is a 16 bit number, note that the range is 1 – 64535, no zero for some reason. The default it 32768 (half way up) and a higher priority is worse, so setting the priority on port Gi0/2 on each box to 65535 means those ports won’t be used by default.
  • We use lacp fast-switchover for obvious reasons.

Switch1 and Switch2 can be the same device if you use a different VLAN on each etherchannel interface. The frames will get de-tagged when entering Po10 and re-tagged in a different VLAN on ingress to Po20 but that hardly matters as the L2 headers will get stripped right away when they are routed. We do this on our Internet routers to allow us to put a passive tap on our traffic.

Thoughts

This is a nice little trick I’ve seen used when the vendor doesn’t provide a fail active solution. It is reasonably simple and works well.

One thought on “Using LACP to create a backup link

  1. Jonathan Stewart

    This matches what i’m hoping to do exactly. What platforms is the ‘lacp max-bundle’ command supported on? I’m seeing on a 7609, but NOT on a Nexus 5020, 3750, 3750E.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *