Proper Trunk/Etherchannel LACP Configuration

Question

I'm working with LACP and trunks for the first time on a 10.1.0 LTM box. I have read the TMOS Config Guide, and there is some ambiguity around the proper way to configure LACP between the trunk and the etherchannel on the switch. 
&nbsp;  
&nbsp; First, is it better to have the Cisco run Active and the LTM Passive? Cisco Passive and LTM Active? Or both Active? 
&nbsp;  
&nbsp; I (finally) have this working with the Cisco Active and the LTM Passive. But if I display the etherchannel details, the output shows the Cisco is sending "Slow LACPDUs". Network traces show that the frames are send at a frequency of ~7 seconds. Is there a way to increase this frequency? 
&nbsp;  
&nbsp; The TMOS Config Guide states the LTM can send these LACP frames every second using a Short Timeout. 
&nbsp;  
&nbsp; My preference is to send these frames every second. Assuming both sides should not be Active, that means the Cisco will need to run Passive. 
&nbsp;  
&nbsp; Or should they both run Active? The TMOS Config Guide isn't clear on this. I'd appreciate your input.

austin_geraci · Answer

Just to make sure, What's your channel-protocol on the cisco port configured as? 
&nbsp;  
&nbsp; I've always used active/active, it's reccomened...  
&nbsp;  
&nbsp; Not an end all doc to 802.3ad, but some info..  (from the below link) 
&nbsp;  
&nbsp; LACP trunking supports four modes of operation, as follows: 
&nbsp;  
&nbsp; On: The link aggregation is forced to be formed without any LACP negotiation .In other words, the switch will neither send the LACP packet nor process any incoming LACP packet. This is similar to the on state for PAgP. 
&nbsp;  
&nbsp; Off: The link aggregation will not be formed. We do not send or understand the LACP packet. This is similar to the off state for PAgP. 
&nbsp;  
&nbsp; Passive: The switch does not initiate the channel, but does understand incoming LACP packets. The peer (in active state) initiates negotiation (by sending out an LACP packet) which we receive and reply to, eventually forming the aggregation channel with the peer. This is similar to the auto mode in PAgP. 
&nbsp;  
&nbsp; Active: We are willing to form an aggregate link, and initiate the negotiation. The link aggregate will be formed if the other end is running in LACP active or passive mode. This is similar to the desirable mode of PAgP. 
&nbsp;  
&nbsp; There are only three valid combinations to run the LACP link aggregate, as follows: 
&nbsp;  
&nbsp; active 
&nbsp; active 
&nbsp; Comments- Recommended. 
&nbsp;   
&nbsp; active 
&nbsp; passive 
&nbsp; comments- Link aggregation occurs if negotiation is successful. 
&nbsp;   
&nbsp; on 
&nbsp; on 
&nbsp; comments- Link aggregation occurs without LACP. Although this works, it is not recommended. 
&nbsp;   
&nbsp; Note: By default, when an LACP channel is configured, the LACP channel mode is passive. 
&nbsp;  
&nbsp; http://www.cisco.com/en/US/tech/tk389/tk213/technologies_configuration_example09186a0080094470.shtml

hamish · Answer

I run all mine (That have channels configured) as active/active. FWIW as a comparison we run some ESX servers with etherchannel too. They have to run on/on because ESX doesn't do LACP... We have no end of troubles with ESX (Because there's no way for the switch and the host to detect cabling errors). 0 problems with BigIP and LACP... 
&nbsp;  
&nbsp; H

smp_86112 · Answer

The interfaces are configured in active mode - this is the running config of one interface in the group: 
&nbsp;  
&nbsp; interface FastEthernet0/21 
&nbsp;  switchport access vlan 100 
&nbsp;  switchport mode access 
&nbsp;  speed 100 
&nbsp;  duplex full 
&nbsp;  udld port 
&nbsp;  channel-group 10 mode active 
&nbsp; end 
&nbsp;  
&nbsp; What I'm hearing is that I should be running Active/Active with a Short LTM Timeout. It doesn't appear there is any way to change the Cisco timeout on a 3550?

austin_geraci · Answer

Nice tip on the ESX servers...  
&nbsp;  
&nbsp; Can you post your port channel config as well please please? 
&nbsp;  
&nbsp; Is this working for you?  Your switchport mode should be trunk...

smp_86112 · Answer

Thanks for asking. It seems to be working from my perspective. By that, I mean it is behaving how I would expect. We can shut one port in the channel without disruption, and shutting down both ports triggers VLAN Failsafe. This is the running config of the channel and both ports - we are not using tagged interfaces on the LTM side: 
&nbsp;  
&nbsp; interface Port-channel10 
&nbsp;  switchport access vlan 100 
&nbsp;  switchport mode access 
&nbsp; end 
&nbsp;  
&nbsp; interface FastEthernet0/21 
&nbsp;  switchport access vlan 100 
&nbsp;  switchport mode access 
&nbsp;  speed 100 
&nbsp;  duplex full 
&nbsp;  udld port 
&nbsp;  channel-group 10 mode active 
&nbsp; end 
&nbsp;  
&nbsp; interface FastEthernet0/23 
&nbsp;  switchport access vlan 100 
&nbsp;  switchport mode access 
&nbsp;  speed 100 
&nbsp;  duplex full 
&nbsp;  udld port 
&nbsp;  channel-group 10 mode active 
&nbsp; end

Forum Discussion

Proper Trunk/Etherchannel LACP Configuration

Recent Discussions

AS3 Limitations

Diameter iRules attachment?

Help needed with iRule (connection closed log )

Use of SSL Decryption.

VLAN Failsafe Functionality

Related Content

F5 BIG-IP Advanced WAF – DOS profile configuration options.

Maintaining BIG-IP's Golden Compliance Configuration in Financial Services

Configuring BIG-IP for Zone Transfer and DNSSEC

Certificate Expiry Email alert configuration

Virtual-wire Configuration and Troubleshooting

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS