Deploying SD-WAN sites with Aggregate Ethernet LAN Interfaces

dmpostma

Deploying SD-WAN sites with Aggregate Ethernet LAN Interfaces

by Andrey Bazovkin

Version 1.0

Introduction

VOS allows to use Aggregate Ethernet interfaces (802.3ad) for LAN connectivity on SD-WAN routers with LACP or static bundling. General considerations for Aggregate Ethernet use cases are following:

All interfaces in a bundle must be configured for full-duplex, the same speed setting, and have the same physical layer.
It’s highly recommended to have the number of interfaces in a bundle, which is a power of 2, in order to have more even traffic distribution.
Depending on LAN side device capabilities, it’s recommended to use Link Aggregation Control Protocol (LACP) to negotiate an automatic bundling of interfaces over static bundling setup.

Workflow template creation

In order to create SD-WAN branch with Aggregate Ethernet LAN interfaces, you would need to create a branch workflow template using standard procedure for branch with single LAN interface, and then make several adjustments in device template, which we will cover in current article. If you already have workflow template, skip to Section 3 “Device template modification” . In a workflow template assign just one port as LAN interface:

(optional) If you have trunk interface on LAN side, and want to create several LAN Networks, do it here as well. For example:

All subsequent tabs in a workflow template refer to Network name, and not interface names, so you can complete them using your standard approach.

Device template modification

After you’ve created and deployed workflow template, go to Configuration->Templates->Device Templates, and open created Device template.

Interfaces modification

First you need to create new Aggregate Ethernet interface aeX (where X is between 0 and 31).

You may also want to enable LACP on this interface (if doing so, you need to enable it on the other side of the link as well). Default LACP parameters should fit for the majority of cases, however if needed, you can adjust System Priority, Max Links, Periodicity (slow/fast), Mode (active/passive). Add IP sub-interface to ae interface (or several sub-interfaces, if you have trunk):

If no-trunk or non-encapsulated sub-interface cases, select Unit number ‘0’, for all other cases select Unit number 1-4095 and fill corresponding VLAN ID. Add IP address for (each) sub-interface – you may also want to parameterize it using “gear” button, since it’s Device Template (and you can re-use the same variable name, which was used on regular interface).

If you have VRRP configured on LAN side, you need to reproduce its configuration on corresponding tab of sub-interface configuration. You can copy those data from existing LAN interface configuration. By default if generated by workflow, Group ID would be 1, priority 200 for primary router and 150 for secondary with preempt enabled.

Save newly created sub-interface and ae interface. Adjust existing LAN interface – switch it to be an Aggregate Member instead of existing IP sub-interface(s) configuration:

Optionally you may need to check Speed/Duplex configuration on this screen in “Others” section. All interfaces in a bundle must be configured for full-duplex and the same speed setting. Add remaining member interface(s) similar way:

Interface configuration is complete.

Networks modification

Switch to “Networks” section, and edit LAN Network members. Initially you will see already non-existing sub-interface of original vni LAN interface as the only member of LAN Network: Click on it, then remove existing vni-0/X.Y sub-interface, and add ae0/Z.Y to the list instead:

If you have trunk on LAN side with several LAN networks, you need to repeat the same procedure for all remaining LAN networks.

Network adjustment is completed.

VNF manager adjustment

If you had LAN interface permitted in VNF manager list (for example, if you selected LAN network as a Reachability way for at least one SNMP Manager in a workflow), then it’s mandatory to adjust VNF manager configuration as well in Device Template under Others->System->Configuration-> Configuration:

Remove any LAN vni-0/X.Y sub-interface(s) from this list and add ae0/Z.Y instead (however don’t change existing tvi in this list):

This should complete new Aggregate Ethernet interface configuration.

Additional notes

if you have non-standard DHCP Server or Relay configuration, bound to LAN interface instead of LAN Network (how workflow creates it), then you need to update it accordingly:

if you have IP-SLA Monitor using LAN interface as a source, you need to change this source to new ae0/Z.Y interface (available starting from 21.2 releases only)
QoS shaping and/or DSCP rewrite features are not supported on Aggregate Ethernet interfaces in a current 21.2 VOS release.

Aggregate Ethernet interface Verification

Aggregate Ethernet interface basic statistics can be seen similarly to other interfaces on VOS device, and more detailed information is available from device cli using ‘show aggregate-ethernet’ command. It will show aggregate and each member interface state:

admin@Branch-AE-cli> show aggregate-ethernet

Flags: D:Down U:Up d:Disabled
       I:Individual S:Standby P:ProtoDown

 AE-NAME   STATUS   PROTOCOL    MEMBERS
--------- -------- ---------- ------------------
  ae0        up        LACP       [ vni-0/4(U) vni-0/5(U) ]

Additional LACP statistics is available via ‘show lacp interfaces’ and ‘show lacp statistics’ cli commands:

admin@Branch-AE-cli> show aggregate-ethernet

Flags: D:Down U:Up d:Disabled
       I:Individual S:Standby P:ProtoDown

 AE-NAME   STATUS   PROTOCOL    MEMBERS
--------- -------- ---------- ------------------
  ae0        up        LACP       [ vni-0/4(U) vni-0/5(U) ]

Additional LACP statistics is available via ‘show lacp interfaces’ and ‘show lacp statistics’ cli commands:

admin@Branch-AE-cli> show lacp interfaces
AE    MEMBER
NAME  INTF     ROLE     EXP  DEF  DIST  COL  SYN  AGGR  TIMEOUT  ACTIVITY
---------------------------------------------------------------------------
ae0   vni-0/4  Partner  No   No   Yes   Yes  Yes  Yes   slow     Active
ae0   vni-0/4  Actor    No   No   Yes   Yes  Yes  Yes   slow     Active
ae0   vni-0/5  Partner  No   No   Yes   Yes  Yes  Yes   slow     Active
ae0   vni-0/5  Actor    No   No   Yes   Yes  Yes  Yes   slow     Active

admin@Branch-AE-cli> show lacp statistics
                                                              LACP      LACP
                           LACP   LACP  LACP  LACP    LACP    MARKER    MARKER    LACP     LACP
AE    MEMBER   LACP  LACP  RX     PDU   PDU   MARKER  MARKER  RESPONSE  RESPONSE  UNKNOWN  ILLEGAL
NAME  INTF     RX    TX    ERROR  RX    TX    RX      TX      RX        TX        RX       RX
----------------------------------------------------------------------------------------------------
ae0   vni-0/4  2     2     0      2     2     0       0       0         0         0        0
ae0   vni-0/5  2     2     0      2     2     0       0       0         0         0        0

Summary

In this article we’ve covered the process of adding Aggregate Ethernet LAN interfaces to SD-WAN branch, and eventual changes needed to be done in Device template to accomplish this. Tested VOS releases: 21.1, 21.2.

Deploying SD-WAN sites with Aggregate Ethernet LAN Interfaces