Solved: Re: VSS & vPC & load balancing

slonik220393 · ‎03-18-2019

Good day, comrades. There is a configuration shown below and there is a problem with port-channel balancing (LACP). LACP is well assembled, it handles emergency situations, but sends traffic from 6509 to N5k using only one link, while N5k sends traffic to all active links. Any ideas on this issue or is this the expected behavior of VSS?

6509_VSS:

c6509_2_Mol9#sh etherchannel summary
30     Po30(SU)        LACP      Te1/1/13(P)    Te2/1/1(P)    

c6509_2_Mol9#sh int po30 etherchannel 
Port-channel30   (Primary aggregator)

Age of the Port-channel   = 10d:11h:28m:14s
Logical slot/port   = 46/5          Number of ports = 2
HotStandBy port = null 
Port state          = Port-channel Ag-Inuse 
Protocol            =   LACP
Port security       = Disabled
Fast-switchover     = disabled
Fast-switchover Dampening = disabled
Load share deferral = disabled   
Is fex host PO    = FALSE

Ports in the Port-channel: 

Index   Load      Port          EC state       No of bits
------+------+------------+------------------+-----------
 1      FF         Te1/1/14             Active   8
 0      FF          Te2/1/1             Active   8

c6509_2_Mol9#sh run int po30
interface Port-channel30
description to_N5k
switchport
switchport mode trunk
switchport trunk allowed vlan 15,22,33,54,101,103,110,310,350-354,790,791,813
switchport trunk allowed vlan add 814,820-822,825-828
end

c6509_2_Mol9#sh run int Te1/1/14
interface TenGigabitEthernet1/1/14
description to_N5k
switchport
switchport mode trunk
switchport trunk allowed vlan 15,22,33,54,101,103,110,310,350-354,790,791,813
switchport trunk allowed vlan add 814,820-822,825-828
channel-group 30 mode active
end

c6509_2_Mol9#sh run int Te2/1/1 
description to_N5k
switchport
switchport mode trunk
switchport trunk allowed vlan 15,22,33,54,101,103,110,310,350-354,790,791,813
switchport trunk allowed vlan add 814,820-822,825-828
channel-group 30 mode active
end

With the same settings, but on the interfaces of one line card:

c6509_2_Mol9#sh int po30 etherchannel 
Port-channel30   (Primary aggregator)

Age of the Port-channel   = 10d:11h:28m:49s
Logical slot/port   = 46/5          Number of ports = 2
HotStandBy port = null 
Port state          = Port-channel Ag-Inuse 
Protocol            =   LACP
Port security       = Disabled
Fast-switchover     = disabled
Fast-switchover Dampening = disabled
Load share deferral = disabled   
Is fex host PO    = FALSE

Ports in the Port-channel: 

Index   Load      Port          EC state       No of bits
------+------+------------+------------------+-----------
 0      53         Te1/1/13             Active   4
 1      AC         Te1/1/14             Active   4

Time since last port bundled:    0d:00h:00m:01s    Te1/1/13    
Time since last port Un-bundled: 0d:00h:00m:20s    Te2/1/1

N5k_1/2:

N5kML9_1.1_3_1# sh port-c su
30    Po30(SU)    Eth      LACP      Eth1/1(P)     

N5kML9_1.1_3_1# sh run int po30
interface port-channel30
  description To_C6500
  switchport mode trunk
  switchport trunk allowed vlan 15,22,33,54,101,103,110,310,350-354,790-791,813-814,820-822,825-828,1999
  spanning-tree bpdufilter enable
  vpc 30

N5kML9_1.1_3_1# sh run int et1/1
interface Ethernet1/1
  description To_C6500
  switchport mode trunk
  switchport trunk allowed vlan 15,22,33,54,101,103,110,310,350-354,790-791,813-814,820-822,825-828,1999
  channel-group 30 mode active

Seb Rupik · ‎03-18-2019

Ah OK. I see your problem.

On a 6500 in VSS, last time I checked if a port-channel has member links in both chassis, traffic would always leave via the local link and not traverse the VSL link in order to correctly load-balance the traffic.

This must be a symptom of how your VSS pair are connected to the rest of the network. One chassis is routing most of the traffic for those trunk link VLANs and is therefore using just is local port-channel link.

cheers,

Seb.

View solution in original post

Seb Rupik · ‎03-18-2019

Hi there,

Sounds like either end of the port-channel might be using different hashing alogorithms. What is the output of:

on the 6509: show etherch load-bal

on the nexus: show port-channel load-balance

Also it is worth considering the type of traffic passing over this link and tuning the hash algorithm it suit. Which of the two devices does the routing for the bulk of these VLANs?

cheers,

Seb.

slonik220393 · ‎03-18-2019

At the moment, the balancing is set like this, but I know that it’s not quite right. Yes, and changed the methods of balancing, it does not change the situation.

6500:

c6509_2_Mol9#sh etherch load
EtherChannel Load-Balancing Configuration:
        src-dst-ip enhanced
        mpls label-ip

EtherChannel Load-Balancing Addresses Used Per-Protocol:
Non-IP: Source XOR Destination MAC address
  IPv4: Source XOR Destination IP address
  IPv6: Source XOR Destination IP address
  MPLS: Label or IP

N5k:

N5kML9_1.1_3_1# sh port-c load-balance 

Port Channel Load-Balancing Configuration:
System: source-dest-ip

Port Channel Load-Balancing Addresses Used Per-Protocol:
Non-IP: source-dest-mac
IP: source-dest-ip source-dest-mac

Most of the vlans are routed from the 6500 side.

Nevertheless, I do not understand the method of calculating RBH for interfaces on different VSS switches, because for interfaces within one switch everything is considered correct.

Seb Rupik · ‎03-18-2019

Ah OK. I see your problem.

On a 6500 in VSS, last time I checked if a port-channel has member links in both chassis, traffic would always leave via the local link and not traverse the VSL link in order to correctly load-balance the traffic.

This must be a symptom of how your VSS pair are connected to the rest of the network. One chassis is routing most of the traffic for those trunk link VLANs and is therefore using just is local port-channel link.

cheers,

Seb.