Multi-switch Link Aggregation (MLAG)
The following topology has a pair of server clusters that are dual-homed to
a pair of VXLAN gateways with three tenants:
VXLAN Gateways with Three Tenants
Traffic from the tenant VMs that are part of an
MLAG (Multi-switch Link Aggregation Group) can hash
toward either gateway node. This can result in GW3 learning the same VM‘s MAC from different
VTEPs. To avoid MAC toggling on remote VTEPs, ExtremeXOS requires that users configure a
special local tunnel endpoint address on MLAG nodes that will be used for tenant
VLAN (Virtual LAN)s/VMANs that have MLAG ports.
For a configuration example, see Configuration Example for MLAG.
Additional considerations:
- Since the tenant VLAN/VMAN IDs can be reused, ExtremeXOS
needs to allow multiple VLANs/VMANs with the same tag to be dual homed using the same MLAG
peers. This requires tenant traffic be encapsulated over the ISC link to help distinguish
traffic from different tenant VLANs/VMANs.
- Only one copy of BUM traffic from a tenant VM should be forwarded to
the network.
- MLAG peers have a mechanism in place to block BUM traffic coming from
the network to not be sent back into the network through the other peers.
- When one of the MLAG peers loses connectivity to the underlay network,
reachability can be established through the ISC. This requires you to configure an underlay
VLAN that includes the ISC ports and run a routing protocol over the ISC. Using the correct
metric values ensures that this VLAN is not preferred by the peers to reach remote nodes
during steady state and would be used only when all other connectivity to the underlay
network is down.
Note
Multi-peer MLAG is not supported.
- MLAG with alternate IP configuration, disables the local MLAG ports when the MLAG peer is
alive, but the ISC port alone goes down. This feature is used to prevent duplication of
packets if MLAG peers are part of larger L2 domain. For VXLAN, MLAG peers connect to an L3
cloud on their upstream (northbound) interface and they share the same LTEP IP address.
Other VTEPs use L3 ECMP to send traffic to one of the MLAG peers. With an alternate IP
configured and ISC going down, traffic hashing towards an MLAG peer, which disabled its MLAG
ports, results in dropped traffic. So it is recommended not to configure MLAG alternate IP
feature on VXLAN VTEPs.
Note
In a VXLAN and MLAG environment where a node has two MLAG
peers, even when MLAG alternate IP address is not configured, traffic disruption likely
occurs when an ISC connection is lost between any of the MLAG peers.
- MLAG does not function if the Inter-Switch Connection (ISC)
port is added to an untagged tenant VMAN.