Some time ago, I posted on the configuration of an IRF independent resilient fabric with the HPE Flex Fabric FF5700 datacenter switches. During the operation some things arose to my attention which either have been corrected or perhaps not necessarily clear from the first place.
1.) Activate MAD
There needs to be a mechanism to detect multiple actives. This could be considered something like a quorum for the switch-cluster, intended to prohibit split brains. In my case I preferred to do so with LACP. This brings MAD (Multiple Active Detection) to the layer two and is rather simple. It should be configured on an appropriate Bridge Aggregation Group – resulting in an configuration like:
interface Bridge-Aggregation1
description DOWNLINK_SOMESTRANGESWITCH_WITH_MAD_ENABLED_ON_THE_SAME_LAG
port link-type trunk
port trunk permit vlan all
link-aggregation mode dynamic
mad enable
so specifically pay attention to the last command:
mad enable
Important is to activate MAD on both sides of the switch-to-switch connection and spread the LAG to more than one cluster member. Nevertheless this is easy to use and works quickly.
Alternatively there is a method on Layer 3 – so called BFD-MAD referring to Bidirectional Forwarding Detection – available. Nevertheless I decided against this option since this is often conflicting with STP and according dependencies are hard to cover. I got the impression this is error prone within a network whose topology is contignously changed.
2.) Two Node Cluster Topology
Seems I was unclear on this one prviously, but I got some feedback here. To be 100% precise the Two Node IRF is in difference to any other IRF configuration no ring. According to my experience it can’t be, allthough the configuration seems to work in the first place.
Even worse – The configuration needs to connect IRF port 1/1
on Member 1
to IRF port 2/2
on Member 2
. There is no other way, which will work reliable, allthough the configuration might be accepted. Technically after the appropriate configuration the IRF link status should look similar to this:
[COREIRF]display irf link
Member 1
IRF Port Interface Status
1 Ten-GigabitEthernet1/0/1 UP
Ten-GigabitEthernet1/0/2 UP
Ten-GigabitEthernet1/0/3 UP
Ten-GigabitEthernet1/0/4 UP
2 disable --
Member 2
IRF Port Interface Status
1 disable --
2 Ten-GigabitEthernet2/0/1 UP
Ten-GigabitEthernet2/0/2 UP
Ten-GigabitEthernet2/0/3 UP
Ten-GigabitEthernet2/0/4 UP
and the according topology shows:
[COREIRF]display irf topology
Topology Info
-------------------------------------------------------------------------
IRF-Port1 IRF-Port2
MemberID Link neighbor Link neighbor Belong To
2 DIS --- UP 1 00e0-fc0f-8c02
1 UP 2 DIS --- 00e0-fc0f-8c02
You may notice that the according ports IRF port 1/2
and IRF port 2/1
are shown either disable
or DIS
.
This is definitely the working setup allthoug with four links you might conveniently configure a ring with even redundant links.
So far these are my major two points to follow up on FF5700 IRF configurations.
K.y.p. Frank