Etherchannel
Last updated
Last updated
EtherChannel allows you to group multiple physical interfaces into a group which operates as a single logical interface, so they behave as if they are a single interface.
ASW stands for access switch, which is a switch that end hosts like PCs and servers connect to.
DSW stands for distribution layer switch, which is a switch that access layer switches connect to.
![[stp problem.png]]
Let’s say there are 40 hosts connected to ASW1, and they are all trying to access the internet to do their work.
The network admin notices that the connection to DSW1 is congested, so he decides that he should add another link to increase the bandwidth, so it can support all of the end hosts.
Oversubscription : When bandwidth of the interfaces connected to end hosts is greater than the bandwidth of the connection to the distribution switch(es). Some oversubscription is acceptable, but too much will cause congestion.
Even with 4 links the congestion doesn’t seem any better.
In DSW1, all of the port lights are green. But in ASW1, of the links connected to DSW1, only one light is green, and the others are orange.
If you connect two switches together with multiple links, all except one will be disabled by spanning tree.
If all of ASW1’s interfaces were forwarding, Layer 2 loops would form between ASW1 and DSW1, leading to broadcast storms.
Other links will be unused unless the active link fails.
Although, it is good to have backup links, it’s a waste of bandwidth to have these three interfaces disabled, not forwarding any traffic.
By forming these four physical interfaces into one logical interface, EtherChannel can solve this problem, giving us both redundancy and increased bandwidth.
EtherChannel groups multiple interfaces together to act as a single interface.
After grouping these interfaces into an etherchannel, the link lights are all green.
STP will treat this group as a single interface and a Layer 2 won't form.
![[etherchannel.png]]
Broadcast frame from PC is flooded out all interfaces on ASW1 and DSW1 will only receive 1 copy.
Traffic using the EtherChannel will be load balanced among the physical interfaces in the group. An algorithm is used to determine which traffic will use which physical interface.
And DSW1 broadcasts the frame out of all interfaces except the one it was received on. So it isn’t forwarded back to ASW1, and no Layer 2 loop is formed.
It’s kind of like a single four-gigabit ethernet interface, instead of four separate gigabit ethernet interfaces.
The bandwidth of the four separate interfaces is combined to form one faster interface, a virtual four-gigabit interface.
**Difference between the physical characteristics and the logical or virtual characteristics : **
In VLANs, multiple PCs can all be connected to the same switch and therefore be in the same LAN, however VLANs virtually divide these PCs into separate virtual LANs, each behaving as a separate LAN.
Likewise, these interfaces exist as four separate physical interfaces, but now they form a single virtual interface.
Other names :
Port Channel
LAG (Link Aggregation Group)
Etherchannel load balances based on flows.
A flow is a communication between two nodes in the network. For example, between PC1 and SRV1.
![[etherchannel loadbalancing.png]]
(By the way, you usually won’t see a server or a printer connected directly to a DSW, these are also end hosts which should be connected to ASW.)
PC1 initiates an exchange of data with SRV1, and it sends a few frames to do so.
The frame is received by ASW1, and it will forward the frame out of the port channel to DSW1 (assuming it already knows the MAC address of SRV1).
There is an algorithm it uses to calculate which physical interface the traffic will actually be sent on.
Let’s say it determines 3rd interface in the channel should be used.
Now, when PC1 sends the next frame in the flow, in the communication between PC1 and SRV1, the same interface will be used to forward the traffic to SRV1.
Frames in the same flow will be forwarded using the same physical interface.
If frames in the same flow were forwarded using different physical interfaces, some frames may arrive at the destination out of order. Some applications can deal with frames arriving out of order, but some can’t.
Now, if PC1 wants to print something and initiates a separate communication flow with PR1, ASW1 will make a separate calculation to determine which physical interface will be used for the flow.
Say, it might determines 1st interface in the channel will be used for the flow. Just like before, when PC1 sends another frame in the flow, the same member interface of the etherchannel will be used to forward it.
If PC2 also wants to print something, it sends the first frame in the flow to ASW1, which will then do a calculation to determine which physical interface in the etherchannel will be used.
Source MAC address (All frames with the same source MAC address will always use the same interface in the etherchannel)
Destination MAC address (All frames with the same destination MAC address will always use the same physical interface)
Source AND destination MAC addresses (PC1 to SRV1 - certain interface, PC2 to SRV1 - certain interface, might be the same or different than the one used for PC1 to SRV1, PC1 to PR1 might use another different interface, etc)
Source IP address
Destination IP address
Source AND destination IP addresses.
based on the Layer 4 TCP or UDP port numbers.
Also, which methods the switch can use depends on the switch model, some may only support using the MAC addresses, some may support only MAC or IP addresses, and some may support all methods.
ASW1# show etherchannel load-balance
You can see the default for this model of switch is to load balance based on the source and destination IP addresses.
For example, all traffic from 10.0.0.1 with a destination of 10.0.0.2 will always use a certain physical interface within the etherchannel.
In the breakdown of the result, you can see the frames which encapsulate IP packets, whether IPv4 or IPv6, will be load-balanced based on the source and destination IP addresses.
At the top it says non-IP will use the source and destination MAC addresses, because if an IP packet isn’t encapsulated in the Ethernet frame, there is no IP address that can be used to determine the load-balancing, so the MAC addresses are used instead.
ASW1(config)# port-channel load-balance method ASW1(config)# port-channel load-balance src-dst-mac
To change the load-balancing method.
Use ? to find the list of choices available on the device.
Note
To configure : PORT-CHANNEL load-balance mode
To view : show ETHERCHANNEL load-balance
PAgP - Port Aggregation Protocol
It is a Cisco proprietary protocol.
It dynamically negotiates the creation and maintenance of the EtherChannel.
Frames are sent to the neighboring switch to see if it wants to form an EtherChannel, and then the switches agree upon either forming an EtherChannel or not (like DTP does for trunks).
LACP - Link Aggregation Control Protocol
Industry standard protocol (IEEE 802.3ad).
So, it can be used to form EtherChannels with switches from other vendors.
It dynamically negotiates the creation and maintenance of the EtherChannel (same thing as PAgP).
Static EtherChannel
Interfaces are statically configured to form an EtherChannel, a protocol isn’t used.
This is usually avoided, because you want the switches to dynamically maintain the EtherChannel, for example you want the switch to remove an interface from the EtherChannel if there is some sort of problem on the interface.
Up to 8 interfaces can be formed into a single EtherChannel. LACP allows up to 16, but only 8 will be active, the other 8 will be in standby mode, waiting for an active interface to fail.
ASW1(config)# interface range g0/0-3
The configurations on each member interface must match.
[[#^channelgroup]]
ASW1(confg-if-range)# channel-group 1 mode ?
For PAgP - auto, desirable
Only desirable mode actively tries to form an EtherChannel.
auto + auto = no Etherchannel
auto + desirable = Etherchannel
desirable + desirable = Etherchannel
ASW1(confg-if-range)# channel-group 1 mode desirable
You can see that the virtual port-channel interface was created, with the number we used in the channel-group command (channel-group 1).
Check it in the output of 'show ip interface brief' at the bottom.
Note^channelgroup
Channel group number has to match between interfaces on the same switch.
It DOESN’T have to match the channel-group number on the other switch.
For example, channel-group 1 on ASW1 can form an EtherChannel with channel-group 2 on DSW1.
The channel-group number is just used to identify the virtual interface number on the local switch.
Because you can have multiple etherchannels on a single switch, you need the number to identify them.
ASW1(confg-if-range)# channel-group 1 mode active
Just the mode names are different.
Instead of desirable, LACP uses active mode.
Instead of auto, LACP uses passive mode.
passive + passive = no Etherchannel
active + passive = Etherchannel
active + active = Etherchannel
Note
Even if you configure both sides as passive, the virtual interface will still be created on each switch.
However, it won’t actually be functioning as an EtherChannel unless one side is in active mode.
Channel-group number has to match between member interfaces on the local switch, but it doesn’t have to match the number on the neighbor switch.
Channel group active mode on a switch and desirable on the other won't result in a valid EtherChannel configuration, as they mix 2 modes.
ASW1(confg-if-range)# channel-group 1 mode on
On mode only works with on mode.
On and Desirable, On and Active will not successfully form an EtherChannel.
ASW1(confg-if-range)# channel-protocol lacp/pagp
This manually configures the EtherChannel negotiation protocol that the member interfaces should use.
Not a useful command, because you don’t need to configure it.
If you configure 'channel-group 1 mode desirable/auto', the interface will automatically use PAgP.
If you configure 'channel-group 1 mode active/passive', the interface will automatically use LACP.
ASW1(confg-if-range)# channel-protocol lacp
Now, if you try 'channel-group 1 mode desirable' command, it will be rejected because of protocol mismatch.
If you try 'channel-group 1 mode on', it will rejected as well.
Only active and passive will work, because the protocol is set to LACP.
![[etherchannel config.png]]
Do the same configurations over on DSW1, so the EtherChannel will be up and running.
So, after configuring the EtherChannel, in PAgP, LACP, or static, you can then configure the port-channel interface itself.
ASW1(config)# interface port-channel 1 ASW1(config-if)# switchport trunk encapsulation dot1q ASW1(config-if)# switchport mode trunk ASW1(config-if)# do show interfaces trunk
In the output, you can see port-channel 1, listed as Po1, is a trunk.
Individual physical interfaces aren’t listed here, only the port-channel interface.
ASW1# show running-config
The trunk configurations that I configured on the port-channel interface were also applied to the physical interfaces.
We didn’t manually configure the physical interfaces as trunks.
ASW1# show spanning-tree
Only the port-channel interface is listed, the physical interfaces do not appear in the output.
So, as mentioned before, spanning-tree is treating these four physical interfaces as a single logical interface.
Instead of blocking three of them, they can all forward and receive traffic, with no worry of Layer 2 loops.
ASW1# show etherchannel summary
At the bottom, you can find a list of the port-channel interfaces on the switch.
Next to port-channel 1 it has two flags, SU.
S - (switchport) Layer 2 etherchannel
U - in use
Next to the physical ports (g0/0, g0/1,..) there is the flag 'P', which means the port is bundled in the port-channel.
If you shutdown the port-channel 1 interface, next to both the port-channel interface and the member interfaces you can see the flag ‘D’, which means 'down'.
Enable the interface again and change one of the member interfaces to access mode. The member interface (eg, g0/1) will have the lower-case ‘s’ flag, meaning suspended (only g0/1 will be suspended, and the EtherChannel will be in operation).
ASW1# show etherchannel port-channel
You can see the number of ports in the port-channel, which protocol is being used etc.
It also displays channel-group mode (active/passive). This is not displayed in the prev. command.
Member interfaces, the physical interfaces in the EtherChannel, must have matching configurations.
same duplex (half/full)
same speed
same switchport mode (access/trunk)
same allowed VLANs and native VLANs (for trunks interfaces)
If an individual interface’s configurations do not match the others, it will be excluded from the EtherChannel.
Replace ASW1 and DSW1 with multilayer switches. Instead of a Layer 2 connection between them, let’s use a Layer 3.
Modern network design often leans toward using Layer 3 connections between switches, because that way spanning-tree won’t be an issue anywhere in the network.
We could have four switches interconnected in a mesh, and if we’re connecting them with Layer 3 routed ports, all interfaces will be up and forwarding, none will have to be disabled due to spanning tree.
Even if we’re using EtherChannel, Layer 2 loops can still occur if multiple switches (>2) are connected together in a loop.
![[layer3 etherchannel need.png]]
All of the connections between switches are using EtherChannel, but if we don’t block any of the port-channel interfaces, broadcasts can still loop around the switches and cause a broadcast storm.
So, spanning-tree will block one of these port-channel interfaces.
However, if all of these connections between switches were made using routed ports, and not Layer 2 switchports, there is no need to run spanning-tree at all.
Routed ports don’t forward Layer 2 broadcasts, so no Layer 2 loops can be formed.
(from a clean configuration)
ASW1(config)# interface range g0/0-3 ASW1(config-if-range)# no switchport ASW1(config-if-range)# channel-group 1 mode active
Before using 'channel-group' command, use 'no switchport' command to make them Layer 3 routed interfaces.
In the output of 'show running-config' command, notice that the port-channel interface that was created has the 'no switchport' command applied to it automatically.
ASW1(config)# interface po1 ASW1(config-if)# ip address 10.0.0.1 255.255.255.252
Since this is a Layer 3 etherchannel, we need an IP address.
Configure it on the port-channel interface.
ASW1# show etherchannel summary
Only difference in the output is that instead of ‘S’ flag, it has the ‘R’ flag.
R - (routed port) Layer 3 EtherChannel.
ASW1# show ip interface brief
You can see the IP address configured on port-channel 1.
So, now ASW1 and DSW1 are like two routers connected together.
They are connected at Layer 3 and spanning-tree is not running on the connection between them.
Just like with the Layer 2 EtherChannel, traffic will now be load-balanced over the four member interfaces.
![[etherchannel commands.png]]
![[etherchannel quiz.png]]
You manually configure the channel protocol on the physical interfaces.
But when you use the command 'channel-group 1 mode on' to tell these physical interfaces to join the port-channel interface, this command will be rejected, because you already manually configured LACP.
So you can only configure active/passive. Mode 'on' will be rejected.
If you configured only 1 side of the EtherChannel, the port-channel interface will have 'SD' flag, meaning Layer2 and Down. The member ports will have flag 'I', meaning standalone (configured to be part of EtherChannel, but due to some problem they are acting as individual ports).
For a multilayer switch to build a routing table, you need to enable 'ip routing'. If you don't enable it and even if you configure static routes, the switches will not build a routing table.
'show cdp neighbors' CDP - Cisco Discovery Protocol - used to gather information about connected devices.