technology, networking and IP telephony
Posts tagged VLACP
VLACP on a Nortel Ethernet Routing Switch Stack
13January 4, 2009
I’ve seen quite a few issues with VLACP on the Nortel Ethernet Routing Switches but now Nortel has released a technical bulletin documenting a known issue when running VLACP on their stackable switches (ERS2500, ERS4500, ERS5500, ERS5600) with their chassis based ERS8300 and ERS8600 switches.
The bulletin advises users to re-configure the VLACP timeout from a default value of 3 to 5.
5520-48T-PWR(config)#interface fastEthernet 5-6 5520-48T-PWR(config-if)#vlacp timeout-scale 5 5520-48T-PWR(config-if)#show vlacp interface 5-6 =============================================================================== VLACP Information =============================================================================== PORT ADMIN OPER HAVE FAST SLOW TIMEOUT TIMEOUT ETH MAC ENABLED ENABLED PARTNER TIME TIME TYPE SCALE TYPE ADDRESS ------------------------------------------------------------------------------- 5 true true yes 500 30000 short 5 8103 00:00:00:00:00:00 6 true true yes 500 30000 short 5 8103 00:00:00:00:00:00
The bulletin also refers to a software fix in ERS 2500 v4.2.1, ERS4500 v5.2.1 and ERS5500/5600 v6.0.2 or later maintenance releases.
We really only use VLACP as a means of detecting FEFI when the switch equipment doesn’t support autonegotiation (example; Nortel Ethernet Switch 470 doesn’t support autonegotiation on the 1000Mbps uplinks).
Cheers!
Update: Friday February 13, 2009
It seems that Nortel has released software 6.0.3 for the Ethernet Routing Switch 5500/5600 series switches. This release is suppose to resolve the VLACP issues that were reported in the earlier bulletin. Here’s an excerpt from the release notes;
A feature enhancement (Q01645430) that changed the VLACP interoperability behavior with Passport 8600 was removed. For further details, please see the Technical Support Bulletin ID. 2008009238, Rev 1, published on 2008-12-12.
Cheers!
Virtual Link Aggregation Control Protocol (VLACP)
12December 7, 2007
Virtual Link Aggregation Control Protocol (VLACP) is extension of the Link Aggregation Control Protocol (LACP) developed by Nortel to detect end-to-end failure over an Ethernet network. We’ve been deploying VLACP within our network for the past year with great success. We were eager to deploy VLACP because the Nortel Ethernet Switch 470 Gigabit Ethernet fiber ports (GBIC) did not support autonegotiation and are required to be hard set to 1000/Full Duplex when connecting to a Nortel Ethernet Routing Switch 8600. Without autonegotiation there is no mechanism to provide link failure notification (RFI, FEFI) on the specific interface. The problem can arise if you have a GBIC malfunction or a single fiber strand breaks leaving one side of the link up and the other side down. VLACP mitigates this problem by providing a mechanism to detect the path failure and can be applied to provide end-to-end failure notification over a telco carrier network.
Here’s what Nortel has to stay in their document, “Link Aggregation Control Protocol (LACP) 802.3ad and VLACP Technical Configuration Guide” dated August 2007;
Virtual LACP (VLACP) is an extension to LACP, used to detect end-to-end failure. VLACP takes the point-to-point hello mechanism of LACP and uses it to periodically send hello packets to ensure end-to-end reachability and provide failure detection (across any L2 domain). When Hello packets are not received, VLACP transitions to a failure state and the port will be brought down. The benefit of this over LACP is that VLACP timers can be reduced to 400 milliseconds between
a pair of ERS8600 switches. This will allow for approximately one second failure detection and switchover. Note that the lowest VLACP timer on an ES460/470 is 500ms. VLACP can also be used with Nortel’s proprietary aggregation mechanism (MLT) to complement its capabilities and provide quick failure detection. VLACP is recommended for all SMLT access links when the links are configured as MLT to ensure both end devices are able to communicate. By using VLACP over Single-Port SMLT, enhanced failure detection is extended beyond the limits of the number of SMLT or LACP instances that can be created on the ERS8600. VLACP can also be used as a loop prevention mechanism in SMLT configurations and should be used when setting up the IST. It also protects against CPU failures by causing traffic to be switched or rerouted to the SMLT peer in the case the CPU fails or gets hung up. Please refer to the Technical Configuration Guide for Switch Clustering using Split-Multilink Trunking (SMLT) with ERS8600 for more details.NOTE: In regards to the ERS8600, although either the CLI or JDM interface allows you to configure the short timers to less than 400ms, Nortel does not support this configuration unless the ERS8600 is equipped with the SuperMezz daughter module for the 8692SF. The SuperMezz allow for very quick sub 100ms failure detection.
Although functions such as Remote fault indication (RFI) or Far-end fault indication (FEFI) can be used to indicate link failure, there are some limitations with these mechanisms. The first limitation is that with either of these mechanisms, they terminate at the next Ethernet hop. Hence, failures cannot be detected on an end-to-end basis over multiple hops such as LAN Extension services. The second limitation is both of these mechanisms required Auto-Negotiation to be enabled on the Ethernet interface. Hence, if an Ethernet interface does not support Auto-Negotiation; neither of these mechanisms can be used. The third limitation is if an Ethernet interface should fail and still provide a transmit signal, RFI nor FEFI will be able to detect a failure. Hence, the far-end interface will still think the link up and continue to transmit traffic. VLACP will only work for port-to-port applications when there is a guarantee for a logical port-port match. It will not work in a port-to-multi-port scenario where there is no guarantee for a pointpoint match.
NOTE: Please note that VLACP does not perform link aggregation. Is it simply used to detect end-to-end link failures and can be enabled over single links or even MLT trunks. VLACP does not require LACP to be enabled; LACP and VLACP are independent features.
NOTE: When configuring VLACP, both ends of the link must be configured with the same EtherType, Multicast MAC address, and same timers. By default, the VLACP parameters across all ES and ERS switches are the same with the exception of the FastPeriodicTimer which is set to 200ms on the ERS8600 and 500ms on all other switches. When connecting, for example, an ERS8600 to and ERS5500, the recommendation is to use 500ms FastPeriodicTimers with ShortTimeout in order to achieve fast failover. Also, when using the ES460/470 in the 3.6.x software release, the VLACP EtherType must be configured with a different value on each MLT link. The EtherType must match the EtherType value at the far end of the MLT link.
NOTE: If VLACP is used with LACP, there is no difference in how VLACP and LACP bring down a port if no LACP or VLACP PDUs are received. VLACP will declare the VLACP status as down and will report the event in the log file whereas LACP will not synchronize, not activate Collecting and Distributing on this port, and not report a message in the log file. The end result is the same where the port will block traffic; the physical layer for this port will remain up. Although you can enable VLACP with LACP, there is no practical reason why you would do so.
There was an interim solution before VLACP developed by Nortel called Single Fiber Fault Detection (SFFD) specifically designed to allow remote fault detection on Gigabit Ethernet fiber ports that did not support autonegotiation. Unfortunately we had some issues with SFFD and never really deployed the feature beyond our testlab environment.
Ethernet Routing Switch 5510
Here’s how you would configure VLACP on the MLT uplinks to an ERS 8600 Switch. You’ll need to connect to the 5510 switch and enter the “Command Line Interface” if you have the menu up.
5510> enable 5510# configure terminal 5510(config)# interface fastEthernet 47,48 5510(config-if)# vlacp port 47,48 timeout short 5510(config-if)# vlacp port 47,48 enable 5510(config-if)# exit 5510(config)# vlacp enable 5510(config)# exit
Ethernet Routing Switch 8600
Here’s how you would configure VLACP on the MLT uplinks to the ERS 5510 Switch above.
ERS-8610:6# config ethernet 1/1, 2/1 vlacp enable
ERS-8610:6# config ethernet 1/1, 2/1 vlacp timeout short
ERS-8610:6# config ethernet 1/1, 2/1 vlacp fast-periodic-time 500
ERS-8610:6# config vlacp enableIn this example we’re using ports 1/1 and 2/1 as the uplinks to ports 47 and 48 on the ERS 5510 respectively. The VLACP short timeout timers on the ERS 8600 default to 200ms so we need to configure them to match the minimum possible with the ERS 5500 series switches of 500ms.
If the interface appears to be bouncing you should definitely check the timers.
Cheers!
Nortel ERS 5520 PwR Switch (Part 2)
7October 23, 2007
In my previous post I outlined all the commands that you would need to configure a Nortel Ethernet Routing Switch 5520 to support deploying Nortel’s i2002/i2004 Internet Telephones using LLDP-MED in conjunction with ADAC (Automatic Detection and Automatic Configuration). If you followed the steps your probably well on your way to getting things work. Unfortunately things can sometimes go wrong even with the best documentation and understanding of the product.
In this post I’m going to outline some of the basic commands you can use to troubleshoot any issues you might have between the ERS5520 and the i2002/i2004 phones.
Q. How can I check the log file?
A. show logging
ERS-5520# show logging Type Time Idx Src Message ---- ----------------------- ---- --- ------- S 00:00:00:00 1 NVR SNTP: Could not sync to NTP servers. S 2007-04-05 17:18:08 GMT 2 NVR SNTP: Could not sync to NTP servers. S 2007-04-05 17:22:07 GMT 3 NVR Audit data initialized - incorrect magic number: 0xffffffff I 2007-04-19 01:21:03 GMT 4 Web server starts service on port 80. I 2007-04-19 01:21:19 GMT 5 IGMP: Unknown Multicast Filter disabled I 2007-04-19 01:21:19 GMT 6 PoE Port Detection Status: Port 1 Status: Delivering Power I 2007-04-19 01:21:22 GMT 7 PoE Port Detection Status: Port 35 Status: Delivering Power I 2007-04-19 01:21:49 GMT 8 Port 0/47 reenabled by VLACP I 2007-04-19 01:21:49 GMT 9 Port 0/48 reenabled by VLACP I 2007-04-19 01:23:05 GMT 10 SNTP: First synchronization successful. I 2007-04-19 01:23:18 GMT 11 Warm Start Trap I 2007-04-19 01:23:19 GMT 12 Link Up Trap Port: 1 I 2007-04-19 01:23:20 GMT 13 Trap: pethPsePortOnOffNotification I 2007-04-19 01:23:20 GMT 14 Trap: bsAdacPortConfigNotification for Port: 47, Config: Applied
Q. How can I check the state of a port?
A. show interfaces
ERS-5520# show interfaces 47,48 Status Auto Flow Port Trunk Admin Oper Link LinkTrap Negotiation Speed Duplex Control ---- ----- ------- ---- ---- -------- ----------- -------- ------ ------- 47 1 Enable Up Up Enabled Enabled 1000Mbps Full Asymm 48 1 Enable Up Up Enabled Enabled 1000Mbps Full Asymm
Q. How can I check the VLACP state of a port?
A. show vlacp interface
ERS-5520# show vlacp interface 47,48 =============================================================================== VLACP Information =============================================================================== PORT ADMIN OPER HAVE FAST SLOW TIMEOUT TIMEOUT ETH MAC ENABLED ENABLED PARTNER TIME TIME TYPE SCALE TYPE ADDRESS ------------------------------------------------------------------------------- 0/47 true true yes 500 30000 short 3 8103 01:80:c2:00:11:00 0/48 true true yes 500 30000 short 3 8103 01:80:c2:00:11:00
Q. How can I check what FDB entries have been learned on a specific port?
A. show mac-address-table port
ERS-5520# show mac-address-table port 47 Mac Address Table Aging Time: 300 Number of addresses: 9 MAC Address Source MAC Address Source ----------------- -------- ----------------- -------- 00-00-5E-00-01-01 Trunk: 1 00-15-40-45-68-00 Trunk: 1 00-17-D1-57-30-00 Trunk: 1 00-17-D1-57-30-10 Trunk: 1 00-17-D1-57-32-03 Trunk: 1 00-18-B0-CC-F0-00 Trunk: 1 00-18-B0-CC-F0-10 Trunk: 1 00-18-B0-CC-F2-01 Trunk: 1 00-1B-25-4C-74-00 Trunk: 1
Q. How can I check the FDB table for a specific MAC address?
A. show mac-address-table address
ERS-5520# show mac-address-table address 00:18:b0:cc:f0:10 Mac Address Table Aging Time: 300 Number of addresses: 1 MAC Address Source MAC Address Source ----------------- -------- ----------------- -------- 00-18-B0-CC-F0-10 Trunk: 1
Q. How can I check to see if ADAC has been configured/enabled?
A. show adac
ERS-5520# show adac ADAC Global Configuration --------------------------------------- ADAC: Enabled Operating Mode: Tagged Frames Traps Control Status: Enabled Voice-VLAN ID: 12 Call Server Port: None Uplink Port: 48
Q. How can I check to see if ADAC has been applied to a specific port?
A. show adac interface
ERS-5520# show adac interface 20 Port Auto-Detection Auto-Configuration ---- -------------- ------------------ 20 Enabled Applied
Q. How can I check to see the LLDP information with a specific port?
A. show lldp port neighbor detail
ERS-5520# show lldp port 20 neighbor detail ------------------------------------------------------------------------------- lldp neighbor ------------------------------------------------------------------------------- Port: 20 Index: 5 Time: 8 days, 13:47:49 ChassisId: Network address ipV4 192.168.100.101 PortId: MAC address 00:17:65:ff:e0:fc SysCap: TB / TB (Supported/Enabled) PortDesc: Nortel IP Phone SysDescr: Nortel IP Telephone 2002, Firmware:0604DAS PVID: 0 PPVID Supported: not supported(0) VLAN Name List: none PPVID Enabled: none Dot3-MAC/PHY Auto-neg: supported/enabled OperMAUtype: 100BaseTXFD PSE MDI power: not supported/disabled Port class: PD PSE power pair: signal/not controllable Power class: 2 LinkAggr: not aggregatable/not aggregated AggrPortID: 0 MaxFrameSize: 1522 PMD auto-neg: 10Base(T, TFD), 100Base(TX, TXFD) MED-Capabilities: CNLDI / CNDI (Supported/Current) MED-Device type: Endpoint Class 3 MED-Application Type: Voice VLAN ID: 12 L2 Priority: 6 DSCP Value: 46 Tagged Vlan, Policy defined Med-Power Type: PD Device Power Source: Unknown Power Priority: High Power Value: 5.4 Watt HWRev: FWRev: 0604DAS SWRev: SerialNumber: ManufName: Nortel-01 ModelName: IP Phone 2002 AssetID: ------------------------------------------------------------------------------- Port: 20 Index: 6 Time: 8 days, 13:48:20 ChassisId: Network address ipV4 10.119.241.50 PortId: MAC address 00:17:65:ff:e0:fc SysCap: TB / TB (Supported/Enabled) PortDesc: Nortel IP Phone SysDescr: Nortel IP Telephone 2002, Firmware:0604DAS PVID: 0 PPVID Supported: not supported(0) VLAN Name List: 12 PPVID Enabled: none Dot3-MAC/PHY Auto-neg: supported/enabled OperMAUtype: 100BaseTXFD PSE MDI power: not supported/disabled Port class: PD PSE power pair: signal/not controllable Power class: 2 LinkAggr: not aggregatable/not aggregated AggrPortID: 0 MaxFrameSize: 1522 PMD auto-neg: 10Base(T, TFD), 100Base(TX, TXFD) MED-Capabilities: CNLDI / CNDI (Supported/Current) MED-Device type: Endpoint Class 3 MED-Application Type: Voice VLAN ID: 12 L2 Priority: 6 DSCP Value: 46 Tagged Vlan, Policy defined Med-Power Type: PD Device Power Source: Unknown Power Priority: High Power Value: 5.4 Watt HWRev: FWRev: 0604DAS SWRev: SerialNumber: ManufName: Nortel-01 ModelName: IP Phone 2002 AssetID: ------------------------------------------------------------------------------- Sys capability: O-Other; R-Repeater; B-Bridge; W-WLAN accesspoint; r-Router; T-Telephone; D-DOCSIS cable device; S-Station only. Med Capabilities-C: N-Network Policy; L-Location Identification; I-Inventory; S-Extended Power via MDI - PSE; D-Extended Power via MDI - PD.
Those are some of the commands that you might have to execute if you needed to perform troubleshooting between an ERS5520 and a i2002/i2004 phone.
Your DHCP server logs will be your friend during your troubleshooting. If you don’t see the phone making a DHCP request (or a request in the proper VLAN) then you should check that ADAC was applied to the switch port. ADAC is the component that will automatically add the switch port (the switch port the phone is connected to) into the Voice VLAN. If ADAC is not applied (or enabled) on the port then you’ll be able to see that the switch port in question is only a member of the Data VLAN. You need to remember that ADAC works on MAC address ranges. You need to check that the MAC address of your phone is in the ADAC MAC address table.
5520-48T-PWR# show adac mac-range-table Lowest MAC Address Highest MAC Address ------------------------ ------------------------- 00-0A-E4-01-10-20 00-0A-E4-01-23-A7 00-0A-E4-01-70-EC 00-0A-E4-01-84-73 00-0A-E4-01-A1-C8 00-0A-E4-01-AD-7F 00-0A-E4-01-DA-4E 00-0A-E4-01-ED-D5 00-0A-E4-02-1E-D4 00-0A-E4-02-32-5B 00-0A-E4-02-5D-22 00-0A-E4-02-70-A9 00-0A-E4-02-D8-AE 00-0A-E4-02-FF-BD 00-0A-E4-03-87-E4 00-0A-E4-03-89-0F 00-0A-E4-03-90-E0 00-0A-E4-03-B7-EF 00-0A-E4-04-1A-56 00-0A-E4-04-41-65 00-0A-E4-04-80-E8 00-0A-E4-04-A7-F7 00-0A-E4-04-D2-FC 00-0A-E4-05-48-2B 00-0A-E4-05-B7-DF 00-0A-E4-06-05-FE 00-0A-E4-06-55-EC 00-0A-E4-07-19-3B 00-0A-E4-08-0A-02 00-0A-E4-08-7F-31 00-0A-E4-08-B2-89 00-0A-E4-09-75-D8 00-0A-E4-09-BB-9D 00-0A-E4-09-CF-24 00-0A-E4-09-FC-2B 00-0A-E4-0A-71-5A 00-0A-E4-0A-9D-DA 00-0A-E4-0B-61-29 00-0A-E4-0B-BB-FC 00-0A-E4-0B-BC-0F 00-0A-E4-0B-D9-BE 00-0A-E4-0C-9D-0D Total Ranges: 21
If the MAC address of your i2002/i2004 phone does not match any of the MAC address ranges in the switch you’ll need to add a range to include those MAC addresses. If the MAC address of your i2002 phone was 00:18:b0:11:22:33 you could use the following commands;
5520-48T-PWR> enable 5520-48T-PWR# config terminal 5520-48T-PWR (config)# adac mac-range-table low-end 00:18:b0:00:00:00 high-end 00:18:b0:ff:ff:ff
You might think you could configure a port mirror and run a quick packet capture to understand what’s going on… unfortunately you cannot configure any port with port mirroring that has ADAC enabled.
Thats all for now.
The last step is the DHCP server so stay tuned.
