Networking Blog » Juniper

Juniper EX4500 and Ubuntu link aggregation (bonding, 802.3ad)

admin — Wed, 08 Jun 2011 13:20:12 +0000

Ubuntu 10.04 configuration:

Install ifenslave — Attach and detach slave network devices to a bonding device.

apt-get install  ifenslave

Ubuntu 10.04 introduce a new way of configuring bond interface ( you don’t need to use /etc/modprobe.d/aliases.conf ).
Open and edit /etc/network/interfaces

# The loopback network interface
auto lo
iface lo inet loopback

auto bond0
iface bond0 inet static
        address 192.168.200.5
        netmask 255.255.255.0
        network 192.168.200.0
        broadcast 192.168.200.255
        bond-slaves eth0 eth1
        bond_mode 802.3ad
        bond_miimon 100
        bond_xmit_hash_policy 1
        bond_lacp_rate 1

bond-mode 802.3ad - use 802.3ad protocol. You can read supported modes in kernel’s documentation bonding.txt
bond_xmit_hash_policy 1 – default value is 0

0 (layer 2) - Uses XOR of hardware MAC addresses to generate the hash.
1 (layer3+4) - This policy uses upper layer protocol information, when available, to generate the hash. This allows for traffic to a particular network peer to span multiple slaves, although a single connection will not span multiple slaves.

bond_lacp_rate 1 - default 0

0 LACP rate is slow
1 LACP rate is fast

To view current configuration use : “cat /proc/net/bonding/bond0″

Ethernet Channel Bonding Driver: v3.5.0 (November 4, 2008)

Bonding Mode: IEEE 802.3ad Dynamic link aggregation
Transmit Hash Policy: layer3+4 (1)
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0

802.3ad info
LACP rate: fast
Aggregator selection policy (ad_select): stable
Active Aggregator Info:
        Aggregator ID: 1
        Number of ports: 2
        Actor Key: 17
        Partner Key: 2
        Partner Mac Address: 5c:5e:ab:63:a5:80

Slave Interface: eth0
MII Status: up
Link Failure Count: 0
Permanent HW addr: 00:15:17:41:7b:78
Aggregator ID: 1

Slave Interface: eth1
MII Status: up
Link Failure Count: 0
Permanent HW addr: 00:15:17:41:7b:79
Aggregator ID: 1

That’s all – but after restarting the server bond interface will not bring up, and you will see in /var/log/messages:

bonding: bond0: Warning: Found an uninitialized port

Don’t worry: open and edit /etc/rc.local and put

#!/bin/sh -e
# rc.local
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.

/etc/init.d/networking restart

This bug I notice only when you upgrade Ubuntu from 9.xx to 10.04 LTS ( a new installation of Ubuntu 10.04 – no problems )

Juniper EX4500 configuration:
Enter configuration menu:

edit chassis
set aggregated-devices ethernet device-count 2

This will define the number of aggregated device in switch ( in this case w’ll create ae0 and ae1 )
Aggregated interfaces will be ge-0/0/4 and ge-0/0/5

edit interfaces
set ge-0/0/4 ether-options 802.3ad ae0
set ge-0/0/5 ether-options 802.3ad ae0
set ae0 aggregated-ether-options minimum-links 1 link-speed 1g lacp passive periodic fast
set ae0 unit 0 family ethernet-switching port-mode trunk vlan members [ 500 ]

To view stats:

root@bravo# run show lacp interfaces ae0
Aggregated interface: ae0
    LACP state:       Role   Exp   Def  Dist  Col  Syn  Aggr  Timeout  Activity
      ge-0/0/4       Actor    No    No   Yes  Yes  Yes   Yes     Fast   Passive
      ge-0/0/4     Partner    No    No   Yes  Yes  Yes   Yes     Fast    Active
      ge-0/0/5       Actor    No    No   Yes  Yes  Yes   Yes     Fast   Passive
      ge-0/0/5     Partner    No    No   Yes  Yes  Yes   Yes     Fast    Active
    LACP protocol:        Receive State  Transmit State          Mux State
      ge-0/0/4                  Current   Fast periodic Collecting distributing
      ge-0/0/5                  Current   Fast periodic Collecting distributing
root@bravo# run show lacp statistics interfaces ae0
Aggregated interface: ae0
    LACP Statistics:       LACP Rx     LACP Tx   Unknown Rx   Illegal Rx
      ge-0/0/4              387051      275144            0            0
      ge-0/0/5              382991      274966            0            0

Activate Juniper 7Mi interface (PIC)

admin — Thu, 11 Nov 2010 15:56:13 +0000

First if you’re not familiar with slots and interface naming, take a look at picture

To view available interfaces (PIC) use this command:

root@juniper_7mi> show chassis fpc pic-status 0
Slot 0   Online       E-FPC
  PIC 0  Online       1x G/E SFP, 1000 BASE
  PIC 1  Online       1x G/E SFP, 1000 BASE
  PIC 2  Offline

PIC 2 is offline, to activate this interface:

root@juniper_7mi>request chassis pic pic-slot 2 online fpc-slot 0
fpc 0 pic 2 online initiated, use "show chassis fpc pic-status 0" to verify

verify interface status:

root@juniper_7mi> show chassis fpc pic-status 0
Slot 0   Online       E-FPC
  PIC 0  Online       1x G/E SFP, 1000 BASE
  PIC 1  Online       1x G/E SFP, 1000 BASE
  PIC 2  Online       1x G/E SFP, 1000 BASE

More than two BGP neighbours on Juniper, and routing based on “Filter-Based Forwarding”, to control next-hop selection

admin — Tue, 26 Jan 2010 15:23:28 +0000

Let’s take a look at the following situation shown on Fig. 1. We have two BGP links with diffrent ISP – ISP1 ( primary and backup link) and ISP2, so we have actually three BGP links with full Internet routing table. If the three BGP links are active at the same time, the path selection of BGP will depend on the speed of the link, latency of link, IP address of the neighbour ( the higher or lower is IP ).
First we’ll change the Local Preference of the received routes.

Fig. 1

[edit policy-options]
show configuration policy-options policy-statement bgp-in

term local_pref_sp1 {
   from neighbor 192.168.1.1;
   then {
          local-preference 160;
  }
}
term local_pref_sp1_backup {
   from neighbor 192.168.2.1;
   then {
          local-preference 150;
  }

term local_pref_sp2 {
   from neighbor 192.168.3.1;
   then {
          local-preference 140;
  }
}

BGP selects the path of route, based on the number of the Local Preference – the highest number of this parameter wins. In this case traffic will go trough neigbour 192.168.1.1, with the highest number, and traffic will be not forward trough SP2. There is a solution: to make a load balancing between ISP1 and ISP2, or to force some netwroks through ISP2, using Filter-Based Forwarding to control next-hop selection.

To use Filter-Based Forwarding we need routing-instance. A routing instance is a routing entity for a router. According Juniper’s official documentation you use routnig instances to:

» Create administrative separation in a large network to segregate customer traffic and associated settings. The customers see only the routes belonging to them.
» Create overlay networks in which separate services are routed only towards routers participating in that service, such as voice. The overlay network isolates routes belonging to one service from another service by exporting routes, applying tags, and filtering based on tags.

Configuration of routing instance:

show configuration routing-instances

isp2-route {
  instance-type forwarding;
  routing-options {
      static {
          route 0.0.0.0/0 next-hop 192.168.3.1;
      }
  }
}

Showing new routing table “isp2-route”

root@border# run show route table isp2-route
isp2-route.inet.0: 250 destinations, 250 routes (249 active, 0 holddown, 1 hidden) + = Active Route, - = Last Active, * = Both

0.0.0.0/0 *[Static/5] 08:55:12
               > to 192.168.3.1 via ge-1/3/0.4
10.0.3.0/24 *[Direct/0] 08:55:12
               > via ge-0/1/0.18
10.0.8.0/24 *[Direct/0] 08:55:12
               > via ge-0/1/0.19

Now we need to import interface routes into our new routing table. To define the routing tables into which interface routes are imported, we need to create a routing table group and associate it with the router’s interfaces.

[edit routing-options]
root@border# show
interface-routes {
   rib-group inet filter-based-forwarding-group;
}
rib-groups {
   filter-based-forwarding-group {
      import-rib [ inet.0 isp2-route.inet.0 ];
   }
}

The option “rib-group”, basically allows two routing tables to share information. The “rib-group” we created, named “filter-based-forwarding-group”, exchanges information between routing table inet.0 and new created table isp2-route from the routing instance isp2-route.
Fnally we’ll create the fliter list.

root@border> show configuration firewall family inet filter sp2-customers
term sp2_customers_networks {
   from {
      source-address {
          10.0.8.0/24;
   }
}
   then {
      routing-instance isp2-route;
   }
}
term default {
      then accept;
}

It’s not necessary to specify the networks going through isp1, and create routing table for isp1, just apply the filter on interface where client from network 10.0.8.0/24 are connected.

root@border> show configuration interfaces ge-0/1/0.19
description clients_to_sp2;
vlan-id 19;
    family inet {
        filter {
                input sp2-customers;
        }
        address 10.0.8.1/24;
}

Configuration of BGP, based on the Filter-Based Forwarding, to control next-hop selection:

root@border> show configuration protocols bgp
path-selection external-router-id;
import bgp-in;
group ISP_neighbours {
   type external;
   neighbor 192.168.1.1 {
      description ISP1_primary;
      export announce_to_isp1;
      peer-as 65000;
   }
   neighbor 192.168.2.1 {
      description ISP1_backup;
      export announce_to_isp1;
      peer-as 65000;
   }
   neighbor 192.168.3.1 {
      description ISP2;
      export announce_to_isp2;
      peer-as 65000;
   }
}

root@border> show configuration policy-options policy-statement bgp-in
term local_pref_sp1 {
   from neighbor 192.168.1.1;
   then {
      local-preference 160;
   }
}
local_pref_sp1_backup {
   from neighbor 192.168.2.1;
   then {
      local-preference 150;
   }
term local_pref_sp2 {
   from neighbor 192.168.3.1;
   then {
          local-preference 140;
  }
}

root@border> show configuration policy-options policy-statement announce_to_isp1
term 1 {
   from {
       prefix-list to_isp1;
   }
   then accept;
}
term deny {
   then reject;
}

root@border> show configuration policy-options policy-statement announce_to_isp2
term 1 {
   from {
       prefix-list to_isp2;
   }
   then accept;
}
term deny {
   then reject;
}

root@border> show configuration policy-options prefix-list to_isp1
10.0.3.0/24

root@border > show configuration policy-options prefix-list to_isp2
10.0.8.0/24

root@border> show configuration routing-instances
isp2-route {
  instance-type forwarding;
  routing-options {
      static {
          route 0.0.0.0/0 next-hop 192.168.3.1;
      }
  }
}

[edit routing-options]

root@border# show
interface-routes {
   rib-group inet filter-based-forwarding-group;
}

rib-groups {
   filter-based-forwarding-group {
      import-rib [ inet.0 isp2-route.inet.0 ];
   }
}

root@border> show configuration firewall family inet filter sp2-customers
term sp2_customers_networks {
   from {
      source-address {
          10.0.8.0/24;
   }
}
   then {
      routing-instance isp2-route;
   }
}
term default {
      then accept;
}

root@border> show configuration interfaces ge-0/1/0.19
description clients_to_sp2;
vlan-id 19;
    family inet {
        filter {
                input sp2-customers;
        }
        address 10.0.8.1/24;
}