[nsp] etherchannel link down time detection
Don Bowman
don at sandvine.com
Thu Dec 11 16:19:07 EST 2003
>
> i have an application where two catalyst 6509
> are connected via an etherchannel of 2 ports.
> On each link in this etherchannel is a hub
> (a different hub on each) to facilitate packet
> snooping.
>
> The problem is, that if one of the wires
> from one of the cat6k fails, that link of
> the etherchannel takes a long time to determine
> its down, since the link state doesn't change.
>
> |----| |----|
> | |---[]---| |
> | | | |
> | |---[]---| |
> ------ ------
>
> I thought that i could solve this with UDLD,
> but it doesn't seem to affect it.
>
> Does anyone have a suggestion on how to
> make the convergence time of a link failure in
> this mode be the same as if the hub were not there?
Some have asked why not use e.g. a span port, or a passive tap.
The application is actually load balancing an intrusion
prevention system, using etherchannel as a low-cost means
of splitting the traffic. Since etherchannel hashes
on layer-3 information, each pipe is flow aware. Thus it is
not actually a hub but a more active device. (i was trying
to simplify the description).
It turns out that LACP is more flexible than PAGP,
and that enabling UDLD helps, but the time is still
~20s to converge to the other link in the etherchannel in
event i reboot one of the boxes in the middle.
Just curious if anyone had any suggestions for ways to
improve this time.
More information about the cisco-nsp
mailing list