Description
This article explains the 'min-links' and 'link-failure-threshold' behavior in HA.
Scope
FortiController v5.2.
Solution
'min-links' is used to indicate if the LACP trunk can be up.
It can be configured for each LAG:
- min-links 0: disabled (default). The LAG will be up as long as at least 1 LACP member is up.
- min-links 2: LAG will be up if at least 2 LACP members are up. However, with the default 'link-failure-threshold', the number of 'dead' members will be reported to the HA as bad-score, meaning it may trigger a failover even though the LAG is still up.
- In this example, there are 2 LAGs with 2 members, min-links 1. f1-1 is currently down:
config switch fabric-channel trunk
edit "LAG-OUT"
set mode lacp-active
set min-links 1
set members "f1-1" "f1-2"
next
The LAG is still up:
FT-A-1 # diagnose switch fabric-channel trunk list LAG-OUT
Switch Trunk Information, fabric-Channel
Trunk Name: LAG-OUT
Port Selection Algorithm: src-dst-ip
Minimum Links: 1
Active Port Update Time
___________ ____________________
f1-2 10:32:11 Jun-01-2017
Non-Active Port Status
_______________ ____________________
f1-1 BLOCK
LACP flags: (A|P)(S|F)(A|I)(I|O)(E|D)(E|D)
(A|P) - LACP mode is Active or Passive
(S|F) - LACP speed is Slow or Fast
(A|I) - Aggregatable or Individual
(I|O) - Port In sync or Out of sync
(E|D) - Frame collection is Enabled or Disabled
(E|D) - Frame distribution is Enabled or Disabled
status: up
Live links: 1
ports: 2
LACP mode: active
LACP speed: slow
aggregator ID: 2
actor key: 33
actor MAC address: 90:6c:ac:a0:52:2a
partner key: 33
partner MAC address: 90:6c:ac:6d:d9:c6
slave: f1-1
status: down
link failure count: 2
permanent MAC addr: 90:6c:ac:a0:52:2a
actor state: ASAIDD
partner state: PSIODD
aggregator ID: 1
slave: f1-2
status: up
link failure count: 1
permanent MAC addr: 90:6c:ac:a0:52:2c
actor state: ASAIEE
partner state: ASAIEE
aggregator ID: 2
HA status (from 'diag sys ha status'):
state: gateway_die=0, worker_failure=0/2, lag=(total/good/down/bad-score)=2/1/0/1,
- Same example, f1-1 is currently down, but min-links 2:
The LAG is down:
FT-A-1 # diagnose switch fabric-channel trunk list LAG-OUT
Switch Trunk Information, fabric-Channel
Trunk Name: LAG-OUT
Port Selection Algorithm: UNKNOWN
Minimum Links: 2
Active Port Update Time
___________ ____________________
Non-Active Port Status
_______________ ____________________
f1-1 BLOCK
f1-2 BLOCK
LACP flags: (A|P)(S|F)(A|I)(I|O)(E|D)(E|D)
(A|P) - LACP mode is Active or Passive
(S|F) - LACP speed is Slow or Fast
(A|I) - Aggregatable or Individual
(I|O) - Port In sync or Out of sync
(E|D) - Frame collection is Enabled or Disabled
(E|D) - Frame distribution is Enabled or Disabled
status: down (No aggregation due to minimum links not met)
Live links: 1
ports: 2
LACP mode: active
LACP speed: slow
aggregator ID: 1
actor key: 0
actor MAC address: 90:6c:ac:a0:52:2a
partner key: 1
partner MAC address: 00:00:00:00:00:00
slave: f1-1
status: down
link failure count: 3
permanent MAC addr: 90:6c:ac:a0:52:2a
actor state: ASAODD
partner state: PSIODD
aggregator ID: 1
slave: f1-2
status: down
link failure count: 2
permanent MAC addr: 90:6c:ac:a0:52:2c
actor state: ASAODD
partner state: PSIODD
aggregator ID: 2
HA status (from 'diag sys ha status'):
state: gateway_die=0, worker_failure=0/2, lag=(total/good/down/bad-score)=2/1/1/0,
'link-failure-threshold' is a HA setting. When the number of bad members of a trunk is above this threshold, the trunk will be marked with 'bad-score', meaning a failover may be triggered.
- In this example, there are 2 LAGs with 2 members, min-links 1 & link-failure-threshold 0 (default setting). The f1-1 member is currently down but the LAG is still up (because of min-links 1). However, it is marked as bad-score, so failover is triggered:
config system ha
set link-failure-threshold 0
end
HA status:
state: gateway_die=0, worker_failure=0/2, lag=(total/good/down/bad-score)=2/1/0/1,
- Same example but link-failure-threshold 1. The LAG is still up and it is not marked as bad-score, meaning failover is not triggered:
config system ha
set link-failure-threshold 1
end
HA status:
state: gateway_die=0, worker_failure=0/2, lag=(total/good/down/bad-score)=2/2/0/0,
Related documents:
Technical Tip: FortiOS min-links implementation and interoperability common issue
