Description
It is very common to configure LACP to increase a bandwidth and having a failover capability.
LACP basically combining multiple port and works as 1 physical cable.
However, due to certain scenario, the LACP can not work as per expectation.
This article describes how to troubleshoot LACP issue.
Solution
The issue that can happen is as follow:
1) Flapping happening (port up and down).
2) Network intermittence: Even ping the FortiGate interface is not working.
3) Firewall keep failover.
LACP group is considered as 1 physical cable.
Means only intended to connect to same unit/brain only.
This can be defined as follow:
1) Physical unit.
2) Physical unit act as 1 brain. Known as stack. Normally configured on switch.
Let’s see for two scenario below:
Scenario 1.
On switch.
Port1 and port2 configured as LACP group 1.
Port1 and port2 connect to PC-Syarif . IP address 192.168.1.254.
This makes connectivity for PC-Syarif is 2GB.
Scenario 2.
On switch.
Port1 and port2 configured as LACP group 1.
Port1 connect to PC-Syarif . IP address 192.168.1.254
Port2 connect to PC-Jackie. IP address 192.168.1.253
Refer to below diagram:
It is very common to configure LACP to increase a bandwidth and having a failover capability.
LACP basically combining multiple port and works as 1 physical cable.
However, due to certain scenario, the LACP can not work as per expectation.
This article describes how to troubleshoot LACP issue.
Solution
The issue that can happen is as follow:
1) Flapping happening (port up and down).
2) Network intermittence: Even ping the FortiGate interface is not working.
3) Firewall keep failover.
LACP group is considered as 1 physical cable.
Means only intended to connect to same unit/brain only.
This can be defined as follow:
1) Physical unit.
2) Physical unit act as 1 brain. Known as stack. Normally configured on switch.
Let’s see for two scenario below:
Scenario 1.
On switch.
Port1 and port2 configured as LACP group 1.
Port1 and port2 connect to PC-Syarif . IP address 192.168.1.254.
This makes connectivity for PC-Syarif is 2GB.
Scenario 2.
On switch.
Port1 and port2 configured as LACP group 1.
Port1 connect to PC-Syarif . IP address 192.168.1.254
Port2 connect to PC-Jackie. IP address 192.168.1.253
Refer to below diagram:
It is not possible for 1 'cable' to connect to 2 PC at the same time.
PC-Syarif and PC-Jackie having individual brain.
Not same brain. STP can take action for this kind of scenario.
Either port1 will be shut down or port2 will be shut down.
This is to mitigate ARP conflict, broadcast issue and so on.
The action is done on the switch level.
Both PC-Syarif and PC-Jackie only notice his traffic will not be flowing or notice the physical cable on the adapter is not connected.
Now, lets replace:
PC-Syarif as FortigateA.
PC-Jackie as FortigateB.
Now, lets replace:
PC-Syarif as FortigateA.
PC-Jackie as FortigateB.
Even the FortiGate is on HA mode(active-passive or active-active), each FortiGate still considered as 2 individual brain.
When HA is broken, common term 'split brain' issue can happen.
Both individual brain having same information and network(switch) will start to take action to mitigate this using STP and other others measurement.
Solution.
To mitigate this issue, proper design has to be executed on the network level.
1 LACP group only intend to connect to 1 unit or stacked unit that act as 1 brain.
1 LACP group only intend to connect to 1 unit or stacked unit that act as 1 brain.
Related Articles
