Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

WAN Link Redundancy in Enterprise Hubs Using Aggregated Ethernet

SUMMARY Learn about aggregated Ethernet links (AE), how to manually configure LAG and LACP on an enterprise hub, and enable AE links on the enterprise hub WAN links.

Aggregated Ethernet Links in Enterprise Hubs

In CSO Release 6.0.0, a service provider or an OpCo Administrator can aggregate full-duplex gigabit Ethernet WAN links into a single logical aggregated Ethernet (aex) link or link aggregation group (LAG) bundle, as defined by the IEEE 802.3ad standard. Aggregated Ethernet (AE) links topology (shown in Figure 1) allows data traffic to flow between two WAN Ethernet interfaces operating at the same speed. This results in WAN redundancy and improves availability even if one physical link fails, as data traffic can flow through the alternative member in the aggregated Ethernet interface.

AE can be configured on WAN links of SRX Series enterprise hub devices. Provisioning LAG bundles in an enterprise hub involves three processes: pre-staging an SRX device, modifying the SRX device template, and enabling aggregated Ethernet on physical WAN ports. The pre-staging configuration of LAG bundle (aggregated Ethernet interface) is performed by service providers or operating companies.

Figure 1 shows the topology with LAG bundle configurations deployed during the pre-staging of an enterprise hub. Two gigabit Ethernet interfaces — xe-0/0/0 and xe-0/0/1 — are bundled together into one aggregated Ethernet interface (such as ae0). Similarly, xe-0/0/2 and xe-0/0/3 are configured to form ae1. If xe-0/0/0 fails, data traffic is switched to the xe-0/0/1 interface in ae0. Hence, data traffic continues to flow through the same WAN_0 port configured for AE. The branch site does not have to do WAN link switchover because of hub WAN link failure.

Figure 1: Aggregated Ethernet Topology of Enterprise Hub WAN Links (Without VLAN Tagging)Aggregated Ethernet Topology of Enterprise Hub WAN Links (Without VLAN Tagging)

Starting in Release 6.1.0, CSO supports aggregated Ethernet interfaces with VLAN tagging on enterprise hub WAN links, thereby allowing you to ensure WAN link redundancy with lesser number of ports. Figure 2 illustrates a scenario where a VLAN-tagged aggregated Ethernet interface containing two member links is used to provide link redundancy for two WAN links. See .

Figure 2: Aggregated Ethernet Topology of Enterprise Hub WAN Links (With VLAN Tagging)Aggregated Ethernet Topology of Enterprise Hub WAN Links (With VLAN Tagging)

The Link Aggregation Control Protocol (LACP), the protocol defined in IEEE 802.3ad, monitors the interfaces in the aggregated Ethernet link. LACP initiates and establishes LAG connection between the WAN aggregated Ethernet interfaces in enterprise hub and the remote device, monitors the AE interfaces for link failures, and dynamically switches the traffic between member links in an AE interface. LACP flags an AE link down only if all physical member links are operationally down.

After configuring LAG and LACP on the enterprise hub, an SP or OpCo Administrator can modify the device template for enterprise hub in CSO to map physical WAN ports — WAN_0 and WAN_1 — to aex links. Tenant Administrators must enable aggregated Ethernet on WAN ports (while adding an enterprise hub site in Customer Portal).

Note:

: Links in the aggregated Ethernet bundle support MPLS and Internet data traffic with only Ethernet as the access type for the underlay. VLAN tagging is not supported on aggregated Ethernet interfaces.

Example: Configure Aggregated Ethernet in Enterprise Hub Devices

Table 1 describes an example configuration snippet for aggregated Ethernet links on enterprise hub devices.

Note:

You must execute all commands in configuration mode.
Table 1: Example Configuration for Aggregated Ethernet (Without VLAN Tagging)

Configuration Steps

Commands

Step 1: Specify the number of aggregated Ethernet interfaces you want on your device. In the topology for enterprise hub WAN redundancy, the device-count value supported is 2. This means, you can configure two aggregated Ethernet interfaces.

 
[edit]
user@host# set groups WANredundancy chassis aggregated-devices ethernet device-count 2

Step 2: Specify the WAN interfaces (for example, xe-0/0/0) you want to include within the aggregated Ethernet bundle and add them individually. Also enter the interface name of the aggregate Ethernet link to which you add physical WAN member links (for example, ae0).

 
[edit]
user@host# set groups WANredundancy interfaces xe-0/0/0 gigether-options 802.3ad ae0

Step 3: Specify the minimum number of links in the aggregated Ethernet interface (aex) so that, the ae link is labeled up. Only one physical link need to be up for the bundle to be labeled up.

 
[edit]
user@host# set groups WANredundancy interfaces ae0 aggregated-ether-options minimum-links 1

Step 4: Configure LACP on the defined aggregated Ethernet link (for example, ae0) as ’active’. A port with ’active’ LACP state can start negotiating an LACP connection with the remote end by sending LACP packets, even if the device at the remote end is in ’passive’ state.

 
[edit]
user@host# set groups WANredundancy interfaces ae0 aggregated-ether-options lacp active

Step 5: Map an aggregated Ethernet link (ae0) to the IP address of the WAN interface.

 
[edit]
user@host# set interfaces ae0 unit 0 family inet address 198.51.100.40/24

Step 6: Set security zone for the defined aggregated Ethernet (for example, ae0) link and enable traffic on the interface from the defined system services available in the enterprise hub device. 

[edit]
user@host# set security zones security-zone untrust interfaces ae0.0 host-inbound-traffic system-services all

Step 7: Set security zone for the defined aggregated Ethernet (for example, ae0) link and enable traffic from all protocols to reach the interfaces in the specified zone.

 
[edit]
user@host# set security zones security-zone untrust interfaces ae0.0 host-inbound-traffic protocols all

Step 8: Apply the LAG and LACP group configurations on the device.

 
[edit]
user@host# set apply-groups WANredundancy
Table 2: Example Configuration for VLAN-Tagged Aggregated Ethernet Interface

Configuration Steps

Commands

Step 1: Specify the number of aggregated Ethernet interfaces you want on your device. In the topology for enterprise hub WAN redundancy, the device-count value supported is 2. This means, you can configure two aggregated Ethernet interfaces.

 
[edit]
user@host# set groups WANredundancy chassis aggregated-devices ethernet device-count 2

Step 2: Specify the WAN interfaces (for example, xe-0/0/0) you want to include within the aggregated Ethernet bundle and add them individually. Also, enter the interface name of the aggregate Ethernet link to which you add physical WAN member links (for example, ae0).

 
[edit]
user@host# set groups WANredundancy interfaces xe-0/0/0 gigether-options 802.3ad ae0

Step 3: Specify the minimum number of links in the aggregated Ethernet interface (aex) so that the ae link status is up. Only one physical link needs to be up for the bundle to be labeled up.

 
[edit]
user@host# set groups WANredundancy interfaces ae0 aggregated-ether-options minimum-links 1

Step 4: Configure LACP on the defined aggregated Ethernet link (for example, ae0) as active. A port with active LACP state can start negotiating an LACP connection with the remote end by sending LACP packets, even if the device at the remote end is in passive state.

 
[edit]
user@host# set groups WANredundancy interfaces ae0 aggregated-ether-options lacp active

Step 5: Configure VLAN tagging on the AE interface (for example, ae0) and assign a VLAN ID (for example, 100) to it.

 
[edit]
user@host# set interfaces ae0 vlan-tagging
user@host# set interfaces ae0 unit 100 vlan-id 100

Step 6: Map an aggregated Ethernet link (ae0) to the IP address of the WAN interface.

 
[edit]
user@host# set interfaces ae0 unit 100 family inet address 198.51.100.40/24

Step 7: Configure a static route to CSO and associate a next hop (gateway) to it to ensure that the device is reachable to CSO.

 
[edit]
user@host# set routing-options static route 203.0.113.0/24 next-hop 198.51.100.1

Step 8: Set security zone for the defined aggregated Ethernet (for example, ae0) link and enable traffic on the interface from the defined system services available in the enterprise hub device. 

[edit]
user@host# set security zones security-zone untrust interfaces ae0.100 host-inbound-traffic system-services all

Step 9: Set security zone for the defined aggregated Ethernet (for example, ae0) link and enable traffic from all protocols to reach the interfaces in the specified zone.

 
[edit]
user@host# set security zones security-zone untrust interfaces ae0.100 host-inbound-traffic protocols all

Step 10: Apply the LAG and LACP group configurations on the device.

 
[edit]
user@host# set apply-groups WANredundancy

To verify if the configuration works as intended, enter the show interfaces command.

Related Documentation