Q: How do you configure a two-arm mode NetScaler using Link Aggregation to connect pairs of interfaces to Cisco switches?
A: To configure two Link Aggregation channels issue the following commands:
set interface 1/1 -speed AUTO -duplex AUTO -flowcontrol RXTX -autoneg ENABLED -hamonitor ON
set interface 1/2 -speed AUTO -duplex AUTO -flowcontrol RXTX -autoneg ENABLED -hamonitor ON
set interface 1/3 -speed AUTO -duplex AUTO -flowcontrol RXTX -autoneg ENABLED -hamonitor ON
set interface 1/4 -speed AUTO -duplex AUTO -flowcontrol RXTX -autoneg ENABLED -hamonitor ON
add channel LA/1 -ifnum 1/1 1/2 -Mode MANUAL -conndistr ENABLED -macdistr BOTH -speed AUTO -flowcontrol RXTX -hamonitor ON
add channel LA/2 -ifnum 1/3 1/4 -Mode MANUAL -conndistr ENABLED -macdistr BOTH -speed AUTO -flowcontrol RXTX -hamonitor ON
The above example set up two Link Aggregation channels with names LA/1 and LA/2 where LA/1 comes with physical interface 1/1 and 1/2 and LA/2 comes with physical interface 1/3 and 1/4.
To add 802.1q tagging on LA/2, issue the following commands (suppose vlan 888 with 172.31.254.0/24 should be 802.1q tagged on this channel):
add vlan 888
bind vlan 888 -IPAddress 172.31.254.130 255.255.255.0
bind vlan 888 -ifnum LA/2 -tagged
NetScaler does not support Port Aggregation Protocol (PAgP) or Link Aggregation Control Protocol (LACP) directly, but is based on the 802.3ad standard. Either the PAgP/On (EtherChannel) or LACP/On (802.3ad) setting works, but the latter is preferable.
Here are the relevant Cisco documents:
CatOS – http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_8_4/confg_gd/channel.htm
IOS – http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/swcg/channel.htm
Also, remember to tune the port channel load balancing algorithm appropriately using the following command:
For CatOS:
set port channel all distribution {ip | mac | session | ip-vlan-session} [source | destination | both}
For IOS:
port-channel load-balance {src-mac | dst-mac | src-dst-mac | src-ip | dst-ip | src-dst-ip | src-port | dst-port | src-dst-port}
Beware that a High Availability packet is always sent or received untagged. Thus, the primary and secondary NetScalers must have connectivity through a native VLAN in order for High Availability to working properly. In the order words, the native VLAN number of the port channels connecting to the primary and secondary NetScalers must be the same.
To configure the native VLAN number on a Cisco switch:
For CatOS:
set vlan <vlan-number> <mod/port>
For IOS:
int <mod/port>
switchport trunk native vlan <vlan-number>
For a High Availability pair, you can verify that you have setup the native/untagged VLAN correctly through this FreeBSD shell command:
In NetScaler version 5.2:
# /etc/nsconmsg -g ha_err_sw_monitor_fail -d stats
In NetScaler version 6.x:
# /netscaler/nsconmsg -g ha_err_sw_monitor_fail -d stats
Note: The ha_err_sw_monitor_fail should NOT be incrementing (when run multiple times) if everything is set up correctly.
