Cisco Flex Links: Time to Retire Spanning Tree?
With Flex Links, you get simple, reliable, and scalable layer 2 redundancy. Unlike Spanning Tree, Flex Links pairs don't "just work." Here's how to configure your network for them.
Cisco Flex Links gives network operators a simple, reliable, and more scalable method of layer 2 redundancy. The Spanning Tree Protocol (STP) is not destined for the scrap bin, but it will certainly fall out of favor with many enterprise networks.
Flex Links are a pair of layer 2 interfaces configured to act as a backup of each other. Configuring Flex Links is very simple, but it’s a manual process. Spanning tree can configure itself if you just enable it, albeit likely a sub-optimal configuration, but a working one nonetheless. Flex Links, on the other hand, require manual setup and layout of your layer 2 network. If you don’t want to leave anything to chance, then Flex Links are preferred over STP.
The benefits of Flex Links include:
- simplicity, which equals stability.
- instant failover.
- rudimentary load balancing capabilities, so one link isn’t wastefully idle.
- load balancing works across switches in a stack, including port channels.
A Flex Links pair's primary operating mode is just like spanning tree: one on, one off. With per-VLAN spanning tree, a trunk port can have some VLANs enabled and some blocked at the same time, so on the surface it seems that STP is superior. In reality, you can configure Flex Links to load balance VLANs, and we’ll show you how shortly.
Conceptually, you configure a Flex Links pair by telling one link it’s the active link, and another that it’s the backup of that primary (active) one. Without configuring VLAN load balancing, it will completely disable the backup, and if the active link goes down the backup will take over.
For example, to configure port gi1/0/1 as a active link, and gi1/0/2 as the backup, you’d run:
Switch# configure terminal Switch(conf)# interface gigabitethernet1/0/1 Switch(conf-if)# switchport backup interface gigabitethernet1/0/2
That’s all there is to configuring the basic mode, which gets you failover but no load balancing. Before talking about load balancing, let’s take a look at preemption and “mac address-table move update.”
Preemption, that is, the preferred port for forwarding traffic, is also configurable. This is most often used in combination with multiple links that have differing bandwidth capacities. If you wish to ensure that port 1, a primary port that has more bandwidth, will return to the active link when it comes back up, you would set: interface preemption mode bandwidth and switchport backup interface preemption delay. The delay is used to set the amount of time (in seconds) to wait before allowing port 1 to preempt port 2 and begin taking over traffic again.
MAC Address-Table Move Update
Enabling the MAC address-table move update feature allows for rapid convergence when a primary link goes down and the backup takes over traffic forwarding duties. Without this feature enabled, neighboring switches may continue to forward traffic for a short time to a dead port, since they have learned MAC addresses associated with that link.
When move update is enabled, the switch containing Flex Links will broadcast an update packet to let other switches know what happened, and they will in turn un-learn that false MAC address mapping.
On the switch with Flex Links, simply configure:
Switch(conf)# mac address-table move update transmit
All switches, including ones with Flex Links, need to receive these updates. This is not enabled by default, so you’ll need to run the following command on all of your devices:
Switch(conf)# mac address-table move update receive
To see the status and verify that “move update” is enabled, run: show mac address-table move update. Checking the status of your Flex Links is much the same:
show interfaces [interface-id] switchport backup.
Flex Links should be configured such that both ports are forwarding traffic at the same time. This way, you get load balancing in addition to redundancy. The limitation is that only one port can be forwarding a single VLAN at a time. If we have VLANs 1-200, we need to choose which VLANs are forwarded primarily through which port. The most simple configuration, ignoring traffic requirements, would be that VLANs 1-100 use port 1, and VLANs 101-200 use port 2.
Before we get into configuring preferred VLANs, let’s talk about multicast . Multicast, of course, becomes an issue with this type of setup. If a port passed an IGMP join, and the switch is part of a multicast group, when the port goes down the switch will no longer be able to receive multicast traffic for that group. The quick fix is to make both Flex Links always be part of learned groups, with the command
switchport backup interface gigabitEthernet 1/0/12 multicast fast-convergence.
Now, on to VLAN load balancing. It is quite easy; just specify which VLANs you prefer on which links:
Switch(config-if)#switchport backup interface gigabitEthernet1/0/2 prefer vlan 101-200.
If you have VLANs 1-200 on the switch, show interfaces switchport backup will show you:
Vlans Preferred on Active Interface: 1-100 Vlans Preferred on Backup Interface: 101-200
If a link goes down, VLANs that are preferred on that interface will be moved to the other link in the pair. Likewise, when a link returns to service, its preferred VLANs are blocked on the backup and returned to the preferred link.
Be sure to run
show interfaces switchport backup detail to see the full status, including link speeds, preemption modes, the MAC address-table move update status.
In summary, the simplicity of Flex Links make it a better choice for carrier and core enterprise networks over the ubiquitous spanning tree protocol. Link-level redundancy is had via STP, but with Flex Links you have more control and better load balancing capabilities. This certainly means that it takes longer to configure since you are planning the layer 2 network manually, but when you need a stable no-surprises link-layer network, Flex Links are definitely the way to go.
Charlie Schluting is the author of Network Ninja, a must-read for every network engineer.