Flex Links
Flex Links, otherwise known as the devil for your L2 network.
In all fairness, lets actually figure out what this feature
is used for.
The most important thing you need to know is the fact that
Flex links disable your spanning-tree process.
By that very sentence alone, you should be concerned.
I like to call Flex links, backup-links instead, because that is in fact what it is.
If you have two uplink ports to your upstream switch as seen in our topology below, you might want to have one link in a standby mode, ready to take over immediately. Flex links provides this for you.
Topology for Flex Links
In this case, our upstream switch, Cat4 is connected to our downstream switch, Cat2.
I am using two vlan’s to demonstrate all of this. Vlan 100 and Vlan 200. I have created an SVI on both switches in each of these vlan’s:
Cat2:
Vlan 100: 192.168.100.2
Vlan 200: 192.168.200.2
Cat4:
Vlan 100: 192.168.100.4
Vlan 200: 192.168.200.4
The configuration itself takes place on Cat2.
Under the primary interface, which we have selected f0/21 to be, we define which interface we want to have as our backup interface.
Both the interfaces have been set to static trunk mode to carry our vlans.
Before we do any configuration, lets see how things are looking with regular spanning-tree:
Cat4:
Cat4#sh span vl 100 VLAN0100 Spanning tree enabled protocol rstp Root ID Priority 32868 Address 0016.9d94.4900 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32868 (priority 32768 sys-id-ext 100) Address 0016.9d94.4900 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------- Fa0/21 Desg FWD 19 128.23 P2p Fa0/22 Desg FWD 19 128.24 P2p Cat4#sh span vl 200 VLAN0200 Spanning tree enabled protocol rstp Root ID Priority 32968 Address 0016.9d94.4900 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32968 (priority 32768 sys-id-ext 200) Address 0016.9d94.4900 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------- Fa0/21 Desg FWD 19 128.23 P2p Fa0/22 Desg FWD 19 128.24 P2p
and on Cat2, our downstream switch:
Cat2#sh span vl 100 VLAN0100 Spanning tree enabled protocol rstp Root ID Priority 32868 Address 0016.9d94.4900 Cost 19 Port 23 (FastEthernet0/21) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32868 (priority 32768 sys-id-ext 100) Address 0016.9d94.8e80 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------- Fa0/21 Root FWD 19 128.23 P2p Fa0/22 Altn BLK 19 128.24 P2p Cat2#sh span vl 200 VLAN0200 Spanning tree enabled protocol rstp Root ID Priority 32968 Address 0016.9d94.4900 Cost 19 Port 23 (FastEthernet0/21) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32968 (priority 32768 sys-id-ext 200) Address 0016.9d94.8e80 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------- Fa0/21 Root FWD 19 128.23 P2p Fa0/22 Altn BLK 19 128.24 P2p
If you look closely at these outputs, you can deduce a couple of things.
First off, we are running RSTP (802.1w). Cat4 is our root bridge in the topology.
Secondly we can see that our active link from Cat2 towards Cat4 is Fa0/21 and Fa0/22 is in a blocking state.
Now, instead of using spanning-tree to converge on the Fa0/22 link when Fa0/21 goes down, lets use Flex Links.
We configure the feature on the primary interface:
Cat2(config)#int f0/21 Cat2(config-if)#switchport backup interface f0/22
Immediately we see this information:
Cat2(config-if)# *Mar 1 01:55:39.433: %SPANTREE-6-PORTDEL_ALL_VLANS: FastEthernet0/21 deleted from all Vlans *Mar 1 01:55:39.467: %SPANTREE-6-PORTDEL_ALL_VLANS: FastEthernet0/22 deleted from all Vlans
This is basically the point in time that spanning-tree is disabled for these two links.
We can verify this:
Cat2(config-if)#do sh span vlan 100 Spanning tree instance(s) for vlan 100 does not exist.
To verify the Flex Link feature itself, the command is:
Cat2#sh int switchport backup detail Switch Backup Interface Pairs: Active Interface Backup Interface State ------------------------------------------------------------------------ FastEthernet0/21 FastEthernet0/22 Active Up/Backup Standby Preemption Mode : off Multicast Fast Convergence : Off Bandwidth : 100000 Kbit (Fa0/21), 100000 Kbit (Fa0/22) Mac Address Move Update Vlan : auto
With this bit of information, we see that our active interface is F0/21 and that Fa0/22 is configured as the backup interface.
Lets make sure we got connectivity between Cat2 and Cat4:
Cat2#ping 192.168.100.4 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.100.4, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms Cat2#ping 192.168.200.4 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.200.4, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 1/2/8 ms
Everything looks good. Time to bring down the primary (Fa0/21) interface and see if Fa0/22 takes over. In another terminal, i have issued a ping test from Cat2 to Cat4 on the vlan interfaces. I will use this to see how much data is lost if any:
Cat2(config)#int f0/21 Cat2(config-if)#sh Cat2(config-if)#do sh int sw back de Switch Backup Interface Pairs: Active Interface Backup Interface State ------------------------------------------------------------------------ FastEthernet0/21 FastEthernet0/22 Active Down/Backup Up Preemption Mode : off Multicast Fast Convergence : Off Bandwidth : 10000 Kbit (Fa0/21), 100000 Kbit (Fa0/22) Mac Address Move Update Vlan : auto
And our ping results from Cat2 to Cat4:
Success rate is 100 percent (2000/2000), round-trip min/avg/max = 1/4/34 ms
Great! we didnt loose a single ICMP packet.
So lets summarize. We have used the Flex Link feature in order not to run spanning-tree between Cat2 (downstream) and Cat4 (upstream). In the event that we loose Fa0/21 on Cat2, we immediately switch over to Fa0/22.
If you have used other technologies regarding backup of something, you have probably come across the notion that you want to fall back to the original state after the primary links come back online. In order to do that, we need to get into the concept of preemption.
Preemption basically means under which circumstances (if any), do you want to return traffic to the primary link.
Lets assume that we want to resume to the primary link as soon as possible, with no regard to the bandwidth of the primary interface or anything of that nature.
In order to do that we need to do a few more commands on the Fa0/21 (primary) interface:
Cat2(config-if)#switchport backup interface Fa0/22 preemption mode forced Cat2(config-if)#switchport backup interface Fa0/22 preemption delay 1
This tells the Flex Link feature that when the Fa0/21 (primary) link comes back online, return data to it no matter what and that the preemption delay should be the absolute minimum (1 second). Use this with caution in real life however as you want to make sure that the link is really functioning and operational. The default delay is 35 seconds.
Lets see what happens when we shut down Fa0/21 (primary) and after a while turn it back on again:
Cat2(config-if)#do sh int sw back de Switch Backup Interface Pairs: Active Interface Backup Interface State ------------------------------------------------------------------------ FastEthernet0/21 FastEthernet0/22 Active Up/Backup Standby Preemption Mode : forced Preemption Delay : 1 seconds Multicast Fast Convergence : Off Bandwidth : 100000 Kbit (Fa0/21), 100000 Kbit (Fa0/22) Mac Address Move Update Vlan : auto Cat2(config-if)#int f0/21 Cat2(config-if)#sh Cat2(config-if)# *Mar 1 02:19:40.269: %LINK-5-CHANGED: Interface FastEthernet0/21, changed state to administratively down *Mar 1 02:19:41.276: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/21, changed state to down Cat2(config-if)# Cat2(config-if)# Cat2(config-if)#do sh int sw back de ... Active Interface Backup Interface State ------------------------------------------------------------------------ FastEthernet0/21 FastEthernet0/22 Active Down/Backup Up Preemption Mode : forced Preemption Delay : 1 seconds Multicast Fast Convergence : Off Bandwidth : 10000 Kbit (Fa0/21), 100000 Kbit (Fa0/22) Mac Address Move Update Vlan : auto Cat2(config-if)#no sh Cat2(config-if)# *Mar 1 02:19:55.025: %LINK-3-UPDOWN: Interface FastEthernet0/21, changed state to up Cat2(config-if)# *Mar 1 02:19:55.612: %BACKUP_INTERFACE-5-PREEMPT: Preempting interface Fa0/22 in backup pair (Fa0/21, Fa0/22), preemption mode is forced Cat2(config-if)#do sh int sw back de *Mar 1 02:19:58.690: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/21, changed state to up Cat2(config-if)#do sh int sw back de ... Active Interface Backup Interface State ------------------------------------------------------------------------ FastEthernet0/21 FastEthernet0/22 Active Up/Backup Standby Preemption Mode : forced Preemption Delay : 1 seconds Multicast Fast Convergence : Off Bandwidth : 100000 Kbit (Fa0/21), 100000 Kbit (Fa0/22) Mac Address Move Update Vlan : auto
Long output, but it demonstrates what is happening. After the Flex Link is using the Fa0/22 (backup) interface, we turn the Fa0/21 (primary) interface back on, which causes Flex Link to preempt the data back onto the F0/21 link.
Again, be advised, that since spanning-tree is still in function on Cat4 and that it doesnt receive any BPDU’s from Cat2, it treats it “old style”, meaning going through the blocking, listening and learning states, it will take some time for Cat4 to reach a forwarding state for the Fa0/21 (primary) link. In effect, this means that switching back with such a fast preemption will cause you to loose data.
I hope this has been of some use to you and i urge you to goto the Cisco documentation to learn more about this feature if you so desire: