Link Aggregation: LACP and PAgP

Link Aggregation, also known as port trunking or NIC teaming, combines multiple physical Ethernet links into a single logical link. This provides:

The IEEE standard is 802.3ad (later 802.1AX), commonly called LACP (Link Aggregation Control Protocol). Cisco also offers a proprietary version called PAgP (Port Aggregation Protocol). Both accomplish the same goal but are not interoperable.

LACP uses frames called LACPDUs (Link Aggregation Control Protocol Data Units) exchanged between switches to negotiate the formation of a link aggregation group (LAG).

Key concepts: - Actor: The local switch sending LACPDUs - Partner: The remote switch receiving LACPDUs - System ID: A 64-bit value combining switch priority (2 bytes) and MAC address (6 bytes) - Port ID: A 16-bit value combining port priority (2 bytes) and port number (2 bytes) - Admin Key: A 16-bit value that identifies the aggregation group the port belongs to (configured by the administrator) - Oper Key: A 16-bit value that is the actual key used for aggregation after negotiation

LACP PDU format (simplified): - Subtype = 0x01 for LACP - Version = 1 - Actor Information (TLV): System Priority, System MAC, Port Priority, Port Number, Key, State (Activity, Timeout, Aggregation, Synchronization, Collecting, Distributing, Default, Expired) - Partner Information (TLV): Same fields for the remote side - Collector Information: Max delay (used for collecting frames) - Terminator TLV

LACP State Flags (8 bits): - Bit 0: LACP_Activity (1=active, 0=passive) - Bit 1: LACP_Timeout (1=short timeout, 0=long timeout) - Bit 2: Aggregation (1=port can be aggregated, 0=standalone) - Bit 3: Synchronization (1=port is in sync with partner, 0=not in sync) - Bit 4: Collecting (1=port is ready to receive frames) - Bit 5: Distributing (1=port is ready to send frames) - Bit 6: Default (1=using default partner info, 0=received partner info) - Bit 7: Expired (1=partner info is aged out)

LACP Modes: - Active: The port actively sends LACPDUs every second (default). This is the mode that initiates negotiation. - Passive: The port only responds to LACPDUs but does not initiate. A passive port will not form a LAG with another passive port — at least one side must be active.

LACP Timeouts: - Short timeout (3 seconds): Used when fast failure detection is needed. LACPDUs are sent every 1 second; partner info expires after 3 missed PDUs. - Long timeout (90 seconds): Default. LACPDUs sent every 30 seconds; partner info expires after 90 seconds.

LACP Negotiation Process: 1. An active port sends LACPDUs with its system and port information, including its state flags (Activity=Active, Timeout=Long, Aggregation=Yes, Sync=No, Collecting=No, Distributing=No). 2. The passive port receives the PDU and responds with its own information, setting its Activity flag to Passive. 3. Both ports compare each other's system ID and port IDs. The system with the lower system priority (or lower MAC if equal) becomes the aggregator. The aggregator's key is used as the operational key. 4. Once both sides agree on the aggregation parameters, they set the Sync flag to 1, then the Collecting and Distributing flags to 1. The LAG becomes operational. 5. LACPDUs continue to be exchanged periodically to maintain the link. If a PDU is missed for the timeout period, the link is considered down and removed from the LAG.

PAgP (Port Aggregation Protocol) is Cisco's pre-standard implementation, defined before IEEE 802.3ad. It is not interoperable with LACP. PAgP uses Cisco Discovery Protocol (CDP) messages to exchange aggregation information.

PAgP Modes: - Desirable: The port actively sends PAgP packets and tries to form an EtherChannel. Equivalent to LACP Active. - Auto: The port only responds to PAgP packets but does not initiate. Equivalent to LACP Passive. - On: The port is forced into the channel without negotiation. Both ends must be set to On for the channel to form. No negotiation occurs.

PAgP Negotiation: - PAgP uses CDP packets with a type code of 0x2000 (PAgP). - The packets contain the system ID, port ID, and capabilities. - The negotiation follows similar logic to LACP: both sides exchange information, and the switch with the lower bridge ID (priority + MAC) becomes the aggregator. - PAgP does not have the concept of keys; instead, it uses the channel-group number directly.

PAgP Timers: - PAgP packets are sent every 30 seconds (default). - If 3 consecutive packets are missed (90 seconds), the port is considered down.

LACP Configuration on Cisco IOS:

interface GigabitEthernet0/1
 channel-group 1 mode active
interface GigabitEthernet0/2
 channel-group 1 mode active
interface Port-channel1
 switchport mode trunk

PAgP Configuration:

interface GigabitEthernet0/1
 channel-group 1 mode desirable
interface GigabitEthernet0/2
 channel-group 1 mode desirable
interface Port-channel1
 switchport mode trunk

Verification Commands: - show etherchannel summary – Displays port-channel status, member ports, and protocol (LACP or PAgP) - show etherchannel port-channel – Detailed info about the port-channel interface - show lacp neighbor – Shows LACP neighbor details, including system ID, port ID, and state flags - show pagp neighbor – Shows PAgP neighbor details - show interfaces port-channel 1 – Shows interface statistics and bandwidth

Example Output:

Switch# show etherchannel summary
Flags:  D - down        P - in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      f - failed to allocate aggregator

        u - unsuitable for bundling
        w - waiting to be aggregated
        d - default port

Number of channel-groups in use: 1
Number of aggregators:           1

Group  Port-channel  Protocol    Ports
------+-------------+-----------+----------------------------------------------
1      Po1(SU)         LACP      Gi0/1(P)   Gi0/2(P)

Spanning Tree Protocol (STP): STP treats the entire port-channel as a single logical link. STP runs on the port-channel interface, not on individual member links. This prevents loops while allowing redundancy within the bundle.

VLANs: A port-channel can be configured as a trunk (802.1Q) carrying multiple VLANs. All member ports must have the same VLAN configuration (same allowed VLANs, same native VLAN). Mismatched VLAN configurations can cause the channel to fail to form.

Load Balancing: Traffic distribution across member links is based on a hash algorithm using source/destination MAC, IP, or TCP/UDP port numbers. The hash is computed per frame/packet, and all frames in a flow use the same link to maintain ordering. Common hash algorithms include: - src-mac - dst-mac - src-dst-mac - src-ip - dst-ip - src-dst-ip - src-port - dst-port - src-dst-port

MTU: The MTU of the port-channel interface applies to all member links. All member links should have the same MTU setting.

In enterprise data centers, link aggregation is ubiquitous. Here are two common deployment scenarios:

1. Server-to-Switch Aggregation (NIC Teaming): A web server with four 1 Gbps NICs is connected to a top-of-rack (ToR) switch. The server's OS (e.g., Windows Server or Linux) uses LACP (mode 802.3ad) to bond the four NICs into a single logical interface with 4 Gbps throughput. The switch ports are configured as LACP active. The load-balancing hash on the server is typically based on source and destination IP addresses. This setup provides both increased bandwidth and failover: if one NIC or cable fails, traffic continues on the remaining three. A common misconfiguration is mismatched speed or duplex on one NIC, causing the link to be suspended. The engineer must ensure all NICs are set to the same speed (1 Gbps full duplex) and that the switch ports match. Another issue is VLAN mismatch: if the switch trunk allows VLANs 10,20,30 but the server is configured for VLAN 10 only, the LAG may form but traffic for VLAN 20/30 will be dropped. The solution is to configure the port-channel as a trunk with matching allowed VLANs.

2. Switch-to-Switch Uplink Aggregation: In a campus network, two distribution switches are connected via four 10 Gbps fiber links. The links are aggregated using LACP to form a 40 Gbps logical uplink. The configuration on both switches uses LACP active mode. The load-balancing algorithm is set to src-dst-ip because traffic is Layer 3 (routed). The port-channel is configured as a trunk carrying multiple VLANs. The network engineer also configures the port-channel as a member of a spanning tree instance (e.g., Rapid PVST+), and STP treats the LAG as a single link. A failure scenario: one fiber link is accidentally cut. LACP detects the loss of LACPDUs within 3 seconds (if short timeout is configured) and removes the link from the LAG. The remaining three links continue to carry traffic without STP reconvergence. However, if LACP is not used and the link is configured in 'on' mode, a unidirectional link failure (one direction works, other fails) can cause a loop because the switch on the working side still thinks the link is up. LACP's continuous handshake prevents this by detecting the loss of PDUs in both directions. This is why LACP is strongly recommended over static 'on' mode.

3. Cloud Provider Leaf-Spine Fabric: In a modern leaf-spine architecture, each leaf switch connects to each spine switch via multiple 100 Gbps links aggregated into a 400 Gbps LAG. The configuration uses LACP with short timeout (1 second) for fast convergence. The load-balancing algorithm is often 'src-dst-ip' to spread flows across all links. The spine switches are configured with LACP passive to reduce PDU overhead (since leaves initiate). A common issue is when a leaf switch's LACP system priority is accidentally set too high, causing a different leaf to become the aggregator and disrupting traffic. The engineer must ensure consistent system priority across all switches. Also, the maximum of 8 active links per LAG is a hard limit; if more than 8 links are needed, the engineer must use multiple LAGs or upgrade to higher-speed interfaces.