Skip to content
Grant Curell's Projects

Dell OS10 Load Balancing with LAG Config

In this test case the goal is to create a simple load balancer using a reverse LAG port. The idea is to have one input port which is then mirrored to a logical LAG port and at the other end of the LAG port is a number of security sensors.

After test 3 I added the command:

OS10(config)# enhanced-hashing resilient-hashing lag

Helpful Links

Section titled “Helpful Links”

ONIE Network Install Process Overview

Dell OS10 Manual

My Configuration

Section titled “My Configuration”

General Configuration

Section titled “General Configuration”
  • ONIE host is running RHEL 8
  • I am using a Dell S4112F-ON for testing
  • OS10 10.5.0.2
  • PFSense running DNS and DHCP as services

RHEL Release Info

Section titled “RHEL Release Info”
NAME="Red Hat Enterprise Linux"
VERSION="8.0 (Ootpa)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="8.0"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Red Hat Enterprise Linux 8.0 (Ootpa)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:8.0:GA"
HOME_URL="https://www.redhat.com/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"


REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 8"
REDHAT_BUGZILLA_PRODUCT_VERSION=8.0
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="8.0"
Red Hat Enterprise Linux release 8.0 (Ootpa)
Red Hat Enterprise Linux release 8.0 (Ootpa)

OS 10 Version

Section titled “OS 10 Version”
OS10# show version
Dell EMC Networking OS10 Enterprise
Copyright (c) 1999-2019 by Dell Inc. All Rights Reserved.
OS Version: 10.5.0.2
Build Version: 10.5.0.2.468
Build Time: 2019-10-19T00:29:00+0000
System Type: S4112F-ON
Architecture: x86_64
Up Time: 00:03:39

Setup ONIE Prerequisites

Section titled “Setup ONIE Prerequisites”

See ONIE Install Setup for instructions.

Configure Management Interface

Section titled “Configure Management Interface”

See Configure Management Interface on Dell OS10

Configure Device for LAG

Section titled “Configure Device for LAG”

Physical Configuration

Section titled “Physical Configuration”
  • 1, 1Gb/s copper SFP (Ethernet 1/1/1) for input
  • 2, 1Gb/s copper SFPs (Ethernet 1/1/5/Ethernet 1/1/10) and 1, 1Gb/s, fiber SFP (Ethernet 1/1/12) for output

Configuration

Section titled “Configuration”
! Version 10.5.0.2
! Last configuration change at Nov  01 02:25:00 2019
!
ip vrf default
!
interface breakout 1/1/13 map 100g-1x
interface breakout 1/1/14 map 100g-1x
interface breakout 1/1/15 map 100g-1x
iscsi enable
iscsi target port 860
iscsi target port 3260
system-user linuxadmin password $6$5DdOHYg5$JCE1vMSmkQOrbh31U74PIPv7lyOgRmba1IxhkYibppMXs1KM4Y.gbTPcxyMP/PHUkMc5rdk/ZLv9Sfv3ALtB61
enhanced-hashing resilient-hashing lag
username admin password $6$q9QBeYjZ$jfxzVqGhkxX3smxJSH9DDz7/3OJc6m5wjF8nnLD7/VKx8SloIhp4NoGZs0I/UNwh8WVuxwfd9q4pWIgNs5BKH. role sysadmin priv-lvl 15
aaa authentication login default local
aaa authentication login console local
!
class-map type application class-iscsi
!
policy-map type application policy-iscsi
!
interface vlan1
no shutdown
!
interface port-channel1
no shutdown
switchport access vlan 1
!
interface mgmt1/1/1
no shutdown
no ip address dhcp
ip address 192.168.1.20/24
ipv6 address autoconfig
!
interface ethernet1/1/1
no shutdown
switchport access vlan 1
flowcontrol receive on
!
interface ethernet1/1/2
no shutdown
switchport access vlan 1
flowcontrol receive on
!
interface ethernet1/1/3
no shutdown
switchport access vlan 1
flowcontrol receive on
!
interface ethernet1/1/4
no shutdown
switchport access vlan 1
flowcontrol receive on
!
interface ethernet1/1/5
no shutdown
channel-group 1
no switchport
speed 1000
flowcontrol receive on
!
interface ethernet1/1/6
no shutdown
switchport access vlan 1
flowcontrol receive on
!
interface ethernet1/1/7
no shutdown
switchport access vlan 1
flowcontrol receive on
!
interface ethernet1/1/8
no shutdown
switchport access vlan 1
flowcontrol receive on
!
interface ethernet1/1/9
no shutdown
switchport access vlan 1
speed 1000
flowcontrol receive on
!
interface ethernet1/1/10
no shutdown
channel-group 1
no switchport
speed 1000
flowcontrol receive on
!
interface ethernet1/1/11
no shutdown
switchport access vlan 1
flowcontrol receive on
!
interface ethernet1/1/12
no shutdown
channel-group 1
no switchport
speed 1000
flowcontrol receive on
!
interface ethernet1/1/13
no shutdown
switchport access vlan 1
flowcontrol receive on
!
interface ethernet1/1/14
no shutdown
switchport access vlan 1
flowcontrol receive on
!
interface ethernet1/1/15
no shutdown
switchport access vlan 1
flowcontrol receive on
!
monitor session 1
destination interface port-channel1
source interface ethernet1/1/1
no shut
!
snmp-server contact "Contact Support"
!
telemetry

Findings

Section titled “Findings”

This time traffic still went to different Wireshark sessions as you can see in the below.

On host 3 you can see the synchronize packet go out with sequence number 3195700332 and you notice that the SYN, ACK response is missing. Look at host 2 and you can see the SYN, ACK with the expected response of 3195700333.

Traffic to Different Wireshark Sessions

Section titled “Traffic to Different Wireshark Sessions”

However a session on host 1 seems to work correctly.

Host 1 Session with Correct Output

Section titled “Host 1 Session with Correct Output”

A More Definitive Test

Section titled “A More Definitive Test”

I wanted to be sure of my findings so I crafted a new PCAP. This time, I started a capture on my desktop and opened a new connection to vCenter knowing this should generate several new streams. I then closed the browser entirely to ensure those same sessions would close. I saved the capture off and sent it to my traffic replay system.

I then played it back with tcpreplay. I then grabbed a random stream from the sequence to confirm whether I could see the entire three way hand shake on one host or not.

As suspected the initial syn hit one Wireshark session and the response went to a separate Wireshark session.

Host 1

Section titled “Host 1”

Host 3

Section titled “Host 3”