Use Case 1: Multiple Active Detection

What is MAD?

Multiple Active Detection (MAD) is a protection mechanism against the fallout of a VSF stack split. A stack split occurs when there is a connectivity failure between the two stack switches. The simplest protection against connectivity failure is to have multiple redundant ports in the VSF link.

The two switches operate in a "split-brain" scenario. Both split fragments cannot talk to each other and are forwarding traffic, but:
  • they have the same MAC address,

  • they have the same IP addresses on all VLANs, and

  • depending on the deployment, they are likely to be connected to same uplink/downlink switches though a link-aggregation.

A MAD protocol must be enabled to prevent network-wide issues that a stack split can cause. MAD protocols attempt to detect the presence of the other stack fragment. If detected, the goal of MAD is to keep only one stack fragment up. The other stack fragment is brought down (all switch ports are disabled). This prevents issues caused by duplicate IP addresses and/or duplicate MAC address.

Figure 110: MAD interconnect device
NOTE:

Once a MAD decision has been accepted and the active member is determined, the member remains in the current state until the VSF fabric has been repaired.

LLDP MAD

LLDP-MAD is used to detect multiple-active VSF fragments. This protocol is not supported for more than 2–member stacking switches. When a VSF fabric existing between an active and a standby member fails, LLDP-MAD determines whether multiple active topology is in place. If LLDP-MAD is configured and a VSF split occurs, one of the VSF members will become inactive, which disables the non-VSF frontplane ports. This ensures that only one of the members will be actively forwarding traffic.

Figure 111: LLDP-MAD

MAD readiness check

The MAD assist device must be connected over a LACP trunk interface to the VSF device. Once you configure the IP address of a MAD assist device, the VSF switch will perform a MAD readiness check to determine:
  • If the MAD assist device is reachable.

  • If a trunk interface is used to reach the device.

  • If the trunk state is up.

If the above three conditions are not met, MAD will fail to detect dual active fragments during a VSF split. This error will create a log message.
NOTE:

The MAD readiness check is repeated periodically. If MAD-probe parameters have changed, an appropriate message will be logged.

VLAN MAD

MAD VLAN can be used for management. Switches which support VSF and do not have OOBM ports, use front-plane ports to detect active stack fragments upon split. One port from each member of the stack should be part of a MAD VLAN and it should be connected to MAD interconnect device in the same network. MAD VLAN can be used for the purpose of management like telnet and SSH. The front-plane ports of switches which support only VSF will be part of one VLAN called MAD VLAN.

Limitations of VLAN MAD

  • Any other protocol which may alter the functionality of VLAN MAD should not be enabled on VLAN MAD.

  • Proper functionality of VLAN MAD cannot be ensured when there is more than one failure.

  • Only one port per member can be assigned to the VLAN MAD.

  • A source port filter cannot be configured on a port that is a member of the VLAN MAD.

  • VLAN MAD cannot be configured on a VLAN that has source port filter enabled member ports.

  • Trunk ports cannot be assigned to the VLAN MAD.

  • The default VLAN cannot also be the VLAN MAD.

  • GVRP cannot be configured on VLAN MAD member ports. Use the interface level unknown-vlans command to disable GVRP in ports.

  • MVRP cannot be enabled on VLAN MAD member ports.

  • VLAN MAD cannot be configured when multicast filter is enabled for MAC address 0x00, 0x12, 0x79, 0x4a, 0xd5, and 0x82.

  • LACP enabled port cannot be part of the MAD VLAN.

  • BPDU filtering cannot be disabled on MAD VLAN ports.