Switch in HA
Posted by Cultural_Log6672@reddit | sysadmin | View on Reddit | 38 comments
Good morning. I'm looking for a solution to put switches in HA. That is to say, connect a server for example on each of the switches and if the first switch falls it continues seamlessly on the second. Do you have any ideas for a solution ?
ErrorID10T@reddit
Easiest route is probably switch stacking. MLAG works but is extra configuration. Stacking will just make the two switches behave as a single switch, then use LACP across both switches or NIC teaming, or whatever your server supports for connection redundancy.
Cultural_Log6672@reddit (OP)
In this case, you also need stacking-compatible switches? And they are much more expensive. If I interconnect two switches in lacp between them and I activate rstp it will work right?
ErrorID10T@reddit
Stackable switches don't have to be particularly expensive. I run a datacenter on stacked refurbished cisco switches that cost me less than $500 each. Aruba switches generally have stacking built in, or you can add a stacking module.
Stacking does require purchasing two compatible switches, which generally means identical models, or at minimum very similar models.
There are honestly a ton of solutions for what you're looking for. What switches do you currently have and what are you running on these servers? Windows/Linux/VMWare/Proxmox/other?
Cultural_Log6672@reddit (OP)
Stackable switches need to have stack functionality and all the ones I've seen are expensive. Do Cisco have their own stack as well as other manufacturers? Isn't it easier to interconnect two non-stackable switches via lacp and activate rstp so if one of the two switches is down the data continues to transit on the remaining switch?
ErrorID10T@reddit
Stacking is generally a proprietary thing, and it's usually found on the higher end switches. You can accomplish this with LACP, and whether or not you need RSTP depends on your network layout, it may or may not be necessary for your configuration.
For example, I have an environment with 2 Palo Alto FWs, 2 Unifi Switches, and a bunch of servers. The FWs have link monitoring and are in an HA pair, so if one switch goes down the FW fails over to whichever one is connected to the working switch. The servers are all Windows configured with NIC teaming and don't require any special switch configuration, they just have connections to each switch and will use whatever connections are online. The only LACP connection is the one between the two switches to carry all of the VLANs, and I'm actually not sure off the top of my head if RSTP is enabled, but it wouldn't make a difference regardless, the only thing that would do is block switch loops, and as a 2 switch environment, this was specifically designed not to have any switch loops.
The real question is are you looking to purchase new switches, or see if you can accomplish your goal with the equipment you have?
squibby_sh@reddit
two general options
a).get switches that can be formed into a MLAG pair, which means they are logically treated as one unit and then you can uplink the servers to the two switches with LACP bonding
b) setup NIC teaming where one NIC of the server is in Active mode while the other NIC is on Standby.
easy to find guides for both approaches
ultimateVman@reddit
'A' is not that simple. This highly depends on the workloads required.
You MUST differentiate between the two ways switches are capable of being paired like this. There are two options and you MUST use one over the other based on the situation.
If you need ACTUAL redundancy, the switches must support VLT(Dell)/MLT/VCP(Cisco). This is technology that allows both switches to be independent but BEHAVE as if they were one logical switch but actually aren't. You need this tech if you are running datacenter redundancy, such as being able to update/reboot the switches independently of each other. This is critical in environments where you have host hypervisors or other clustered systems connected to both "legs" and must stay connected, especially Windows Failover Clustering.
The other option is an actual switch stack, as you described, two switches treated logically as one, (Cisco VSS). These configurations have a SERIOUS drawback, in that they are in fact treated as one, and all reboot together. Cisco will argue up and down that VSS is redundant, but they're not fooling anyone. Yes, there is a newish tech/feature that allows VSS stacked switches to reboot separately, but if you read closely, is under specific circumstances, and you WILL eventually have to restart the entire stack. There is no way around it.
You need one of these two solutions if you need LACP to span switches. LACP only works if all connections are connected to same VSS stack OR VLT pair.
squibby_sh@reddit
I’m not certain what your point is? I used mlag as an umbrella term and there’s no need to call out every vendors acronyms.
VSS is almost 20 years old, has been replaced by other solutions and if you’re rolling that you’re most likely on eol gear. So VSS is not a valid way to handle this at all
We aren’t under any obligation to list every option under the sun and suggesting that op look into mlag is one of the most common and simple patterns out there
Hell, he might not even need lacp at all depending on what he’s racking. Best practice with esxi and vcenter is to not use switch side bonding at all, but again that’s for OP to read, determine, and decide
ultimateVman@reddit
Correct. I was just making a point to distinguish between tech and not generalizing. VSS is not EoL and is still being shoved down the throats of Cisco customers. I felt there needed to be some clarification depending on what OP needs, especially if they are learning/asking about it. And naming the acronyms is informative for those looking for the right devices depending on their vendor of choice.
squibby_sh@reddit
Do you even bother to check stuff before you type? I will continue to use industry standard terms when appropriate and not rant about dell or solutions that died with cat6500s. lol
Cultural_Log6672@reddit (OP)
For the option a how is the lacp link then configured?
ultimateVman@reddit
If you are using LACP in a datacenter, and spanning switches you must use switches that have VLT/VCP features.
squibby_sh@reddit
that answer depends upon the make and model of your switches and your server operating system. This is a very common datacenter/server/networking task and it's easy to find explicit documentation.
SVD_NL@reddit
c) Active/Standy on your switch. Some managed switches support this feature (although i'd recommend your options if those are available)
MrYiff@reddit
What OS is the server running? This will affect the options available and the config needed.
LACP for example needs to be configured in both the OS and Switch configs.
That said there are normally options available that don't require any changes on the switch, Windows Server has a Switch Independent configuration that allows both active/active and active/passive options iirc.
PerseusAtlas@reddit
How many NICs does the server have? Also do you have redundancy protocols on the server set up. The switches are the easy part.
Cultural_Log6672@reddit (OP)
The server has 4 nics in total and I have not yet looked at the configuration of the redundancy protocols?
PerseusAtlas@reddit
Looks like others have already given you the best answers.
Jeff-J777@reddit
There are a number of ways. Like others have said MLAG is an option but that depends on your switches. I guess one question is the server a bare metal server running a single OS, or a hypervisor. If it is a bare metal, then NIC teaming would be a good fit.
If it is a hypervisor hosting VMs you just assign the NICs to the virtual switch and if one goes down the VM is none the wiser. I had an ESXi cluster and each ESI host had two copper connection to each switch stack. If a switch in stack A went down the data just went to stack B.
Cultural_Log6672@reddit (OP)
It’s a hyperV server
Cultural_Log6672@reddit (OP)
I thought about interconnecting the two switches together and configuring lacp is it a feasible option?
freethought-60@reddit
No, let's say your hosts are running Microsoft Windows Server 2022 or later and you have the Hyper-V role installed. Well, the only supported mode for NIC teaming is SET (short for Switch Embedded Teaming), and the only available model is the "switch independent" one with all NICs active simultaneously. In short, no static or dynamic (LACP) aggregation on the switch side.
Then, relatively cheaper switches can support "traditional" stacking technologies (allow me the expression) or, as you have already been told MC-LAG, which each manufacturer then implements in its own way. The practical result (to put it simply) is that they logically behave as if they were a single unit.
Of course, solutions exist, but what and how to implement them depends on youryour needs, expectations and what is available to do so.
Cultural_Log6672@reddit (OP)
The best solution is therefore to use mlag-compatible switches?
freethought-60@reddit
Let's keep it simple, in my specific case my HOSTS have the Hyper-V role installed and for NIC teaming I can only use SET mode, so static or dynamic aggregation is out of the question. I use "traditional" stacking because that's what my switches support, I know their limitations but as that meets my needs and expectations I have no concrete reason (practical and economic) to replace them with others that support MC-LAG: So from my perspective that's the "best solution" I've decided to adopt.
squibby_sh@reddit
lacp expects you to connect bond links to the same physical switch. two switches with a lacp bond between themselves is valid. a server connected to each switch running a lacp bond is not.
that's where mlag or similar tech comes in. lacp is fooled into thinking it's one switch when it's in fact two.
sakatan@reddit
Yes, but both switches need to be able to talk to each other so that ports from individual switches can be grouped. Stackable switches can do this. "Independent" switches don't.
MushyBeees@reddit
You don’t need anything special to do this. You dont need mlag, etherchannels, LACP, VRRP, or anything else that people here are going to tell you about.
Just switches that have the same spanning tree protocol/enabled/configured. I assume your firewall is doing layer 3 here.
Two switches sat behind servers. On each server configure a four port switch embedded team. Connect two ports to each of these two switches.
Make sure each switch is then connected to the rest of your switch infrastructure. Preferably by minimum two ports. Whether that’s two ports each switch or you interconnect them and then use one port each.
There is obviously a lot more to this. But this is the non complicated version.
Your uplinks (switch interconnects) should always offer more bandwidth than your server/endpoint connections. Eg 1gbps for endpoints vs 10gbps for switch interconnects.
squibby_sh@reddit
It sounds like you are describing the modern windows SET teaming which is just the same thing Active/passive or lacp. Your comment is a mess and full of horrible advice and misinformation. lmao
MushyBeees@reddit
You calling it “modern” is wild. It’s been the way to do it since 2016.
And no, it is not the same as active/passive and completely different to LACP.
That’s two swings and two huge misses. I suggest you don’t bother with a third.
squibby_sh@reddit
it looks to me like like you haven't been to MSFT's own documentation since at least 2016
MushyBeees@reddit
Oh, do point out to me the specifics. I’ll wait.
squibby_sh@reddit
https://learn.microsoft.com/en-us/powershell/module/hyper-v/set-vmswitchteam?view=windowsserver2025-ps
Set-VMSwitchTeam -TeamingMode {SwitchIndependent | Static | Lacp}
MushyBeees@reddit
Honestly what are you even doing here.
You’ve literally just linked the powershell for the legacy LBFO Nic teaming.
You’re either trolling or you are the shittest pretend sysadmin in the room.
squibby_sh@reddit
I think you're the one trolling because LBFO is controlled with completely different cmdlets. Not only do you give bad advice, but you're also an asshole
MushyBeees@reddit
Is there actually something wrong with you? Like, really? You literally went off quoting something completely unrelated to anything that’s been said and then went “aha! See!”
You’ve just linked the powershell syntax for a legacy command that we don’t use anymore.
And it doesn’t even do anything for your argument anyway as even if you did use the legacy LBFO teaming, you still don’t need mlag, LACP, or anything else.
I could link you about a dozen articles. But I’m not sure you’re able to read.
Here’s one anyway:
https://learn.microsoft.com/en-us/windows-server/get-started/removed-deprecated-features-windows-server?utm_source=chatgpt.com&tabs=ws22
Under features no longer in development:
Hyper-V Virtual Switch on LBFO The Hyper-V Virtual Switch no longer has the capability to be bound to an LBFO team. Instead, it must be bound via Switch Embedded Teaming (SET).
LBFO doesnt support any modern services. It doesn’t support SDN, RDMA, or anything else.
We don’t use it anymore.
I’m done with you. Although I’m certain you’re the type of person who can’t resist not getting the last word so go for it. Show us all how idiotic you are with another absolute nonsense post.
squibby_sh@reddit
LBFO teaming is handled with *-NetLbfoTeam cmdlets.
learn.microsoft.com/en-us/powershell/module/netlbfoteam/
and speaking of things that "have nothing to do with anything" you're the one who had the non-sequitur up there about 10G links which has nothing to do bonding
MushyBeees@reddit
Oh wait, I see what you’ve done here, you’ve completely invented your own powershell command structure.
-TeamingMode
Specifies the teaming mode. Currently, the only option is SwitchIndependent. Parameter properties
Expand table Type: VMSwitchTeamingMode Default value: None Accepted values: SwitchIndependent Supports wildcards: False DontShow: False
Here you are. The LACP and static switches that you invented just don’t exist. But you definitely don’t seem like the type of person to make things up. Right.
Joe_Dalton42069@reddit
Google MLAG. Thats exactly what you need. Or VLT for Dell Switches. Some Call it MLT. Only works if one device is connected to both switches ofc.