LAG interface status signals to peer device

FortiGate can signal LAG (link aggregate group) interface status to the peer device. If the number of available links in the LAG on the FortiGate falls below the configured minimum number of links (min-links), the LAG interface goes down on both the FortiGate and the peer device.

When the minimum number of links is satisfied again, the LAG interface automatically resumes operation on both the FortiGate and the peer device. While the LAG interface is down, interface members are in the Link Aggregation Control Protocol (LACP) MUX state of Waiting.

Example

In this example, the LAG interface is configured on FGT_A and peered with FGT_B.

To verify the configuration:

1. On FGT_A, check the minimum number of links for the LAG interface named test_agg1.

   In the following example, set min-links 1 indicates that a minimum of one alive interface member is required to keep the LAG interface up.

   # show
   config system interface
       edit "test_agg1"
           set vdom "vdom1"
           set ip 11.1.1.1 255.255.255.0
           set allowaccess ping https
           set type aggregate
           set member "port7" "port8" "port9"
           set device-identification enable
           set lldp-transmission enable
           set role lan
           set snmp-index 41
           set min-links 1
       next
   end

2. Change the status of port9 to down.

   Config system interface
      edit port9
         set status down
   end

3. On FGT_A, test the LAG interface named test_agg1.

   The status is up for test_agg1 interface because two interface members (port7 and port8) are up, and only one interface member (port9) is down.

   # diagnose netlink aggregate name test_agg1
   LACP flags: (A|P)(S|F)(A|I)(I|O)(E|D)(E|D)
   (A|P) - LACP mode is Active or Passive
   (S|F) - LACP speed is Slow or Fast
   (A|I) - Aggregatable or Individual
   (I|O) - Port In sync or Out of sync
   (E|D) - Frame collection is Enabled or Disabled
   (E|D) - Frame distribution is Enabled or Disabled
   
   status: up
   npu: y
   flush: n
   asic helper: y
   oid: 72
   ports: 3
   link-up-delay: 50ms
   min-links: 1
   ha: master
   distribution algorithm: L4
   LACP mode: active
   LACP speed: slow
   LACP HA: enable
   aggregator ID: 1
   actor key: 17
   actor MAC address: d4:76:a0:01:e0:44
   partner key: 17
   partner MAC address: d4:76:a0:01:e8:1e
   
   member: port7
     index: 0
     link status: up
     link failure count: 1
     permanent MAC addr: d4:76:a0:01:e0:44
     LACP state: established
     actor state: ASAIEE
     actor port number/key/priority: 1 17 255
     partner state: ASAIEE
     partner port number/key/priority: 1 17 255
     partner system: 1 d4:76:a0:01:e8:1e
     aggregator ID: 1
     speed/duplex: 1000 1
     RX state: CURRENT 6
     MUX state: COLLECTING_DISTRIBUTING 4
   
   member: port8
     index: 1
     link status: up
     link failure count: 2
     permanent MAC addr: d4:76:a0:01:e0:45
     LACP state: established
     actor state: ASAIEE
     actor port number/key/priority: 2 17 255
     partner state: ASAIEE
     partner port number/key/priority: 2 17 255
     partner system: 1 d4:76:a0:01:e8:1e
     aggregator ID: 1
     speed/duplex: 1000 1
     RX state: CURRENT 6
     MUX state: COLLECTING_DISTRIBUTING 4
   
   member: port9
     index: 2
     link status: down
     link failure count: 0
     permanent MAC addr: d4:76:a0:01:e0:46

4. On FGT_A, change the minimum number of links to 3.

   config system interface
       edit "test_agg1"
           set vdom "vdom1"
           set ip 11.1.1.1 255.255.255.0
           set allowaccess ping https
           set type aggregate
           set member "port7" "port8" "port9"
           set device-identification enable
           set lldp-transmission enable
           set role lan
           set snmp-index 41
           set min-links 3 
       next
   end

5. On FGT_A, check the LAG interface named test_agg1:

   The status is down for test_agg1 interface because only two of the three required interface members are up. Interface members port7 and port8 are up, but interface member port9 is down.

   # diagnose netlink aggregate name agg1
   LACP flags: (A|P)(S|F)(A|I)(I|O)(E|D)(E|D)
   (A|P) - LACP mode is Active or Passive
   (S|F) - LACP speed is Slow or Fast
   (A|I) - Aggregatable or Individual
   (I|O) - Port In sync or Out of sync
   (E|D) - Frame collection is Enabled or Disabled
   (E|D) - Frame distribution is Enabled or Disabled
   
   status: down
   npu: y
   flush: n
   asic helper: y
   oid: 230
   ports: 3
   link-up-delay: 50ms
   min-links: 3
   ha: master
   distribution algorithm: L4
   LACP mode: active
   LACP speed: slow
   LACP HA: enable
   aggregator ID: 1
   actor key: 17
   actor MAC address: e8:1c:ba:b3:d0:df
   partner key: 17
   partner MAC address: e8:1c:ba:df:a0:ba
   
   member: port7
     index: 0
     link status: up
     link failure count: 1
     permanent MAC addr: e8:1c:ba:b3:d0:df
     LACP state: negotiating
     actor state: ASAODD
     actor port number/key/priority: 1 17 255
     partner state: ASAIDD
     partner port number/key/priority: 1 17 255
     partner system: 61440 e8:1c:ba:df:a0:ba
     aggregator ID: 1
     speed/duplex: 1000 1
     RX state: CURRENT 6
     MUX state: WAITING 2
   
   member: port8
     index: 1
     link status: up
     link failure count: 1
     permanent MAC addr: e8:1c:ba:b3:d0:e0
     LACP state: negotiating
     actor state: ASAODD
     actor port number/key/priority: 2 17 255
     partner state: ASAIDD
     partner port number/key/priority: 65 17 255
     partner system: 61440 e8:1c:ba:df:a0:ba
     aggregator ID: 1
     speed/duplex: 1000 1
     RX state: CURRENT 6
     MUX state: WAITING 2
   
   member: port9
     index: 2
     link status: down
     link failure count: 0
     permanent MAC addr: e8:1c:ba:b3:d0:ed
   

6. On the peer FortiGate (FGT_B), check the LAG interface status.

   The status is down for test_agg2 interface due to FortiGate's ability to signal LAG interface status to the peer device. While interface members port7 and port8 are up, interface member port9 is down.

   # diagnose netlink aggregate name test-agg2
   LACP flags: (A|P)(S|F)(A|I)(I|O)(E|D)(E|D)
   (A|P) - LACP mode is Active or Passive
   (S|F) - LACP speed is Slow or Fast
   (A|I) - Aggregatable or Individual
   (I|O) - Port In sync or Out of sync
   (E|D) - Frame collection is Enabled or Disabled
   (E|D) - Frame distribution is Enabled or Disabled
   
   status: down
   npu: y
   flush: n
   asic helper: y
   oid: 72
   ports: 3
   link-up-delay: 50ms
   min-links: 1
   ha: master
   distribution algorithm: L4
   LACP mode: active
   LACP speed: slow
   LACP HA: enable
   aggregator ID: 1
   actor key: 17
   actor MAC address: d4:76:a0:01:e8:1e
   partner key: 17
   partner MAC address: d4:76:a0:01:e0:44
   
   member: port7
     index: 0
     link status: up
     link failure count: 1
     permanent MAC addr: d4:76:a0:01:e8:1e
     LACP state: negotiating
     actor state: ASAIDD
     actor port number/key/priority: 1 17 255
     partner state: ASAODD
     partner port number/key/priority: 1 17 255
     partner system: 44237 d4:76:a0:01:e0:44
     aggregator ID: 1
     speed/duplex: 1000 1
     RX state: CURRENT 6
     MUX state: ATTACHED 3
   
   member: port8
     index: 1
     link status: up
     link failure count: 1
     permanent MAC addr: d4:76:a0:01:e8:1f
     LACP state: negotiating
     actor state: ASAIDD
     actor port number/key/priority: 2 17 255
     partner state: ASAODD
     partner port number/key/priority: 2 17 255
     partner system: 44237 d4:76:a0:01:e0:44
     aggregator ID: 1
     speed/duplex: 1000 1
     RX state: CURRENT 6
     MUX state: ATTACHED 3
   
   member: port9
     index: 2
     link status: down
     link failure count: 0
     permanent MAC addr: d4:76:a0:01:e8:20