Palo Alto Networks Knowledgebase: Physical port is taken out of aggregate ethernet interface run in LACP auto mode

Physical port is taken out of aggregate ethernet interface run in LACP auto mode

11705
Created On 02/07/19 23:59 PM - Last Updated 02/07/19 23:59 PM
Mobile Network Infrastructure
Resolution

PAN-OS 6.1+

 

Issue

The system log on the Palo Alto Networks firewall generated a message that says one of the physical ports assigned to a given Aggregate Ethernet (AE) interface was taken out of the AE group and then brought back after a minute.

 

2015/03/08 19:55:44 critical lacp    ethern nego-fa 0  LACP interface ethernet1/2 moved out of AE-group ae1. Selection state Selected
2015/03/08 19:55:45 critical lacp    ethern lacp-up 0  LACP interface ethernet1/2 moved into AE-group ae1.

 

Cause

The aggregate interface has auto LACP enabled, which means that LACPDU messages are exchanged with a peer to dynamically negotiate LACP parameters and establish and maintain the AE interface status. LACPDU messages are sent out of every physical interface member of any given AE group.

 

LACP feature has 3 main state machines: Selection, MUX, and RX machine.

 

The RX machine examines data in the received LACPDUs and updates the peer’s state. If no LACPDU messages have been received by the peer device during the past 3 intervals the RX state machine for the given interface goes from CURRENT (operational) to EXPIRED (non-operational) status. This activity appears in the System log as an interface taken out of the AE group.

 

The firewall has a dedicated daemon on MP plane for LACP protocol called “l2ctrld.” Logs generated are stored in l2ctrld.log file in the var/log/pan folder. In the var/log/pan/ l2ctrld.log file you can see the following entries:

 

2015-03-08 19:55:44.766 -0400 ethernet1/2 idx 17, current_while expired.
2015-03-08 19:55:44.766 -0400 ethernet1/2 idx 17, rx state change CURRENT=>EXPIRED

2015-03-08 19:55:44.767 -0400 ethernet1/2 idx 17, mux state change RX_TX=>ATTACHED
2015-03-08 19:55:44.767 -0400 post LACP event to DP: if_idx 17, up 0
2015-03-08 19:55:44.767 -0400 log ethernet1/2 idx 17 leaves lag. sel state Selected

2015-03-08 19:55:45.017 -0400 ethernet1/2 idx 17, mux state change ATTACHED=>RX_TX
2015-03-08 19:55:45.017 -0400 ethernet1/2 idx 17, mux state in RX_TX
2015-03-08 19:55:45.017 -0400 post LACP event to DP: if_idx 17, up 1
2015-03-08 19:55:45.017 -0400 log ethernet1/2 idx 17 join lag



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaYCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language