Issues with LACP with VLANs

JonAB wrote:

What am I missing? 

LACP is designed so each data flow only runs over one port of the LAG.  The traffic for that flow is not split over multiple ports.  This approach prevents buffer overruns on the final destination link (which is presumed not to be a LAG).  It also ensures that the packets arrive in the order they were sent.

You have two data flows, so there is a 50-50 chance they will be transmitted on the same port (on a 2-port LAG).  Odds are better with a 4-port LAG (1 in 4). Still, a 50-50 chance this would happen on one of your two lags.

In general, LACP does a reasonable job of load balancing when there is traffic from a lot of devices running over the LAG.  But as you are finding, the load balancing doesn't perform well if you only have a couple of data flows.

Hi Stephen and thank you for your answer!

I get your point regarding the distribution of the traffic. This is why I tested with two dataflows. Of course, I can set up two more computers to test with four dataflows... But the thin that is bothering me is that:

When the sources and destination is on the same VLAN, i.e. the flow is only going through the switch once,  the LACP is performing flawlessly. I have tested many times, and different ports for each flow is always chosen. 

But when the sources and destination is on different VLANs, i.e. the flow has to go through the router, it is always the same story. The dataflow on the lag to the router seems to work just fine. The data transmitted from the switch to the router is distributed on two ports, as well as the data received to the switch from the router, it is always two ports (in this specific test case that will say...)

So far, everything seems to behave very well!

The data flow, sent by two computers, is received by the switch. It is re-transmitted by a lag to the router, by two different ports. The router is transmitting the same flows, but on the right VLAN, which the switch receives on two different ports. 

But now, the switch is going to transmit the flows to the NAS. But the switch is always choosing to transmit both flows on the same port, even though I have confirmed that the switch and NAS knows how to properly make use of two ports. Which of course is compromising the bandwidth...

I get the feeling that there is something that I am missing in the setup, but I cannot find it...

OK, I get that there is a 50/50 chance that one of my lags would choose to make it this way. But now, lag1 (router - switch) is choosing a good way 100 % of the time, and lag2 (switch - NAS) is choosing to transmit everything on the same port 100 % of the time...

I will start answering your last questions. There is no real reason. At the moment, I am using the setup purely for educational purposes. I want to try different setups to test my understanding, and when I do run into troubles like this, take the chance to learn something! My ISP is nothing special, 300/300...

"The decision on which port to use is based on a hash of the source and destination mac addresses in the ethernet packet.  So it will be deterministic for a specific LAG.  In your particular case, the router is likely rewriting the source mac address."

I think this is it! When the router is transmitting the flows, the MACs and IPs are changed. Instead of having unique MACs and IPs, both flows now have the same MAC and IP. This is making the switch to decide to transmit them on the same port...

All right. What should I do instead? Let's say that I want a segmented network for increased security. Let's say that I have different VLANs for different clients. Let's say that I have a NAS serving multiple purposes (of course with multiple pools for the corresponding client group). Of course I want to make use of that the NAS has 4 gigabit connection for maximum bandwidth with multiple clients