LACP / LAG between Netonix and Edgerouter

[nelson05]

In reading the forum extensively and watching Chris's videos, I am convinced of the benefits of Flow Control and would like to replicate what Chris has suggested works well in his network as far as the combination of the Netonix switches and Cisco 2951 routers. We've standardized on EdgePoint Edgerouter R8 units at each tower for our routing and have AirFiber 24s as the backhauls between towers. On a number of heavily loaded towers, just as in Chris's videos, we have more backhaul links and Access Points than we have available ports on the router. The suggestion of using LACP or LAG ports between the Netonix switches and router seems to be an elegant one for the purposes of spreading out Flow Control pauses, however, I am struggling on whether to implement it or not on the Edgerouter in that my understanding is that doing so disables the Hardware offloading for traffic flowing into or out of ports in the LACP group on the Edgerouter.

Given this, would I be better off in just manually dedicating a couple of individual ports on the Edgerouter and having 1/2 of the VLANS for the customer facing APs trunked over one port and the other 1/2 over the other and not use LACP/LAG? This probably isn't as optimal as having the pause frames spread out across the two ports dynamically using something like LACP, but at least preserves the HW Offloading and still spreads out the pauses. From my reading on the Ubiquiti forums I get the impression that a single port with HW offloading enabled will have better throughput than a pair of LACP enabled ports. Obviously throughput isn't really the issue in this case as I would be using LACP to distribute the pauses, but the increase in CPU usage and other overhead I'm assuming is probably not worth the trade off? I'm guessing the 2951 Chris uses doesn't force the user to make this choice? Also, I don't think it matters but in case it does change anything the APs we use are Rocket AC Prisms with Gigabit interfaces along with some legacy Rocket M2s with 100meg ports (though we are looking to replace these shortly with the Rocket AC2 Prisms).

Suggestions? Thanks in advance.

[sirhc]

You could do as you said and say these 4 local radios go through this port to the router and these 4 radios go through this port to the router.

Which is better......all depends, one way is better in some cases your way would be better in others.

I hope you are defining VLANs like I do to segregate the traffic from each local radio to a logical interface on the router. This was a key advancement for us. But the port facing the radio untags the VLANs and the packets are normal packets. I do not carry VLANs into the UBNT radios.

Also preventing people from getting Layer 2 access to your network is a good move.

Client radios are either in "router" or "NAT router" mode that way loops and other types of packet storms they may create are never an issue on your network.

If in "NAT router" mode the access list prevents the world from seeing the UI or CLI of the radio as well which protects you against most software security holes. Only our admin class can login to equipment.

We also use access control lists on client radios to prevent them from even being able to attempt login to their radio.

In fact all of our equipment is firewalled by this or a similar method.