I have two MikroTik CCR2216-1G-12XS-2XQ devices and want to set them up with MLAG. These devices are interconnected with each other through a bonding over their 100G interfaces (qsfp28-1 and qsfp28-2). The goal is to connect servers that have two 25G interfaces each, so that one interface is connected to one switch and the other interface is connected to the other switch.
My current configuration on both switches is as follows (this is the output of the “/export” command, with the serial number replaced):
# 2025-04-10 13:07:14 by RouterOS 7.18.2
# software id = YH7S-BY3D
#
# model = CCR2216-1G-12XS-2XQ
# serial number = XXXXXXXXXXX
/interface bridge
add mtu=9000 name=br_vlan vlan-filtering=yes
add name=bridge1 port-cost-mode=short
/interface ethernet
set [ find default-name=qsfp28-1-1 ] auto-negotiation=no fec-mode=fec91 \
l2mtu=9570 mtu=9000 speed=100G-baseSR4-LR4
set [ find default-name=qsfp28-2-1 ] auto-negotiation=no fec-mode=fec91 \
l2mtu=9570 mtu=9000 speed=100G-baseSR4-LR4
set [ find default-name=sfp28-1 ] l2mtu=9570 mtu=9000
set [ find default-name=sfp28-2 ] l2mtu=9570 mtu=9000
set [ find default-name=sfp28-3 ] l2mtu=9570 mtu=9000
set [ find default-name=sfp28-4 ] l2mtu=9570 mtu=9000
set [ find default-name=sfp28-5 ] l2mtu=9570 mtu=9000
set [ find default-name=sfp28-6 ] l2mtu=9570 mtu=9000
set [ find default-name=sfp28-7 ] l2mtu=9570 mtu=9000
set [ find default-name=sfp28-8 ] l2mtu=9570 mtu=9000
set [ find default-name=sfp28-9 ] l2mtu=9570 mtu=9000
set [ find default-name=sfp28-10 ] l2mtu=9570 mtu=9000
set [ find default-name=sfp28-11 ] l2mtu=9570 mtu=9000
set [ find default-name=sfp28-12 ] l2mtu=9570 mtu=9000
/interface bonding
add mlag-id=11 mode=802.3ad mtu=9000 name=bond11 slaves=sfp28-1 \
transmit-hash-policy=layer-3-and-4
add mlag-id=12 mode=802.3ad mtu=9000 name=bond12 slaves=sfp28-3 \
transmit-hash-policy=layer-3-and-4
add mlag-id=13 mode=802.3ad mtu=9000 name=bond13 slaves=sfp28-5 \
transmit-hash-policy=layer-3-and-4
add mlag-id=21 mode=802.3ad mtu=9000 name=bond21 slaves=sfp28-2 \
transmit-hash-policy=layer-3-and-4
add mlag-id=22 mode=802.3ad mtu=9000 name=bond22 slaves=sfp28-4 \
transmit-hash-policy=layer-3-and-4
add mlag-id=23 mode=802.3ad mtu=9000 name=bond23 slaves=sfp28-6 \
transmit-hash-policy=layer-3-and-4
add mode=802.3ad mtu=9000 name=bond_trunk slaves=qsfp28-1-1,qsfp28-2-1 \
transmit-hash-policy=layer-3-and-4
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip smb users
set [ find default=yes ] disabled=yes
/port
set 0 name=serial0
/interface bridge mlag
set bridge=br_vlan peer-port=bond_trunk
/interface bridge port
add bridge=bridge1 interface=ether1 internal-path-cost=10 path-cost=10
add bridge=br_vlan frame-types=admit-only-untagged-and-priority-tagged \
interface=bond_trunk pvid=30
add bridge=br_vlan interface=bond11 pvid=10
add bridge=br_vlan interface=bond12 pvid=10
add bridge=br_vlan interface=bond13 pvid=10
add bridge=br_vlan interface=bond21 pvid=20
add bridge=br_vlan interface=bond22 pvid=20
add bridge=br_vlan interface=bond23 pvid=20
/ip firewall connection tracking
set udp-timeout=10s
/interface bridge vlan
add bridge=br_vlan tagged=bond_trunk vlan-ids=10,20
/interface list member
add interface=ether1 list=WAN
add interface=qsfp28-1-1 list=LAN
add interface=qsfp28-1-2 list=LAN
add interface=qsfp28-1-3 list=LAN
add interface=qsfp28-1-4 list=LAN
add interface=qsfp28-2-1 list=LAN
add interface=qsfp28-2-2 list=LAN
add interface=qsfp28-2-3 list=LAN
add interface=qsfp28-2-4 list=LAN
add interface=sfp28-1 list=LAN
add interface=sfp28-2 list=LAN
add interface=sfp28-3 list=LAN
add interface=sfp28-4 list=LAN
add interface=sfp28-5 list=LAN
add interface=sfp28-6 list=LAN
add interface=sfp28-7 list=LAN
add interface=sfp28-8 list=LAN
add interface=sfp28-9 list=LAN
add interface=sfp28-10 list=LAN
add interface=sfp28-11 list=LAN
add interface=sfp28-12 list=LAN
/ip dhcp-client
add interface=bridge1
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip smb shares
set [ find default=yes ] directory=/pub
/system clock
set time-zone-name=Europe/Vienna
/system identity
set name="MikroTik"
/system note
set show-at-login=no
/system routerboard settings
set enter-setup-on=delete-key
So the goal is to use 6 of the 25G-ports on each switch (3 of them for VLAN 10 and 3 of them for VLAN 20). The interconnection between the two switches has VLAN-ID 30. Normal operation (when each server is connected to both switches) with LACP works as expected, and I get the expected 50Gbps throughput between two servers. However, when I disconnect a single link of a server, this server is not reachable at all any more. My expectation would be that the server is still reachable with 25Gbps.
Maybe I did something wrong configuring the trunk link between the two switches. Maybe a misconfiguration of the spanning tree protocol? I’m not sure how to configure it correctly! Or is MLAG support still broken in RouterOS? Any insight and/or help would be greatly appreciated!