Hello
According to the link https://help.mikrotik.com/docs/spaces/ROS/pages/67633179/Multi-chassis+Link+Aggregation+Group I am trying to setup MLAG LACP on two MikroTIk routers (as listed further below).
Until now I am not successful. I am not able to ping the default gateway (internet provider) with such MLAG/LACP configuration. The uplink switch (managed by the provider) has been set to LACP. Without LACP the previous configuration without MLAG/LACP worked as expected.
How can I debug MLAG/LACP issues? I might miss some settings on both routers.
The following checks look good.
[admin@router01] > interface/bonding/monitor wan-bond without-paging once
mode: 802.3ad
active-ports: sfp-sfpplus1
inactive-ports:
lacp-system-id: F4:1E:57:93:AA:7A
lacp-system-priority: 65535
lacp-partner-system-id: D4:01:C3:D6:CA:A7
[admin@router01] > interface/bonding/monitor-slaves wan-bond without-paging once=yes
Flags: A - active; P - partner
AP port=sfp-sfpplus1 key=15 flags="ATGSCD--" partner-sys-id=D4:01:C3:D6:CA:A7 partner-sys-priority=65535 partner-key=15 partner-flags="A-GSCD--"
[admin@router02] > interface/bonding/monitor wan-bond without-paging once
mode: 802.3ad
active-ports: sfp-sfpplus1
inactive-ports:
lacp-system-id: F4:1E:57:93:AA:7A
lacp-system-priority: 65535
lacp-partner-system-id: D4:01:C3:D6:CA:A7
[admin@router02] > interface/bonding/monitor-slaves wan-bond without-paging once=yes
Flags: A - active; P - partner
AP port=sfp-sfpplus1 key=15 flags="ATGSCD--" partner-sys-id=D4:01:C3:D6:CA:A7 partner-sys-priority=65535 partner-key=15 partner-flags="A-GSCD--"
$ cat interface_bridge_mlag_monitor_router01.txt
# 2025-03-10 19:47:43 by RouterOS 7.18.2
# software id = 23C2-X666
#
status: connected
system-id: F4:1E:57:93:AA:7B
active-role: primary
$ cat interface_bridge_monitor_router01.txt
# 2025-03-10 19:47:56 by RouterOS 7.18.2
# software id = 23C2-X666
#
state: enabled
current-mac-address: F4:1E:57:93:AA:7B
root-bridge: yes
root-bridge-id: 0x1000.F4:1E:57:93:AA:7B
root-path-cost: 0
root-port: none
port-count: 2
designated-port-count: 2
fast-forward: no
$ cat interface_bridge_mlag_monitor_router02.txt
# 2025-03-10 21:20:40 by RouterOS 7.18.2
# software id = QUVT-I888
#
status: connected
system-id: F4:1E:57:93:AA:7B
active-role: secondary
$ cat interface_bridge_monitor_router02.txt
# 2025-03-10 21:23:37 by RouterOS 7.18.2
# software id = QUVT-I888
#
state: enabled
current-mac-address: F4:1E:57:93:AA:7B
root-bridge: yes
root-bridge-id: 0x1000.F4:1E:57:93:AA:7B
root-path-cost: 0
root-port: none
port-count: 2
designated-port-count: 2
fast-forward: no
$ cat ip_route_print_router01.txt
# 2025-03-10 19:47:32 by RouterOS 7.18.2
# software id = 23C2-X666
#
Flags: D - DYNAMIC; A - ACTIVE; c - CONNECT, s - STATIC
Columns: DST-ADDRESS, GATEWAY, DISTANCE
# DST-ADDRESS GATEWAY DISTANCE
0 As 0.0.0.0/0 185.aaa.bbb.65 1
DAc 192.168.88.0/24 ether13 0
DAc 185.aaa.bbb.64/26 bridge1 0
$ cat ip_route_print_router02.txt
# 2025-03-10 21:19:16 by RouterOS 7.18.2
# software id = QUVT-I888
#
Flags: D - DYNAMIC; A - ACTIVE; c - CONNECT, s - STATIC
Columns: DST-ADDRESS, GATEWAY, DISTANCE
# DST-ADDRESS GATEWAY DISTANCE
0 As 0.0.0.0/0 185.aaa.bbb.65 1
DAc 192.168.88.0/24 ether13 0
DAc 185.aaa.bbb.64/26 bridge1 0
$ cat interface_print_router01.txt | grep " R"
# 2025-03-10 19:47:07 by RouterOS 7.18.2
Flags: R - RUNNING; S - SLAVE
4 R ether5 ether 1500 1584 9570 F4:1E:57:93:AA:82
12 R ether13 ether 1500 1600 9586 F4:1E:57:93:AA:8A
13 RS sfp-sfpplus1 ether 1500 1584 9570 F4:1E:57:93:AA:7A
14 RS sfp-sfpplus2 ether 1500 1584 9570 F4:1E:57:93:AA:7B
17 R bridge1 bridge 1500 1584 F4:1E:57:93:AA:7B
18 R lo loopback 65536 00:00:00:00:00:00
19 RS wan-bond bond 1500 1584 F4:1E:57:93:AA:7A
$ cat interface_print_router02.txt | grep " R"
# 2025-03-10 21:32:44 by RouterOS 7.18.2
Flags: R - RUNNING; S - SLAVE
12 R ether13 ether 1500 1600 9586 F4:1E:57:93:9F:9B
13 RS sfp-sfpplus1 ether 1500 1584 9570 F4:1E:57:93:9F:8B
14 RS sfp-sfpplus2 ether 1500 1584 9570 F4:1E:57:93:9F:8C
17 R bridge1 bridge 1500 1584 F4:1E:57:93:9F:8C
18 R lo loopback 65536 00:00:00:00:00:00
19 RS wan-bond bond 1500 1584 F4:1E:57:93:9F:8B
Thank you in advance for any hints.
# Architecure of MLAG/LACP hardware
Internet fiber uplink
(10 GBit)
|
sfp-sfpplus1
|
sfp-sfpplus2 - switch01 - sfp-sfpplus3 (CRS310-1G-5S-4S-IN MikroTik switch - internet uplink)
| (LACP) |
| |
router01 - sfp-sfpplus1 sfp-sfpplus1 - router02 (two CCR2116-12G-4S+ MikroTik routers)
sfp-sfpplus2 ~~~~~~~~~~~~ sfp-sfpplus2 - router02 (ICCP peer ports)
(ICCP)
Remarks: middle parts of the IP address have been replaced with “aaa” and “bbb”
# MLAG/LACP configuration of both routers - admin@router0[12]
> /interface bonding add mlag-id=10 mode=802.3ad name=wan-bond slaves=sfp-sfpplus1 lacp-rate=1sec
> /interface bridge add name=bridge1 vlan-filtering=yes priority=0x1000 frame-types=admit-only-vlan-tagged
> /interface bridge port add bridge=bridge1 interface=sfp-sfpplus2 frame-types=admit-only-vlan-tagged
> /interface bridge port add bridge=bridge1 interface=wan-bond pvid=10
> /interface bridge mlag set bridge=bridge1 peer-port=sfp-sfpplus2 priority=50
> interface bridge vlan add bridge=bridge1 tagged=sfp-sfpplus2 vlan-ids=10
> interface bridge vlan add bridge=bridge1 tagged=sfp-sfpplus2,wan-bond vlan-ids=20
# ping tests to the default gateway (.65) were not successfull
> ip address add address=185.aaa.bbb.111/26 interface=bridge1 comment=wanconf
# or
> ip address add address=185.aaa.bbb.111/26 interface=wan-bond comment=wanconf
> ip route add gateway=185.aaa.bbb.65
> export verbose file=export-config-router-01-updated-mgmt-iface-step08
> interface/print
> ip address print
> ip route print
> interface/bridge/mlag/monitor once
> interface/bridge/monitor bridge1 once
> interface/bonding/monitor wan-bond without-paging once
> interface/bonding/monitor-slaves wan-bond once yes