MAC address jumping around on MLAG interfaces (Bridge Hosts table)

Hi,

we use 2 CRS317 with MLAG (LACP) configuration.
MLAG ports:

• Po1, Po2 - 2x FortiGate 100F Active-Active HA config
• Po211, Po212, Po213, Po215 - 4x CRS326-24G-2S+ with active LAG config (SwOS v2.13)

It is working well for 15-30 minutes, after comes a loop like this (CRS317 logs):

May 6 09:02:53 switch_host_name host fortigate_lacp_interface_MAC_address:10 changed ports: Po1 to Po2
May 6 09:02:53 switch_host_name host fortigate_lacp_interface_MAC_address:10 changed ports: Po2 to Po1
May 6 09:02:53 switch_host_name host fortigate_lacp_interface_MAC_address:10 changed ports: Po1 to Po2
May 6 09:02:53 switch_host_name host fortigate_lacp_interface_MAC_address:10 changed ports: Po2 to Po1
May 6 09:02:53 switch_host_name host fortigate_lacp_interface_MAC_address:10 changed ports: Po1 to Po2
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po213 to Po212
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po212 to Po211
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po211 to Po213
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po213 to Po212
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po212 to Po211
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po211 to Po213
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po213 to Po212
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po212 to Po211
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po211 to Po213
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po213 to Po212
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po212 to Po211
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po211 to Po213
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po213 to Po212
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po212 to Po211
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po211 to Po213
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po213 to Po212
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po212 to Po211
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po211 to Po213
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po213 to Po212
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po212 to Po211
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po211 to Po213
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po213 to Po212
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po212 to Po211
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po211 to Po213
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po213 to Po212
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po212 to Po211
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po211 to Po213
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po213 to Po212
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po212 to Po211
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po211 to Po213
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po213 to Po212
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po212 to Po211
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po211 to Po213
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po213 to Po212
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po212 to Po211
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po211 to Po213
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po213 to Po212
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po212 to Po211
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po211 to Po213
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po213 to Po212
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po212 to Po211
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po211 to Po213
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po213 to Po212
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po212 to Po211
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po211 to Po213
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po213 to Po212
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po212 to Po211
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po211 to Po213
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po213 to Po212
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po212 to Po211
May 6 09:29:50 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po211 to Po213
May 6 09:29:51 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po213 to Po212
May 6 09:29:51 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po212 to Po211
May 6 09:29:51 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po211 to Po2
May 6 09:29:51 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po2 to Po213
May 6 09:29:51 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po213 to Po212
May 6 09:29:51 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po212 to Po211
May 6 09:29:51 switch_host_name host fortigate_lacp_interface_MAC_address:24 changed ports: Po211 to Po2

CPU utilization goes to 40-50% and after more 80-90%, and pocket loss comes.

Other side on Po1 - Po2 MLAG ports we changed FortiGates HA configuration Active-Active to Active-Passive mode, but loop comes.

We realized this problem after updated to v7.2.3 stable version.

Have you got any idea about this issue?

(At the end of fortigate_lacp_interface_MAC_address:xx is a VLAN ID?)

Thanks,
Ferenc Bauer

Hi,

It is still not working on 7.3 stable release.
Any ideas?

Thanks,
Ferenc Bauer

Hi,

Did you find a resolution? I’m interrested.

Is this still relevant? I am looking into CRS518 as core switch with MLAG with also Fortigates in front.

Can you send a diagram of how things are connected?

From your explanations, it is not clear how the Fortigate connect to the CRS317, how the CRS317 are connected together and how the CRS317 connect to the CRS326.

(Just noted the question is from 2022 … unlikely to be relevant anymore)

Hi,

can you look at this post? http://forum.mikrotik.com/t/mikrotik-lacp-with-fortigate-configuration-for-redundancy/171386/1