I have a total of 5 mikrotik switches for my homenetwork/lab in use.
These are
2x CRS317-1G-16S+RM
2x CRS326-24G-2S+RM
1 hEX PoE
All switches use redundant connections the CRS317 are used as Core with VRRP and some kind of local routing
The CRS326 are my Client Switches an the hEX is used as PoE for some APs (not mentioned here)
Today I’m using spanning tree for redundancy.
Now I want to switch to MLAG with 802.3ad for some ports on both CRS317, this seems to work, What I’ve done
bonded 4 ports for Switch2Switch connectivity
put this bond in my bridge
set this bind as peer interface with untagged vlan which ist not used for other things, and all other vlans tagged
.- created bonds on each switch with same mlag id
This is done for 3 Server and the two CRS326. As I said this seems to work (no idea how to really check if 802.3ad really works, if I pull a cable I have s short ping gap)
Now my problem.
I want/need to setup some mlag on the CRS326 as well. But when I create a bond of some interfaces to connect both CRS326 as peer, spanning tree comes in and sets, as normal, one port in a blocking state. So one of my peer ports is blocked.
How could I get my scenario working?
Should I create a second bridge for mlag peer ports (probably even on CRS317)?
Are you using the same VLAN on both pairs of switches for MLAG? Also, have you set the STP root for the VLANs to be the switches running VRRP? Ideally you want the VRRP master to be STP root and the VRRP standby to be secondary root.
A second bridge won’t help as it will disable hw offload on the second bridge - only one bridge can use the ASIC.
Do you have a diagram of the switches with VLANs and where the MLAG connections are on each switch?
Hi,
STP is configured with different priorities.
Core1 prio 1000 (vrrp master)
Core2 prio 2000
Edges prio 4000
peer vlan cores 701 (untagged only on peer bond)
peer vlan edges 702 (untagged only on peer bond)
The core<->core bond has all other vLANs tagged (including vLAN1).
I cannot remember if I tried edge<->edge with just vlan 702 untagged, as all traffic should go through the cores.
I also tried doing an mlag uplink from cores to edges using the 4 Ports on the edges configured as mlag
When I enable the edge ↔ edge connection the bond on one edge switch goes in blocking.
I tried to make a short drawing with some descriptions:
I tested some things this weekend.
For this tests I ordered two CRS305 which are used as core Switches.
The wiring is almos the same as in my picture with slightly different connections:
sfp-plus4+5 are bonded an used as Core<->Core connection.
added this bond to bridge with vlan 701 untagged and all other vlans (including vlan1)
bonded the sfp-plus ports on both CRS326 (edge01 + edge02)
edge01 bond is connected to ports sfp-plus1 on both CRS305
edge02 bond is connected to ports sfp-plus2 on both CRS305
In this scenario mlag seemed to work fine. I than created a bond on both CRS326 (ether23+24), added this bond to the bridges (pvid vlan702) and set the bond as mlag peer port on both CRS326
when connecting the bond between the CRS326 the 10G bond on Edge02 forwarding was set to “no”. So in this case “nothing” was working as expected.
I tried some things like setting bond peer fixed to Edge-Port on both CRS326 → no port on Edge was blocking. I switched back to auto and the port got blocking again.
So I changed the “internal path cost” to 20 and no port on the CRS326 was blocking. But as I’m writing this I must admit, that I haven’t checkd the “Core-Ports” for a blocking state.
What happens, when you set the same bridge priorities for MLAG pairs, and the same STP configuration on dual-connected bridge ports (path-cost, priority, edge).
If the problem is still active, can you collect supout.rif files, your network diagram and send it to support?
