Network diagram
<< WAN >> — < LAN > — | eth1 eth2 | — | eth1 |
Router RB1 connected with port [eth1] to uplink, and with port [eth2] to downlink router RB2.
And there is some users on RB1 ports eth3-ethX and some users on RB2 ports eth2-ethN
RB1 and RB2 works in bridge mode for user traffic, and have mostly same config.
Problem is that in desired router configuration traffic destined for users on RB1 flooded further to RB2 ( that is wrong, RB1 have right MACs in bridge FDB!) and broadcasted in all ports on RB2 ( as it meant to be, RB2 havent dest MACs in FDB ) Ive seen this problem on RB2011, RB750, hEX, hEX lite with routeros 6.37.1,6.37.4,6.38.7,6.39.1,6.40.3
RB1 and RB2 has same templated configuration in bridge part, as listed below, for example, RB1 and RB2 is Mikrotik RB750.
[RB1]
/interface ethernet
set [ find default-name=ether1 ] name=eth1
set [ find default-name=ether2 ] name=eth2
set [ find default-name=ether3 ] name=eth3
set [ find default-name=ether4 ] name=eth4
set [ find default-name=ether5 ] name=eth5
/interface bridge
add name=br-trunk
add name=br-vlan1200
add name=br-vlan1201
/interface vlan
add interface=br-trunk name=vlan1200 vlan-id=1200
add interface=br-trunk name=vlan1201 vlan-id=1201
/interface bridge port
add bridge=br-vlan1201 interface=eth3
add bridge=br-vlan1201 interface=eth4
add bridge=br-vlan1201 interface=eth5
add bridge=br-vlan1200 interface=vlan1200
add bridge=br-vlan1201 interface=vlan1201
add bridge=br-trunk interface=eth1
add bridge=br-trunk interface=eth2
/interface bridge settings
set use-ip-firewall=yes
[RB2]
/interface ethernet
set [ find default-name=ether1 ] name=eth1
set [ find default-name=ether2 ] name=eth2
set [ find default-name=ether3 ] name=eth3
set [ find default-name=ether4 ] name=eth4
set [ find default-name=ether5 ] name=eth5
/interface bridge
add name=br-trunk
add name=br-vlan1200
add name=br-vlan1201
/interface vlan
add interface=br-trunk name=vlan1200 vlan-id=1200
add interface=br-trunk name=vlan1201 vlan-id=1201
/interface bridge port
add bridge=br-vlan1201 interface=eth2
add bridge=br-vlan1201 interface=eth3
add bridge=br-vlan1201 interface=eth4
add bridge=br-vlan1201 interface=eth5
add bridge=br-vlan1200 interface=vlan1200
add bridge=br-vlan1201 interface=vlan1201
add bridge=br-trunk interface=eth1
/interface bridge settings
set use-ip-firewall=yes
I know config is strange, but it is handy. You make something like template on bridge and then use it on any given port.
If i make vlans directly on ports, as for traditional switch, all works fine, there is no hierarchical vlan nesting and uncertainty for traffic processing sequence of trunk ports.
But, when you have a bridge with complete mac-table and it floods traffic like a old hub, you know - there is something wrong.
Dear developers, is it a bug or a feature? Do we need to live it or leave it?
