Community discussions

MikroTik App
 
GeorgeG
just joined
Topic Author
Posts: 3
Joined: Tue Mar 23, 2021 8:22 pm

hEX & bonding/link aggregation setup

Tue Mar 23, 2021 9:07 pm

Hello All,

I am trying to reconfigure my home network so it is split into segments, so I can then manage visibility between different parts in a better way.
The following image pretty much summarises the end goal:
Image

For reference:
- R1-R5 is MikroTik RouterBoard hEX
- C1-C16 is a Netgear GS116v2 smart managed switch
- S1-S5 is a Netgear GS105E smart managed switch
- O1-O8 is a Cisco SLM2008 smart managed switch

A number of VLANs will be created to split the network into segments (one for household use, one for work use, one for visiting guests and one for other devices), along with a bunch of firewall rules to manage who can see what.

So I have a few questions:
1. GS116Ev2 supports static LAG. In the RouterOS documentation I found references to bonding but nothing specifically indicating "static". I found some info on the Netgear forum indicating that their "Static LAG" is likely to be the same as "Static LAG on NETGEAR switch is Balance XOR (IEEE 802.3ad draft v1), this is sometimes called Round-Robin." any comments on this are more than welcome.

2. I assume that if R4&R5 (on hEX) and C1&C2 (on the swtich) are two connected bonded pairs, then the available bandwidth between VLANs is 2gbit/s (theoretically at least). Am I remotely on the right track on this?

3. I understand the setup of the rest of the switches regarding VLANs etc. I am really struggling with finding a starting point in the RouterOS documentation, that could help me configure the hEX towards achieving what I have in the picture in an optimal way (from a bandwidth utilisation point of view). Can anyone chip in on this?

Kind Regards,
George
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: hEX & bonding/link aggregation setup

Thu Mar 25, 2021 4:43 pm

I dont see anywhere, any relationship of Static LAG to any of the Bonding options on MiKrotik OS?
 
GeorgeG
just joined
Topic Author
Posts: 3
Joined: Tue Mar 23, 2021 8:22 pm

Re: hEX & bonding/link aggregation setup

Sat Mar 27, 2021 3:47 am

Hi All,

I think I got points 1 and 2 covered.

Starting from the default setup (WAN on ether1 and then a bridge on ether2-5), I did the following:
[Bridge]
1. [Tab Ports]: Dropped ether4 and ether5 from the bridge.
[Interfaces]
2. [Tab Bonding] Create a bonding with ether4 and ether5 as slaves and mode "balance rr" (this appears to be the equivalent for Netgear static LAG). I called that one "bond45"
[Bridge]
3. [Tab Ports]. Added the interface bond45 to the bridge
[Interfaces]
I can now see bond45 in the list.
4. [Tab VLAN]. I created the vlan entries that I need, selecting bridge as the interface.

I went back to the [Intercace Tab] and I can see the VLANs under the bridge. I hope that this approach is the "right" way to implement bonding and having VLANs. Then I moved on to:

[IP > Addresses]
5. Created the IP ranges I need for each VLAN
[IP > DHCP Server]
6. Created a DHCP for each VLAN

Connectivity around the house via ethernet or wireless appears to be working as expected. So everyone is happy again at home. I have yet to find out if the setup above is the "right" approach...

Regards,
George
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: hEX & bonding/link aggregation setup

Sat Mar 27, 2021 10:58 am

2. [Tab Bonding] Create a bonding with ether4 and ether5 as slaves and mode "balance rr" (this appears to be the equivalent for Netgear static LAG). I called that one "bond45"

I don't know what exactly is Netgear's "static LAG" ... however RR is not the same as XOR. XOR refers to hash algorithm used for 802.3ad LACP while RR is linux proprietary bonding mode. If your Netgear supports LACP, then I suggest you to use it (on both ends) as it's a standard after all.
 
GeorgeG
just joined
Topic Author
Posts: 3
Joined: Tue Mar 23, 2021 8:22 pm

Re: hEX & bonding/link aggregation setup

Sat Mar 27, 2021 2:25 pm

Hi mkx,

My network grew "organically" over time. thb, the only thing I cared up until relatively recently was the ability to limit the speed of a particular port.
Security became a bit of a concern at some point, so I started looking at solutions to segment the network (mainly to isolate all the wifi nasty devices that I had no control over). That was the stage where I actually started looking at the specs of the network gear that I have, and how it would all get stitched together in an optimal way. I had a couple of spare ports on the switch so I thought that LAG would give some breathing space to the router to stretch its CPU.
That was the point that I read about LACP and the fact that my main switch does not support it. I also found a couple of references from other Netgear users having success with "balance rr" on linux machines.

I was considering replacing everything with new switches etc, but, if the current stuff can be squeezed to perform for a bit longer, why not? :)

Anyway, I think that the LAG issue is cleared at this stage, I now have to figure out how to tame Firewall and NAT settings, but that would be subject for another thread.

In this thread I wish if someone could comment/confirm if the way the bridge/bonding/vlan is setup is (or not) likely to create issues from a performance or setup perspective.

Cheers,
George

p.s.: I appreciate everyone's time spent to read/consider this thread.

Edit: I bought the hEX as a backup router to be honest. My main router is an i5 PC with 8G RAM and 6 LAN ports running OPNsense. It was setup up sub optimally in the first place (by me). After running 24/7 for 6 months, the motherboard went bang (a week ago) and the hEX appeared as the cheapest and quickest solution to get me going while the main "router" is away for repair. This blow-up was an opportunity to restructure the network more optimally, and in a way that I should be able to swap routers almost in a plug and play fashion if such an incident happens again, or so I wish :)

Who is online

Users browsing this forum: Amazon [Bot], bkuyk1, cmmike, JR2 and 22 guests