I’m having an issue with VRRP. Now it’s very possible the issue is me and a mistake I’m making but please hear me out. I would appreciate any help. The short version is when I build the topology in the diagram, RSTP converges exactly as I expect(Hardware offload is disabled by vlan filtering, This is not an issue.) So when I use VRRP with VLANs any frames with a dst-mac address of the VRRP interface are being flooded by the bridge as the bridge is not learning the mac address of the VRRP interface. I’ve recreated this in a test setup and if I just build the VRRP interface on the bridge then it works as expected and no flooding, However if I build vlans on the bridge and vrrp interfaces on each vlan interface then we end up with flooding. If I’ve got an error in my config please share. I have attached, Config dumps for both builds with and without vlans.(The phpBB won't allow me post the full backups or the support dumps) I started with the latest and greatest code including firmware upgraded. For testing all devices are hEX(750G r3)
Router 1 With Vlans
Code: Select all
/interface bridge
add admin-mac=02:00:00:AA:00:01 auto-mac=no name=brTrunk priority=0x2000 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] comment=Router1<->Switch1
set [ find default-name=ether2 ] disabled=yes
set [ find default-name=ether3 ] comment=Router1<->Router2
set [ find default-name=ether4 ] disabled=yes
set [ find default-name=ether5 ] comment=Management
/interface vlan
add interface=brTrunk name=vlan10 vlan-id=10
/interface vrrp
add interface=vlan10 name=vrrp10 vrid=10
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=brTrunk interface=ether3
add bridge=brTrunk interface=ether1
/interface bridge settings
set allow-fast-path=no
/interface bridge vlan
add bridge=brTrunk tagged=brTrunk,ether1,ether3 vlan-ids=10
/ip address
add address=10.0.0.2/24 interface=vlan10 network=10.0.0.0
add address=10.0.0.1 interface=vrrp10 network=10.0.0.1
Code: Select all
/interface bridge
add admin-mac=02:00:00:AA:00:02 auto-mac=no name=brTrunk priority=0x3000 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] disabled=yes
set [ find default-name=ether2 ] comment=Router2<->Switch1
set [ find default-name=ether3 ] comment=Router1<->Router2
set [ find default-name=ether4 ] disabled=yes
set [ find default-name=ether5 ] comment=Management
/interface vlan
add interface=brTrunk name=vlan10 vlan-id=10
/interface vrrp
add interface=vlan10 name=vrrp10 vrid=10
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=brTrunk interface=ether3
add bridge=brTrunk interface=ether2
/interface bridge vlan
add bridge=brTrunk tagged=brTrunk,ether2,ether3 vlan-ids=10
Code: Select all
/interface bridge
add admin-mac=02:00:00:AA:00:03 auto-mac=no name=brTrunk vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] comment=Router1
set [ find default-name=ether2 ] comment=Router2
set [ find default-name=ether3 ] disabled=yes
set [ find default-name=ether4 ] disabled=yes
set [ find default-name=ether5 ] comment=Management
/interface vlan
add interface=brTrunk name=vlan10 vlan-id=10
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=brTrunk interface=ether1
add bridge=brTrunk interface=ether2
/interface bridge vlan
add bridge=brTrunk tagged=brTrunk,ether1,ether2 vlan-ids=10
Router 1 Bridge host table (The VRRP mac is missing)
Code: Select all
[admin@Router1] > /interface bridge host print
Flags: X - disabled, I - invalid, D - dynamic, L - local, E - external
# MAC-ADDRESS VID ON-INTERFACE BRIDGE AGE
0 DL 02:00:00:AA:00:01 brTrunk brTrunk
1 DL CC:2D:E0:7D:7F:71 ether1 brTrunk
2 DL CC:2D:E0:7D:7F:73 ether3 brTrunk
3 DL 02:00:00:AA:00:01 1 brTrunk brTrunk
4 D 02:00:00:AA:00:02 1 ether3 brTrunk 58s
5 D 02:00:00:AA:00:03 1 ether3 brTrunk 57s
6 D CC:2D:E0:65:7D:F4 1 ether1 brTrunk 57s
7 D CC:2D:E0:65:7D:F5 1 ether3 brTrunk 57s
8 D CC:2D:E0:69:45:D4 1 ether3 brTrunk 58s
9 DL CC:2D:E0:7D:7F:71 1 ether1 brTrunk
10 DL CC:2D:E0:7D:7F:73 1 ether3 brTrunk
11 DL 02:00:00:AA:00:01 10 brTrunk brTrunk
12 D 02:00:00:AA:00:02 10 ether3 brTrunk 58s
13 D 02:00:00:AA:00:03 10 ether1 brTrunk 1s
14 DL CC:2D:E0:7D:7F:71 10 ether1 brTrunk
15 DL CC:2D:E0:7D:7F:73 10 ether3 brTrunk
Code: Select all
[admin@Switch1] > /ip arp print
Flags: X - disabled, I - invalid, H - DHCP, D - dynamic, P - published,
C - complete
# ADDRESS MAC-ADDRESS INTERFACE
0 DC 172.17.2.4 B8:27:EB:EF:C3:32 ether5
1 DC 10.0.0.1 [u][b]00:00:5E:00:01:0A [/b][/u]vlan10
[admin@Switch1] > /interface bridge host print
Flags: X - disabled, I - invalid, D - dynamic, L - local, E - external
# MAC-ADDRESS VID ON-INTERFACE BRIDGE AGE
0 DL 02:00:00:AA:00:03 brTrunk brTrunk
1 DL CC:2D:E0:65:7D:F4 ether1 brTrunk
2 DL CC:2D:E0:65:7D:F5 ether2 brTrunk
3 D 02:00:00:AA:00:01 1 ether1 brTrunk 43s
4 D 02:00:00:AA:00:02 1 ether1 brTrunk 45s
5 DL 02:00:00:AA:00:03 1 brTrunk brTrunk
6 DL CC:2D:E0:65:7D:F4 1 ether1 brTrunk
7 DL CC:2D:E0:65:7D:F5 1 ether2 brTrunk
8 D CC:2D:E0:69:45:D4 1 ether1 brTrunk 45s
9 D CC:2D:E0:7D:7F:71 1 ether1 brTrunk 1s
[u][b]10 D 00:00:5E:00:01:0A 10 ether1 brTrunk 0s [/b][/u]
11 D 02:00:00:AA:00:01 10 ether1 brTrunk 0s
12 D 02:00:00:AA:00:02 10 ether1 brTrunk 45s
13 DL 02:00:00:AA:00:03 10 brTrunk brTrunk
14 DL CC:2D:E0:65:7D:F4 10 ether1 brTrunk
15 DL CC:2D:E0:65:7D:F5 10 ether2 brTrunk
I've uploaded full backup dumps, support output dumps and full configs in the attached zip file if you wish to recreate/test.
The DHCP client on ether5 on all devices was just used for management and setup of the lab so it can be ignored. I've seen this behavior also on an RB1100Ah4 so I'm thinking it's something i've done wrong.
Thank you to anyone who has taken the time to read this and is willing to share.