Community discussions

 
User avatar
Xymelin
just joined
Topic Author
Posts: 9
Joined: Wed Apr 07, 2010 2:13 pm
Location: Riga, Latvia
Contact:

VRRP interface on bridge

Thu Mar 01, 2012 2:14 pm

Hi there !

We are having this kind of issue:

We have a router which has VRRP interface on a bridged interface. The problem is that the traffic which is sent to the one of bridge ports is duplicating to other bridge ports. After 5 minutes (aging time) everything starting to work normaly. The thing is...that when traffic is duplicating I don't see VRRP's interface MAC address in Bridge Hosts. I wondering whether this is my misunderstanding or it's Mikrotik's issue. Maybe somebody can give a piece of advice?
 
User avatar
Xymelin
just joined
Topic Author
Posts: 9
Joined: Wed Apr 07, 2010 2:13 pm
Location: Riga, Latvia
Contact:

Re: VRRP interface on bridge

Mon Mar 05, 2012 11:09 am

Anyone ?
 
brainy
Member Candidate
Member Candidate
Posts: 149
Joined: Fri Sep 29, 2006 3:08 pm
Location: Unterschleissheim, Germany
Contact:

Re: VRRP interface on bridge

Fri Jun 07, 2013 7:28 pm

I see this problem since many many routerOS versions. the problem is that the bridge does not know to which interface the vrrp-interface belongs (see the Host-table on the bridge, you will not see the mac-address of the vrrp interface, like you already mentioned) ...

that is causing that all traffic that comes into the bridge and has to reach the (local) vrrp-interface is flooded out on all bridge-ports. i already have a ticket open at MT that this is a bug .. i hope they are going to fix that

Regards,
Joerg
 
User avatar
Tolaris
just joined
Posts: 7
Joined: Tue Mar 20, 2012 1:00 pm

Re: VRRP interface on bridge

Sun Oct 12, 2014 2:20 am

Does anyone have any news on this? I've found the same issue. MAC addresses of VRRP interfaces aren't learned by the bridge, so they flood all ports.

One solution may be to use Bridge -> Filters and create a forward rule like:

chain forward
interfaces / out. interface = ether2
dst MAC address = MAC of VRRP interface
DROP

Repeat for each etherX interface that you go to other hosts. Do not do this for interfaces connecting to the other routers running VRRP.

I have not tested this yet.
 
brainy
Member Candidate
Member Candidate
Posts: 149
Joined: Fri Sep 29, 2006 3:08 pm
Location: Unterschleissheim, Germany
Contact:

Re: VRRP interface on bridge

Sun Oct 12, 2014 10:19 am

Does anyone have any news on this? I've found the same issue. MAC addresses of VRRP interfaces aren't learned by the bridge, so they flood all ports.

One solution may be to use Bridge -> Filters and create a forward rule like:

chain forward
interfaces / out. interface = ether2
dst MAC address = MAC of VRRP interface
DROP

Repeat for each etherX interface that you go to other hosts. Do not do this for interfaces connecting to the other routers running VRRP.

I have not tested this yet.
Hi,

this is how i "fixed" it for the last years .. i dont think MT will fix it. Maybe you open a ticket with them and see what happens.

Regards,
Joerg
 
9bt
just joined
Posts: 1
Joined: Fri Oct 17, 2014 11:15 pm

Re: VRRP interface on bridge

Sat Oct 18, 2014 4:37 am

I have the same problem
 
User avatar
Tolaris
just joined
Posts: 7
Joined: Tue Mar 20, 2012 1:00 pm

Re: VRRP interface on bridge

Tue Oct 21, 2014 11:56 am

this is how i "fixed" it for the last years .. i dont think MT will fix it. Maybe you open a ticket with them and see what happens.
Yep. On my device, ports ether2-4 are bridge members that would never host the VRRP address. ether5 connects to the backup router. So this is what I did:
/interface bridge filter
add action=drop chain=forward comment="No VRRP gw traffic to hosts" dst-mac-address=00:00:5E:00:01:14/FF:FF:FF:FF:FF:FF in-bridge=LAN_Internal out-interface=ether2
add action=drop chain=forward comment="No VRRP gw traffic to hosts" dst-mac-address=00:00:5E:00:01:14/FF:FF:FF:FF:FF:FF in-bridge=LAN_Internal out-interface=ether3
add action=drop chain=forward comment="No VRRP gw traffic to hosts" dst-mac-address=00:00:5E:00:01:14/FF:FF:FF:FF:FF:FF in-bridge=LAN_Internal out-interface=ether4
This has avoided the problem, but it still sucks. I don't have any faith that Mikrotik will actually implement what we request, though. They have a long history of ignoring key features such as OpenVPN UDP.
 
teamer
just joined
Posts: 21
Joined: Mon Sep 12, 2016 9:18 am

Re: VRRP interface on bridge

Fri Mar 03, 2017 6:07 pm

The problem is still persists. CCR1009-8G-1S-1S+, 6.37.1.
:(
 
sup5
Member
Member
Posts: 322
Joined: Sat Jul 10, 2010 12:37 am

Re: VRRP interface on bridge

Thu Feb 08, 2018 7:38 pm

Ran into this issue, too. Solved it by using a loop-cable on the router:

ether1: ip-address of router
vrrp1: slave of ether1 with virtual-ip address

ether2: slave of the bridge containing all other needed ports exept of ether1

loop-cable between ether1 and ether2


Anyways. This is very undesirable!
Every other Routering/Switching vendor on the market is able to do VRRP (or its competitors like HSRP, VRRP-e/a) on a VLAN, SVI or Bridge without hassle.
 
sup5
Member
Member
Posts: 322
Joined: Sat Jul 10, 2010 12:37 am

Re: VRRP interface on bridge

Fri Mar 02, 2018 10:42 am

After a quick conversation with support, this issue was resolved within a few days in the latest release candidate:
What's new in 6.42rc35 (2018-Feb-26 10:46):
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
 
andrewdl
just joined
Posts: 3
Joined: Mon Jun 08, 2015 6:12 pm

Re: VRRP interface on bridge

Sat Mar 10, 2018 12:53 pm

6 years... 1 year with breaks I'm trying make work vrrp configuration in my network between CCRs. And now this works on 6.42rc35 fw. Thank you so much. :)
Special thanks to sup5.
 
sup5
Member
Member
Posts: 322
Joined: Sat Jul 10, 2010 12:37 am

Re: VRRP interface on bridge

Sat Mar 10, 2018 1:26 pm

As a general rule of thumb:

Always inform support about bugs. Do not rely on the forums.
Shrink the setup to the bare minimum in order to exhibit and reproduce the bug.
Add Diagrams and PCAPs etc.

Any bug I informed support about so far has been fixed.
 
andrewdl
just joined
Posts: 3
Joined: Mon Jun 08, 2015 6:12 pm

Re: VRRP interface on bridge

Thu Apr 19, 2018 12:04 pm

Hi there. Is it possible to make the icmp reply comes from a virtual ip address, and not the master ip address in the vrrp configuration on the bridge with vlans when tracing a route? For example. If my default gateway ip 192.168.1.254 (virtual IP for VLANx on ccr), I recieve reply from 192.168.1.253 (master IP).

Who is online

Users browsing this forum: No registered users and 42 guests