Community discussions

MikroTik App
 
avggeek
newbie
Topic Author
Posts: 48
Joined: Thu Jun 06, 2013 9:33 am

Advice on bridge setup with multiple routers

Fri Sep 23, 2022 12:36 pm

Hi,

I'm quite puzzled by what is happening with the bridge configuration on my devices and would appreciate some help to understand what I'm doing wrong. To begin with, here is a diagram that shows how my network is currently configured:

Image

As can be seen from the diagram, I have two switches connected independently to two separate routers with separate internet connections.

My limited understanding of bridges in ROS 6 is that all devices that are connected to a router must be in a bridge in order for traffic to be able to route across them. However, the situation I'm seeing right now is that if I add the CRS-308 on "eth4" to the bridge on the RB750Gr3, I'm not able to ping the RB750 from the CRS-308. If I remove the port, ping works fine! I'm guessing it is somehow routing through the CCR-1009 & Unifi US-24, but I'm unable to understand what should be the correct setup. Any help is most welcome!

Here is the config from the RB750Gr3:
# sep/23/2022 17:00:11 by RouterOS 6.49
# model = RB750Gr3
/interface bridge
add admin-mac=74:4D:28:68:4A:1A auto-mac=no name="All Ports Bridge" \
    protocol-mode=mstp vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=\
    ether1-gateway speed=100Mbps
set [ find default-name=ether2 ] comment="WAN Interface" name=\
    ether2-gateway speed=100Mbps
set [ find default-name=ether3 ] comment="Unifi US-24 Trunk" speed=100Mbps
set [ find default-name=ether4 ] comment="Mikrotik CRS309 Trunk" speed=\
    100Mbps
set [ find default-name=ether5 ] speed=100Mbps
/interface vrrp
add authentication=ah comment="VLAN 1 Network" disabled=yes interface=\
    "All Ports Bridge" name=mgmt-net-vrrp priority=200 version=2 vrid=48
/interface vlan
add comment="Cluster comms network" interface="All Ports Bridge" name=\
    cluster-net vlan-id=67
add comment="DMZ network" interface="All Ports Bridge" name=dmz-net vlan-id=\
    122
add comment="Guest network" interface="All Ports Bridge" name=guest-net \
    vlan-id=90
add comment="IOT Devices network" interface="All Ports Bridge" name=iot-net \
    vlan-id=50
add comment="Lab Network" interface="All Ports Bridge" name=lab-vlan vlan-id=\
    54
add comment="Untrusted Client(s) network" interface="All Ports Bridge" name=\
    others-net vlan-id=75
add comment="Storage network" interface="All Ports Bridge" name=san-net \
    vlan-id=83
add comment="Server network" interface="All Ports Bridge" name=server-net \
    vlan-id=20
add comment="\"Trusted\" Clients network" interface="All Ports Bridge" name=\
    trusted-clients-net vlan-id=104
/interface vrrp
add authentication=ah interface=cluster-net name=cluster-net-vrrp priority=\
    200 version=2 vrid=67
add authentication=ah interface=dmz-net name=dmz-net-vrrp preemption-mode=no \
    priority=200 version=2 vrid=122
add authentication=ah interface=iot-net name=iot-net-vrrp preemption-mode=no \
    priority=200 version=2 vrid=50
add authentication=ah interface=lab-vlan name=lab-vlan-vrrp preemption-mode=\
    no priority=200 version=2 vrid=54
add authentication=ah interface=others-net name=others-net-vrrp \
    preemption-mode=no priority=200 version=2 vrid=75
add authentication=ah interface=san-net name=san-net-vrrp priority=200 \
    version=2 vrid=83
add authentication=ah interface=server-net name=server-net-vrrp priority=200 version=2 vrid=20
add authentication=ah interface=trusted-clients-net name=trusted-clients-vrrp \
    priority=200 version=2 vrid=104
/interface bridge port
add bridge="All Ports Bridge" comment="Unifi US-24 Trunk" interface=ether3
/interface bridge vlan
add bridge="All Ports Bridge" comment="Server network" tagged=\
    "All Ports Bridge,ether3,ether4,ether5" vlan-ids=20
add bridge="All Ports Bridge" comment="IOT Devices network" tagged=\
    "All Ports Bridge,ether3,ether4,ether5" vlan-ids=50
add bridge="All Ports Bridge" comment="Lab network" tagged=\
    "All Ports Bridge,ether3,ether4,ether5" vlan-ids=54
add bridge="All Ports Bridge" comment="Untrusted Client(s) network" tagged=\
    "All Ports Bridge,ether3,ether4,ether5" vlan-ids=75
add bridge="All Ports Bridge" comment="Cluster comms network" tagged=\
    "All Ports Bridge,ether3,ether4,ether5" vlan-ids=67
add bridge="All Ports Bridge" comment="Storage network" tagged=\
    "All Ports Bridge,ether3,ether4,ether5" vlan-ids=83
add bridge="All Ports Bridge" comment="\"Trusted\" clients network" tagged=\
    "All Ports Bridge,ether3,ether4,ether5" vlan-ids=104
add bridge="All Ports Bridge" comment="DMZ network" tagged=\
    "All Ports Bridge,ether3,ether4,ether5" vlan-ids=122
add bridge="All Ports Bridge" tagged="All Ports Bridge,ether3,ether4,ether5" \
    vlan-ids=90
add bridge="All Ports Bridge" tagged="All Ports Bridge,ether3,ether4,ether5" \
    vlan-ids=126
add bridge="All Ports Bridge" tagged="All Ports Bridge,ether3,ether4,ether5" \
    vlan-ids=166
add bridge="All Ports Bridge" vlan-ids=1
/ip address
add address=192.168.48.2/24 comment="Management network" interface=\
    "All Ports Bridge" network=192.168.48.0
add address=192.168.54.2/24 comment="Lab network" interface=lab-vlan network=\
    192.168.54.0
add address=192.168.20.2/24 comment="Server network" interface=server-net \
    network=192.168.20.0
add address=192.168.50.2/24 comment="IOT network" interface=iot-net network=\
    192.168.50.0
add address=192.168.75.2/24 comment="Untrusted Clients network" interface=\
    others-net network=192.168.75.0
add address=192.168.90.2/24 comment="Guest network" interface=guest-net \
    network=192.168.90.0
add address=192.168.104.2/24 comment="Trusted Clients network" interface=\
    trusted-clients-net network=192.168.104.0
add address=192.168.122.2/24 comment="DMZ network" interface=dmz-net network=\
    192.168.122.0
add address=192.168.54.254 interface=lab-vlan-vrrp network=192.168.54.254
add address=192.168.20.254 interface=server-net-vrrp network=192.168.20.254
add address=192.168.48.254 interface=mgmt-net-vrrp network=192.168.48.254
add address=192.168.75.254 interface=others-net-vrrp network=192.168.75.254
add address=192.168.104.254 interface=trusted-clients-vrrp network=\
    192.168.104.254
add address=192.168.122.254 interface=dmz-net-vrrp network=192.168.122.254
add address=192.168.50.254 interface=iot-net-vrrp network=192.168.50.254
add address=192.168.67.2/24 comment="Cluster comms network" interface=\
    cluster-net network=192.168.67.0
add address=192.168.67.254 interface=cluster-net-vrrp network=192.168.67.254
add address=192.168.83.2/24 comment="Storage network" interface=san-net \
    network=192.168.83.0
add address=192.168.83.254 interface=san-net-vrrp network=192.168.83.254
add address=192.168.50.19/24 disabled=yes interface=iot-net-vrrp network=\
    192.168.50.0
Here is the config from the CRS-308:
# sep/23/2022 16:59:30 by RouterOS 6.49.2
# model = CRS309-1G-8S+
/interface ethernet
set [ find default-name=ether1 ] comment="Management Port" l2mtu=1592
set [ find default-name=sfp-sfpplus1 ] comment=BIG-RIG l2mtu=1592
set [ find default-name=sfp-sfpplus2 ] comment="LEGION - Port 1" l2mtu=1592
set [ find default-name=sfp-sfpplus3 ] comment="LEGION - Port 2" l2mtu=1592
set [ find default-name=sfp-sfpplus4 ] comment="Homelab Core-01" l2mtu=1592
set [ find default-name=sfp-sfpplus5 ] comment="Homelab Core-02" l2mtu=1592
set [ find default-name=sfp-sfpplus6 ] comment="Homelab Core-03" l2mtu=1592
set [ find default-name=sfp-sfpplus7 ] comment="Mikrotik RB750Gr3 Uplink" \
    l2mtu=1592
set [ find default-name=sfp-sfpplus8 ] comment="MikroTik CCR1009 Uplink" \
    l2mtu=1592
/interface bridge
add admin-mac=2C:C8:1B:20:06:C8 auto-mac=no comment="Clients Bridge" name=\
    bridge1 protocol-mode=mstp vlan-filtering=yes
/interface bonding
add comment=LEGION mode=802.3ad name=bond-sfpp2_sfpp3 slaves=\
    sfp-sfpplus2,sfp-sfpplus3
/interface bridge port
add bridge=bridge1 interface=sfp-sfpplus1 pvid=83
add bridge=bridge1 comment="MikroTik CCR1009 Uplink" interface=sfp-sfpplus8
add bridge=bridge1 interface=bond-sfpp2_sfpp3 pvid=83
add bridge=bridge1 interface=sfp-sfpplus4 pvid=83
add bridge=bridge1 interface=sfp-sfpplus5 pvid=83
add bridge=bridge1 interface=sfp-sfpplus6 pvid=83
add bridge=bridge1 comment="Mikrotik RB750Gr3 Uplink" interface=sfp-sfpplus7 \
    priority=0x90 pvid=83
/interface bridge vlan
add bridge=bridge1 comment="\"Trusted\" Clients network" tagged=\
    sfp-sfpplus8,sfp-sfpplus7,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6 \
    vlan-ids=104
add bridge=bridge1 comment="IOT Devices network" tagged=\
    sfp-sfpplus8,sfp-sfpplus7,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6 \
    vlan-ids=50
add bridge=bridge1 comment="Server network" tagged=\
    sfp-sfpplus8,sfp-sfpplus7,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6 \
    vlan-ids=20
add bridge=bridge1 comment="Storage network" tagged=sfp-sfpplus8,sfp-sfpplus7 \
    vlan-ids=83
add bridge=bridge1 comment="Cluster comms network" tagged=\
    sfp-sfpplus8,sfp-sfpplus7 vlan-ids=67
add bridge=bridge1 comment="Lab network" tagged=\
    sfp-sfpplus8,sfp-sfpplus7,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6 \
    vlan-ids=54
add bridge=bridge1 comment="Untrusted Client(s) network" tagged=\
    sfp-sfpplus8,sfp-sfpplus7,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6 \
    vlan-ids=75
add bridge=bridge1 comment="\"Guest\" network" tagged=\
    sfp-sfpplus8,sfp-sfpplus7 vlan-ids=90
add bridge=bridge1 comment="DMZ network" tagged=sfp-sfpplus8,sfp-sfpplus7 \
    vlan-ids=122
add bridge=bridge1 comment="OpenVPN (UDP) network" tagged=\
    sfp-sfpplus8,sfp-sfpplus7 vlan-ids=166
add bridge=bridge1 untagged=sfp-sfpplus7 vlan-ids=1
/ip address
add address=192.168.48.10/24 interface=bridge1 network=192.168.48.0
/ip dns
set servers=192.168.48.254
/ip route
add distance=1 gateway=192.168.48.254
/system clock
set time-zone-autodetect=no time-zone-name=Asia/Singapore
/system clock manual
set time-zone=+08:00
/system identity
set name="MikroTik CRS309-1G-8S+"
/system ntp client
set enabled=yes server-dns-names=0.sg.pool.ntp.org,1.sg.pool.ntp.org
/system package update
set channel=upgrade
/system routerboard settings
set boot-os=router-os
/tool sniffer
set filter-interface=bridge1 streaming-enabled=yes streaming-server=\
    192.168.104.117
 
sindy
Forum Guru
Forum Guru
Posts: 9707
Joined: Mon Dec 04, 2017 9:19 pm

Re: Advice on bridge setup with multiple routers

Fri Sep 23, 2022 1:16 pm

ether4 on the hEX is not a member port of the bridge - neither on the drawing nor in the configuration (in the /interface bridge port table), whereas in the /interface bridge vlan table it is. Fix that in /interface bridge port and you should be good.
Don't write novels, post /export hide-sensitive file=x. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
avggeek
newbie
Topic Author
Posts: 48
Joined: Thu Jun 06, 2013 9:33 am

Re: Advice on bridge setup with multiple routers

Fri Sep 23, 2022 3:22 pm

ether4 on the hEX is not a member port of the bridge - neither on the drawing nor in the configuration (in the /interface bridge port table), whereas in the /interface bridge vlan table it is. Fix that in /interface bridge port and you should be good.
@sindy: Yes that was my initial assumption too but confusingly that does not seem to work. Let me demonstrate:

The hEX has several IP addresses assigned:
/ip address
add address=192.168.48.2/24 comment="Management network" interface=\
    "All Ports Bridge" network=192.168.48.0
add address=192.168.54.2/24 comment="Lab network" interface=lab-vlan network=\
    192.168.54.0
add address=192.168.20.2/24 comment="Server network" interface=server-net \
    network=192.168.20.0
add address=192.168.50.2/24 comment="IOT network" interface=iot-net network=\
    192.168.50.0
add address=192.168.75.2/24 comment="Untrusted Clients network" interface=\
    others-net network=192.168.75.0
add address=192.168.90.2/24 comment="Guest network" interface=guest-net \
    network=192.168.90.0
add address=192.168.104.2/24 comment="Trusted Clients network" interface=\
    trusted-clients-net network=192.168.104.0
add address=192.168.122.2/24 comment="DMZ network" interface=dmz-net network=\
    192.168.122.0

Prior to adding ether4 to the bridge, the CRS-309 can successfully ping the hEX on these IP's:

VLAN1:
Image

VLAN20:
Image

Now I will add ether4 to the bridge on the hEX:
Image

Once I do this, the CRS-309 cannot reach the hEX:
Image
Image
 
sindy
Forum Guru
Forum Guru
Posts: 9707
Joined: Mon Dec 04, 2017 9:19 pm

Re: Advice on bridge setup with multiple routers

Fri Sep 23, 2022 4:05 pm

that was my initial assumption too but confusingly that does not seem to work
What you have created is a ring topology - CCR1009, CRS309, hEX, Ubiquiti, and back to CCR1009. So to prevent broadcast, multicast, and unresponded unicast frames from circulating indefinitely and exhausting all the bandwidth, Spanning Tree Protocol (STP) must be enabled on all the four elements, and it must be the same flavor of STP on all 4. Otherwise surprises may happen, including some of the elements becoming unreachable.

I have no idea whether Mikrotik's RSTP is compatible with Ubiquiti's RSTP and whether Ubiquiti supports MSTP (which is normally compatible between all vendors) or even any STP at all. So sort this out, and then use /interface bridge monitor and /interface bridge port monitor [find] to see how the ring topology looks like and at what place the STP has cut the ring to prevent looping.
Don't write novels, post /export hide-sensitive file=x. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
sindy
Forum Guru
Forum Guru
Posts: 9707
Joined: Mon Dec 04, 2017 9:19 pm

Re: Advice on bridge setup with multiple routers  [SOLVED]

Fri Sep 23, 2022 4:30 pm

I can also see you are translating VLAN 83 on CRS309 to VLAN 1 on the hEX (because pvid of sfp-sfpplus7 is 83 whereas pvid of ether4 is presumably 1 according to /interface bridge vlan), but on the 309, 192.168.48.10 is attached to VLAN 1 (the pvid of the bridge is 1 there), whereas on the hEX, 192.168.48.2 is also attached to VLAN 1 (pvid of the bridge is 1 also on he hEX). So due to the discrepancy of pvid values between the ends of the ether4<->sfp-sfpplus7 link, the 309 sends frames from the bridge to the hEX tagged with VID 1, and receives frames from the bridge on hEX tagless, so they end up in VLAN 83 there. On the long path between the 309 and the hEX (via 1009 and Ubiquity) this mismatch doesn't exist (unless you've done something similar on the Ubiquiti or the 1009) because pvid of sfp-sfpplus8 facing to the 1009 is 1. When the direct path becomes available, the issue pops up and hits.
Don't write novels, post /export hide-sensitive file=x. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
avggeek
newbie
Topic Author
Posts: 48
Joined: Thu Jun 06, 2013 9:33 am

Re: Advice on bridge setup with multiple routers

Sat Sep 24, 2022 4:24 am

I have no idea whether Mikrotik's RSTP is compatible with Ubiquiti's RSTP and whether Ubiquiti supports MSTP (which is normally compatible between all vendors) or even any STP at all. So sort this out, and then use /interface bridge monitor and /interface bridge port monitor [find] to see how the ring topology looks like and at what place the STP has cut the ring to prevent looping.

Unfortunately Ubiquiti does not support MSTP, only RSTP :-( (or atleast the US-24 switch that I have does not. Perhaps newer switches do support)

I can also see you are translating VLAN 83 on CRS309 to VLAN 1 on the hEX (because pvid of sfp-sfpplus7 is 83 whereas pvid of ether4 is presumably 1 according to /interface bridge vlan), but on the 309, 192.168.48.10 is attached to VLAN 1 (the pvid of the bridge is 1 there), whereas on the hEX, 192.168.48.2 is also attached to VLAN 1 (pvid of the bridge is 1 also on he hEX). So due to the discrepancy of pvid values between the ends of the ether4<->sfp-sfpplus7 link, the 309 sends frames from the bridge to the hEX tagged with VID 1, and receives frames from the bridge on hEX tagless, so they end up in VLAN 83 there. On the long path between the 309 and the hEX (via 1009 and Ubiquity) this mismatch doesn't exist (unless you've done something similar on the Ubiquiti or the 1009) because pvid of sfp-sfpplus8 facing to the 1009 is 1. When the direct path becomes available, the issue pops up and hits.

Thank you for spotting this! sfp-sfpplus7 was originally meant to be used for a client device, but was subsequently repurposed as the uplink for the hEX. I did not remember to change the VID for this port when I changed the connections. As soon as I changed the VID for this port, I was able to successfully ping the hEX from the CRS-309.
 
sindy
Forum Guru
Forum Guru
Posts: 9707
Joined: Mon Dec 04, 2017 9:19 pm

Re: Advice on bridge setup with multiple routers

Sat Sep 24, 2022 8:54 am

Unfortunately Ubiquiti does not support MSTP, only RSTP :-( (or atleast the US-24 switch that I have does not. Perhaps newer switches do support)
The more important it is to check the bridge states as I've suggested earlier (/interface bridge monitor, /interface bridge port monitor). MSTP can interwork with RSTP but it depends on the implementation of the RTSP. I would also recommend to make the 1009 a primary root bridge and the hEX a secondary root bridge, assuming that the 1009 is the preferred router.
Don't write novels, post /export hide-sensitive file=x. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
avggeek
newbie
Topic Author
Posts: 48
Joined: Thu Jun 06, 2013 9:33 am

Re: Advice on bridge setup with multiple routers

Sat Sep 24, 2022 10:08 am

The more important it is to check the bridge states as I've suggested earlier (/interface bridge monitor, /interface bridge port monitor). MSTP can interwork with RSTP but it depends on the implementation of the RTSP.

This is what I'm seeing on the CCR-1009:

> /interface bridge monitor 0
state: enabled
current-mac-address: 4C:5E:0C:03:20:22
root-bridge: no
root-bridge-id: 0x8000.26:46:1B:39:DB:5C
regional-root-bridge-id: 0x8000.4C:5E:0C:03:20:22
root-path-cost: 10010
root-port: bond-ether5_ether6
port-count: 7
designated-port-count: 1
mst-config-digest: ac36177f50283cd4b83821d8ab26de62
fast-forward: no

> /interface bridge port monitor 6
;;; Unifi US-24 Trunk Ports
interface: bond-ether5_ether6
status: in-bridge
port-number: 7
role: root-port
edge-port: no
edge-port-discovery: yes
point-to-point-port: no
external-fdb: no
sending-rstp: yes
learning: yes
forwarding: yes
root-path-cost: 10010
designated-bridge: 0x8000.78:8A:20:47:94:DC
designated-cost: 10000
designated-port-number: 68

> /interface bridge port monitor 4
;;; MikroTik CRS309-1G-8S+ Uplink
interface: sfp-sfpplus1
status: in-bridge
port-number: 1
role: designated-port
edge-port: no
edge-port-discovery: yes
point-to-point-port: yes
external-fdb: no
sending-rstp: yes
learning: yes
forwarding: yes

This is the output from the hEX:

> /interface bridge monitor 0
state: enabled
current-mac-address: 74:4D:28:68:4A:1A
root-bridge: no
root-bridge-id: 0x8000.26:46:1B:39:DB:5C
regional-root-bridge-id: 0x8000.4C:5E:0C:03:20:22
root-path-cost: 10010
root-port: ether4
port-count: 2
designated-port-count: 0
mst-config-digest: ac36177f50283cd4b83821d8ab26de62
fast-forward: no

 > /interface bridge port monitor 0
;;; Unifi US-24 Trunk
interface: ether3
status: in-bridge
port-number: 1
role: alternate-port
edge-port: no
edge-port-discovery: yes
point-to-point-port: yes
external-fdb: no
sending-rstp: yes
learning: no
forwarding: no
root-path-cost: 10010
designated-bridge: 0x8000.78:8A:20:47:94:DC
designated-cost: 10000
designated-port-number: 2

> /interface bridge port monitor 1
;;; Mikrotik CRS309 Trunk
interface: ether4
status: in-bridge
port-number: 2
role: root-port
edge-port: no
edge-port-discovery: yes
point-to-point-port: yes
external-fdb: no
sending-rstp: yes
learning: yes
forwarding: yes
internal-root-path-cost: 20
designated-bridge: 0x8000.2C:C8:1B:20:06:C8
designated-internal-cost: 10
designated-port-number: 5

I would also recommend to make the 1009 a primary root bridge and the hEX a secondary root bridge, assuming that the 1009 is the preferred router.

Yes the 1009 is the preferred router. My understanding is that I can make this the root bridge by setting the STP on the bridge to a lower priority (something like 1000?). Is my understanding correct?
 
sindy
Forum Guru
Forum Guru
Posts: 9707
Joined: Mon Dec 04, 2017 9:19 pm

Re: Advice on bridge setup with multiple routers

Sat Sep 24, 2022 10:26 am

Yes the 1009 is the preferred router. My understanding is that I can make this the root bridge by setting the STP on the bridge to a lower priority (something like 1000?). Is my understanding correct?
Yes. I'd set 0x4000 on the 1009 and 0x6000 on the hEX, and then re-check the monitors.
Don't write novels, post /export hide-sensitive file=x. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
avggeek
newbie
Topic Author
Posts: 48
Joined: Thu Jun 06, 2013 9:33 am

Re: Advice on bridge setup with multiple routers

Sat Sep 24, 2022 11:15 am

Yes. I'd set 0x4000 on the 1009 and 0x6000 on the hEX, and then re-check the monitors.

There's been a significant change in the output from the monitors on the 1009:

> /interface bridge monitor 0
    state: enabled
    current-mac-address: 4C:5E:0C:03:20:22
    root-bridge: yes
    root-bridge-id: 0x4000.4C:5E:0C:03:20:22
    regional-root-bridge-id: 0x4000.4C:5E:0C:03:20:22
    root-path-cost: 0
    root-port: none
    port-count: 7
    designated-port-count: 2
    mst-config-digest: ac36177f50283cd4b83821d8ab26de62
    fast-forward: no

 > /interface bridge port monitor 4
    ;;; MikroTik CRS309-1G-8S+ Uplink
    interface: sfp-sfpplus1
    status: in-bridge
    port-number: 1
    role: designated-port
    edge-port: no
    edge-port-discovery: yes
    point-to-point-port: yes
    external-fdb: no
    sending-rstp: yes
    learning: yes
    forwarding: yes

> /interface bridge port monitor 6
    ;;; Unifi US-24 Trunk Ports
    interface: bond-ether5_ether6
    status: in-bridge
    port-number: 7
    role: designated-port
    edge-port: no
    edge-port-discovery: yes
    point-to-point-port: no
    external-fdb: no
    sending-rstp: yes
    learning: yes
    forwarding: yes
There is no root port anymore only designated ports - which (again to my limited understanding) is correct since a root bridge does not require a root port.

On the hEX, the major change is that the US-24 port is now a designated port, rather than being marked as an alternate port:

 > /interface bridge monitor 0
    state: enabled
    current-mac-address: 74:4D:28:68:4A:1A
    root-bridge: no
    root-bridge-id: 0x4000.4C:5E:0C:03:20:22
    regional-root-bridge-id: 0x4000.4C:5E:0C:03:20:22
    root-path-cost: 0
    root-port: ether4
    port-count: 2
    designated-port-count: 1
    mst-config-digest: ac36177f50283cd4b83821d8ab26de62
    fast-forward: no

 > /interface bridge port monitor 0
    ;;; Unifi US-24 Trunk
    interface: ether3
    status: in-bridge
    port-number: 1
    role: designated-port
    edge-port: yes
    edge-port-discovery: yes
    point-to-point-port: yes
    external-fdb: no
    sending-rstp: yes
    learning: yes
    forwarding: yes

> /interface bridge port monitor 1
    ;;; Mikrotik CRS309 Trunk
    interface: ether4
    status: in-bridge
    port-number: 2
    role: root-port
    edge-port: no
    edge-port-discovery: yes
    point-to-point-port: yes
    external-fdb: no
    sending-rstp: yes
    learning: yes
    forwarding: yes
    internal-root-path-cost: 20
    designated-bridge: 0x8000.2C:C8:1B:20:06:C8
    designated-internal-cost: 10
    designated-port-number: 5

Is there anything else I should be checking now? Connectivity from clients and across switch/router seems to be working correctly.
 
sindy
Forum Guru
Forum Guru
Posts: 9707
Joined: Mon Dec 04, 2017 9:19 pm

Re: Advice on bridge setup with multiple routers

Sat Sep 24, 2022 12:21 pm

There is no root port anymore only designated ports - which (again to my limited understanding) is correct since a root bridge does not require a root port.
Correct. A "root port" is a the local end of a path to the root bridge, so the root bridge itself cannot have any.

Is there anything else I should be checking now? Connectivity from clients and across switch/router seems to be working correctly.
If there are no more switches in the topology than these four, the only next step to make sense are fault simulations - after disconnection of the 1009 from both switches, you should see the the hEX to become the root bridge, and after connecting the 1009 back to any of the two neighbors, the 1009 should become the root bridge again.
Don't write novels, post /export hide-sensitive file=x. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
avggeek
newbie
Topic Author
Posts: 48
Joined: Thu Jun 06, 2013 9:33 am

Re: Advice on bridge setup with multiple routers

Sun Sep 25, 2022 4:48 am

If there are no more switches in the topology than these four, the only next step to make sense are fault simulations - after disconnection of the 1009 from both switches, you should see the the hEX to become the root bridge, and after connecting the 1009 back to any of the two neighbors, the 1009 should become the root bridge again.
There are only the four devices. I will try to do fault simulations as suggested - probably not right away as I'm traveling for the next two weeks and will be 10,000 miles away from the rack. Not a good time to start pulling wires ;-)

Who is online

Users browsing this forum: No registered users and 16 guests