Community discussions

 
yacsap
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 90
Joined: Wed Dec 17, 2014 11:44 am
Location: Auckland, New Zealand
Contact:

Bridge -> root bridge

Fri May 17, 2019 9:44 am

Hi all,

I just purchased CCR 1009 and transferred most of my settings from RB 2011 and it's live now.

However, I have a concern with my bridge, usually, bridge1 is set to root bridge, but now, on my new CCR 1009 it automatically selects ether2 as my root port.

How can I demote ether2 as root port and make bridge1 as my root bridge?
[ IMikroTik ] >
 
User avatar
vecernik87
Long time Member
Long time Member
Posts: 640
Joined: Fri Nov 10, 2017 8:19 am

Re: Bridge -> root bridge

Fri May 17, 2019 10:14 am

Each bridge has STP priority. Default is 8000 hex. If you set it lower, it signals to STP protocol, that the bridge is more close to the root. Usually you can see people using numbers like 1000 / 2000 / 4000 etc , to prioritize their root bridge. You can read more about it here: https://wiki.mikrotik.com/wiki/Manual:I ... e_Protocol
 
yacsap
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 90
Joined: Wed Dec 17, 2014 11:44 am
Location: Auckland, New Zealand
Contact:

Re: Bridge -> root bridge

Fri May 17, 2019 10:16 am

How to set root port to none, and have the bridge as root bridge?

I usually don't have root port. This is my first time having one, hence I prefer using my usual.
[ IMikroTik ] >
 
yacsap
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 90
Joined: Wed Dec 17, 2014 11:44 am
Location: Auckland, New Zealand
Contact:

Re: Bridge -> root bridge

Fri May 17, 2019 1:09 pm

Update:

On old RB2011 router, my bridge protocol is RSTP
And the bridge always becomes the root bridge (none of its members become a root port)

On new CCR1009 router, if I set my bridge protocol is RSTP (which is by default)
Ethernet2 always elected as root port, and the bridge is not a root bridge.

IF I set my bridge protocol to NONE (without loop protection)
It's just like my RB2011, the bridge becomes root bridge and none of its members become a root port (which is my preference)
[ IMikroTik ] >
 
tdw
Member Candidate
Member Candidate
Posts: 131
Joined: Sat May 05, 2018 11:55 am

Re: Bridge -> root bridge

Fri May 17, 2019 1:58 pm

Do you have a switch with STP/RSTP connected to ether2?
 
yacsap
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 90
Joined: Wed Dec 17, 2014 11:44 am
Location: Auckland, New Zealand
Contact:

Re: Bridge -> root bridge

Fri May 17, 2019 2:01 pm

Do you have a switch with STP/RSTP connected to ether2?
Not that I'm aware of.
I just switched RB2011 to CCR1009, that's all I changed.
Even the configuration are the same (I compared apple to apple using 'export' command)
[ IMikroTik ] >
 
tdw
Member Candidate
Member Candidate
Posts: 131
Joined: Sat May 05, 2018 11:55 am

Re: Bridge -> root bridge

Fri May 17, 2019 2:39 pm

If the default bridge priority is used for STP/RSTP then the switch (or bridge) with the lowest MAC address is elected root. If there is another STP/RSTP device with a MAC address between the one which was on your 2011 and the CCR you would get exactly what you are seeing - the other device would become root and the port on the CCR connected to it would become the root port (the naming can be confusing as it isn't the root port, it is the port connected towards the root device).

Try changing the bridge priority from the default of 8000 to 4000, if the CCR then becomes root you have another STP/RSTP device somewhere.
 
yacsap
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 90
Joined: Wed Dec 17, 2014 11:44 am
Location: Auckland, New Zealand
Contact:

Re: Bridge -> root bridge

Fri May 17, 2019 2:50 pm

Will specifying admin-mac can remedy this issue?

And how can I make my bridge as the root bridge (even if there's other root ports in the network?)
[ IMikroTik ] >
 
tdw
Member Candidate
Member Candidate
Posts: 131
Joined: Sat May 05, 2018 11:55 am

Re: Bridge -> root bridge

Fri May 17, 2019 2:57 pm

You could use the bridge admin MAC to bodge the CCR to become the root, the proper way is to adjust the bridge priority - lower bridge priorities have precedence, the MAC addresses are used as a tie-break if the bridge priorities are the same.
 
User avatar
vecernik87
Long time Member
Long time Member
Posts: 640
Joined: Fri Nov 10, 2017 8:19 am

Re: Bridge -> root bridge

Fri May 17, 2019 5:14 pm

Will specifying admin-mac can remedy this issue?
No, it will not. Theoretically you could find a MAC address which would give it priority but that is wrong approach.
And how can I make my bridge as the root bridge (even if there's other root ports in the network?)
I already told you - give your bridge lower priority than default. Use only "round" numbers (for example 1000 hex will do fine). With lower priority, Bridges in your STP network will elect it as the root bridge.

You don't need to "demote" rood port. That is a port, which is facing towards root bridge. Once your bridge becomes root, it will obviously have no port facing itself and there will be no port marked as "root" on your device.
 
yacsap
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 90
Joined: Wed Dec 17, 2014 11:44 am
Location: Auckland, New Zealand
Contact:

Re: Bridge -> root bridge

Sat May 18, 2019 1:09 am

Will specifying admin-mac can remedy this issue?
No, it will not. Theoretically you could find a MAC address which would give it priority but that is wrong approach.
And how can I make my bridge as the root bridge (even if there's other root ports in the network?)
I already told you - give your bridge lower priority than default. Use only "round" numbers (for example 1000 hex will do fine). With lower priority, Bridges in your STP network will elect it as the root bridge.

You don't need to "demote" rood port. That is a port, which is facing towards root bridge. Once your bridge becomes root, it will obviously have no port facing itself and there will be no port marked as "root" on your device.
I think I'm getting it.

Are you able to tell me this two admin-mac:
4C:5E:0C:B3:EA:E5
74:4D:28:38:AA:0A
Who will become the root bridge?
[ IMikroTik ] >
 
User avatar
vecernik87
Long time Member
Long time Member
Posts: 640
Joined: Fri Nov 10, 2017 8:19 am

Re: Bridge -> root bridge

Sat May 18, 2019 3:20 am


Image


The lower one of course:
0x8000.4C:5E:0C:B3:EA:E5 < 0x8000.74:4D:28:38:AA:0A

However, if you change the priority of second bridge with higher MAC, it will be opposite:
0x8000.4C:5E:0C:B3:EA:E5 > 0x1000.74:4D:28:38:AA:0A

As you can see, MAC gets considered only if priority (first 2 bytes) of bridge ID is same. But it should not be same if you care about your network at least a bit. IT admin should always configure nearest switch to the main router router (or main router itself) with lower priority than default 8000 hex.

This leads us to status of the STP. You can go to "status" tab on your CCR bridge and you will see something like "root bridge ID", "root port" and "distance", which literary tells you who got elected as root bridge, which port faces that direction and how far the device is (so you can go around your network and identify the physical device)

Let me give you real-life example from my lab. It is connected like this: [mikrotik1]{ether1}---- [dumb-non-rstp-switch] ----{ether1}[mikrotik2]

Here is result from "non-root" bridge. You can see that it elected 0x8000.CC:2D:E0:AF:1D:A6 as a root bridge and port which faces towards that bridge is Ether1. (I removed rows which are not interesting for us to make it shorter)
[admin@mikrotik1] > /interface bridge monitor bridge-local once
    current-mac-address: CC:2D:E0:AF:1E:63
            root-bridge: no
         root-bridge-id: 0x8000.CC:2D:E0:AF:1D:A6
         root-path-cost: 10
              root-port: ether1-uplink
Here is example from second router, which got elected as root bridge. Obviously, it does not have root port because it does not need one - it is root bridge itself.
[admin@mikrotik2] > /interface bridge monitor bridge-local once
    current-mac-address: CC:2D:E0:AF:1D:A6
            root-bridge: yes
         root-bridge-id: 0x8000.CC:2D:E0:AF:1D:A6
         root-path-cost: 0
              root-port: none

The election of root bridge happened this way, because 0x8000.CC:2D:E0:AF:1D:A6 < 0x8000.CC:2D:E0:AF:1E:63


Now, I have changed the mikrotik1 bridge to lower priority and look what happened. It got promoted to be a root bridge!
[admin@mikrotik1] > /interface bridge monitor bridge-local once
                  state: enabled
    current-mac-address: CC:2D:E0:AF:1E:63
            root-bridge: yes
         root-bridge-id: 0x4000.CC:2D:E0:AF:1E:63
         root-path-cost: 0
              root-port: none
And obviously mikrotik2 is not a root bridge anymore:
[admin@mikrotik2] > /interface bridge monitor bridge-local once
                  state: enabled
    current-mac-address: CC:2D:E0:AF:1D:A6
            root-bridge: no
         root-bridge-id: 0x4000.CC:2D:E0:AF:1E:63
         root-path-cost: 10
              root-port: ether1-uplink

thats because 0x8000.CC:2D:E0:AF:1D:A6 > 0x4000.CC:2D:E0:AF:1E:63

see? :) no magic. Plain and simple number comparison. Just ignore MAC addresses because that is like a last-effort solution. bridge priority is the way to go.

and by the way - as long as you don't have any loops in your topology, this has absolutely no meaning because it does not affect anything. (R)STP becomes useful only when loops are created (either accidentally or intentionally)
 
yacsap
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 90
Joined: Wed Dec 17, 2014 11:44 am
Location: Auckland, New Zealand
Contact:

Re: Bridge -> root bridge

Sat May 18, 2019 6:46 am

Hey thanks for your 'forensic analysis' 😁

So this issue is caused by my CCR Ethernet mac starts with 74:::::

If I specified the bridge priority, do I need to specify admin-mac as well?

And if specifying admin-mac is recommended, can I fill with 00:00:5E:80:00:00 so it becomes the highest priority by mac address as well?
[ IMikroTik ] >
 
User avatar
vecernik87
Long time Member
Long time Member
Posts: 640
Joined: Fri Nov 10, 2017 8:19 am

Re: Bridge -> root bridge

Sat May 18, 2019 8:27 am

So this issue is caused by my CCR Ethernet mac starts with 74:::::
No. Your issue was caused by not specifying priority. You cannot depend on MAC addresses because in future, you or anyone else might plug in another device anywhere on the network, which will have even lower MAC address and bang! Your root is gone again.

If I specified the bridge priority, do I need to specify admin-mac as well?
It is usually considered good practice to set a admin-mac for bridge, because thanks to that, it will not dynamically change when you add/remove ports.
However, I would recommend to use MAC, which is similar as your current one. I usually change 4th byte because first three are assigned to vendor and if you change them, your device may be either incorrectly recognized later or you might accidentally hit some of reserved or multicast ranges.

can I fill with 00:00:5E:80:00:00 so it becomes the highest priority by mac address as well?
I would strongly advise against that. Although it might accidentally work, it does not guarantee expected result (there are plenty manufacturers in range 00:00:00 - 00:00:5D) and some devices might get confused if they see an IANA reserved MAC on the network.
 
yacsap
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 90
Joined: Wed Dec 17, 2014 11:44 am
Location: Auckland, New Zealand
Contact:

Re: Bridge -> root bridge

Sat May 18, 2019 8:40 am

I see, to keep bridge MAC consistency, I'll just enable admin-mac with its original IP then.

Regarding priority, currently set to 8000, what is the highest available to set, if this is going to be my main bridge. Is that 1000?

I kind of confused with this statement:
Warning: In RouterOS it is possible to set any value for bridge priority between 0 and 65535, the IEEE 802.1W standard states that the bridge priority must be in steps of 4096. This can cause incompatibility issues between devices that does not support such values. To avoid compatibility issues, it is recommended to use only these priorities: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, 61440
Should I specify 4096 instead of 4000? or just fill the priority with 0 to make it highest priority available?
[ IMikroTik ] >
 
User avatar
vecernik87
Long time Member
Long time Member
Posts: 640
Joined: Fri Nov 10, 2017 8:19 am

Re: Bridge -> root bridge

Sat May 18, 2019 12:10 pm

I see, to keep bridge MAC consistency, I'll just enable admin-mac with its original IP MAC then.
Personally I keep consistency only of first 3 bytes which denote vendor/function. second 3 bytes are usually just serially increasing and have no function. Thats why I usually change the 4th byte. Keeping admin-mac same as original MAC is possible, although it may cause a loop detection if you ever remove from bridge the particular interface, which hosted the original MAC (bridge automatically selects the lowest mac from all assigned bridge-ports).
No strong recommendation about this - its up to you :)

Regarding priority, currently set to 8000, what is the highest available to set, if this is going to be my main bridge. Is that 1000?
original 8000 hex (32769 dec) is exactly middle of possible values.
Lowest (most prioritized) value is 0 hex (0 dec)
Second lowest (second most prioritized) value is 1000 hex (4096 dec)
... etc etc
Again, completely up to you what you choose as long as it is lower than 8000 hex.

I kind of confused with this statement:
Warning: In RouterOS it is possible to set any value for bridge priority ...
Yeah, this is not the brightest example of clear warning, given the fact that winbox interprets values without "0x" prefix as hex, while console/scripts require "0x" prefix to denote hex values (otherwise they are interpreted as decimal). Good news is, that no matter where you write your value, as long as you put the "0x" prefix, it will work. Winbox will automatically translate it.
tl;dr: write numbers in format 0x0, 0x1000, 0x2000 ..... you can't do a mistake that way.
 
yacsap
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 90
Joined: Wed Dec 17, 2014 11:44 am
Location: Auckland, New Zealand
Contact:

Re: Bridge -> root bridge

Sat May 18, 2019 11:16 pm

Is 8000 like the default standard priority for all bridge (including non-MikroTik manufacturer) ?
[ IMikroTik ] >
 
User avatar
vecernik87
Long time Member
Long time Member
Posts: 640
Joined: Fri Nov 10, 2017 8:19 am

Re: Bridge -> root bridge

Sun May 19, 2019 5:13 am

8000 hex (32768 dec) is very common default value all around (cisco, juniper, hp, ubnt) although I am not aware of any specs saying that it must to be this way. I remember very well an issue with UBNT EdgeRouterLite, which had default STP priority 0 on it's LAN bridge. On one hand, it make sense that you want your router to be root bridge, but zero is the most extreme value and definitely not suitable for "default config" (imagine someone plugging this randomly to corporate network as a failover router and it would completely recalculate STP tree for the whole company :D )
 
yacsap
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 90
Joined: Wed Dec 17, 2014 11:44 am
Location: Auckland, New Zealand
Contact:

Re: Bridge -> root bridge

Mon May 20, 2019 5:20 am

I've set my RSTP root bridge using priority 1000 now.

Do I need to set RSTP bridge too for my CRS (switch) or let my STP protocol mode on my CRS set to NONE since CCR already handle the root bridge?
[ IMikroTik ] >
 
yacsap
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 90
Joined: Wed Dec 17, 2014 11:44 am
Location: Auckland, New Zealand
Contact:

Re: Bridge -> root bridge

Tue May 21, 2019 5:40 am

*bumpie
[ IMikroTik ] >
 
User avatar
vecernik87
Long time Member
Long time Member
Posts: 640
Joined: Fri Nov 10, 2017 8:19 am

Re: Bridge -> root bridge

Tue May 21, 2019 9:17 am

I thought others might provide answer. well...

Do I need to set RSTP bridge too for my CRS (switch) or let my STP protocol mode on my CRS set to NONE since CCR already handle the root bridge?
(R)STP is designed to work with non-STP bridges (Setting to "none" will make it behave almost like it is not there at all from STP point of view). That means it is backwards compatible but in case of loop, it may disable port, which you do not expect to be disabled.
Due to that, both ways should work, but unless you have strong reason to avoid (R)STP, I would set it up with default priority. If you use "none", you are risking that sooner or later, someone will connect another one or two non-STP bridges and create a loop between them which will be out of STP zone and that might lead to packet storms.

Who is online

Users browsing this forum: No registered users and 16 guests