Community discussions

MikroTik App
 
paulmoll2010
just joined
Topic Author
Posts: 7
Joined: Tue Dec 15, 2020 12:08 am

VLAN+MLAG+VRRP not working properly

Thu Apr 14, 2022 9:09 pm

Hi guys,

I want to configure VLANs+MLAG+VRRP but it doesn't work correctly. When a physical network change occurs at the router level, the MLAG works correctly. But if I make a physical change in the bonding with the idea that traffic starts at CRS-4, go to CRS-2, continue to CRS-1 and arrive at RTR-1. It does not work.
image_2022-04-14_133704305.png
But when I deactivate the MLAG all the configuration works correctly.
Also, if I deactivate the VRRP of one of the routers to force the change, the VRRP makes the change, but the traffic does not go to the other router that activated the floating IP.

I think that the failure is that the host tables in the Bridges are not updated until there is a physical change in the network of those directly responsible for the VRRP. For example :


*Floating IP of VRRP VL101 = 00:00:5E:00:01:70

At this moment the traffic goes from CRS4 to CRS-1 and arrives at RTR-1 (floating IP is in router 1) and everything is fine. But if I force the floating IP to now be active on RTR-2 but continue to pass CRS-4 - CRS-1 - (MLAG) - CRS-2 and reach RTR-2, the traffic no longer passes.

* CRS-1
image_2022-04-14_135154127.png
The floating IP is now on RTR-2 but the CRS-1 keeps registering that the floating IP is on RTR-1. I think that's why the np traffic goes to the RTR-2.

* CRS-2
image_2022-04-14_133704305.png
Does anyone have an opinion on how to fix this?
You do not have the required permissions to view the files attached to this post.
 
paulmoll2010
just joined
Topic Author
Posts: 7
Joined: Tue Dec 15, 2020 12:08 am

Re: VLAN+MLAG+VRRP not working properly

Thu Apr 14, 2022 9:59 pm

In order for the traffic to pass from CRS-4 ---> CRS-1 ---> CRS-2---RTR-2, the host table in the CRS-1 bridge must be updated and remain in this way.
image_2022-04-14_145612947.png
But this update takes time to perform between the CRS bridges that are configured in MLAG.

I am using:

RTR = CCR1036 v6.49.6
CRS = CRS-317 v7.2.1

Regards.
You do not have the required permissions to view the files attached to this post.
 
patrick7
Member
Member
Posts: 342
Joined: Sat Jul 20, 2013 2:40 pm

Re: VLAN+MLAG+VRRP not working properly

Sat Apr 16, 2022 7:58 pm

Which version are you running? There was an MLAG fix in 7.3beta regarding MAC addresses moving from one to another port.
 
User avatar
StubArea51
Trainer
Trainer
Posts: 1739
Joined: Fri Aug 10, 2012 6:46 am
Location: stubarea51.net
Contact:

Re: VLAN+MLAG+VRRP not working properly

Sat Apr 16, 2022 9:10 pm

One of the fundamental operational elements for most other network vendors when running MLAG + VRRP is to set the RSTP root to the same switch as the VRRP Master (or in this case - the path to it) and the other switch as a secondary root.

Curious if you've tried this and if it made a difference?
 
paulmoll2010
just joined
Topic Author
Posts: 7
Joined: Tue Dec 15, 2020 12:08 am

Re: VLAN+MLAG+VRRP not working properly

Sun Apr 17, 2022 2:51 pm

Thank you very much for your answer. I will take your advice and tell you.
 
paulmoll2010
just joined
Topic Author
Posts: 7
Joined: Tue Dec 15, 2020 12:08 am

Re: VLAN+MLAG+VRRP not working properly

Sun Apr 17, 2022 2:52 pm

Which version are you running? There was an MLAG fix in 7.3beta regarding MAC addresses moving from one to another port.
Version v7.2.1
 
roadracer96
Forum Veteran
Forum Veteran
Posts: 730
Joined: Tue Aug 25, 2009 12:01 am

Re: VLAN+MLAG+VRRP not working properly

Mon Apr 18, 2022 8:50 pm

One of the fundamental operational elements for most other network vendors when running MLAG + VRRP is to set the RSTP root to the same switch as the VRRP Master (or in this case - the path to it) and the other switch as a secondary root.

Curious if you've tried this and if it made a difference?
Typically, most vendors synchronize the RSTP bridge ID between the 2 MLAG peers so they are BOTH the RSTP root. This would be the realistic case because they are functioning as if they are the same switch from a forwarding POV. Most vendors make VRRP work in active-active mode for MLAG so they both accept traffic destined to the virtual MAC. Again, this makes the most sense because they are operating as if they are the same switch from a forwarding POV.

Who is online

Users browsing this forum: No registered users and 6 guests