Community discussions

MikroTik App
 
dxun
just joined
Topic Author
Posts: 2
Joined: Sun Jan 22, 2023 11:38 pm
Location: Canada

How to configure identical VLAN on different ports on the same bridge?

Mon Jan 23, 2023 12:10 am

Hello,

First-time MikroTik user here.
I am running a CRS310-1G-5S-4S+IN (hereon I'll just call it "CRS310") on RouterOS 7.7 and am trying to configure so that I have a pair of 10G trunks sending traffic to the core switch and a single trunk that receives traffic from an "upstream" edge switch that collects its own traffic and sends traffic to CRS310. I'd like the CRS310 to send traffic collected from its own access ports to the core swtich over the same pair of 10G trunks that I'd be sending over the traffic from the upstream edge switch. I was hoping to use one bridge to do this (in order to leverage HW offloading and do the inter-VLAN routing at wire speed) but I am getting an error {{failure: vlan already added}}.

Here is a sketch of how I'd like this to work:
Switch A --- {VLANs: 30, 40, 100, 210, 240} ----> CRS310 ---- {VLANs: 50} ------------- SFP+ ----------------------> Dell 8024F
                                                  CRS310 ---- {VLANs: 60, 30, 40, 100, 210, 240} ------ SFP+ ------> Dell 8024F
access ----- {VLAN: 50} ---------- SFP+ --------- CRS310
access ----- {VLAN: 60} ---------- SFP+ --------- CRS310
So the CRS310 accepts VLAN 50 and 60 on its own access ports and then ships them off to the core switch over 10G ports. The reason why I am doing is that I would have CRS310 accept iSCSI multipath traffic on a pair 10G access ports (VLANs 50, 60) and would then connect with Dell 8024F via the remaining two 10G ports. The Dell 8024F collects and switches the traffic from other NICs on the same VLANs already.
Switch A is a Netgear unit that simply collects other traffic that I'd like to keep isolated between each other and the iSCSI traffic. If I had a third link available, I'd use that one to directly connect Swtich A to Dell 8024F but, alas, I only have two fibre links available.

As mentioned above, I need this to happen at wire speed so given the hardware limitations of the CRS310, I hoped to use only one HW-offloaded bridge route the traffic as above but I am not sure how to do this.

Here is the script I have so far - what I am doing wrong? What don't I know?

Thanks.
# disable L3 hw offloading so that L2 and L3 are kept in sync during config and we don't lock ourselves as we're chaging stuff
interface ethernet switch set 0 l3-hw-offloading=no

# remove any existing bridges

# create a new bridge with disabled VLAN filtering, again to prevent lockouts during config changes
interface bridge add name=bridge-hw vlan-filtering=no

# remove all bridge port associations
interface bridge port remove numbers=0,1,2,3,4,5,6,7,8,9

# add trunk port interfaces to the bridge
interface bridge port add bridge=bridge-hw interface=sfp-sfpplus3 frame-types=admit-only-vlan-tagged # VLANs: 50;
interface bridge port add bridge=bridge-hw interface=sfp-sfpplus4 frame-types=admit-only-vlan-tagged # VLANs: 60;30,40,100,210,240		 --> towards Dell 8024F
interface bridge port add bridge=bridge-hw interface=sfp5 frame-types=admit-only-vlan-tagged         # VLANs: 30,40,100,210,240	         --> towards Dell N3024

# add access port interfaces to the bridge
interface bridge port add bridge=bridge-hw interface=sfp-sfpplus1 pvid=50 # STORAGE A traffic
interface bridge port add bridge=bridge-hw interface=sfp-sfpplus2 pvid=60 # STORAGE B traffic 

# assign trunk port VLANs
interface bridge vlan add bridge=bridge-hw tagged=sfp-sfpplus3 vlan-ids=50						--> Dell 8024F -> Gamma VLAN 50
interface bridge vlan add bridge=bridge-hw tagged=sfp-sfpplus4 vlan-ids=60						--> Dell 8024F -> Gamma VLAN 60
interface bridge vlan add bridge=bridge-hw tagged=sfp5,sfp-sfpplus4 vlan-ids=30,40,100,210,240	--> Dell 8024F -> Dell N3024 (trunk)

# assign remaining ports as access to VLAN1
interface bridge port add bridge=bridge-hw interface=ether1 pvid=1
interface bridge port add bridge=bridge-hw interface=sfp1 pvid=1
interface bridge port add bridge=bridge-hw interface=sfp2 pvid=1
interface bridge port add bridge=bridge-hw interface=sfp3 pvid=1
interface bridge port add bridge=bridge-hw interface=sfp4 pvid=1

# enable bridge VLAN filtering
interface bridge set bridge-hw vlan-filtering=yes

# enable L3 HW offloading
interface ethernet switch set 0 l3-hw-offloading=yes


EDIT: I might have gotten it - will have to test it, but this doesn't fail. So it looks like the {{sfp-sfpplus4}} needs to be a hybrid port?
....
# assign trunk port VLANs
...
interface bridge vlan add bridge=bridge-hw tagged=sfp-sfpplus4, sfp5 vlan-ids=30,40,100,210,240 # Dell 8024F -> Netgear traffic
interface bridge vlan add bridge=bridge-hw tagged=sfp-sfpplus4 vlan-ids=60 # Dell 8024F -> iSCSI traffic
....
EDIT2: Updated the main script above to reflect advice in the post below.
Last edited by dxun on Tue Feb 07, 2023 4:53 am, edited 1 time in total.
 
tdw
Forum Guru
Forum Guru
Posts: 1841
Joined: Sat May 05, 2018 11:55 am

Re: How to configure identical VLAN on different ports on the same bridge?

Wed Jan 25, 2023 2:20 pm

So it looks like the {{sfp-sfpplus4}} needs to be a hybrid port?
No, it is just that you cannot specify the same vlan-ids multiple times under /interface bridge vlans, you have to specify all of the interfaces for a particular ID at the same time.

Be aware that the default bridge spanning tree settings may well block on of the two links to your core switch (if that has spanning tree enabled). You could change from RSTP to MSTP, which supports different groups of VLANs on parallel paths, disable spanning tree entirely, or bond the interfaces together as best fits your setup.
 
dxun
just joined
Topic Author
Posts: 2
Joined: Sun Jan 22, 2023 11:38 pm
Location: Canada

Re: How to configure identical VLAN on different ports on the same bridge?

Tue Feb 07, 2023 5:13 am

Thank you very much - with your help I was able to configure the trunk without resorting to hybrid ports; I updated the script above to reflect this.

Also, you were right about the default bridge spanning tree settings - to forward traffic, I had to disable STP altogether on the Mikrotik bridge.
I was a bit surprised by this - see my bridge port config down below.
bridge-port-config.PNG
With RSTP, what would end up happening is SFP1 would get nominated by the RSTP as the root-port, the rest as alternates. If I were to lower path _cost_ on, e.g. SFP+3 to 0, then I would get that port to become the root, traffic there (and only there) would be forwarded but at the cost of locking myself out (SFP1 is the port I am using to access the router). I observed similar behaviour if I tried to alter path _costs_ on the Dell 8024F (this is, from what I understand, because these ports are facing _away_ from root bridge, which is on Dell 8024F).

Further, SFP+1 and SFP+2 were always marked as designated. Based on what you explained, I would assume this behaviour is because all ports (except SFP+1 and SFP+2) are belonging to the same PVID?

I am attaching a sketch of my full LAN layout - since this is basically daisy chained switches, I see no real need to use (R)STP but if I still wanted to, how would one go about fixing this problem above?
lan_trunk_layout.PNG
You do not have the required permissions to view the files attached to this post.
 
akakua
newbie
Posts: 49
Joined: Mon Apr 06, 2020 4:52 pm

Re: How to configure identical VLAN on different ports on the same bridge?

Tue Feb 07, 2023 9:38 am

But if I still wanted to, how would one go about fixing this problem above?
quote tdw
You could change from RSTP to MSTP, which supports different groups of VLANs on parallel paths, disable spanning tree entirely, or bond the interfaces together as best fits your setup.

Who is online

Users browsing this forum: Google [Bot] and 53 guests