Introduction
MLAG (Multi-chassis Link Aggregation Group) implementation in RouterOS allows configuring LACP bonds on two separate devices, while the client device believes to be connected to the same machine. This provides a physical redundancy in case of switch failure. All CRS3xx, CRS5xx series switches, and CCR2116, CCR2216 devices can be configured with MLAG using RouterOS version 7.
Both peers establish the MLAG interfaces and update the bridge host table overpeer-portusing ICCP (Inter Chassis Control Protocol). RouterOS ICCP does not require an IP configuration, but it should be isolated from the rest of the network using a dedicated untagged VLAN. This untagged VLAN can be configured withvlan-filteringandpvid. Peer ports can also be configured as LACP bonding interfaces.
Whenpeer-portis running and ICCP is established, the primary device election happens. The peer with the lowest bridge MAC address will be acting as a primary device andsystem-idwill be selected. Thissystem-idis used for STP BPDU bridge identifier andLACP system ID. The MLAG requires enabled STP or RSTP protocol, the MSTP is not supported. Use the same STP priority and the same STP configuration on dual-connected bridge ports on both nodes. When MLAG bridges are elected as STP root, then both devices will show as root bridges under the bridge monitor.
The MLAG is not compatible withL3 hardware offloading. When using MLAG, the L3 hardware offloading must be disabled.
Quick setup
in this example, CRS317 and CRS309 devices are used as MLAG peers and any device with two SFP+ interfaces can be used as an LACP client. The SFP+1 interface is used on both peer nodes to createpeer-port, and it is used for ICCP, see a network scheme below.
Below are configuration commands to create a regularLACP bondingin RouterOS for the Client device:
/interface bonding add mode=802.3ad name=bond1 slaves=sfp-sfpplus1,sfp-sfpplus2
Next, configure bonding interfaces for MLAG on Peer1 and Peer2 devices, use a matchingmlag-idsetting on both peer devices:
# Peer1 /interface bonding add mlag-id=10 mode=802.3ad name=client-bond slaves=sfp-sfpplus2 # Peer2 /interface bonding add mlag-id=10 mode=802.3ad name=client-bond slaves=sfp-sfpplus2
Configure bridge with enabledvlan-filtering, and add needed interfaces as bridge ports. A dedicated untagged VLAN should be applied for the inter-chassis communication on a peer port, thus a differentpvidsetting is used. Below are configuration commands for Peer1 and Peer2 devices:
# Peer1 /interface bridge add name=bridge1 vlan-filtering=yes /interface bridge port add bridge=bridge1 interface=sfp-sfpplus1 pvid=99 add bridge=bridge1 interface=client-bond # Peer2 /interface bridge add name=bridge1 vlan-filtering=yes /interface bridge port add bridge=bridge1 interface=sfp-sfpplus1 pvid=99 add bridge=bridge1 interface=client-bond
The MLAG requires enabled STP or RSTP protocol, the MSTP is not supported.Use the same STP priority and the same STP configuration on dual-connected bridge ports on both nodes.
In this example, client-bond interfaces are using the default untagged VLAN 1 (the defaultpvid=1is set). In order to send these packets over peer ports, we need to add them as tagged VLAN 1 members. Notice that the defaultpvidvalue for the peer ports was changed in the previous step, it is important to include the peer ports in all the VLANs that are used on other bridge ports, this includes the untagged and tagged VLANs. Below are configuration commands for both peer devices:
# Peer1 /interface bridge vlan add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=1 # Peer2 /interface bridge vlan add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=1
All VLANs used forbridge奴隶也端口必须配置VLAN标记s for peer-port,so that peer-port is a member of those VLANs and can forward data.
Last, specifybridgeandpeer-portto enable MLAG. Below are configuration commands for both peer devices:
# Peer1 /interface bridge mlag set bridge=bridge1 peer-port=sfp-sfpplus1 # Peer2 /interface bridge mlag set bridge=bridge1 peer-port=sfp-sfpplus1
Additionally, check MLAG status on peer devices and make sure that Client LACP has both interfaces active.
#得[admin@Peer1] > /接口/桥/ mlag / monitor status: connected system-id: 74:4D:28:11:70:6B active-role: primary # Peer2 [admin@Peer2] > /interface/bridge/mlag/monitor status: connected system-id: 74:4D:28:11:70:6B active-role: secondary # Client [admin@Client] > /interface bonding monitor bond1 mode: 802.3ad active-ports: sfp-sfpplus1,sfp-sfpplus2 inactive-ports: lacp-system-id: 74:4D:28:7B:7F:96 lacp-system-priority: 65535 lacp-partner-system-id: 74:4D:28:11:70:6C
MLAG settings and monitoring
This section describes the available MLAG settings and monitoring options.
Sub-menu:/interface bridge mlag
Property |
Description |
|---|---|
| bridge(interface;Default:none) | The bridge interface where MLAG is being created. |
peer-port(interface;Default:none) |
An interface that will be used as a peer port. Both peer devices are using inter-chassis communication over these peer ports to establish MLAG and update the host table. Peer port should be isolated on a different untagged VLAN using a |
Use themonitorcommands to see the current MLAG status.
[admin@Peer1] > /interface/bridge/mlag/monitor status: connected system-id: 74:4D:28:11:70:6B active-role: primary
Property |
Description |
|---|---|
| status(connected | connecting | disabled) | The MLAG status. |
system-id(MAC address) |
The lowest MAC address between both peer bridges will be used as thesystem-id. Thissystem-idis used for (R)STP BPDU bridge identifier andLACP system ID. |
active-role(primary | secondary) |
The peer with the lowest bridge MAC address will be acting as a primary device. The |
Sub-menu:/interface bonding
Property |
Description |
|---|---|
| mlag-id(integer: 0..4294967295;Default:) | Changes MLAG ID for bonding interface. The same MLAG ID should be used on both peer devices to successfully create a single LAG for the client device. Thepeer-portshould not be configured with the MLAG ID. |
LACP bonding interface and bonding slave ports can be monitored withmonitorandmonitor-slavescommands. See more details onBonding monitoring.