The implementation of MLAG in RouterOS allows you to configure the Link Aggregation Control Protocol (LACP) on two separate devices, while the client believes they are connected to the same computer. This provides physical redundancy in the event of switch failure.
CRS3xx, CRS5xx series switches and CCR2116, CCR2216 devices can be configured with MLAG using RouterOS version 7.
Both devices establish MLAG interfaces and update the bridge host table on the device port using the Inter Chassis Control Protocol (ICCP).
At the end of the article you will find a small test that will allow you assess the knowledge acquired in this reading
RouterOS ICCP does not require IP configuration, but must be isolated from the rest of the network using a dedicated untagged VLAN. This untagged VLAN can be configured with VLAN filtering and pvid. Equipment ports can also be configured as LACP trunk interfaces.
When the devices port is running and ICCP is established, the primary device election is performed. The computer with the lowest bridge MAC address will act as the primary device and the system-id will be selected.
This system-id It is used to identify the bridge STP BPDU and the LACP system identifier.
The MLAG requires that the STP, RSTP or MSTP protocol be enabled. Use the same STP priority and STP configuration on connected bridge ports on both nodes.
When MLAG bridge are chosen as STP root, both devices will be displayed as root bridge on the bridge monitor.
MLAG does not support L3 hardware acceleration. When using MLAG, L3 hardware acceleration must be disabled.
Quick setup
In this example, CRS317 and CRS309 devices are used as MLAG devices and any device with two SFP+ interfaces can be used as an LACP client.
The SFP+1 interface is used on both equipment nodes to create the peer port and is used for ICCP, as shown in the network schematic below.
Below are the configuration commands to create a regular LACP aggregation link in RouterOS for the client device:
/interface bonding
add mode=802.3ad name=bond1 slaves=sfp-sfpplus1,sfp-sfpplus2
Next, configure the binding interfaces for MLAG on Peer1 and Peer2 devices, using the matching mlag-id configuration on both peer devices:
pear1
/interface bonding
add mlag-id=10 mode=802.3ad name=client-bond slaves=sfp-sfpplus2
pear2
/interface bonding
add mlag-id=10 mode=802.3ad name=client-bond slaves=sfp-sfpplus2
Configure the bridge with VLAN filtering enabled and add the necessary interfaces as bridge ports.
A dedicated untagged VLAN must be applied for inter-chassis communication on a peer port, therefore a different pvid configuration is used.
Below are the configuration commands for Peer1 and Peer2 devices:
pear1
/interface bridge
add name=bridge1 vlan-filtering=yes
/interface bridge port
add bridge=bridge1 interface=sfp-sfpplus1 pvid=99
add bridge=bridge1 interface=client-bond
pear2
/interface bridge
add name=bridge1 vlan-filtering=yes
/interface bridge port
add bridge=bridge1 interface=sfp-sfpplus1 pvid=99
add bridge=bridge1 interface=client-bond
The MLAG requires that the STP, RSTP or MSTP protocol be enabled. Use the same STP priority and STP configuration on connected bridge ports on both nodes.
In this example, the client-bond interfaces use the default untagged VLAN 1 (the default pvid value is 1).
To send these packets through the equipment ports, it is necessary to add them as tagged members of VLAN 1.
Be sure to include equipment ports in all VLANs that are used on other ports on the bridge, both untagged and tagged VLANs.
Below are the configuration commands for both peer devices:
pear1
/interface bridge vlan
add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=1
pear2
/interface bridge vlan
add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=1
All VLANs used for the bridge's slave ports must also be configured as tagged VLANs for the peer port, so that the equipment port is a member of those VLANs and can forward data.
Finally, specify the bridge and equipment port to enable MLAG.
Below are the configuration commands for both peer devices:
pear1
/interface bridge mlag
set bridge=bridge1 peer-port=sfp-sfpplus1
pear2
/interface bridge mlag
set bridge=bridge1 peer-port=sfp-sfpplus1
Also, check the MLAG status on the devices and ensure that the client LACP has both interfaces up.
Below are the configuration commands for both computers and the client devices:
pear1
[admin@Peer1] > /interface/bridge/mlag/monitor
status: connected
system-id: 74:4D:28:11:70:6B
active-role: primary
pear2
[admin@Peer2] > /interface/bridge/mlag/monitor
status: connected
system-id: 74:4D:28:11:70:6B
active-role: secondary
Client
[admin@Client] > /interface bonding monitor bond1
Mode: 802.3ad
active-ports: sfp-sfpplus1,sfp-sfpplus2
inactive-ports:
id LACP system speed: 74:4D:28:7B
Brief knowledge quiz
What do you think of this article?
Do you dare to evaluate your learned knowledge?
Recommended books for this article
(Book) Networking with MikroTik RouterOS: A Practical Approach to Understanding and Implementing RouterOS
Study material for the MTCNA Certification Course, updated to RouterOS v7
Switching and Bridging RouterOS v7 Book
Study material for the MTCSWE Certification Course updated to RouterOS v7