Community discussions

MikroTik App
 
bbs2web
Member Candidate
Member Candidate
Topic Author
Posts: 228
Joined: Sun Apr 22, 2012 6:25 pm
Location: Johannesburg, South Africa
Contact:

[Solved] MLAG problem, packets occasionally reflected back

Sat Sep 10, 2022 1:49 am

Hi,

Has anyone got production experience with the MLAG redundancy feature? We are experiencing some problems with a pair of CRS354-48G-4S+2Q+ (Marvell 98DX3257) switches.

Topology is identical to reference documentation:
https://help.mikrotik.com/docs/display/ ... tion+Group
Image


2 x CRS354 using MLAG (core or spine)
9 x CRS326-24G-2S+ using LACP (access or leaf)

Each access switch has a bond (802.3ad mode) comprising of 2 x 1G ethernet interfaces essentially talking standard LACP with both CRS354 devices running MLAG.

If we enable loop-detect on the uplink interfaces that make up the bonds, on the access / leaf switches the ports occasionally disable as the port receives it's loop detect packet back in on the same port it originated from:
Image


This behaviour did not occur when the core / spine switches were a stack of D-Link DGS-3120 switches. We have an identical architecture working perfectly where the core / spine switches are a stack of Netgear M4300 switches as well. The network is relatively static, 9+ months since leaf switches were replaced with CRS326-24G-2S+ switches (2 x ether bond uplinks with all other ports being access ports).

Food for thought:
  • Loop protect frames are constantly generated
  • Port on average only get blocked once an hour
  • Seldomly happens to affect both uplinks concurrent (as per example above)
  • Happens on all 9 access switches, all edge devices such as workstations, laptops, VoIP phones, etc (RADIUS 802.1X controlled)
  • Does not happen on the MLAG core switches
  • Other manufacturer switches which also have LACP uplinks to the CRS354 occasionally log 'possible spoofing' messages
  • Problem does not occur when MLAG core switches are replaced with a stack of D-Link or Netgear switches

Access layer switch, relevant configurations:
/interface bridge
  add add-dhcp-option82=yes admin-mac=xx:xx:xx:xx:xx:xx auto-mac=no \
    dhcp-snooping=yes name=bridge priority=0x7000 protocol-mode=mstp \
    region-name=Turnberry vlan-filtering=yes
/interface ethernet
  set [ find default-name=ether23 ] l2mtu=10218 loop-protect=on
  set [ find default-name=ether24 ] l2mtu=10218 loop-protect=on
/interface bonding
  add lacp-rate=1sec mode=802.3ad name=bond slaves=ether23,ether24 \
    transmit-hash-policy=layer-3-and-4
/interface bridge port
  add bridge=bridge interface=bond trusted=yes


Core layer switches running MLAG, relevant configuration:
/interface bridge
  add add-dhcp-option82=yes admin-mac=xx:xx:xx:xx:xx:xx auto-mac=no \
    dhcp-snooping=yes name=bridge priority=0x6000 vlan-filtering=yes
/interface ethernet
  set [ find default-name=ether46 ] l2mtu=10218 loop-protect=on
  set [ find default-name=sfp-sfpplus1 ] l2mtu=10218 loop-protect=on
  set [ find default-name=sfp-sfpplus2 ] l2mtu=10218 loop-protect=on
/interface bonding
  add lacp-rate=1sec mode=802.3ad name=bond-peer slaves=sfp-sfpplus1,sfp-sfpplus2 transmit-hash-policy=layer-3-and-4
  add lacp-rate=1sec mlag-id=46 mode=802.3ad name=bonde46 slaves=ether46 transmit-hash-policy=layer-3-and-4
/interface bridge mlag
  set bridge=bridge peer-port=bond-peer
/interface bridge port
  add bridge=bridge comment="MLAG Peer:" interface=bond-peer pvid=99 trusted=yes
  add bridge=bridge interface=bonde46 restricted-role=yes
Last edited by bbs2web on Sun Sep 11, 2022 11:06 pm, edited 1 time in total.
 
bbs2web
Member Candidate
Member Candidate
Topic Author
Posts: 228
Joined: Sun Apr 22, 2012 6:25 pm
Location: Johannesburg, South Africa
Contact:

Re: MLAG problem, packets occasionally reflected back

Sun Sep 11, 2022 11:05 pm

It turns out that I had configured the MLAG towards a CCR router with a horizon setting, this had disabled hardware offloading.

With all ports being offloaded this problem immediately stopped occurring for all switches...

Who is online

Users browsing this forum: No registered users and 8 guests