MLAG (Multi-chassis Link Aggregation Group) implementation in RouterOS allows configuring LACP bonds on two separate devices, while the client device believes to be connected on the same machine. This provides a physical redundancy in case of switch failure. All CRS3xx, CRS5xx series switches and CCR2116, CCR2216 devices can be configured with MLAG using the RouterOS version 7.
Both peers establish the MLAG interfaces and update the bridge host table over
peer-port using ICCP (Inter Chassis Control Protocol). RouterOS ICCP does not require an IP configuration, but it should be isolated from the rest of the network using a dedicated untagged VLAN. This untagged VLAN can be configured with
pvid. Peer ports can also be configured as LACP bonding interfaces.
The MLAG requires enabled STP or RSTP protocol, the MSTP is not supported.
The MLAG is not compatible with L3 hardware offloading. When using MLAG, the L3 hardware offloading must be disabled.
in this example, CRS317 and CRS309 devices are used as MLAG peers and any device with two SFP+ interfaces can be used as an LACP client. The SFP+1 interface is used on both peer nodes to create
peer-port, and it is used for ICCP, see a network scheme below.
Below are configuration commands to create a regular LACP bonding in RouterOS for the Client device:
Next, configure bonding interfaces for MLAG on Peer1 and Peer2 devices, use a matching
mlag-id setting on both peer devices:
Configure bridge with enabled
vlan-filtering, and add needed interfaces as bridge ports. A dedicated untagged VLAN should be applied for the inter-chassis communication on a peer port, thus a different
pvid setting is used. Below are configuration commands for Peer1 and Peer2 devices:
In this example, client-bond interfaces are using the default untagged VLAN 1 (the default
pvid=1 is set). In order to send these packets over peer ports, we need to add them as tagged VLAN 1 members. Notice that the default
pvid value for the peer ports was changed in the previous step, it is important to include the peer ports in all the VLANs that are used on other bridge ports, this includes the untagged and tagged VLANs. Below are configuration commands for both peer devices:
All VLANs used for bridge slave ports must be also configured as tagged VLANs for peer-port, so that peer-port is a member of those VLANs and can forward data.
peer-port to enable MLAG. Below are configuration commands for both peer devices:
Additionally, check MLAG status on peer devices and make sure that Client LACP has both interfaces active.
This section describes the available MLAG settings and monitoring options.
/interface bridge mlag
|bridge (interface; Default: none)||The bridge interface where MLAG is being created.|
peer-port (interface; Default: none)
An interface that will be used as a peer port. Both peer devices are using inter-chassis communication over these peer ports to establish MLAG and update the host table. Peer port should be isolated on a different untagged VLAN using a
monitor commands to see the current MLAG status.
|status (connected | connecting | disabled)||The MLAG status.|
system-id (MAC address)
|The lowest MAC address between both peer bridges will be used as the system-id. This system-id is used for (R)STP bridge identifier.|
active-role (primary | secondary)
The peer with the lowest bridge MAC address will be acting as a primary device. The primary device is responsible for sending the correct LACP system ID on all MLAG ports.
|mlag-id (integer: 0..4294967295; Default:)||Changes MLAG ID for bonding interface. The same MLAG ID should be used on both peer devices to successfully create a single LAG for the client device.|
LACP bonding interface and bonding slave ports can be monitored with
monitor-slaves commands. See more details on Bonding monitoring.