Introduction
MLAG (Multi-chassis Link Aggregation Group) implementation in RouterOS allows configuring LACP bonds on two separate devices, while the client device believes to be connected on the same machine. This provides a physical redundancy in case of switch failure. All CRS3xx series devices can be configured with MLAG.
Both peers establish the MLAG interface and update the bridge host table using ICCP (Inter Chassis Control Protocol). RouterOS ICCP does not require an IP configuration, but it should be isolated from the rest of the network traffic using a dedicated untagged VLAN. This untagged VLAN can be configured with vlan-filtering
and pvid
.
Quick setup
in this example, CRS317 and CRS309 devices are used as MLAG peers and any device with two SFP+ interfaces can be used as an LACP client, see a network scheme below.
Below are configuration commands to configure a RouterOS LACP bonding on the Client device:
/interface bonding add mode=802.3ad name=bond1 slaves=sfp-sfpplus1,sfp-sfpplus2
Next, configure bonding interface for MLAG on Peer1 and Peer2 devices, use a matching mlag-id
setting on both peer devices:
/interface bonding add mlag-id=10 mode=802.3ad name=client-bond slaves=sfp-sfpplus2
Configure bridge with enabled vlan-filtering
, and add needed interfaces as bridge ports. A dedicated untagged VLAN should be applied for the inter-chassis communication on peer ports, thus a different pvid
setting is used. Below are configuration commands for Peer1 and Peer2 devices:
/interface bridge add name=bridge1 vlan-filtering=yes /interface bridge port add bridge=bridge1 interface=sfp-sfpplus1 pvid=99 add bridge=bridge1 interface=client-bond
All VLANs that are allowed on MLAG ports should also be allowed on peer ports on both devices. In the previous step, peer ports were placed on a different untagged VLAN, so peer ports now are added as tagged VLAN 1 member ports (the default pvid
for MLAG bridge ports). Other VLANs can be added if needed. Below are configuration commands for both peer devices:
/interface bridge vlan add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=1
Last, specify bridge
and peer-port
to enable MLAG. Below are configuration commands for both peer devices:
/interface bridge mlag set bridge=bridge1 peer-port=sfp-sfpplus1
Additionally, check MLAG status on peer devices and make sure both Client LACP has both interfaces active.
# Peer1 [admin@Peer1] > /interface/bridge/mlag/monitor status: connected system-id: 74:4D:28:11:70:6B active-role: primary # Peer2 [admin@Peer2] > /interface/bridge/mlag/monitor status: connected system-id: 74:4D:28:11:70:6B active-role: secondary # Client [admin@Client] > /interface bonding monitor bond1 mode: 802.3ad active-ports: sfp-sfpplus1,sfp-sfpplus2 inactive-ports: lacp-system-id: 74:4D:28:7B:7F:96 lacp-system-priority: 65535 lacp-partner-system-id: 74:4D:28:11:70:6C