0

I'm having a pretty straight forward 10G switch setup:

+-----+----+                          +-----+----+
|          |port2       ISL      port2|          |
| switch A +--------------------------+ switch B |
|          |                          |          |
+-----+----+                          +-----++---+
      |port1                           port1|
      |             +-------+               |
      +-------------+ host1 +---------------+
               eth0 +-------+ eth1

I'm trying to bond eth0 and eth1. This works pretty good with active-backup as bond-mode. Failover is guaranteed.

Now I'm trying to improve this setup. The goal is to get a bit more performance, but still having the failover. With the bond-modes balance-xor and balance-rr this works pretty good. It gives me a 50-90% performance increase and if one of the Switch fails, the failover works. The downside is that CARP and other multicast protocols get highly confused by this setup. The reason seems to be that the machine is receiving the multicast of itself directly after sending it, because 2 ports are connected.

Example CARP tcpdump (the counter is the same for the receiving packages):

root@host01 ~ # tcpdump -ni bond0 -T carp carp
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on bond0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
17:47:23.769771 IP 192.168.88.201 > 224.0.0.18: CARPv2-advertise 36: vhid=3 advbase=1 advskew=0 authlen=7 counter=191848661812175602
17:47:23.769801 IP 192.168.88.201 > 224.0.0.18: CARPv2-advertise 36: vhid=3 advbase=1 advskew=0 authlen=7 counter=191848661812175602
17:47:26.847288 IP 192.168.88.201 > 224.0.0.18: CARPv2-advertise 36: vhid=3 advbase=1 advskew=0 authlen=7 counter=191848661812175603
17:47:26.847309 IP 192.168.88.201 > 224.0.0.18: CARPv2-advertise 36: vhid=3 advbase=1 advskew=0 authlen=7 counter=191848661812175603
17:47:29.872314 IP 192.168.88.201 > 224.0.0.18: CARPv2-advertise 36: vhid=3 advbase=1 advskew=0 authlen=7 counter=191848661812175604
17:47:29.872332 IP 192.168.88.201 > 224.0.0.18: CARPv2-advertise 36: vhid=3 advbase=1 advskew=0 authlen=7 counter=191848661812175604

/edit: Switch config upon request as images (Mikrotik CRS317-1G-16S+) - both switches share exactly the same setting:

Link

Port Isolation

LAG - no MLAG possible!

Forwarding

System settings

IGMP empty

Is there a best-practice to solve this?

xsign
  • 1
  • 1
  • Could you please share your switches configuration for this bond? In a typical distributed trunking scenario multicast should flow on one member link only. – Peter Zhabin Jun 09 '22 at 22:16
  • 1
    @PeterZhabin I've added some images of the switch configuration. Master and slave share the same settings. The switches do not allow MLAG, so a trunk accross the switch with MLAG will not work. I guess I have to find another way of trunking then? – xsign Jun 10 '22 at 07:47
  • CRS317 support MLAG in RouterOS 7.x. SwOS is expected to support it some time in the future. Meanwhile you can try to suppress CARP traffic on one switch with ACL, although I personally have never tried this with SwOS. – Peter Zhabin Jun 10 '22 at 11:29
  • @PeterZhabin That is a pretty good information! I was able to use the „Boot to RouterOS“ feature to gain the MLAG feature in one of the switches. I will report back if that worked with both switches and if MLAG worked. If so, please supply your comment as answer so I can mark your answer as solution. Thanks for your help! – xsign Jun 12 '22 at 16:06

0 Answers0