Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Bonding Network Interfaces

  1. Last updated
  2. Save as PDF

Bonding two or more network interfaces enables them to act as one while increasing bandwidth and providing High Availability.

The network interfaces on Secure Web Gateway, for example, the eth2 and eth3 interfaces, can be bound together to form a single channel. A bonding kernel module is created this way and made accessible through a common network interface, which is referred to as the bonding interface.

With regard to the components and processes that are involved, network interface bonding is also known as NIC bonding, ethernet bonding, or channel bonding.

The network interfaces that are bound together under the bonding interface are referred to as the bonded interfaces. These interfaces can be provided by different NICs. The terms master and subordinate are also used to refer to a bonding and a bonded interface, respectively. In some system messages, you will also see the term slave used for a bonded interface.

There are restrictions to configuring network interface bonding as follows:

  • A VLAN can be configured on a bonding interface in the same way as on an ordinary network interface, using the relevant configuration options of the user interface.
  • When the transparent bridge or router mode are configured for a network, network interface bonding cannot be implemented.

You can configure network interface bonding on the user interface of Secure Web Gateway. To verify that a bonding interface has successfully been configured, you can run some suitable commands from a system console.

During a reboot of Secure Web Gateway, the names of the network interfaces can change, which happens as designed by the underlying kernel. After a name change, the bonding that you have configured so far will fail. To restore it, reconfigure it using the new interface names. 

Configure Network Interface Bonding

To configure network interface bonding, create a bonding interface and configure parameters for this interface and the bonding configuration.

  1. Select Configuration > Appliances.

  2. On the appliances tree, select the appliance you want to configure network interface bonding on and click Network Interfaces.
    The Network Interfaces settings appear in the configuration pane.

  3. Create a bonding interface.

    1. Under Enable these network interfaces, select a network interface that you want to run as a bonded interface, for example, eth2.

    2. Under IP settings, select Disable IPv4.

    3. On the Advanced tab, select Bond enabled and in the Name field type the name of the bonding interface that you want to create, for example, bond1.
      Repeat substeps a, b, and c for another network interface that you want run as a bonded interface under this bonding interface.

      You can also add further network interfaces as bonded interfaces and have more than two network interfaces in the bonding configuration.

    4. Click Save Changes.

    5. Log out and log on again.

      After the logon, the new bonding interface appears in the list under Enable these network interfaces.

  4. Configure parameters for the bonding interface.

    1. Select the bonding interface and click the IPv4 or IPv6 tab, according to the protocol version that is used in your network.

    2. Select Configure manually and under IP address and subnet mask type an IP address and the values for a subnet mask.

      You can leave the default value under MTU, which specifies the maximum number of bytes in a single transmission unit, as it is.

  5. Configure parameters for the bonding configuration.

    1. Select the bonding interface and click the Advanced tab.

    2. Under Mode, select one of the following bonding modes.

      • Active/Passive — In this mode, only one bonded interface in the bonding configuration is active at any time. A different bonded interface becomes active only if the active bonded interface fails.

        The MAC address of the bonding interface is only visible externally on one port, which avoids address confusion for a network switch.

        This mode is referred to in some system messages as mode 1.

        The mode is selected by default.

      • 802.3ad/LACP — In this mode, all bonded interfaces in the bonding configuration are active.

        The bonded interface for outgoing traffic is selected according to the configured hash policy.

        This mode is referred to in some system messages as mode 4.

        When this mode is selected, the LACP rate and Hash policy options become accessible.

    3. Under Miimon, configure monitoring for the bonding interface.

      The value that you configure here sets the time interval (in milliseconds) for sending the polling messages of the MII monitoring program.

      The default interval is 100 milliseconds.

    4. If you have selected 802.3ad/LACP as bonding mode, select options that are specific to this mode.

      Under LACP rate, select the transmission rate for the LACP-DU data packets that are exchanged between bonding and bonded network interfaces.
       
      • Slow — With this transmission rate, data packets are sent every 30 seconds.

        This transmission rate is selected by default.
         
      • Fast — With this transmission rate, data packets are sent every second.

        Under Hash policy, select one of the following options.
         
        • Layer2 This policy uses a combination of layer 2 values to calculate the hash. The values that are included in this combination are hardware MAC addresses and packet type ID addresses.

          This hash policy is selected by default.
           
        • Layer2+3 This policy uses a combination of layer 2 and layer 3 protocol information to calculate the hash.

  6. Click Save Changes.

Checking the Bonding Configuration

You can verify that you have successfully configured a bonding network interface from a system console.

To verify that the bonding configuration runs with the parameters that you have configured, you can use a suitable network script. An additional command enables you to check the status of the bonding interface and the network interfaces that are bound to it.

Verifying the Configuration Parameters

The ifcfg network script allows you to verify that the network interfaces of the bonding configuration are running with the configured parameters, such as the bonding mode or the IP address of the bonding interface.

To view the parameters for the bonding interface, for example, bond 1, run the network script using the following command:

cat /etc/sysconfig/network-scripts/ifcfg-bond1

The command returns, for example, the following lines.

### BEGIN AUTOGENERATED CONFIG
BONDING_OPTS:='mode=1 miimon=600'
BOOTPROTO='none'
DEVICE='bond1'
IPADDR='10.11.12.12'
...

To view the parameters for a bonded interface, for example, eth2 1, run the following command:

cat /etc/sysconfig/network-scripts/ifcfg-bond1

The command returns, for example, the following lines.

### BEGIN AUTOGENERATED CONFIG
BOOTPROTO='none'
MASTER='bond1'
SLAVE:'yes'
DEVICE='eth2'
...

Checking the Network Interface Status

You can check whether the bonded network interfaces are running properly under the bonding interface and which of the bonded interfaces is currently in active (slave) status.

Run the following command, for example, if the bonding interface is bond1:

cat /proc/net/bonding/bond1

The command returns, for example, the following lines.

### Ethernet Channel Bonding Driver: v. 3.7.1 (April 27, 2015)
Bonding Mode: fault-tolerance (active-backup)
Primary Slave: None
MII Status: up
MII Polling Interval (ms): 600
Up Delay (ms): 0
Down Delay (ms): 0

Slave Interface: eth2
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW Addr: 00:0c:29:e0:a7:37
Slave Queue ID: 0

Slave Interface: eth3
MII Status: up
...
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    1. offensive