5.2.2. Bonding Network Interfaces

Using the Add bond button, the administrator can bond several physical network interfaces into a single aggregated logical interface to increase the bandwidth or provide high availability. To create a bond, provide the following settings:

Name

Description

Enabled

Enables the bond.

Name

The bond name.

Node name

The UserGate cluster node on which the bond will be created.

Zone

The zone to which the bond belongs.

Netflow profile

The Netflow profile to send statistical data to the Netflow collector. You can read about Netflow profiles in chapter Netflow Profiles.

Interfaces

One or more network interfaces that will be used to create the bond.

Aggregation mode

The aggregation mode must match the operating mode for the device to which the bond is connected. The options are:

  • Round robin. Packets are sent consecutively, starting from the first available slave and continuing to the last one. This policy is used to provide load balancing and high availability.

  • Active backup. Only one network interface in the bond will be active. Another slave interface can become active only if the currently active interface fails. With this policy, the MAC address of the bond interface is only visible externally through one network port to avoid problems with the switch. This policy is used for high availability.

  • XOR. Transmission is distributed between the slave interfaces using the formula: [(<Source MAC address> XOR <Destination MAC address>) MOD <Interface count>]. This means that the same NIC sends packets to the same recipients. Optionally, the transmission allocation can also be based on the xmit_hash policy. The XOR policy is used to provide load balancing and high availability.

  • Broadcast. Transmits everything on all network interfaces. This policy is used for high availability.

  • IEEE 802.3ad. The default mode, supported by most network switches. Creates aggregated groups of NICs with identical speed and duplex settings. When combined like this, all links in the active aggregation participate in transmission as per IEEE 802.3ad. The choice of interface for packet transmission is determined by the policy. By default, the XOR policy is used, with the xmit_hash policy as a possible alternative.

  • Adaptive transmit load balancing. The outgoing traffic is distributed depending on the load on each slave interface (determined by the download speed). No additional configuration on the switch is required. The incoming traffic is received by the current network card. If this card fails, another card assumes the MAC address of the failed one.

  • Adaptive load balancing. Includes the previous policy plus incoming traffic balancing. No additional configuration on the switch is required. The incoming traffic is balanced through ARP negotiation. The driver intercepts ARP responses sent from the local NICs to the outside and overwrites the source MAC address with one of the unique MAC addresses of the NIC in the bond. Thus, different peers use different server MAC addresses. The incoming traffic is balanced sequentially (round-robin) among the interfaces.

MII monitoring period (msec)

Sets the MII monitoring period in milliseconds. Determines how often the link state will be checked for failures. The default value of 0 disables MII monitoring.

Down delay (msec)

Sets the time delay in milliseconds before disabling the interface on a connection failure. This option is only valid for MII monitoring (miimon). The parameter value must be a multiple of miimon, otherwise it will be rounded to the nearest multiple. Default value: 0.

Up delay (msec)

Sets the time in milliseconds before bringing up the link on discovering that it has been restored. This parameter is only valid with MII monitoring (miimon). The parameter value must be a multiple of miimon, otherwise it will be rounded to the nearest multiple. Default value: 0.

LACP rate

Determines the interval between LACPDU packets sent by the partner in the 802.3ad mode. Enumerated options:

  • Slow: requests that the partner send LACPDU packets every 30 seconds.

  • Fast: requests that the partner send LACPDU packets every second.

Failover MAC

Determines how MAC addresses will be assigned to the bonded slaves in the active-backup mode on switching between slaves. The normal behavior is to use the same MAC address on all slaves. Enumerated options:

  • Disabled: sets the identical MAC address on all slaves during the switching process.

  • Active: the MAC address on the bond interface will always be identical to that on the currently active slave. The MAC addresses on the backup interfaces are not changed. The MAC address on the bond interface changes during the failover processing.

  • Follow: the MAC address on the bond interface will be the same as that on the first slave added to the bond. This MAC is not set on the second and subsequent interfaces while they are in backup mode. That MAC address gets assigned during a failover: when a backup slave interface becomes active, it assumes a new MAC (the one on the bond interface), and the formerly active slave is assigned the MAC that the currently active one used to have.

Xmit hash policy

Determines the hash policy for packet transmission via bonded interfaces in the XOR or IEEE 802.3ad modes. Enumerated options:

  • Layer 2: only MAC addresses are used for hash generation. With this algorithm, the traffic for a particular network host is always sent over the same interface. This algorithm is compatible with IEEE 802.3ad.

  • Layer 2+3: both MAC and IP addresses are used for hash generation. This algorithm is compatible with IEEE 802.3ad.

  • Layer 3+4: IP addresses and transport-layer protocols (TCP or UDP) are used for hash generation. This algorithm is not universally compatible with IEEE 802.3ad, as both fragmented and non-fragmented packets can be transmitted within a single TCP or UDP interaction. Fragmented packets lack the source and destination ports. As a result, packets from the same session can reach the recipient in an order other than the intended one because they are sent via different slaves.

Networking

The IP address assignment method: no address, a static IP address, or a dynamic IP address obtained using DHCP.

DHCP relay

This is used to configure DHCP relay for the bond interface. Enable DHCP relay, enter the IP address of the interface on which the relay function is added in the UserGate address field, and specify one or more DHCP servers where client DHCP requests are to be forwarded.