Bond Interfaces (Link Aggregation)

Check Point security devices support Link Aggregation, a technology that joins multiple physical interfaces into one virtual interface, known as a bond interface. The bond interface share the load among many interfaces, which gives fault tolerance and increases throughput. Check Point devices support the IEEE 802.3ad Link Aggregation Control Protocol (LCAP) for dynamic link aggregation.

Item No.	Description
1	Security Gateway
1A	Interface 1
1B	interface 2
2	Bond Interface
3	Router

A bond interface (also known as a bonding group or bond) is identified by its Bond ID (for example: bond1) and is assigned an IP address. The physical interfaces included in the bond are called slaves and do not have IP addresses.

You can define a bond interface to use one of these functional strategies:

High Availability (Active/Backup): Gives redundancy when there is an interface or a link failure. This strategy also supports switch redundancy. Bond High Availability works in Active/Backup mode - interface Active/Standby mode. When an Active slave interface is down, the connection automatically fails over to the primary slave interface. If the primary slave interface is not available, the connection fails over to a different slave interface.
Load Sharing (Active/Active): All Active slave interfaces are used simultaneously. Traffic is distributed among the slave interfaces to maximize throughput. Bond Load Sharing does not support switch redundancy.
Note - Link Aggregation Load Sharing mode requires SecureXL to be enabled on Security Gateway or each cluster member.

You can configure Bond Load Sharing to use one of these modes:
- Round Robin - Selects the active slave interface sequentially.
- 802.3ad - Dynamically uses Active slave interfaces to share the traffic load. This mode uses the LACP protocol, which fully monitors the interface between the gateway and a switch.
- XOR - All UP slave interfaces are Active for Load Sharing. Traffic is assigned to Active interfaces based on the transmit hash policy (Layer2 or Layer3+4).

For Link Aggregation High Availability mode and for Link Aggregation Load Sharing mode:

The number of bond interfaces that can be defined is limited by the maximal number of interfaces supported by each platform. See the R80.10 Release Notes.
Up to 8 slave interfaces can be configured in a single High Availability or Load Sharing bond interface.

Configuring Bond Interfaces - Gaia Portal

To configure a bond interface:

Step	Description
1	In the navigation tree, click Network Management > Network Interfaces.
2	Make sure that the slave interfaces, which you wish to add to the Bond interface, do not have IP addresses.
3	For a new bond interface, select Add > Bond. To edit an existing Bond interface, select the Bond interface and click Edit.
4	On the IPv4 tab, enter the IPv4 address and subnet mask. You can optionally select the Obtain IPv4 Address automatically option.
5	On the IPv6 tab (optional), enter the IPv6 address and mask length. You can optionally select the Obtain IPv6 Address automatically option. Important - First, you must enable the IPv6 Support and reboot.
6	On the Bond tab: Select or enter a Bond Group ID. This parameter is an integer between 0 and 1024. Select the slave interfaces from the Available Interfaces list and then click Add. Note - Make sure that the slave interfaces do not have any IP addresses or aliases configured. Select an Operation Mode: Round Robin (default) - Bond uses all slave interfaces sequentially (High Availability + Load Sharing) Active-Backup - Bond uses one slave interface at a time (High Availability) XOR - Bond uses slave interfaces based on a hash function (High Availability + Load Sharing) 802.3ad - Dynamic bonding according to IEEE 802.3ad (Load Sharing)
7	On the Advanced tab: Set the required MTU for your network (if not sure, leave the default value). Set the Monitor Interval - How much time to wait between checking each slave interface for link-failure. The valid range is 1-5000 ms. The default is 100 ms. Set the Down Delay - How much time to wait, after sending a monitor request to a slave interface, before bringing down the slave interface. The valid range is 1-5000 ms. The default is 200 ms. Set the Up Delay - How much time to wait, after sending a monitor request to a slave interface, before bringing up the slave interface. The valid range is 1-5000 ms. The default is 200 ms.
8	Additional configuration settings are available depending on the selected Bond Operation Mode: If selected the Round Robin bond operation mode, then there are no additional configuration settings. If selected the Active-Backup bond operation mode, then select the Primary Interface If selected the XOR bond operation mode, then select the Transmit Hash Policy - the algorithm for slave interface selection according to the specified TCP/IP Layer. Select either Layer 2 (uses XOR of the physical interface MAC address), or Layer 3+4 (uses Layer 3 and Layer 4 protocol data). If selected the 802.3ad bond operation mode, then perform these two steps: Select the Transmit Hash Policy - the algorithm for slave interface selection according to the specified TCP/IP Layer. Select either Layer 2 (uses XOR of the physical interface MAC address), or Layer 3+4 (uses IP addresses and Ports). Select the LACP Rate - how frequently the LACP partner should transmit LACPDUs. Select either Slow (every thirty seconds), or Fast (every one second).
9	Click OK.

Configuring Bond Interfaces - Gaia Clish

In the CLI, bond interfaces are known as bonding groups.

Important: After you run a Gaia Clish command to add, configure, or delete an object, run the save config command to save the settings permanently.

To create a bond interface in the Gaia Clish:

Step	Description
1	Make sure that the slave interfaces do not have IP addresses.
2	Create the bond interface.
3	Define the slave interfaces and set them to the UP state.
4	Set the bond operating mode.
5	Define other bond parameters: primary interface, media monitoring, and delay rate.

Link Aggregation (Bonding) - Quick Reference for Gaia Clish Commands

This is a quick reference for Link Aggregation commands. Use these commands to configure Link Aggregation.

Note - You configure an IP address on a Bonding Group in the same way as you do on a physical interface.

Syntax

To create a bonding group and add slave interfaces:

add bonding group <Bond Group ID> interface <Name of Slave Interface>

Note - Make sure that the slave interfaces do not have any IP addresses or aliases configured.

To configure a bonding group:

Note - All these parameters are optional. You can configure any of these parameters together.

set bonding group <Bond Group ID>

[down-delay <Value in msec>]

[mii-interval <Value in msec>]

[mode

round-robin

active-backup [primary <Name of Slave Interface>]

xor xmit-hash-policy {layer2 | layer3+4}

8023AD [lacp-rate {slow | fast}]

]

[up-delay <Value in msec>]

To show the specific bonding group:

show bonding group <Bond Group ID>
To show the configured bonding groups:

show bonding groups
To delete a slave interface from the bonding group:

delete bonding group <Bond Group ID> interface <Name of Slave Interface>

To delete the bonding group:

Note - You must delete all slave interfaces before you can delete the bonding group.

delete bonding group <Bond Group ID> interface <Name of Slave Interface 1>

delete bonding group <Bond Group ID> interface <Name of Slave Interface ...>

delete bonding group <Bond Group ID> interface <Name of Slave Interface N>

delete bonding group <Bond Group ID>

Important - After you add, configure, or delete features, run the save config command to save the settings permanently.

Parameters

Parameter	Description
<Bond Group ID>	Configures the Bond Group ID. Range: 0 - 1024 Default: No default value
`interface <`Name of Slave Interface`>`	Specifies the name of the slave physical interface, which you add to (or remove from) the bond group. Make sure that the slave interfaces do not have any IP addresses or aliases configured.
`down-delay <`Value in msec`>`	Configures how much time to wait, after sending a monitor request to a slave interface, before bringing down the slave interface. Range: 1 - 5000 ms Default: 200 ms
`mii-interval <`Value in msec`>`	Configures how much time to wait between checking each slave interface for link-failure. Range: 0 (to disable), 1 - 5000 ms (to enable) Default: 100 ms
`mode {round-robin \| active-backup \| xor \| 8023AD}`	Configures the Bond operating mode: `round-robin`: Bond uses all slave interfaces sequentially (High Availability + Load Sharing). This is the default mode. `active-backup [primary <`Name of Slave Interface`>]`: Bond uses one slave interface at a time (High Availability) `xor xmit-hash-policy {layer2 \| layer3+4}`: Bond uses slave interfaces based on a hash function (High Availability + Load Sharing) `8023AD [lacp-rate {slow \| fast}]`: Dynamic bonding according to IEEE 802.3ad (Load Sharing)
`primary <`Name of Slave Interface`>`	Applies only to Active-Backup bond operation mode. Select one of the interfaces as primary interface for the bonding group. Default: The first interface added to the bond group becomes the primary.
`xmit-hash-policy {layer2 \| layer3+4}`	Applies only to XOR and 8023AD bond operation modes. Configures the Transmit Hash Policy - the algorithm for slave interface selection according to the specified TCP/IP Layer: `layer2` - Uses XOR of the physical interface MAC address `layer3+4` - Uses Layer 3 and Layer 4 protocol data
`lacp-rate {slow \| fast}`	Applies only to 8023AD bond operation mode. Configures how frequently the LACP partner should transmit LACPDUs: `slow` - Every thirty seconds `fast` - Every one second
`up-delay <`Value in msec`>`	Configures how much time to wait, after sending a monitor request to a slave interface, before bringing up the slave interface. Range: 1 - 5000 ms Default: 200 ms

Example

Gaia> add bonding group 20 interface eth2

Gaia> add bonding group 20 interface eth3

Gaia> show bonding groups

Bonding Interface: 20

Bond Configuration

xmit_hash_policy Not configured

down-delay 200

primary Not configured

mode round-robin

up-delay 200

mii-interval 100

lacp_rate Not configured

Bond Interfaces

eth2

eth3

Gaia> delete bonding group 20 interface eth3

Gaia> delete bonding group 20 interface eth2

Gaia> delete bonding group 20

Creating a Bond Interface

Syntax

add bonding group <Bond Group ID>

Example

gaia> add bonding group 777

Note - Do not change the state of bond interface manually using the set interface <Bond ID> state command. This is done automatically by the bonding driver.

Configuring the Bond Operating Mode

Bond operating mode specifies how slave interfaces are used in a bond interface.

Syntax

set bonding group <Bond Group ID> mode

round-robin

active-backup [primary <Name of Slave Interface>]

xor xmit-hash-policy {layer2 | layer3+4}

8023AD [lacp-rate {slow | fast}]

Example

gaia> set bonding group 1 mode active-backup primary eth2

gaia> set bonding group 2 mode xor xmit-hash-policy layer3+4

Notes:

The Active-Backup mode supports configuration of the primary slave interface.
The XOR mode requires the configuration of the transmit hash policy.
The 8023AD mode supports the configuration of the LACP packet transmission rate.

Adding Slave Interfaces to a Bond

Syntax

add bonding group <Bond Group ID> interface <Name of Slave Interface>

Example

gaia> add bonding group 777 interface eth4

gaia> add bonding group 777 interface eth5

Notes:

The slave interfaces must not have IP addresses assigned to them.
The slave interfaces must not have aliases assigned to them.
A bond interface can contain between two and eight slave interfaces.

Defining the Primary Slave Interface

With the Active-Backup operating mode, the system automatically fails over to the primary slave interface, if available. If the primary interface is not available, the system fails over to a different slave interface. By default, the first slave interface that you define is the primary interface. You must define the slave interfaces and set the operating mode as Active-Backup before doing this procedure.

Note - You must delete all non-primary slave interfaces before you remove the primary slave interface.

To define the primary slave interface:

set bonding group <Bond Group ID> mode active-backup primary <Name of Slave Interface>

Example

gaia> add bonding group 777 interface eth4

gaia> add bonding group 777 interface eth5

gaia> set bonding group 777 mode active-backup primary eth5

Defining the Monitoring Interval

This configures how much time to wait between checking each slave interface for link-failure. The valid range is 1-5000 ms. The default is 100 ms.

To configure the monitoring interval:

set bonding group <Bond Group ID> mii-interval <Value in msec>

Example:

gaia> set bonding group 777 mii-interval 500

To disable monitoring:

set bonding group <Bond ID> mii-interval 0

Configuring the Up Delay and Down Delay Times

The Up-Delay specifies show much time in milliseconds to wait before enabling a slave after link recovery was detected.

Syntax

set bonding group <Bond Group ID> up-delay <0-5000>

Example

gaia> set bonding group 1 up-delay 100

Note - The default up-interval value is 200 ms.

The Down-Delay specifies how much time in milliseconds to wait before disabling a slave after link failure was detected

Syntax

set bonding group <Bond Group ID> down-delay <0-5000>

Example

gaia> set bonding group 1 down-delay 100

Note - The default down-interval value is 200 ms.

Defining Load Sharing Parameters

When using Load Sharing modes (XOR or 802.3ad), you can configure these parameters:

LACP Rate (802.3ad mode only) - Set the Link Aggregation Control Protocol packet transmission rate. Valid values are slow (every 30 seconds) and fast (every 1 second).
Transmit Hash Policy - Set the algorithm for slave interface selection according to the specified TCP/IP layer. Valid values are layer2 (uses XOR of the physical interface MAC address) and layer3+4 (uses Layer 3 and Layer 4 protocol data).

To set the LACP rate:

set bonding group <Bond Group ID> mode 8023AD lacp-rate {slow | fast}

Example:

gaia> set bonding group 777 mode 8023AD lacp-rate slow

To set the Transmit Hash Policy:

set bonding group <Bond Group ID> mode xor xmit-hash-policy {layer2 | layer3+4}

Example:

gaia> set bonding group 777 mode xor xmit-hash-policy layer2

Making Sure that Bond Interface is Working

To make sure that a Bond interface is working, run this command in Expert mode:

[Expert@Gaia:0]# cat /proc/net/bonding/<Bond Group ID>

Example output for Round Robin mode:

[Expert@Gaia:0]# cat /proc/net/bonding/bond1

Ethernet Channel Bonding Driver: v3.2.4 (January 28, 2008)

Bonding Mode: load balancing (round-robin)

MII Status: up

MII Polling Interval (ms): 100

Up Delay (ms): 200

Down Delay (ms): 200

Slave Interface: eth2

MII Status: up

Link Failure Count: 0

Permanent HW addr: 00:50:56:a3:73:69

Slave Interface: eth3

MII Status: up

Link Failure Count: 0

Permanent HW addr: 00:50:56:a3:73:70

[Expert@Gaia:0]#

Example output for Active-Backup mode:

[Expert@Gaia:0]# cat /proc/net/bonding/bond1

Ethernet Channel Bonding Driver: v3.2.4 (January 28, 2008)

Bonding Mode: fault-tolerance (active-backup)

Primary Slave: eth2

Currently Active Slave: eth2

MII Status: up

MII Polling Interval (ms): 100

Up Delay (ms): 200

Down Delay (ms): 200

Slave Interface: eth2

MII Status: up

Link Failure Count: 0

Permanent HW addr: 00:50:56:a3:73:69

Slave Interface: eth3

MII Status: up

Link Failure Count: 0

Permanent HW addr: 00:50:56:a3:73:70

[Expert@Gaia:0]#

Example output for XOR mode:

[Expert@Gaia:0]# cat /proc/net/bonding/bond1

Ethernet Channel Bonding Driver: v3.2.4 (January 28, 2008)

Bonding Mode: load balancing (xor)

Transmit Hash Policy: layer2 (0)

MII Status: up

MII Polling Interval (ms): 100

Up Delay (ms): 200

Down Delay (ms): 200

Slave Interface: eth2

MII Status: up

Link Failure Count: 0

Permanent HW addr: 00:50:56:a3:73:69

Slave Interface: eth3

MII Status: up

Link Failure Count: 0

Permanent HW addr: 00:50:56:a3:73:70

[Expert@Gaia:0]#

Example output for 802.3ad mode:

[Expert@Gaia:0]# cat /proc/net/bonding/bond1

Ethernet Channel Bonding Driver: v3.2.4 (January 28, 2008)

Bonding Mode: IEEE 802.3ad Dynamic link aggregation

Transmit Hash Policy: layer2 (0)

MII Status: up

MII Polling Interval (ms): 100

Up Delay (ms): 200

Down Delay (ms): 200

802.3ad info

LACP rate: slow

Slave Interface: eth2

MII Status: up

Link Failure Count: 0

Permanent HW addr: 00:50:56:a3:73:69

Aggregator ID: 1

Slave Interface: eth3

MII Status: up

Link Failure Count: 0

Permanent HW addr: 00:50:56:a3:73:70

Aggregator ID: 1

[Expert@Gaia:0]#