Configuring Bond in High Availability Mode

This section explains how to configure High Availability on a bond interface. Run the CLI commands from the VSX Gateway (VS0) context. For a cluster configuration, run these commands on each VSX Cluster Member.

Use the active-backup value for the mode parameter to configure High Availability.

Configuring the High Availability Bond

This is a workflow of CLI commands to configure Link Aggregation in High Availability mode.

When you are enslaving configured interfaces, make sure that these interfaces are not used in other configurations.

To configure High Availability:

1. Create the High Availability bond. Run:

   add bonding group <bond id>

   set bonding group <bond id> mode active-backup

2. Define the slave interfaces. Run add bonding group <bond id> interface <IF name>

   Do this command again for all of the slave interfaces.

3. Make sure that the bond is configured correctly. Run show bonding group <bond id>

   To show more information about the bond, from Expert mode run cat /proc/net/bonding/<bond id>

4. Open SmartConsole and configure the cluster object. .
   • For a new Link Aggregation installation, create a new cluster object.
   • For updating an existing configuration, update the interface topology.

Updating the Interface Topology

When you are updating an existing configuration to Link Aggregation, it is necessary to reconfigure the relevant objects to connect to the newly created bond. This includes Virtual Systems, Virtual Routers and Virtual Switches. You can perform these actions in SmartConsole. In most cases, these definitions can be found in the object Properties window.

For large existing VSX deployments containing many Domain Management Servers and Virtual Devices, use the vsx_util change_interfaces command on the Management Server to reconfigure existing object topologies. For example, in a Multi-Domain Server deployment with 200 Domains, each with many Virtual Devices, it is faster to use vsx_util change_interfaces. This command automatically replaces the interface with the new bond on all relevant objects.

Reconfiguring the Bond - Gaia

To configure the newly created bond for a Gaia cluster:

1. Open SmartConsole.
2. Delete the slave interfaces from the bond that you are not using.
   1. From the navigation tree, click Topology.
   2. From the navigation tree, click Physical Interfaces.
   3. Select the slave interface, and click Remove.
   4. Click OK.
   5. Do these steps again for all the slave interfaces.
3. From Clish, create the new bond interface.
4. Open SmartConsole and from the Network Objects tree, double-click the VSX Gateway or cluster object.
5. From the navigation tree, click Physical Interfaces.
6. Click Add, and configure the bond interface.

   The Physical Interface Properties window opens.

   1. Enter the bond name.
   2. If the bond is a VLAN trunk, select VLAN Trunk.
   3. Click OK.
7. From the navigation tree, click Topology.
8. Do these steps for each interface that you are adding to the bond.
   1. Double-click the interface.

      The Interface Properties window opens.

   2. From Interface, select the bond interface.
   3. Click OK.
9. Install the policy.

Reconfiguring the Bond - SecurePlatform

To configure the newly created bond for a SecurePlatform cluster:

1. Open SmartConsole.
2. From the Object Explorer, double-click the VSX Gateway or cluster object.
3. From the navigation tree, click Physical Interfaces.
4. Click Add.

   The Physical Interface Properties window opens.

   1. Enter the bond name.
   2. If the bond is a VLAN trunk, select VLAN Trunk.
   3. Click OK.
5. From the navigation tree, click Topology.
6. Do these steps for each interface that you are adding to the bond.
   1. Double-click the interface.

      The Interface Properties window opens.

   2. From Interface, select the bond interface.
   3. Click OK.
7. Install the policy.
8. Delete the slave interfaces of the newly created bond that you are not using.

   You can also replace a bond interface with one that is being used.

Reconfiguring Topology with 'vsx_util change_interfaces'

Important - In a Multi-Domain Server environment, all Domain Management Servers must be unlocked in order for this operation to succeed. Meaning, you need to disconnect all SmartConsole clients from all Domain Management Servers.

To reconfigure objects with vsx_util change_interfaces:

1. Close SmartConsole windows for the Security Management Server and all Domain Management Servers that use the designated interface.
2. Connect to the command line on the Management Server.
3. Log in the Expert Mode.
4. Run the vsx_util change_interfaces command and follow the on-screen instructions:
   1. Enter the IP address of the Security Management Server or Main Domain Management Server.
   2. Enter the management administrator name and password.
   3. Select VSX Cluster object.
   4. Select Apply changes to the management database and to the VSX Gateway/Cluster members immediately.
   5. When prompted, select the interface to be replaced.
   6. When prompted, select the replacement bond interface.
   7. If you wish to replace additional interfaces, enter "y" when prompted and repeat the above steps.
   8. To complete the process, enter "n".