Troubleshooting Bond Interfaces

Troubleshooting Workflow

  1. Check the status of the bond. From Expert mode, run cat/proc/net/bonding/<bond id>

  2. If there is a problem, check if the physical link is down, as follows:

    1. Execute the following command:

      cphaconf show_bond <bond-name>

    2. Look for a slave interface that reports the status of the link as no.

    3. Check the cable connections and other hardware.

    4. Check the port configuration on the switch.

  3. Check if a cluster memberClosed Security Gateway that is part of a cluster. is in the Down state, by running:

    cphaprob state

    If any of the clusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. members have a Firewall State other than active, see Monitoring Cluster Status (cphaprob state) in the R80.20 ClusterXL Administration Guide.

On a VSXClosed Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. cluster member, reboot is needed after the following actions on a bond interface:

  1. Changing a bond mode.

  2. Adding a slave into a bond.

    Note - Removing a slave does not require reboot.

For further information regarding bond status and failovers, view logs in the Logs & Monitor view. Any interface bond status change is logged and can be viewed in Logs & Monitor.

Connectivity Delays on Switches

When using certain switches, connectivity delays may occur during some internal bond failovers. With the various features that are now included on some switches, it can take close to a minute for a switch to begin servicing a newly connected interface. The following are suggestions for reducing the startup time after link failure.

  1. Disable auto-negotiation on the relevant interface.

  2. On some Cisco switches, enable PortFast, as detailed below.

    Note - PortFast is not applicable if the bond group on the switch is configured as Trunk.

Warning Regarding Use of PortFast

The PortFast feature should never be used on ports that connect to other switches or hubs. It is important that the Spanning Tree complete the initialization procedure in these situations. Otherwise, these connections may cause physical loops where packets are continuously forwarded (or even multiply) in such a way that network will ultimately fail.

Sample Configuration of PortFast on a Cisco Switch

The following are the commands necessary to enable PortFast on a Gigabit Ethernet 1/0/15 interface of a Cisco 3750 switch running IOS.

  1. Enter configuration mode:

    cisco-3750A#conf t

  2. Specify the interface to configure:

    cisco-3750A(config)#interface gigabitethernet1/0/15

  3. Set PortFast on this interface:

    cisco-3750A(config-if)#spanning-tree portfast