Bond Interfaces (Link Aggregation)
Check Point security devices support Link Aggregation, a technology that joins multiple physical interfaces into one virtual interface, known as a bond interface.
The bond interface share the load among many interfaces, which gives fault tolerance and increases throughput. Check Point devices support the IEEE 802.3ad Link Aggregation Control Protocol (LACP) for dynamic link aggregation.
Item |
Description |
---|---|
1 |
|
1A |
Interface 1 |
1B |
Interface 2 |
2 |
Bond Interface |
3 |
Router |
A bond interface (also known as a bonding group or bond) is identified by its Bond ID (for example: bond1) and is assigned an IP address. The physical interfaces included in the bond are called subordinate interfaces and do not have IP addresses.
You can configure a bond interface to use one of these functional strategies:
Gives redundancy when there is an interface or a link failure. This strategy also supports switch redundancy.
Bond High Availability works in Active/Backup mode - interface Active/Standby mode. When an Active subordinate interface is down, the connection automatically fails over to the primary subordinate interface. If the primary subordinate interface is not available, the connection fails over to a different subordinate interface.
All subordinate interfaces in the UP state are used simultaneously.
Traffic is distributed among the subordinate interfaces to maximize throughput. Bond Load Sharing does not support switch redundancy.
|
Note - Bonding Load Sharing mode requires SecureXL Check Point product on a Security Gateway that accelerates IPv4 and IPv6 traffic that passes through a Security Gateway. to be enabled on Security Gateway or each Cluster Member Security Gateway that is part of a cluster.. |
You can configure Bond Load Sharing to use one of these modes:
Mode |
Description |
||
---|---|---|---|
Round Robin |
Selects the Active subordinate interfaces sequentially.
|
||
802.3ad |
Dynamically uses Active subordinate interfaces to share the traffic load. This mode uses the LACP protocol, which fully monitors the interface link between the Check Point Security Gateway and a switch. |
||
XOR |
All subordinate interfaces in the UP state are Active for Load Sharing. Traffic is assigned to Active subordinate interfaces based on one of these transmit hash policies:
|
||
ABXOR |
Subordinate interfaces in the UP state are assigned to sub-groups called bundles. Only one bundle is Active at a time. All subordinate interfaces in the Active bundle share the traffic load. The system assigns traffic to all interfaces in the Active bundle based on the defined transmit hash policy.
|
For Bonding High Availability mode and for Bonding Load Sharing mode:
-
The number of bond interfaces that can be defined is limited by the maximal number of interfaces supported by each platform.
See the R81.20 Release Notes.
-
Up to 8 physical subordinate interfaces can be configured in a single bond interface.