Troubleshooting Bonded Interfaces

Troubleshooting Workflow

Connect to the command line.
Log in to the Expert mode.
Check the status of the bond:

cat /proc/net/bonding/<bond id>
If there is a problem, check if the physical link is down, as follows:
1. Execute the following command:
  - In Gaia Clish The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell).:
    
    show cluster bond name <bond_name>
  - In the Expert mode:
    
    cphaprob show_bond <bond_name>
2. Look for a subordinate interface that reports the status of the link as no.
3. Check the cable connections and other hardware.
4. Check the port configuration on the switch.
Check if a VSX Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. Cluster Member Security Gateway that is part of a cluster. is down, by running:
- In Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. Clish:
  
  show cluster state
- In the Expert mode:
  
  cphaprob state
If any of the VSX Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Members has a State other than Active, see the R81 ClusterXL Administration Guide - Chapter Monitoring and Troubleshooting Clusters.

On a VSX Cluster Member, reboot is needed after the following actions on a bond interface:

Changing a bond mode.

Adding a subordinate interface into a bond

Note - Removing a subordinate interface does not require reboot.

For further information regarding bond status and failovers, view logs in the Logs & Monitor view. Any interface bond status change is logged and can be viewed in Logs & Monitor.

Connectivity Delays on Switches

When using certain switches, connectivity delays may occur during some internal bond failovers. With the various features that are now included on some switches, it can take close to a minute for a switch to begin servicing a newly connected interface. The following are suggestions for reducing the startup time after link failure.

Disable auto-negotiation on the applicable interface.

On some Cisco switches, enable PortFast, as detailed below.

Note - PortFast is not applicable if the bond group on the switch is configured as Trunk.

Warning Regarding Use of PortFast

The PortFast feature should never be used on ports that connect to other switches or hubs. It is important that the Spanning Tree complete the initialization procedure in these situations.

Otherwise, these connections may cause physical loops where packets are continuously forwarded (or even multiply) in such a way that network will ultimately fail.

Sample Configuration of PortFast on a Cisco Switch

The following are the commands necessary to enable PortFast on a Gigabit Ethernet 1/0/15 interface of a Cisco 3750 switch running IOS.

Enter configuration mode:

cisco-3750A# conf t
Specify the interface to configure:

cisco-3750A(config)# interface gigabitethernet1/0/15
Set PortFast on this interface:

cisco-3750A(config-if)# spanning-tree portfast