Ethernet bundles combine multiple physical ports to a single virtual link to increase the physical bandwidth available for the connection. You also increase the fault tolerance of the Ethernet link because the connection will continue to work even if one link fails. The Ethernet bundles feature is also known as "Etherchannels," "Link Aggregation", "Trunking," or "Bonding" depending on the vendor. You can create a maximum of 16 Ethernet bundles on a Barracuda CloudGen Firewall. Ethernet bundles can be operated in one of the following modes:
- Balance-RR – In this mode (round-robin policy), as many configured secondary interfaces as possible are activated. The kernel will distribute network traffic sent to the primary interface sequentially to all secondary interfaces involved. In a similar fashion, inbound traffic to any of the secondary interfaces is directed to the primary interface.
- Active Backup – In this mode (active backup policy), at least two interfaces are required with only a single secondary interface being active at any one time. A prolonged failure of the link check on the active interface will trigger the activation of a backup secondary interface. Only the link status is monitored, not if actual traffic can be transmitted over the connection.
- Balance-XOR – Link is chosen by calculating the hash out of the source/destination MAC (Layer 2) combined with the IP addresses (Level 3). Depending on the hash, an interface is selected. This ensures that sessions from the same interface always use the same link from the Ethernet bundle.
- Broadcast – Everything is transmitted on all secondary interfaces.
- 802.3ad Link Aggregation – Uses the LACPDU protocol to negotiate automatic bundling links. The directly connected devices must also support LACPDU.
- Adaptive Transmit Load Balancing – Distributes outgoing traffic according to the current load, calculated relative to the speed.
- Adaptive Load Balancing – Distributes outgoing traffic according to the current load and adds receive load balancing for IPv4 traffic.
Step 1. Configure an Ethernet Bundle
Create the virtual bond interface and add the physical network interfaces. You must also choose the operations mode.
- Go to CONFIGURATION > Configuration Tree > Box > Network .
- In the left menu, select Ethernet Bundles.
- Click Lock.
- In the Ethernet Bundles table, click +.
- Enter a descriptive Name.
- Click OK. The Ethernet Bundles window opens. Specify the following settings:
- Bundled Interface – Select a bond interface. E.g., bond0
Bundled Interfaces – Click + and double-click the physical interfaces you want to include in the Ethernet bundle.
- Operation Mode – Select how traffic is distributed between the interfaces.
- LACPDU Packet Rate (802.3ad Link Aggregation only) – Select how fast (every second) or slow (every 30seconds) LACPDU packets are sent to the switch.
- Hashing Policy (802.3ad Link Aggregation only) – Select how traffic is split over the secondary links.
- Layer2 – Selects the link based on destination MAC addresses.
- Layer2+3 – Uses a mix of MAC addresses and IP addresses and, thus, also works for routed traffic. Traffic to the same IP address always ends up on the same link.
- Link Check Mode – Select if the link availability is checked in Compatibility (default) or Efficiency mode.
Link Check (ms) – Enter the interval in milliseconds for checking the link state of the secondary interfaces. Default: 100msec
- Activation Lag (ms) – Enter the time in milliseconds to delay the activation of a backup secondary interface. Has to be a multiple of the link check interval.
- Deactivation Lag (ms) – Enter the time in milliseconds to delay the deactivation of a link. It has to be a multiple of the link check interval.
- Click OK.
- Click Send Changes and Activate.
Step 2. Activate the Network Configuration
Complete the network activation to activate the new Ethernet bundle interface.
- Go to CONTROL > Box.
- In the left menu, expand the Network section and click Activate new network configuration.
- Select Failsafe. The 'Failsafe Activation Succeeded' message is displayed after your new network configurations have been successfully activated.
Go to CONTROL > Network and verify that the bond0 interface is listed and active ().