We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

Attention

Barracuda CloudGen Firewall version 8.0 is a cloud-only version. It is currently not available for on-premises deployments and can only be deployed in Microsoft Azure, Amazon Web Services, or Google Cloud Platform public clouds.

How to Configure Ethernet Bundles

  • Last updated on

Ethernet bundles combine multiple physical ports to a single virtual link to increase the physical bandwidth available for the connection. You also increase the fault tolerance of the Ethernet link because the connection will continue to work even if one link fails. The Ethernet bundles feature is also known as "Etherchannels," "Link Aggregation", "Trunking," or "Bonding" depending on the vendor. You can create a maximum of 16 Ethernet bundles on a Barracuda CloudGen Firewall. Ethernet bundles can be operated in one of the following modes:

  • Balance-RR – In this mode (round-robin policy), as many configured slave interfaces as possible are activated. The kernel will distribute network traffic sent to the master interface sequentially to all slave interfaces involved. In a similar fashion, inbound traffic to any of the slave interfaces is directed to the master interface.
  • Active Backup – In this mode (active backup policy), at least two interfaces are required with only a single slave interface being active at any one time. A prolonged failure of the link check on the active interface will trigger the activation of a backup slave interface. Only the link status is monitored, not if actual traffic can be transmitted over the connection.
  • Balance-XOR – Link is chosen by calculating the hash out of the source/destination MAC (Layer 2) combined with the IP addresses (Level 3). Depending on the hash, an interface is selected. This ensures that sessions from the same interface always use the same link from the Ethernet bundle.
  • Broadcast – Everything is transmitted on all slave interfaces.
  • 802.3ad Link Aggregation – Uses the LACPDU protocol to negotiate automatic bundling links. The directly connected devices must also support LACPDU.

Step 1. Configure an Ethernet Bundle

Create the virtual bond interface and add the physical network interfaces. You must also choose the operations mode.

  1. Go to CONFIGURATION > Configuration Tree  > Box > Network .
  2. In the left menu, select Ethernet Bundles.
  3. Click Lock.
  4. In the Ethernet Bundles table, click +.
  5. Enter a descriptive Name.
  6. Click OK. The Ethernet Bundles window opens. Specify the following settings:
    • Bundled  Interface – Select a bond interface. E.g., bond0
    • Bundled Interfaces – Click + and double-click the physical interfaces you want to include in the Ethernet bundle.

      If you are adding the management interface to and Ethernet bundle, the management interface must be the first interface in the list. Placing the management interface further down may invalidate your license.

    • Operation Mode – Select how traffic is distributed between the interfaces.
    • LACPDU Packet Rate (802.3ad Link Aggregation only) Select how fast (every second) or slow (every 30seconds) LACPDU packets are sent to the switch.
    • Hashing Policy (802.3ad Link Aggregation only) – Select how traffic is split over the slave links.
      • Layer2 – Selects the link based on destination MAC addresses.
      • Layer2+3 – Uses a mix of MAC addresses and IP addresses and, thus, also works for routed traffic. Traffic to the same IP address always ends up on the same link.
    • Link Check Mode – Select if the link availability is checked in Compatibility (default) or Efficiency mode. 
    • Link Check (ms) – Enter the interval in milliseconds for checking the link state of the slave interfaces. Default: 100msec

    • Activation Lag (ms) –  Enter the time in milliseconds to delay the activation of a backup slave interface. Has to be a multiple of the link check interval.
    • Deactivation Lag (ms) – Enter the time in milliseconds to delay the deactivation of a link. It has to be a multiple of the link check interval.
  7. Click OK.
  8. Click Send Changes and Activate.

Step 2. Activate the Network Configuration

Complete the network activation to activate the new Ethernet bundle interface.

  1. Go to CONTROL > Box.
  2. In the left menu, expand the Network section and click Activate new network configuration.
  3. Select Failsafe. The 'Failsafe Activation Succeeded' message is displayed after your new network configurations have been successfully activated.

Next Steps

Go to CONTROL > Network and verify that the bond0 interface is listed and active (route_active.png).

Last updated on