Creating a Bond Interface into Checkpoint Gaia
Step 1: Identity the interface in your Checkpoint Firewall
VSX-MGMT> show interfaces
eth0
eth1
eth2
lo
Step 2 : Creating a bonding group .You can have 0 to 1024 bond group in Gaia.Create bond group 10(random number) and add desired interface in bond group.I have created the bond group for eth1 and eth2.
VSX-MGMT> add bonding group 10 interface
eth1 eth2
VSX-MGMT> add bonding group 10 interface eth1
VSX-MGMT> add bonding group 10 interface eth2
Step 3: Configure the primary inteface in bond group.
VSX-MGMT> set bonding group 10 primary eth1
Step 4: Select the mode of your bond interface.
VSX-MGMT> set bonding group 10 mode
round-robin active-backup xor 8023AD
• round-robin - Interfaces activated in order by ID (default)
• active-backup - On active interface down, failover to primary interface first, and to other interfaces if primary is down
• xor - Interface activation by TCP/IP layer (layer2 or layer3+4).
You can set the LACP packet transmission rate for xor mode or 8023AD mode. After you set one of these Load Sharing modes, enter this option: lacp-rate {slow | fast} where slow is every 30 seconds, and fast is every one second.
• 8023AD - Link Aggregation Control Protocol load shares traffic by dynamic interface activation, with full interface monitoring between gateway and switch. In this mode only, you can set the algorithm for interface selection, according to the specified TCP/IP layer: xmit-hash-policy {layer2 | layer3+4}
VSX-MGMT> set bonding group 10 mode 8023AD
Step 5 : Your bond interface is configured. and verify the setting
VSX-MGMT> show bonding group 10
Bond Configuration
xmit-hash-policy layer2
down-delay 200
primary eth1
lacp-rate slow
mode 8023AD
up-delay 200
mii-interval 100
Bond Interfaces
eth1
eth2
VSX-MGMT>
To make sure that a Link Aggregation is working for a bond interface, run this command in expert mode:
[Expert@VSX-MGMT:0]# cat /proc/net/bonding/bond10
Ethernet Channel Bonding Driver: v3.2.4 (January 28, 2008)
Bonding Mode: IEEE 802.3ad Dynamic link aggregation
Transmit Hash Policy: layer2 (0)
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 200
Down Delay (ms): 200
802.3ad info
LACP rate: slow
Active Aggregator Info:
Aggregator ID: 1
Number of ports: 1
Actor Key: 17
Partner Key: 1
Partner Mac Address: 00:00:00:00:00:00
Slave Interface: eth1
MII Status: up
Link Failure Count: 0
Permanent HW addr: 00:0c:29:70:21:f2
Aggregator ID: 1
Slave Interface: eth2
MII Status: up
Link Failure Count: 0
Permanent HW addr: 00:0c:29:70:21:fc
Aggregator ID: 2
[Expert@VSX-MGMT:0]#
Note : Configuring of LACP rate can be produced only for 802.3ad mode
Transmit Hash Policy can be configured for 802.3ad and balance-xor modes only
Step 1: Identity the interface in your Checkpoint Firewall
VSX-MGMT> show interfaces
eth0
eth1
eth2
lo
Step 2 : Creating a bonding group .You can have 0 to 1024 bond group in Gaia.Create bond group 10(random number) and add desired interface in bond group.I have created the bond group for eth1 and eth2.
VSX-MGMT> add bonding group 10 interface
eth1 eth2
VSX-MGMT> add bonding group 10 interface eth1
VSX-MGMT> add bonding group 10 interface eth2
Step 3: Configure the primary inteface in bond group.
VSX-MGMT> set bonding group 10 primary eth1
Step 4: Select the mode of your bond interface.
VSX-MGMT> set bonding group 10 mode
round-robin active-backup xor 8023AD
• round-robin - Interfaces activated in order by ID (default)
• active-backup - On active interface down, failover to primary interface first, and to other interfaces if primary is down
• xor - Interface activation by TCP/IP layer (layer2 or layer3+4).
You can set the LACP packet transmission rate for xor mode or 8023AD mode. After you set one of these Load Sharing modes, enter this option: lacp-rate {slow | fast} where slow is every 30 seconds, and fast is every one second.
• 8023AD - Link Aggregation Control Protocol load shares traffic by dynamic interface activation, with full interface monitoring between gateway and switch. In this mode only, you can set the algorithm for interface selection, according to the specified TCP/IP layer: xmit-hash-policy {layer2 | layer3+4}
VSX-MGMT> set bonding group 10 mode 8023AD
Step 5 : Your bond interface is configured. and verify the setting
VSX-MGMT> show bonding group 10
Bond Configuration
xmit-hash-policy layer2
down-delay 200
primary eth1
lacp-rate slow
mode 8023AD
up-delay 200
mii-interval 100
Bond Interfaces
eth1
eth2
VSX-MGMT>
To make sure that a Link Aggregation is working for a bond interface, run this command in expert mode:
[Expert@VSX-MGMT:0]# cat /proc/net/bonding/bond10
Ethernet Channel Bonding Driver: v3.2.4 (January 28, 2008)
Bonding Mode: IEEE 802.3ad Dynamic link aggregation
Transmit Hash Policy: layer2 (0)
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 200
Down Delay (ms): 200
802.3ad info
LACP rate: slow
Active Aggregator Info:
Aggregator ID: 1
Number of ports: 1
Actor Key: 17
Partner Key: 1
Partner Mac Address: 00:00:00:00:00:00
Slave Interface: eth1
MII Status: up
Link Failure Count: 0
Permanent HW addr: 00:0c:29:70:21:f2
Aggregator ID: 1
Slave Interface: eth2
MII Status: up
Link Failure Count: 0
Permanent HW addr: 00:0c:29:70:21:fc
Aggregator ID: 2
[Expert@VSX-MGMT:0]#
Note : Configuring of LACP rate can be produced only for 802.3ad mode
Transmit Hash Policy can be configured for 802.3ad and balance-xor modes only
No comments:
Post a Comment