Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Bonding of physical interfaces

Dear Mates,

Is bonding of interfaces suggestible in CP firewall when it is transparent mode. 

0 Kudos
Reply
5 Replies
Highlighted
Leader
Leader

Manoj,

you find the answer in your companies guide for bridge mode.

Bridge Mode on Gaia OS and SecurePlatform OS 

"Only two interfaces can be connected by a single Bridge interface. These two interfaces can then be thought of as a two-ports switch. Each port can be a Physical, a VLAN, or a Bond device."

Wolfgang

Highlighted
Admin
Admin

@Wolfgang is saying, yes, it is possible 🙂 Two bond interfaces can be a bridge. Each bond can have multiple physical interfaces.

Highlighted

Hi,
My scenario is like this : Customer using Check Point in transparent mode to filter traffic. But few packets are missing out due to high bandwidth of traffic from the network. The interface we are using in CP for connectivity is 1 Gig. Now they wants to use 3 to 4 interfaces to as a bond to increase the pipe. Is it suggestible as I am new to Transparent mode scenarios.
0 Kudos
Reply
Highlighted
Champion
Champion

That indeed is a good reason to use bonding, high bandwidth is one of the reasons to use it. Do keep in mind that a single stream will always stick to a physical interface, LACP would be the way to go here as it will make sure that load sharing will be used on the interfaces.
Regards, Maarten
Highlighted

LACP's transmit link selection method can result in wildly asymmetric loading. In extreme cases, all of your traffic may end up sent out a single link. For example, cluster sync on a bonded interface will only ever go out one link if you're using LACP.

Default transmit link selection is based on the layer 2 source and destination. If the firewall is being inserted into a link between two routers, you will only see two source-destination MAC pairs, so load balancing will be bad. Switching to layer 3+4 hashing may help, but can still result in weird behavior.

Other bonding styles—such as round-robin—may be more appropriate for distributing load.

0 Kudos
Reply