There was a service delay at the customer recently.
I think it's because of the structural problem of the bonding interface.
The customer firewall structure is as follows.
* Version: R80.20 Take161
* HA: VRRP
* Bonding mode: 8023AD
* xmit-hash-policy: Layer2
* Interface: 1Gbps Fiber
Finally, it is a structure divided into internal and external parts composed of bonding the upper two interfaces and bonding the lower two interfaces.
The service delay occurred when about 1.5 Gbps of traffic came in.
At this time, ping loss also occurred when ping check was performed with the interface outside the firewall.
While looking for something unusual, most of the TX traffic was being processed on only one interface.
However, when checking when service delay occurred in cpview history, it was confirmed that traffic was processed in the other interface when the throughput was exceeded in one interface.
I didn't think this would be the root problem, but I changed it to xmit-hash-policy: Layer3+4 for traffic distribution.
(refer to sk111823)
And when monitoring again, traffic distribution was good, and even when traffic close to 2Gbps came in, there was no service delay or ping loss.
From the above symptoms alone, the service delay seems to be caused by improper traffic distribution when more than 1 Gbps of traffic enters the firewall.
When the bandwidth of one interface becomes full in the layer2 method, does the other interface handle the additional traffic?
Or is it MAC-based, forwarding traffic to one interface even when the bandwidth is full?
And what were the other factors that caused service delays?
Note that no network configuration changes have been made.
Thanks for reading this long article.