Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Pradeep_Salunke
Explorer

Remove bond interface

What precautions need to take before removing bond interface?

Remove bond interface from gateway and remove it from management server?

need to install the policy.

Any other steps need to take care?

Please suggest

0 Kudos
13 Replies
the_rock
Legend
Legend

Regardless of which interface, steps to take are:

1) Remove from OS level (web UI or clish)

2) Update topology in smart console gateway object

3) Install policy

4) Verify all still works

Andy

0 Kudos
Pradeep_Salunke
Explorer

If we performed the get interface without topology thus affect anything?

0 Kudos
the_rock
Legend
Legend

Make sure to do get interfaces WITHOUT topology. If you do WITH, it will reset your current settings.

Cheers,

Andy

0 Kudos
Bob_Zimmerman
Authority
Authority

Of note: removing the bond from the OS level requires removing the member interfaces from the bond. I would also do that step last. You really should not delete an interface which the firewall software still knows about. It can cause all kinds of weird traffic problems.

  1. Remove interface from topology table in SmartConsole
  2. Push policy
  3. Disable interfaces at the OS level (e.g, shutdown the attached switch ports)
  4. Test
  5. If everything tests good, remove the bond's member interfaces, then delete the bond
0 Kudos
the_rock
Legend
Legend

Thats true, good point, it does require removing member interfaces, thank you for pointing that out. But, even TAC would suggest to remove it from OS level first, then topology...at least thats how they always did it in the past.

Andy

0 Kudos
Bob_Zimmerman
Authority
Authority

If someone in the TAC suggested that order to me, I would request the call be transferred to somebody else.

When adding an interface, you must add at the OS level first, then the application level.

When removing an interface, you should tell the application to stop using the interface before you tell the OS to stop providing the interface to be used. While in most circumstances you can do it in the other order (remove from OS first, remove from application second), that leaves the application trying to use something which doesn't exist. The best case situation for that is cluster failovers when a monitored interface goes down. It could easily result in flapping or a hard outage if combined with other interface problems or cluster monitoring problems.

It's like using a cable for cluster sync: technically supported, but a bad idea which will cause problems sooner or later.

0 Kudos
the_rock
Legend
Legend

Respectfully, I would disagree. I had done it the way TAC suggested many times before and never had a problem. If you think about it, all smart console would do is really get information based on whats configured on OS level, so to me, makes total sense to do it same way when adding OR removing the interface.

Andy

0 Kudos
Bob_Zimmerman
Authority
Authority

Think about it with VSX. If you remove the bond from the OS level first, then you try to remove it from your VSX object, provisioning will fail.

0 Kudos
the_rock
Legend
Legend

Im sure you know VSX way better than I do, so Im positive thats correct. As far as regular gateways, I always done it how TAC suggests and never had a problem.

Just my experience...

Andy

0 Kudos
Pradeep_Salunke
Explorer

I have removed the bond interface and performed the fetch without topology. after activity i can seen that topology is undefined.

So we need to manually edit the same. I have took screenshot before activity.?

0 Kudos
the_rock
Legend
Legend

Yes, please send a screenshot indicating the settings.

Andy

0 Kudos
Pradeep_Salunke
Explorer

i don't have individual setting i.e. what is anti-spoofing settings.

Sorry to say that is not bond interface, that is VLAN interface under that bond 2.

I have removed the vlan interface.

 

0 Kudos
the_rock
Legend
Legend

As long as interface is not part of OS, then topology should reflect that, for sure.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events