SonicOS 7.0 Switching
Table of Contents
Configuring Link Aggregation
About Link Aggregation
Link Aggregation allows port redundancy and load balancing in Layer 2 networks by allowing you to inter-connect SonicWall Security Appliances with two or more links between them in such a way that the multiple links are combined into one larger virtual pipe that can carry a higher combined bandwidth. As multiple links are present between two devices, if one link fails, the traffic is transferred through other links without disruption. With multiple links present, traffic also can be load balanced in such a way to achieve even distribution. Load balancing is controlled by the SonicWall Security Appliance, based on source and destination MAC address pairs. The NETWORK | Switching > Link Aggregation page provides information and statistics about and allows configuration of interfaces for aggregation.
SonicOS supports the two types of LAG:
Static LAG
In Static Link Aggregation, ports that are in the same VLAN (same PortShield Group) or are VLAN trunk ports are eligible for link aggregation. Up to four ports can be aggregated in a logical group, and there can be four Logical Links (LAGs) configured. With Static Link Aggregation, all configuration settings are set on both participating LAG components.
Two main types of usage are enabled by this feature:
| Firewall to Server | Implemented by enabling Link Aggregation on ports within the same VLAN (same PortShield Group). This configuration allows port redundancy, but does not support load balancing in the appliance-to-Server direction because of a hardware limitation on the Security Appliance. |
| Firewall to Switch | Allowed by enabling Link Aggregation on VLAN trunk ports. Load balancing is performed automatically by the hardware. The Security Appliance supports one load balancing algorithm based on source and destination MAC address pairs. |
Similarly to PortShield configuration, you select an interface that represents the aggregated group. This port is called an aggregator. The aggregator port must be assigned a unique key. Non-aggregator ports can be optionally configured with a key, which can help prevent an erroneous LAG if the switch connections are wired incorrectly.
The key is not the same as the LAG ID, which is the same as the interface number and cannot be changed. The key must be assigned when the LAG group is configured. All the non-aggregator ports should have the same key as the aggregator port.
Ports bond together if connected to the same link partner and their keys match. A link partner cannot be discovered for Static link aggregation. In this case, ports aggregate based on keys alone.
Like a PortShield host, the aggregator port cannot be removed from the LAG as it represents the LAG in the system.
After link aggregation has been enabled on VLAN trunk ports, additional VLANs cannot be added or deleted on the LAG.
Dynamic Lag
SonicOS supports Dynamic Link Aggregation using Link Aggregation Control Protocol (LACP defined by IEEE 802.3ad) on all SonicWall Security Appliances that support Advanced Switching features.
About Dynamic Lag Using LACP
LACP allows the exchange of information related to link aggregation between the members of the LAG group in protocol packets called Link Aggregation Control Protocol Data Units (PDUs). with LACP, errors in configuration, wiring, and link failures can be detected quickly.
The two major benefits of LAG such as increased throughput and link redundancy can be achieved efficiently using LACP. LACP is the signaling protocol used between members in a LAG. It ensures links are only aggregated into a bundle if they are correctly configured and cabled. LACP can be configured in one of two modes:
- Active mode - Device immediately sends LACP PDUs when the port comes up.
- Passive mode - Port is placed in a passive negotiating state, in which the port only responds to LACP PDUs it receives, but does not initiate LACP negotiation.
If both sides are configured as active, LAG can be formed assuming successful negotiation of the other parameters. If one side is configured as active and the other one as passive, LAG can be formed as the passive port responds to the LACP PDUs received from the active side. If both sides are passive, LACP fails to negotiate the bundle. Passive mode is rarely used in deployments.
In the configuration, all member ports of the same LAG must be set up on the same VLAN as the Aggregator port. Data packets received on the LAG members are associated with the parent Aggregator port using the VLAN. When the state of the Aggregator/member ports of a LAG reaches a stable Collection/Distribution state, the ports are ready to transmit and receive data traffic.
All information related to LAG, such as the Aggregator ports configured, this information is displayed on the NETWORK | Switching > Link Aggregation page:
- Member ports that are part of the LAG.
- Status of each of the ports that form the LAG.
- The Partner MAC address received through LACP.
Six load balancing options are available for configuration. The load balancing option must be chosen when creating a LAG along with the Aggregator port.
You cannot modify the load balancing option after the LAG is created.
VLAN Enhancements for LAG
This enhancement is not supported on the NSa 2600, TZ Series, or SOHO W firewalls.
With this enhancement;
- LAG does not have to be dismantled or removed before the VLAN is added/deleted. The configuring allows you to add the VLAN to an existing LAG or delete the VLAN from an existing LAG without disrupting the current traffic related to the LAG or other VLANs configured on the LAG.
- VLAN can be added to/deleted from any member of the LAG and it gets applied to all the other members of the LAG automatically without the need to explicitly add to/delete from other members of the LAG.
Viewing Link Aggregation
Viewing Status
The Status table displays the MAC address System ID for the firewall.
Viewing Link Aggregation Ports
To view Link Aggregation Ports, navigate to NETWORK | Switching > Link Aggregation.
| Port | Interface used as an aggregator port or a member port. |
| LAG ID |
System-configured link aggregator. A port that is not an aggregator has a LAG ID of the aggregator of which it is a member. |
| Key | Indicates port membership from the Add LAG Port dialog. |
| Aggregator | Indicates an aggregator port by a green checkmark; otherwise, it is blank. |
| LACP Enable | Indicates whether LACP is enabled. |
| Status | Indicates whether the port is up or down. |
| Partner |
MAC addresses of the link partners after they are physically connected; for
|
| Vendor | Displays the name of the equipment manufacturer. |
Creating a Logical Link (LAG)
To create a Logical Link (LAG)
- Navigate to NETWORK | Switching > Link Aggregation.
- Click + (Add). The Add LAG Port dialog displays.
-
Select the interface from Aggregator Port.
- Specify the port membership to an LAG group by entering the desired key into the Key field. The minimum value is 1, and the maximum value is 255. The field has a default value of 0, which must be replaced.
-
Select the ports to be aggregated from the Member Ports drop-down menu. You can select any number of ports in the list by selecting the checkbox for each port to be aggregated.
The listed ports depend on the interface chosen in Step 3.
- To enable Link Aggregation Control Protocol (LACP) for this port, select LACP Enable. This option is not selected by default.
-
From Load Balance Type, select the how load balancing is performed:
You cannot modify the load balancing option after the LAG is created.
- SRC_MAC, ETH_TYPE, VLAN, INTF (default)
- DST_MAC, ETH_TYPE, VLAN, INTF
- SRC_MAC, DST_MAC, ETH_TYPE, VLAN, INTF
- SRC_IP, SRC_PORT
- DST_IP, DST_PORT
- SRC_IP, SRC_PORT, DST_IP, DST_PORT
- Click OK.
Deleting a LAG
To delete a member of a LAG
- Navigate to NETWORK | Switching > Link Aggregation.
- Delete the member port of the lag by clicking its Delete icon.
To delete an aggregator port
- Navigate to NETWORK | Switching > Link Aggregation.
-
Delete all the member ports by clicking their Delete icons.
All member ports must be deleted from the LAG before deleting the Aggregator port.
- Delete the aggregator port by clicking its Delete icon.