Interface bonding Centos 7

Purpose


I run my media downloading stack on a Gen 8 HP Microserver. This comes with 2 builtin 1Gbps ports (as well as the dedicated ilo port). As this machine is used for downloading and streaming media, i’d like to utilise both ports for the maximum possible throughput.

Bonding Modes


There are multiple different ways to setup bonding. The following information is from the Linux Channel Bonding sourceforge page. Some modes have more requirements than others.

balance-rr or Mode 0


Round-robin policy: Transmit packets in sequential order from the first available slave through the last. This mode provides load balancing and fault tolerance.

active-backup or Mode 1


Active-backup policy: Only one slave in the bond is active. A different slave becomes active if, and only if, the active slave fails. The bond’s MAC address is externally visible on only one port (network adapter) to avoid confusing the switch.

In bonding version 2.6.2 or later, when a failover occurs in active-backup mode, bonding will issue one or more gratuitous ARPs on the newly active slave. One gratuitous ARP is issued for the bonding master interface and each VLAN interfaces configured above it, provided that the interface has at least one IP address configured. Gratuitous ARPs issued for VLAN interfaces are tagged with the appropriate VLAN id. This mode provides fault tolerance. The primary option, documented below, affects the behavior of this mode.

balance-xor or Mode 2


XOR policy: Transmit based on the selected transmit hash policy. The default policy is a simple [(source MAC address XOR’d with destination MAC address) modulo slave count]. Alternate transmit policies may be selected via the xmit_hash_policy option.

This mode provides load balancing and fault tolerance.

broadcast or Mode 3


Broadcast policy: transmits everything on all slave interfaces. This mode provides fault tolerance.

802.3ad or Mode 4


IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification.

Slave selection for outgoing traffic is done according to the transmit hash policy, which may be changed from the default simple XOR policy via the xmit_hash_policy option, documented below. Note that not all transmit policies may be 802.3ad compliant, particularly in regards to the packet mis-ordering requirements of section 43.2.4 of the 802.3ad standard. Differing peer implementations will have varying tolerances for noncompliance.

	Prerequisites:

	1. Ethtool support in the base drivers for retrieving
	the speed and duplex of each slave.

	2. A switch that supports IEEE 802.3ad Dynamic link
	aggregation.

	Most switches will require some type of configuration
	to enable 802.3ad mode.

balance-tlb or Mode 5


Adaptive transmit load balancing: channel bonding that does not require any special switch support. The outgoing traffic is distributed according to the current load (computed relative to the speed) on each slave. Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC adress of the failed receiving slave.

	Prerequisite:

	Ethtool support in the base drivers for retrieving the
	speed of each slave.

balance-alb or Mode 6


Adaptive load balancing: includes balance-tlb plus receive load balancing (rlb) for IPV4 traffic, and does not require any special switch support. The receive load balancing is achieved by ARP negotiation. The bonding driver intercepts the ARP Replies sent by the local system on their way out and overwrites the source hardware address with the unique hardware address of one of the slaves in the bond such that different peers use different hardware addresses for the server.

Receive traffic from connections created by the server is also balanced. When the local system sends an ARP Request the bonding driver copies and saves the peer’s IP information from the ARP packet. When the ARP Reply arrives from the peer, its hardware address is retrieved and the bonding driver initiates an ARP reply to this peer assigning it to one of the slaves in the bond. A problematic outcome of using ARP negotiation for balancing is that each time that an ARP request is boadcast it uses the hardware address of the bond. Hence, peers learn the hardware address of the bond and the balancing of receive traffic collapses to the current slave. This is handled by sending updates (ARP Replies) to all the peers with their individually assigned hardware address such that the traffic is redistributed.Receive traffic is also redistributed when a new slave is added to the bond and when an inactive slave is re-activated. The receive load is distributed sequentially (round robin) among the group of highest speed slaves in the bond.

When a link is reconnected or a new slave joins the bond the receive traffic is redistributed among all active slaves in the bond by initiating ARP Replies with the selected MAC address to each of the clients. The updelay parameter (detailed below) must be set to a value equal or greater than the switch’s forwarding delay so that the ARP Replies sent to the peers will not be blocked by the switch.

Prerequisites:

	1. Ethtool support in the base drivers for retrieving
	the speed of each slave.

	2. Base driver support for setting the hardware
	address of a device while it is open.  This is
	required so that there will always be one slave in the
	team using the bond hardware address (the
	curr_active_slave) while having a unique hardware
	address for each slave in the bond.  If the
	curr_active_slave fails its hardware address is
	swapped with the new curr_active_slave that was
	chosen.

Create the bond0 config


To setup the bonded interface, i first needed to create the ifcfg-bond0 file. This file should go in /etc/sysconfig/network-scripts/ .
DEVICE=bond0
NAME=bond0
BONDING_MASTER=yes
IPADDR=192.168.3.166 # Set whatever your bonded IP will be here.
PREFIX=24
ONBOOT=yes
BOOTPROTO=none
BONDING_OPTS=”mode=0 miimon=100” # Set nonded mode here.


Configuring the interfaces


Ill use eth* as the interfaces here, but they will vary.
HWADDR=MAC ADDRESS
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
UUID=”xxxxxxxxxxxxxxxxxx”
IPV4_FAILURE_FATAL=yes
ONBOOT=yes
MASTER=bond0
SLAVE=yes


You will need to configure both of the ethx’s

Add in your gateway


As you have added in static IP’s, you need to tell the machine where its default gateway is. This is pretty simple:
vim /etc/sysconfig/network
Then add GATEWAY=192.168.3.1

Restart the networking

All that is left to do is to restart the networking daemon.

systemctl restart network

You should then be able to see the bond0 interface stats with : cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)

Bonding Mode: load balancing (round-robin)
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0

Slave Interface: em1
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 1
Permanent HW addr: d0:bf:9c:45:0c:20
Slave queue ID: 0

Slave Interface: em2
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 1
Permanent HW addr: d0:bf:9c:45:0c:21
Slave queue ID: 0

Thats it.

Using FreeIPA to authenticate OpenVPN users on pfSense

I have been fiddling with multiple different authentication methods to centralise the authentication across all my devices and services. ...… Continue reading

Zen Internet, IPv6 and pfsense

Published on February 19, 2017

Basic Telegraf, InfluxDB and Grafana setup

Published on January 26, 2017