How to configure Link Aggregation

07/17/2023 270 People found this article helpful 492,528 Views

Description

Link Aggregation provides the ability to group multiple Ethernet interfaces to form a trunk which looks and acts like a single physical interface. This feature is useful for high end deployments requiring more than 1 Gbps throughput for traffic flowing between two interfaces. This functionality is available on all NSa, NSA and SuperMassive platforms.

Static Link Aggregation with the ability to aggregate up to 4 ports into a single link is supported on SonicOS 6.x. A round-robin algorithm is used for load balancing traffic across the interfaces in an aggregated link.

Dynamic Link Aggregation (LACP) has been introduced on SonicOS 6.5 .

Link Aggregation is based on interface link speed, for example: 10 Gbps port cannot be link aggregated with another interface which does not support 10 Gbps. Any port which are link aggregated together should support same link speed.

Link Aggregation is used to increase the available bandwidth between the firewall and a switch by aggregating up to four interfaces into a single aggregate link, referred to as a Link Aggregation Group (LAG). All ports in an aggregate link must be connected to the same switch. The firewall uses a round-robin algorithm for load balancing traffic across the interfaces in a Link Aggregation Group. Link Aggregation also provides a measure of redundancy, in that if one interface in the LAG goes down, the other interfaces remain connected.

Link Aggregation is referred to using different terminology by different vendors, including Port Channel, Ether Channel, Trunk, and Port Grouping.

Link Aggregation Limitations

Link Aggregation only works with unassigned interfaces. SonicOS 6.5 introduces support for Dynamic Link Aggregation using Link Aggregation Control Protocol (LACP).

This feature is supported on all 1 Gbit and 2.5 Gbit interfaces on SuperMassive and NSA platforms. However it's not supported on the 10 Gbit interfaces of our NSA x600 appliances and Supermassive 9x00 appliances. (x stand for the model of the appliance)
The feature is not supported on platforms which do not support Advanced Switching features, including SOHOW, TZ300/W, TZ400/W, TZ500/W ,TZ600, NSA 2600, and Gen7 TZ models.
LACP only works with interfaces connected to the internal SonicWall switch.
No limitations for Gen 6.5 NSa 2650 to 9650.

Please reference to the table below:

Firewall	Ports connected to the internal SonicWall switch
NSA 2600	UNSUPPORTED feature
NSA 3600	X17* only (LACP not supported)
NSA 4600	X17* only (LACP not supported)
NSA 5600	X17* only (LACP not supported)
NSA 6600	X16, X18, X19
SM 9200	X16, X18, X19
SM 9400	X16, X18, X19
SM 9800	X16, X18, X19

NOTE: Please refer to page 27 of SonicOS 6.5.0.0 release notes for more information on Dynamic LAG Using LACP.

Resolution

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

Link Aggregation is configured on the Network | Interface page, edit the interface. On the Advance tab is the Redundant/Aggregate port dropdown that allows link aggregation. Then select the check boxes next to the other interfaces to aggregate with.

SonicOS/X supports the two types of LAG:

Static LAG
Dynamic Lag

STATIC LAG

In Static Link Aggregation, ports that are in the same VLAN (same PortShield Group) or are VLAN trunk ports are eligible for link aggregation. Up to four ports can be aggregated in a logical group, and there can be four Logical Links (LAGs) configured. With Static Link Aggregation, all configuration settings are set on both participating LAG components.

Two main types of usage are enabled by this feature:

Firewall to Server	Implemented by enabling Link Aggregation on ports within the same VLAN (same PortShield Group). This configuration allows port redundancy, but does not support load balancing in the appliance-to-Server direction because of a hardware limitation on the Security Appliance.
Firewall to Switch	Allowed by enabling Link Aggregation on VLAN trunk ports. Load balancing is performed automatically by the hardware. The Security Appliance supports one load balancing algorithm based on source and destination MAC address pairs.

Similarly to PortShield configuration, you select an interface that represents the aggregated group. This port is called an aggregator. The aggregator port must be assigned a unique key. Non-aggregator ports can be optionally configured with a key, which can help prevent an erroneous LAG if the switch connections are wired incorrectly.

Note: The key is not the same as the LAG ID, which is the same as the interface number and cannot be changed. The key must be assigned when the LAG group is configured. All the non-aggregator ports should have the same key as the aggregator port.

Ports bond together if connected to the same link partner and their keys match. A link partner cannot be discovered for Static link aggregation. In this case, ports aggregate based on keys alone.

Like a PortShield host, the aggregator port cannot be removed from the LAG as it represents the LAG in the system.

Note: After link aggregation has been enabled on VLAN trunk ports, additional VLANs cannot be added or deleted on the LAG.

DYNAMIC LAG

SonicOS/X supports Dynamic Link Aggregation using Link Aggregation Control Protocol (LACP defined by IEEE 802.3ad) on all SonicWall Security Appliances that support Advanced Switching features.

ABOUT DYNAMIC LAG USING LACP

LACP allows the exchange of information related to link aggregation between the members of the LAG group in protocol packets called Link Aggregation Control Protocol Data Units (PDUs). with LACP, errors in configuration, wiring, and link failures can be detected quickly.

The two major benefits of LAG such as increased throughput and link redundancy can be achieved efficiently using LACP. LACP is the signaling protocol used between members in a LAG. It ensures links are only aggregated into a bundle if they are correctly configured and cabled. LACP can be configured in one of two modes:

Active mode - Device immediately sends LACP PDUs when the port comes up.
Passive mode - Port is placed in a passive negotiating state, in which the port only responds to LACP PDUs it receives, but does not initiate LACP negotiation.

If both sides are configured as active, LAG can be formed assuming successful negotiation of the other parameters. If one side is configured as active and the other one as passive, LAG can be formed as the passive port responds to the LACP PDUs received from the active side. If both sides are passive, LACP fails to negotiate the bundle. Passive mode is rarely used in deployments.

In the configuration, all member ports of the same LAG must be set up on the same VLAN as the Aggregator port. Data packets received on the LAG members are associated with the parent Aggregator port using the VLAN. When the state of the Aggregator/member ports of a LAG reaches a stable Collection/Distribution state, the ports are ready to transmit and receive data traffic.

All information related to LAG, such as the Aggregator ports configured, this information is displayed on the NETWORK | Switching | Link Aggregation page:

Member ports that are part of the LAG.
Status of each of the ports that form the LAG.
The Partner MAC address received through LACP.

Six load balancing options are available for configuration. The load balancing option must be chosen when creating a LAG along with the Aggregator port.

Note: You cannot modify the load balancing option after the LAG is created.

VLAN ENHANCEMENTS FOR LAG

Note: This enhancement is not supported on the NSa 2600, TZ Series, or SOHO W firewalls.

With this enhancement;

LAG does not have to be dismantled or removed before the VLAN is added/deleted. The configuring allows you to add the VLAN to an existing LAG or delete the VLAN from an existing LAG without disrupting the current traffic related to the LAG or other VLANs configured on the LAG.

VLAN can be added to/deleted from any member of the LAG and it gets applied to all the other members of the LAG automatically without the need to explicitly add to/delete from other members of the LAG.

VIEWING LINK AGGREGATION

Topics:

Viewing Status
Viewing Link Aggregation Ports

VIEWING STATUS

The Status table displays the MAC address System ID for the firewall.

VIEWING LINK AGGREGATION PORTS

To view Link Aggregation Ports, navigate to NETWORK | Switching > Link Aggregation.

Port	Interface used as an aggregator port or a member port.
LAG ID	System-configured link aggregator. A port that is not an aggregator has a LAG ID of the aggregator of which it is a member.
Key	Indicates port membership from the Add LAG Port dialog.
Aggregator	Indicates an aggregator port by a green checkmark; otherwise, it is blank.
LACP Enable	Indicates whether LACP is enabled.
Status	Indicates whether the port is up or down.
Partner	MAC addresses of the link partners after they are physically connected; for Static LAG, displays 00:00:00:00:00:00 Dynamic LAG, displays the partner’s MAC address
Vendor	Displays the name of the equipment manufacturer.

CREATING A LOGICAL LINK (LAG)

To create a Logical Link (LAG)

Navigate to NETWORK | Switching > Link Aggregation.
Click + (Add). The Add LAG Port dialog displays.
Select the interface from Aggregator Port.
Specify the port membership to an LAG group by entering the desired key into the Key field. The minimum value is 1, and the maximum value is 255. The field has a default value of 0, which must be replaced.
Select the ports to be aggregated from the Member Ports drop-down menu. You can select any number of ports in the list by selecting the checkbox for each port to be aggregated.

The listed ports depend on the interface chosen in Step 3.
To enable Link Aggregation Control Protocol (LACP) for this port, select LACP Enable. This option is not selected by default.
From Load Balance Type, select the how load balancing is performed:

You cannot modify the load balancing option after the LAG is created.
- SRC_MAC, ETH_TYPE, VLAN, INTF (default)
- DST_MAC, ETH_TYPE, VLAN, INTF
- SRC_MAC, DST_MAC, ETH_TYPE, VLAN, INTF
- SRC_IP, SRC_PORT
- DST_IP, DST_PORT
- SRC_IP, SRC_PORT, DST_IP, DST_PORT
Click OK.

DELETING A LAG

To delete a member of a LAG

Navigate to NETWORK | Switching > Link Aggregation.
Delete the member port of the lag by clicking its Delete icon.

To delete an aggregator port

Navigate to NETWORK | Switching > Link Aggregation.
Delete all the member ports by clicking their Delete icons. Note: All member ports must be deleted from the LAG before deleting the Aggregator port.
Delete the aggregator port by clicking its Delete icon.

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

Link Aggregation is configured on the Manage | Network | Interfaces page, edit the interface. On the Advance tab is the Redundant/Aggregate port dropdown that allows link aggregation. Then select the check boxes next to the other interfaces to aggregate with.

Not Finding Your Answers?

ASK THE COMMUNITY

Was This Article Helpful?

YES NO

How to configure Link Aggregation

Description

Resolution

Resolution for SonicOS 7.X

STATIC LAG

DYNAMIC LAG

ABOUT DYNAMIC LAG USING LACP

VLAN ENHANCEMENTS FOR LAG

VIEWING LINK AGGREGATION

VIEWING STATUS

VIEWING LINK AGGREGATION PORTS

CREATING A LOGICAL LINK (LAG)

DELETING A LAG

Resolution for SonicOS 6.5

Related Articles

Categories

Not Finding Your Answers?

Was This Article Helpful?

Article Helpful Form

Article Not Helpful Form

Follow Us

Subscribe to newsletter

Stay In Touch