0

Assuming that I have a firewall that supports Round-Robin or Loadbalance link aggregation (no LACP necessary), would it be possible to connect each of the NICs in the LAGG group to a separate, unmanaged switch?

If I were to then connect a client machine / server with similarly configured bonded NICs, with one cable to each switch, would I then achieve switch redundancy?

All hypothetical at the moment as I try to establish whether switches with LACP would be necessary for this kind of setup.

A. Joesbury
  • 3
  • 2

2 Answers2

2

No (extra characters as serverfault doesn't allow such short responses).

Chopper3
  • 101,299
  • 9
  • 108
  • 239
  • I'd really appreciate some details as to why this setup wouldn't work. Thanks – A. Joesbury Apr 08 '19 at 11:24
  • 1
    Only one switch should be advertising any given MAC address at any given time, this is possible with intelligent/managed switches that are aware of each other's CAM tables (such as Cisco's VSS system) but when you connect a LAG to two switches that don't know anything about each other then almost all of the time the MAC is 'flapping' between both switches and you get packet drops all the time. – Chopper3 Apr 08 '19 at 11:31
  • @Chopper3, Hello ! I was reviewing this post and i was thinking ... lets assume both switches are in managed state. and the Machine/Host is configured LACP (802.3ad) to have connection to each switch with 1 link. But is it feasible though ? I mean could LACP work in such context ? or only fail-over mode could be used ? – atari83 Nov 04 '20 at 13:15
  • Not on switches that aren't 'known to each other' - they need to be able to share a single CAM table, so for switches like Cisco Cat 65xx's with VSS then this works great, most/all-most-all switches don't do this. If your switches aren't expressly configured to work together as a pair and using this CAM table sharing then you're going to have a bad time. – Chopper3 Nov 04 '20 at 14:44
1

You don't specify what you are using for a firewall, but it is possible with BSD. It's a feature of lagg and does not require using LACP.

From the documenatation:

Failover mode can be used to switch over to a secondary interface if the link is lost on the master interface. To configure failover, make sure that the underlying physical interfaces are up, then create the lagg(4) interface. In this example, fxp0 is the master interface, fxp1 is the secondary interface, and the virtual interface is assigned an IP address of 10.0.0.15/24:

# ifconfig fxp0 up
# ifconfig fxp1 up
# ifconfig lagg0 create
# ifconfig lagg0 up laggproto failover laggport fxp0 laggport fxp1 10.0.0.15/24

The virtual interface should look something like this:

# ifconfig lagg0
lagg0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 00:05:5d:71:8d:b8
        inet 10.0.0.15 netmask 0xffffff00 broadcast 10.0.0.255
        media: Ethernet autoselect
        status: active
        laggproto failover
        laggport: fxp1 flags=0<>
        laggport: fxp0 flags=5<MASTER,ACTIVE>

Traffic will be transmitted and received on fxp0. If the link is lost on fxp0, fxp1 will become the active link. If the link is restored on the master interface, it will once again become the active link.

To retain this configuration across reboots, add the following entries to /etc/rc.conf:

ifconfig_fxp0="up"
ifconfig_fxp1="up"
cloned_interfaces="lagg0"
ifconfig_lagg0="laggproto failover laggport fxp0 laggport fxp1 10.0.0.15/24"

https://www.freebsd.org/doc/handbook/network-aggregation.html

Bert
  • 2,863
  • 12
  • 13