IMPORTANT
SNS 3.x versions have reached End of Maintenance since July 1st, 2024.
We recommend that you update your SNS firewalls to a version with maintenance to guarantee the protection of your infrastructure.
Principles of link aggregation
Definition
Link aggregation refers to the grouping of several physically distinct interfaces into a single logical interface.
It serves several purposes:
- Ensuring fault tolerance in the event a link is down or issues arise on an interface,
- Increasing bandwidth between two interconnected appliances.
Link aggregation can be set up in various ways, generally in a parallel configuration and depending on the hardware used.
For example, between a router and a switch, certain mechanisms such as Adaptive transmit load balancing does not require any configuration on the switch, unlike LACP which requires both interconnected appliances to be configured.
Stormshield LACP - Prior requirements
LACP is supported from SNS v1.0 upwards. LACP in high availability is supported from SNS v2.0 upwards.
It can be set up on the following Stormshield Network firewalls:
NG1000, NG5000, SN510, SN710, SN910, SN2000, SN3000 and SN6000.
All aggregated physical ports must use the same settings:
- Speed,
- Duplex (half or full),
- 802.1q (unique VLAN ID or labeled multi-VLAN link).
Outbound traffic is sent over member interfaces of the aggregate link (maximum 8 interfaces).
LACP operates in two ways:
- Active mode: the appliance initiates the establishment of the aggregate.
- Passive mode: the appliance only responds to the LACP requests that it receives.
Stormshield Network firewalls only operate in active mode, so regardless of which mode (active or passive) the switches are in during LACP negotiation, the negotiation will be successful.