Chapter 13. Configuring network bonding

This section describes the basics of network bonding, the differences between bonding and teaming, and how to configure a network bond on Red Hat Enterprise Linux 8.

You can create bonds on different types of devices, such as:

  • Physical and virtual Ethernet devices
  • Network bridges
  • Network teams
  • VLAN devices

13.1. Understanding network bonding

Network bonding is a method to combine or aggregate network interfaces to provide a logical interface with higher throughput or redundancy.

The active-backup, balance-tlb, and balance-alb modes do not require any specific configuration of the network switch. However, other bonding modes require configuring the switch to aggregate the links. For example, Cisco switches requires EtherChannel for modes 0, 2, and 3, but for mode 4, the Link Aggregation Control Protocol (LACP) and EtherChannel are required.

For further details, see the documentation of your switch and Linux Ethernet Bonding Driver HOWTO.

Important

Certain network bonding features, such as the fail-over mechanism, do not support direct cable connections without a network switch. For further details, see the Is bonding supported with direct connection using crossover cables? KCS solution.

13.2. Understanding the default behavior of controller and port interfaces

Consider the following default behavior of, when managing or troubleshooting team or bond port interfaces using the NetworkManager service:

  • Starting the controller interface does not automatically start the port interfaces.
  • Starting a port interface always starts the controller interface.
  • Stopping the controller interface also stops the port interface.
  • A controller without ports can start static IP connections.
  • A controller without ports waits for ports when starting DHCP connections.
  • A controller with a DHCP connection waiting for ports completes when you add a port with a carrier.
  • A controller with a DHCP connection waiting for ports continues waiting when you add a port without carrier.

13.3. Comparison of network teaming and bonding features

Learn about the features supported in network teams and network bonds:

FeatureNetwork bondNetwork team

Broadcast Tx policy

Yes

Yes

Round-robin Tx policy

Yes

Yes

Active-backup Tx policy

Yes

Yes

LACP (802.3ad) support

Yes (active only)

Yes

Hash-based Tx policy

Yes

Yes

User can set hash function

No

Yes

Tx load-balancing support (TLB)

Yes

Yes

LACP hash port select

Yes

Yes

Load-balancing for LACP support

No

Yes

Ethtool link monitoring

Yes

Yes

ARP link monitoring

Yes

Yes

NS/NA (IPv6) link monitoring

No

Yes

Ports up/down delays

Yes

Yes

Port priorities and stickiness (“primary” option enhancement)

No

Yes

Separate per-port link monitoring setup

No

Yes

Multiple link monitoring setup

Limited

Yes

Lockless Tx/Rx path

No (rwlock)

Yes (RCU)

VLAN support

Yes

Yes

User-space runtime control

Limited

Yes

Logic in user-space

No

Yes

Extensibility

Hard

Easy

Modular design

No

Yes

Performance overhead

Low

Very low

D-Bus interface

No

Yes

Multiple device stacking

Yes

Yes

Zero config using LLDP

No

(in planning)

NetworkManager support

Yes

Yes

13.4. Upstream Switch Configuration Depending on the Bonding Modes

The following table describes which settings you must apply to the upstream switch depending on the bonding mode:

Bonding modeConfiguration on the switch

0 - balance-rr

Requires static Etherchannel enabled (not LACP-negotiated)

1 - active-backup

Requires autonomous ports

2 - balance-xor

Requires static Etherchannel enabled (not LACP-negotiated)

3 - broadcast

Requires static Etherchannel enabled (not LACP-negotiated)

4 - 802.3ad

Requires LACP-negotiated Etherchannel enabled

5 - balance-tlb

Requires autonomous ports

6 - balance-alb

Requires autonomous ports

For configuring these settings on your switch, see the switch documentation.

13.5. Configuring a network bond using nmcli commands

This section describes how to configure a network bond using nmcli commands.

Prerequisites

Procedure

  1. Create a bond interface: 

    # nmcli connection add type bond con-name bond0 ifname bond0 bond.options "mode=active-backup"

    This command creates a bond named bond0 that uses the active-backup mode.

    To additionally set a Media Independent Interface (MII) monitoring interval, add the miimon=interval option to the bond.options property. For example, to use the same command but, additionally, set the MII monitoring interval to 1000 milliseconds (1 second), enter: 

    # nmcli connection add type bond con-name bond0 ifname bond0 bond.options "mode=active-backup,miimon=1000"

  2. Display the network interfaces, and note names of interfaces you plan to add to the bond: 

    # nmcli device status
DEVICE   TYPE      STATE         CONNECTION
enp7s0   ethernet  disconnected  --
enp8s0   ethernet  disconnected  --
bridge0  bridge    connected     bridge0
bridge1  bridge    connected     bridge1
...

    In this example:

    • enp7s0 and enp8s0 are not configured. To use these devices as ports, add connection profiles in the next step.
    • bridge0 and bridge1 have existing connection profiles. To use these devices as ports, modify their profiles in the next step.

  3. Assign interfaces to the bond:

    1. If the interfaces you want to assign to the bond are not configured, create new connection profiles for them: 

      # nmcli connection add type ethernet slave-type bond con-name bond0-port1 ifname enp7s0 master bond0
# nmcli connection add type ethernet slave-type bond con-name bond0-port2 ifname enp8s0 master bond0

      These commands create profiles for enp7s0 and enp8s0, and add them to the bond0 connection.

    2. To assign an existing connection profile to the bond, set the master parameter of these connections to bond0: 

      # nmcli connection modify bridge0 master bond0
# nmcli connection modify bridge1 master bond0

      These commands assign the existing connection profiles named bridge0 and bridge1 to the bond0 connection.

  4. Configure the IP settings of the bond. Skip this step if you want to use this bond as a port of other devices.

    1. Configure the IPv4 settings. For example, to set a static IPv4 address, network mask, default gateway, DNS server, and DNS search domain to the bond0 connection, enter: 

      # nmcli connection modify bond0 ipv4.addresses '192.0.2.1/24'
# nmcli connection modify bond0 ipv4.gateway '192.0.2.254'
# nmcli connection modify bond0 ipv4.dns '192.0.2.253'
# nmcli connection modify bond0 ipv4.dns-search 'example.com'
# nmcli connection modify bond0 ipv4.method manual

    2. Configure the IPv6 settings. For example, to set a static IPv6 address, network mask, default gateway, DNS server, and DNS search domain to the bond0 connection, enter: 

      # nmcli connection modify bond0 ipv6.addresses '2001:db8:1::1/64
# nmcli connection modify bond0 ipv6.gateway '2001:db8:1::fffe'
# nmcli connection modify bond0 ipv6.dns '2001:db8:1::fffd'
# nmcli connection modify bond0 ipv6.dns-search 'example.com'
# nmcli connection modify bond0 ipv6.method manual

  5. Activate the connection: 

    # nmcli connection up bond0

  6. Verify that the ports are connected, and the CONNECTION column displays the port’s connection name: 

    # nmcli device
DEVICE   TYPE      STATE      CONNECTION
...
enp7s0   ethernet  connected  bond0-port1
enp8s0   ethernet  connected  bond0-port2

    Red Hat Enterprise Linux activates controller and port devices when the system boots. By activating any port connection, the controller is also activated. However, in this case, only one port connection is activated. By default, activating the controller does not automatically activate the ports. However, you can enable this behavior by setting:

    1. Enable the connection.autoconnect-slaves parameter of the bond’s connection: 

      # nmcli connection modify bond0 connection.autoconnect-slaves 1

    2. Reactivate the bridge: 

      # nmcli connection up bond0

Verification steps

  1. Display the status of the bond: 

    # cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)

Bonding Mode: fault-tolerance (active-backup)
Primary Slave: None
Currently Active Slave: enp7s0
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0

Slave Interface: enp7s0
MII Status: up
Speed: Unknown
Duplex: Unknown
Link Failure Count: 0
Permanent HW addr: 52:54:00:d5:e0:fb
Slave queue ID: 0

Slave Interface: enp8s0
MII Status: up
Speed: Unknown
Duplex: Unknown
Link Failure Count: 0
Permanent HW addr: 52:54:00:b2:e2:63
Slave queue ID: 0

    In this example, both ports are up.

  2. To verify that bonding failover works:

    1. Temporarily remove the network cable from the host. Note that there is no method to properly test link failure events using the command line.

    2. Display the status of the bond: 

      # cat /proc/net/bonding/bond0

Additional resources

13.6. Configuring a network bond using nm-connection-editor

This section describes how to configure a network bond using the nm-connection-editor application.

Note that nm-connection-editor can add only new ports to a bond. To use an existing connection profile as a port, create the bond using the nmcli utility as described in Configuring a network bond using nmcli commands.

Prerequisites

  • Two or more physical or virtual network devices are installed on the server.
  • To use Ethernet devices as ports of the bond, the physical or virtual Ethernet devices must be installed on the server.
  • To use team, bond, or VLAN devices as ports of the bond, ensure that these devices are not already configured.

Procedure

  1. Open a terminal, and enter nm-connection-editor: 

    $ nm-connection-editor
  2. Click the + button to add a new connection.
  3. Select the Bond connection type, and click Create.

  4. In the Bond tab:

    1. Optional: Set the name of the bond interface in the Interface name field.

    2. Click the Add button to add a network interface as a port to the bond.

      1. Select the connection type of the interface. For example, select Ethernet for a wired connection.
      2. Optional: Set a connection name for the port.
      3. If you create a connection profile for an Ethernet device, open the Ethernet tab, and select in the Device field the network interface you want to add as a port to the bond. If you selected a different device type, configure it accordingly. Note that you can only use Ethernet interfaces in a bond that are not configured.
      4. Click Save.

    3. Repeat the previous step for each interface you want to add to the bond:

      add nic to bond in nm connection editor

    4. Optional: Set other options, such as the Media Independent Interface (MII) monitoring interval.

  5. Configure the IP settings of the bond. Skip this step if you want to use this bond as a port of other devices.

    1. In the IPv4 Settings tab, configure the IPv4 settings. For example, set a static IPv4 address, network mask, default gateway, DNS server, and DNS search domain:

      bond IPv4 settings nm connection editor

    2. In the IPv6 Settings tab, configure the IPv6 settings. For example, set a static IPv6 address, network mask, default gateway, DNS server, and DNS search domain:

      bond IPv6 settings nm connection editor

  6. Click Save to save the bond connection.
  7. Close nm-connection-editor.

Verification steps

  • View the status of the bond: 

    $ cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)

Bonding Mode: fault-tolerance (active-backup)
Primary Slave: None
Currently Active Slave: enp7s0
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0

Slave Interface: enp7s0
MII Status: up
Speed: Unknown
Duplex: Unknown
Link Failure Count: 0
Permanent HW addr: 52:54:00:d5:e0:fb
Slave queue ID: 0

Slave Interface: enp8s0
MII Status: up
Speed: Unknown
Duplex: Unknown
Link Failure Count: 0
Permanent HW addr: 52:54:00:b2:e2:63
Slave queue ID: 0

    In this example, both ports are up.

Additional resources

13.7. Configuring a network bond using RHEL System Roles

You can use the network RHEL System Role to configure a network bond. This procedure describes how to configure a bond in active-backup mode that uses two Ethernet devices, and sets an IPv4 and IPv6 addresses, default gateways, and DNS configuration.

Note

Set the IP configuration on the bridge and not on the ports of the Linux bridge.

Prerequisites

  • The ansible and rhel-system-roles packages are installed on the control node.
  • If you use a different remote user than root when you run the playbook, this user has appropriate sudo permissions on the managed node.
  • Two or more physical or virtual network devices are installed on the server.

Procedure

  1. If the host on which you want to execute the instructions in the playbook is not yet inventoried, add the IP or name of this host to the /etc/ansible/hosts Ansible inventory file: 

    node.example.com

  2. Create the ~/bond-ethernet.yml playbook with the following content: 

    ---
- name: Configure a network bond that uses two Ethernet ports
  hosts: node.example.com
  become: true
  tasks:
  - include_role:
      name: linux-system-roles.network

    vars:
      network_connections:
        # Define the bond profile
        - name: bond0
          type: bond
          interface_name: bond0
          ip:
            address:
              - "192.0.2.1/24"
              - "2001:db8:1::1/64"
            gateway4: 192.0.2.254
            gateway6: 2001:db8:1::fffe
            dns:
              - 192.0.2.200
              - 2001:db8:1::ffbb
            dns_search:
              - example.com
          bond:
            mode: active-backup
          state: up

        # Add an Ethernet profile to the bond
        - name: bond0-port1
          interface_name: enp7s0
          type: ethernet
          master: bond0
          state: up

        # Add a second Ethernet profile to the bond
        - name: bond0-port2
          interface_name: enp8s0
          type: ethernet
          master: bond0
          state: up

  3. Run the playbook:

    • To connect as root user to the managed host, enter: 

      # ansible-playbook -u root ~/bond-ethernet.yml

    • To connect as a user to the managed host, enter: 

      # ansible-playbook -u user_name --ask-become-pass ~/bond-ethernet.yml

      The --ask-become-pass option makes sure that the ansible-playbook command prompts for the sudo password of the user defined in the -u user_name option.

    If you do not specify the -u user_name option, ansible-playbook connects to the managed host as the user that is currently logged in to the control node.

Additional resources

  • For details about the parameters used in network_connections and for additional information about the network System Role, see the /usr/share/ansible/roles/rhel-system-roles.network/README.md file.
  • For details about the ansible-playbook command, see the ansible-playbook(1) man page.

13.8. Creating a network bond to enable switching between an Ethernet and wireless connection without interrupting the VPN

RHEL users who connect their workstation to their company’s network typically use a VPN to access remote resources. However, if the workstation switches between an Ethernet and Wi-Fi connection, for example, if you release a laptop from a docking station with an Ethernet connection, the VPN connection is interrupted. To avoid this problem, you can create a network bond that uses the Ethernet and Wi-Fi connection in active-backup mode.

Prerequisites

  • The host contains an Ethernet and a Wi-Fi device.

  • An Ethernet and Wi-Fi NetworkManager connection profile has been created and both connections work independently.

    This procedure uses the following connection profiles to create a network bond named bond0:

    • Docking_station associated with the enp11s0u1 Ethernet device
    • Wi-Fi associated with the wlp61s0 Wi-Fi device

Procedure

  1. Create a bond interface in active-backup mode: 

    # nmcli connection add type bond con-name bond0 ifname bond0 bond.options "mode=active-backup"

    This command names both the interface and connection profile bond0.

  2. Configure the IPv4 settings of the bond:

    • If a DHCP server in your network assigns IPv4 addresses to hosts, no action is required.

    • If your local network requires static IPv4 addresses, set the address, network mask, default gateway, DNS server, and DNS search domain to the bond0 connection: 

      # nmcli connection modify bond0 ipv4.addresses '192.0.2.1/24'
# nmcli connection modify bond0 ipv4.gateway '192.0.2.254'
# nmcli connection modify bond0 ipv4.dns '192.0.2.253'
# nmcli connection modify bond0 ipv4.dns-search 'example.com'
# nmcli connection modify bond0 ipv4.method manual

  3. Configure the IPv6 settings of the bond:

    • If your router or a DHCP server in your network assigns IPv6 addresses to hosts, no action is required.

    • If your local network requires static IPv6 addresses, set the address, network mask, default gateway, DNS server, and DNS search domain to the bond0 connection: 

      # nmcli connection modify bond0 ipv6.addresses '2001:db8:1::1/64'
# nmcli connection modify bond0 ipv6.gateway '2001:db8:1::fffe'
# nmcli connection modify bond0 ipv6.dns '2001:db8:1::fffd'
# nmcli connection modify bond0 ipv6.dns-search 'example.com'
# nmcli connection modify bond0 ipv6.method manual

  4. Display the connection profiles: 

    # nmcli connection show
NAME             UUID                                  TYPE      DEVICE
Docking_station  256dd073-fecc-339d-91ae-9834a00407f9  ethernet  enp11s0u1
Wi-Fi            1f1531c7-8737-4c60-91af-2d21164417e8  wifi      wlp61s0
...

    You require the names of the connection profiles and the Ethernet device name in the next steps.

  5. Assign the connection profile of the Ethernet connection to the bond: 

    # nmcli connection modify Docking_station master bond0

  6. Assign the connection profile of the Wi-Fi connection to the bond: 

    # nmcli connection modify Wi-Fi master bond0

  7. If your Wi-Fi network uses MAC filtering to allow only MAC addresses on a allow list to access the network, configure that NetworkManager dynamically assigns the MAC address of the active port to the bond: 

    # nmcli connection modify bond0 +bond.options fail_over_mac=1

    With this setting, you must set only the MAC address of the Wi-Fi device to the allow list instead of the MAC address of both the Ethernet and Wi-Fi device.

  8. Set the device associated with the Ethernet connection as primary device of the bond: 

    # nmcli con modify bond0 +bond.options "primary=enp11s0u1"

    With this setting, the bond always uses the Ethernet connection if it is available.

  9. Configure that NetworkManager automatically activates ports when the bond0 device is activated: 

    # nmcli connection modify bond0 connection.autoconnect-slaves 1

  10. Activate the bond0 connection: 

    # nmcli connection up bond0

Verification steps

  • Display the currently active device, the status of the bond and its ports: 

    # cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)

Bonding Mode: fault-tolerance (active-backup) (fail_over_mac active)
Primary Slave: enp11s0u1 (primary_reselect always)
Currently Active Slave: enp11s0u1
MII Status: up
MII Polling Interval (ms): 1
Up Delay (ms): 0
Down Delay (ms): 0
Peer Notification Delay (ms): 0

Slave Interface: enp11s0u1
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:53:00:59:da:b7
Slave queue ID: 0

Slave Interface: wlp61s0
MII Status: up
Speed: Unknown
Duplex: Unknown
Link Failure Count: 2
Permanent HW addr: 00:53:00:b3:22:ba
Slave queue ID: 0

Additional resources