Red Hat Training

A Red Hat training course is available for RHEL 8

Chapter 3. Configuring network bonding

A network bond is a method to combine or aggregate physical and virtual network interfaces to provide a logical interface with higher throughput or redundancy. In a bond, the kernel handles all operations exclusively. You can create bonds on different types of devices, such as Ethernet devices or VLANs.

Red Hat Enterprise Linux provides administrators different options to configure team devices. For example:

  • Use nmcli to configure bond connections using the command line.
  • Use the RHEL web console to configure bond connections using a web browser.
  • Use nmtui to configure bond connections in a text-based user interface.
  • Use the nm-connection-editor application to configure bond connections in a graphical interface.
  • Use nmstatectl to configure bond connections through the Nmstate API.
  • Use RHEL System Roles to automate the bond configuration on one or multiple hosts.

3.1. Understanding the default behavior of controller and port interfaces

Consider the following default behavior when managing or troubleshooting team or bond port interfaces using the NetworkManager service:

  • Starting the controller interface does not automatically start the port interfaces.
  • Starting a port interface always starts the controller interface.
  • Stopping the controller interface also stops the port interface.
  • A controller without ports can start static IP connections.
  • A controller without ports waits for ports when starting DHCP connections.
  • A controller with a DHCP connection waiting for ports completes when you add a port with a carrier.
  • A controller with a DHCP connection waiting for ports continues waiting when you add a port without carrier.

3.2. Upstream switch configuration depending on the bonding modes

Depending on the bonding mode you want to use, you must configure the ports on the switch:

Bonding modeConfiguration on the switch

0 - balance-rr

Requires static EtherChannel enabled, not Link Aggregation Control Protocol (LACP)-negotiated.

1 - active-backup

No configuration required on the switch.

2 - balance-xor

Requires static EtherChannel enabled, not LACP-negotiated.

3 - broadcast

Requires static EtherChannel enabled, not LACP-negotiated.

4 - 802.3ad

Requires LACP-negotiated EtherChannel enabled.

5 - balance-tlb

No configuration required on the switch.

6 - balance-alb

No configuration required on the switch.

For details how to configure your switch, see the documentation of the switch.

Important

Certain network bonding features, such as the fail-over mechanism, do not support direct cable connections without a network switch. For further details, see the Is bonding supported with direct connection using crossover cables? KCS solution.

3.3. Configuring a network bond by using nmcli

To configure a network bond on the command line, use the nmcli utility.

Prerequisites

Procedure

  1. Create a bond interface:

    # nmcli connection add type bond con-name bond0 ifname bond0 bond.options "mode=active-backup"

    This command creates a bond named bond0 that uses the active-backup mode.

    To additionally set a Media Independent Interface (MII) monitoring interval, add the miimon=interval option to the bond.options property, for example:

    # nmcli connection add type bond con-name bond0 ifname bond0 bond.options "mode=active-backup,miimon=1000"
  2. Display the network interfaces, and note names of interfaces you plan to add to the bond:

    # nmcli device status
    DEVICE   TYPE      STATE         CONNECTION
    enp7s0   ethernet  disconnected  --
    enp8s0   ethernet  disconnected  --
    bridge0  bridge    connected     bridge0
    bridge1  bridge    connected     bridge1
    ...

    In this example:

    • enp7s0 and enp8s0 are not configured. To use these devices as ports, add connection profiles in the next step.
    • bridge0 and bridge1 have existing connection profiles. To use these devices as ports, modify their profiles in the next step.
  3. Assign interfaces to the bond:

    1. If the interfaces you want to assign to the bond are not configured, create new connection profiles for them:

      # nmcli connection add type ethernet slave-type bond con-name bond0-port1 ifname enp7s0 master bond0
      # nmcli connection add type ethernet slave-type bond con-name bond0-port2 ifname enp8s0 master bond0

      These commands create profiles for enp7s0 and enp8s0, and add them to the bond0 connection.

    2. To assign an existing connection profile to the bond:

      1. Set the master parameter of these connections to bond0:

        # nmcli connection modify bridge0 master bond0
        # nmcli connection modify bridge1 master bond0

        These commands assign the existing connection profiles named bridge0 and bridge1 to the bond0 connection.

      2. Reactivate the connections:

        # nmcli connection up bridge0
        # nmcli connection up bridge1
  4. Configure the IPv4 settings:

    • To use this bond device as a port of other devices, enter:

      # nmcli connection modify bond0 ipv4.method disabled
    • To use DHCP, no action is required.
    • To set a static IPv4 address, network mask, default gateway, and DNS server to the bond0 connection, enter:

      # nmcli connection modify bond0 ipv4.addresses '192.0.2.1/24' ipv4.gateway '192.0.2.254' ipv4.dns '192.0.2.253' ipv4.dns-search 'example.com' ipv4.method manual
  5. Configure the IPv6 settings:

    • To use this bond device as a port of other devices, enter:

      # nmcli connection modify bond0 ipv6.method disabled
    • To use DHCP, no action is required.
    • To set a static IPv6 address, network mask, default gateway, and DNS server to the bond0 connection, enter:

      # nmcli connection modify bond0 ipv6.addresses '2001:db8:1::1/64' ipv6.gateway '2001:db8:1::fffe' ipv6.dns '2001:db8:1::fffd' ipv6.dns-search 'example.com' ipv6.method manual
  6. Optional: If you want to set any parameters on the bond ports, use the following command:

    # nmcli connection modify bond0-port1 bond-port.<parameter> <value>
  7. Activate the connection:

    # nmcli connection up bond0
  8. Verify that the ports are connected, and the CONNECTION column displays the port’s connection name:

    # nmcli device
    DEVICE   TYPE      STATE      CONNECTION
    ...
    enp7s0   ethernet  connected  bond0-port1
    enp8s0   ethernet  connected  bond0-port2

    When you activate any port of the connection, NetworkManager also activates the bond, but not the other ports of it. You can configure that Red Hat Enterprise Linux enables all ports automatically when the bond is enabled:

    1. Enable the connection.autoconnect-slaves parameter of the bond’s connection:

      # nmcli connection modify bond0 connection.autoconnect-slaves 1
    2. Reactivate the bridge:

      # nmcli connection up bond0

Verification

  1. Temporarily remove the network cable from the host.

    Note that there is no method to properly test link failure events using software utilities. Tools that deactivate connections, such as nmcli, show only the bonding driver’s ability to handle port configuration changes and not actual link failure events.

  2. Display the status of the bond:

    # cat /proc/net/bonding/bond0

3.4. Configuring a network bond by using the RHEL web console

Use the RHEL web console to configure a network bond if you prefer to manage network settings using a web browser-based interface.

Prerequisites

Procedure

  1. Select the Networking tab in the navigation on the left side of the screen.
  2. Click Add bond in the Interfaces section.
  3. Enter the name of the bond device you want to create.
  4. Select the interfaces that should be members of the bond.
  5. Select the mode of the bond.

    If you select Active backup, the web console shows the additional field Primary in which you can select the preferred active device.

  6. Set the link monitoring mode. For example, when you use the Adaptive load balancing mode, set it to ARP.
  7. Optional: Adjust the monitoring interval, link up delay, and link down delay settings. Typically, you only change the defaults for troubleshooting purposes.

    bond settings
  8. Click Apply.
  9. By default, the bond uses a dynamic IP address. If you want to set a static IP address:

    1. Click the name of the bond in the Interfaces section.
    2. Click Edit next to the protocol you want to configure.
    3. Select Manual next to Addresses, and enter the IP address, prefix, and default gateway.
    4. In the DNS section, click the + button, and enter the IP address of the DNS server. Repeat this step to set multiple DNS servers.
    5. In the DNS search domains section, click the + button, and enter the search domain.
    6. If the interface requires static routes, configure them in the Routes section.

      bond team bridge vlan.ipv4
    7. Click Apply

Verification

  1. Select the Networking tab in the navigation on the left side of the screen, and check if there is incoming and outgoing traffic on the interface:

    bond verify
  2. Temporarily remove the network cable from the host.

    Note that there is no method to properly test link failure events using software utilities. Tools that deactivate connections, such as the web console, show only the bonding driver’s ability to handle member configuration changes and not actual link failure events.

  3. Display the status of the bond:

    # cat /proc/net/bonding/bond0

3.5. Configuring a network bond by using nmtui

The nmtui application provides a text-based user interface for NetworkManager. You can use nmtui to configure a network bond on a host without a graphical interface.

Note

In nmtui:

  • Navigate by using the cursor keys.
  • Press a button by selecting it and hitting Enter.
  • Select and deselect checkboxes by using Space.

Prerequisites

  • Two or more physical or virtual network devices are installed on the server.
  • To use Ethernet devices as ports of the bond, the physical or virtual Ethernet devices must be installed on the server.

Procedure

  1. If you do not know the network device names on which you want configure a network bond, display the available devices:

    # nmcli device status
    DEVICE     TYPE      STATE                   CONNECTION
    enp7s0     ethernet  unavailable             --
    enp8s0     ethernet  unavailable             --
    ...
  2. Start nmtui:

    # nmtui
  3. Select Edit a connection, and press Enter.
  4. Press the Add button.
  5. Select Bond from the list of network types, and press Enter.
  6. Optional: Enter a name for the NetworkManager profile to be created.

    On hosts with multiple profiles, a meaningful name makes it easier to identify the purpose of a profile.

  7. Enter the bond device name to be created into the Device field.
  8. Add ports to the bond to be created:

    1. Press the Add button next to the Slaves list.
    2. Select the type of the interface you want to add as port to the bond, for example, Ethernet.
    3. Optional: Enter a name for the NetworkManager profile to be created for this bond port.
    4. Enter the port’s device name into the Device field.
    5. Press the OK button to return to the window with the bond settings.

      Figure 3.1. Adding an Ethernet device as port to a bond

      nmtui bond add port
    6. Repeat these steps to add more ports to the bond.
  9. Set the bond mode. Depending on the value you set, nmtui displays additional fields for settings that are related to the selected mode.
  10. Depending on your environment, configure the IP address settings in the IPv4 configuration and IPv6 configuration areas accordingly. For this, press the button next to these areas, and select:

    • Disabled, if the bond does not require an IP address.
    • Automatic, if a DHCP server or stateless address autoconfiguration (SLAAC) dynamically assigns an IP address to the bond.
    • Manual, if the network requires static IP address settings. In this case, you must fill further fields:

      1. Press the Show button next to the protocol you want to configure to display additional fields.
      2. Press the Add button next to Addresses, and enter the IP address and the subnet mask in Classless Inter-Domain Routing (CIDR) format.

        If you do not specify a subnet mask, NetworkManager sets a /32 subnet mask for IPv4 addresses and /64 for IPv6 addresses.

      3. Enter the address of the default gateway.
      4. Press the Add button next to DNS servers, and enter the DNS server address.
      5. Press the Add button next to Search domains, and enter the DNS search domain.

    Figure 3.2. Example of a bond connection with static IP address settings

    nmtui bond static IP
  11. Press the OK button to create and automatically activate the new connection.
  12. Press the Back button to return to the main menu.
  13. Select Quit, and press Enter to close the nmtui application.

Verification

  1. Temporarily remove the network cable from the host.

    Note that there is no method to properly test link failure events using software utilities. Tools that deactivate connections, such as nmcli, show only the bonding driver’s ability to handle port configuration changes and not actual link failure events.

  2. Display the status of the bond:

    # cat /proc/net/bonding/bond0

3.6. Configuring a network bond by using nm-connection-editor

If you use Red Hat Enterprise Linux with a graphical interface, you can configure network bonds using the nm-connection-editor application.

Note that nm-connection-editor can add only new ports to a bond. To use an existing connection profile as a port, create the bond by using the nmcli utility as described in Configuring a network bond by using nmcli.

Prerequisites

  • Two or more physical or virtual network devices are installed on the server.
  • To use Ethernet devices as ports of the bond, the physical or virtual Ethernet devices must be installed on the server.
  • To use team, bond, or VLAN devices as ports of the bond, ensure that these devices are not already configured.

Procedure

  1. Open a terminal, and enter nm-connection-editor:

    $ nm-connection-editor
  2. Click the + button to add a new connection.
  3. Select the Bond connection type, and click Create.
  4. On the Bond tab:

    1. Optional: Set the name of the bond interface in the Interface name field.
    2. Click the Add button to add a network interface as a port to the bond.

      1. Select the connection type of the interface. For example, select Ethernet for a wired connection.
      2. Optional: Set a connection name for the port.
      3. If you create a connection profile for an Ethernet device, open the Ethernet tab, and select in the Device field the network interface you want to add as a port to the bond. If you selected a different device type, configure it accordingly. Note that you can only use Ethernet interfaces in a bond that are not configured.
      4. Click Save.
    3. Repeat the previous step for each interface you want to add to the bond:

      add nic to bond in nm connection editor

    4. Optional: Set other options, such as the Media Independent Interface (MII) monitoring interval.
  5. Configure the IP address settings on both the IPv4 Settings and IPv6 Settings tabs:

    • To use this bridge device as a port of other devices, set the Method field to Disabled.
    • To use DHCP, leave the Method field at its default, Automatic (DHCP).
    • To use static IP settings, set the Method field to Manual and fill the fields accordingly:

      bond IP settings nm connection editor

  6. Click Save.
  7. Close nm-connection-editor.

Verification

  1. Temporarily remove the network cable from the host.

    Note that there is no method to properly test link failure events using software utilities. Tools that deactivate connections, such as nmcli, show only the bonding driver’s ability to handle port configuration changes and not actual link failure events.

  2. Display the status of the bond:

    # cat /proc/net/bonding/bond0

3.7. Configuring a network bond by using nmstatectl

Use the nmstatectl utility to configure a network bond through the Nmstate API. The Nmstate API ensures that, after setting the configuration, the result matches the configuration file. If anything fails, nmstatectl automatically rolls back the changes to avoid leaving the system in an incorrect state.

Depending on your environment, adjust the YAML file accordingly. For example, to use different devices than Ethernet adapters in the bond, adapt the base-iface attribute and type attributes of the ports you use in the bond.

Prerequisites

  • Two or more physical or virtual network devices are installed on the server.
  • To use Ethernet devices as ports in the bond, the physical or virtual Ethernet devices must be installed on the server.
  • To use team, bridge, or VLAN devices as ports in the bond, set the interface name in the port list, and define the corresponding interfaces.
  • The nmstate package is installed.

Procedure

  1. Create a YAML file, for example ~/create-bond.yml, with the following content:

    ---
    interfaces:
    - name: bond0
      type: bond
      state: up
      ipv4:
        enabled: true
        address:
        - ip: 192.0.2.1
          prefix-length: 24
        dhcp: false
      ipv6:
        enabled: true
        address:
        - ip: 2001:db8:1::1
          prefix-length: 64
        autoconf: false
        dhcp: false
      link-aggregation:
        mode: active-backup
        port:
        - enp1s0
        - enp7s0
    - name: enp1s0
      type: ethernet
      state: up
    - name: enp7s0
      type: ethernet
      state: up
    
    routes:
      config:
      - destination: 0.0.0.0/0
        next-hop-address: 192.0.2.254
        next-hop-interface: bond0
      - destination: ::/0
        next-hop-address: 2001:db8:1::fffe
        next-hop-interface: bond0
    
    dns-resolver:
      config:
        search:
        - example.com
        server:
        - 192.0.2.200
        - 2001:db8:1::ffbb

    These settings define a network bond with the following settings:

    • Network interfaces in the bond: enp1s0 and enp7s0
    • Mode: active-backup
    • Static IPv4 address: 192.0.2.1 with a /24 subnet mask
    • Static IPv6 address: 2001:db8:1::1 with a /64 subnet mask
    • IPv4 default gateway: 192.0.2.254
    • IPv6 default gateway: 2001:db8:1::fffe
    • IPv4 DNS server: 192.0.2.200
    • IPv6 DNS server: 2001:db8:1::ffbb
    • DNS search domain: example.com
  2. Apply the settings to the system:

    # nmstatectl apply ~/create-bond.yml

Verification

  1. Display the status of the devices and connections:

    # nmcli device status
    DEVICE      TYPE      STATE      CONNECTION
    bond0       bond      connected  bond0
  2. Display all settings of the connection profile:

    # nmcli connection show bond0
    connection.id:              bond0
    connection.uuid:            79cbc3bd-302e-4b1f-ad89-f12533b818ee
    connection.stable-id:       --
    connection.type:            bond
    connection.interface-name:  bond0
    ...
  3. Display the connection settings in YAML format:

    # nmstatectl show bond0

Additional resources

  • nmstatectl(8) man page
  • /usr/share/doc/nmstate/examples/ directory

3.8. Configuring a network bond by using the network RHEL System Role

You can remotely configure a network bond by using the network RHEL System Role.

Perform this procedure on the Ansible control node.

Prerequisites

  • You have prepared the control node and the managed nodes
  • You are logged in to the control node as a user who can run playbooks on the managed nodes.
  • The account you use to connect to the managed nodes has sudo permissions on them.
  • The managed nodes or groups of managed nodes on which you want to run this playbook are listed in the Ansible inventory file.
  • Two or more physical or virtual network devices are installed on the server.

Procedure

  1. Create a playbook file, for example ~/bond-ethernet.yml, with the following content:

    ---
    - name: Configure the network
      hosts: managed-node-01.example.com
      tasks:
      - name: Configure a network bond that uses two Ethernet ports
        include_role:
          name: rhel-system-roles.network
    
        vars:
          network_connections:
            # Define the bond profile
            - name: bond0
              type: bond
              interface_name: bond0
              ip:
                address:
                  - "192.0.2.1/24"
                  - "2001:db8:1::1/64"
                gateway4: 192.0.2.254
                gateway6: 2001:db8:1::fffe
                dns:
                  - 192.0.2.200
                  - 2001:db8:1::ffbb
                dns_search:
                  - example.com
              bond:
                mode: active-backup
              state: up
    
            # Add an Ethernet profile to the bond
            - name: bond0-port1
              interface_name: enp7s0
              type: ethernet
              controller: bond0
              state: up
    
            # Add a second Ethernet profile to the bond
            - name: bond0-port2
              interface_name: enp8s0
              type: ethernet
              controller: bond0
              state: up

    These settings define a network bond with the following settings:

    • A static IPv4 address - 192.0.2.1 with a /24 subnet mask
    • A static IPv6 address - 2001:db8:1::1 with a /64 subnet mask
    • An IPv4 default gateway - 192.0.2.254
    • An IPv6 default gateway - 2001:db8:1::fffe
    • An IPv4 DNS server - 192.0.2.200
    • An IPv6 DNS server - 2001:db8:1::ffbb
    • A DNS search domain - example.com
    • Ports of the bond - enp7s0 and enp8s0
    • Bond mode - active-backup

      Note

      Set the IP configuration on the bond and not on the ports of the Linux bond.

  2. Validate the playbook syntax:

    # ansible-playbook ~/bond-ethernet.yml --syntax-check

    Note that this command only validates the syntax and does not protect against a wrong but valid configuration.

  3. Run the playbook:

    # ansible-playbook ~/bond-ethernet.yml

Additional resources

  • /usr/share/ansible/roles/rhel-system-roles.network/README.md file

3.9. Creating a network bond to enable switching between an Ethernet and wireless connection without interrupting the VPN

RHEL users who connect their workstation to their company’s network typically use a VPN to access remote resources. However, if the workstation switches between an Ethernet and Wi-Fi connection, for example, if you release a laptop from a docking station with an Ethernet connection, the VPN connection is interrupted. To avoid this problem, you can create a network bond that uses the Ethernet and Wi-Fi connection in active-backup mode.

Prerequisites

  • The host contains an Ethernet and a Wi-Fi device.
  • An Ethernet and Wi-Fi NetworkManager connection profile has been created and both connections work independently.

    This procedure uses the following connection profiles to create a network bond named bond0:

    • Docking_station associated with the enp11s0u1 Ethernet device
    • Wi-Fi associated with the wlp1s0 Wi-Fi device

Procedure

  1. Create a bond interface in active-backup mode:

    # nmcli connection add type bond con-name bond0 ifname bond0 bond.options "mode=active-backup"

    This command names both the interface and connection profile bond0.

  2. Configure the IPv4 settings of the bond:

    • If a DHCP server in your network assigns IPv4 addresses to hosts, no action is required.
    • If your local network requires static IPv4 addresses, set the address, network mask, default gateway, DNS server, and DNS search domain to the bond0 connection:

      # nmcli connection modify bond0 ipv4.addresses '192.0.2.1/24'
      # nmcli connection modify bond0 ipv4.gateway '192.0.2.254'
      # nmcli connection modify bond0 ipv4.dns '192.0.2.253'
      # nmcli connection modify bond0 ipv4.dns-search 'example.com'
      # nmcli connection modify bond0 ipv4.method manual
  3. Configure the IPv6 settings of the bond:

    • If your router or a DHCP server in your network assigns IPv6 addresses to hosts, no action is required.
    • If your local network requires static IPv6 addresses, set the address, network mask, default gateway, DNS server, and DNS search domain to the bond0 connection:

      # nmcli connection modify bond0 ipv6.addresses '2001:db8:1::1/64'
      # nmcli connection modify bond0 ipv6.gateway '2001:db8:1::fffe'
      # nmcli connection modify bond0 ipv6.dns '2001:db8:1::fffd'
      # nmcli connection modify bond0 ipv6.dns-search 'example.com'
      # nmcli connection modify bond0 ipv6.method manual
  4. Display the connection profiles:

    # nmcli connection show
    NAME             UUID                                  TYPE      DEVICE
    Docking_station  256dd073-fecc-339d-91ae-9834a00407f9  ethernet  enp11s0u1
    Wi-Fi            1f1531c7-8737-4c60-91af-2d21164417e8  wifi      wlp1s0
    ...

    You require the names of the connection profiles and the Ethernet device name in the next steps.

  5. Assign the connection profile of the Ethernet connection to the bond:

    # nmcli connection modify Docking_station master bond0
  6. Assign the connection profile of the Wi-Fi connection to the bond:

    # nmcli connection modify Wi-Fi master bond0
  7. If your Wi-Fi network uses MAC filtering to allow only MAC addresses on a allow list to access the network, configure that NetworkManager dynamically assigns the MAC address of the active port to the bond:

    # nmcli connection modify bond0 +bond.options fail_over_mac=1

    With this setting, you must set only the MAC address of the Wi-Fi device to the allow list instead of the MAC address of both the Ethernet and Wi-Fi device.

  8. Set the device associated with the Ethernet connection as primary device of the bond:

    # nmcli con modify bond0 +bond.options "primary=enp11s0u1"

    With this setting, the bond always uses the Ethernet connection if it is available.

  9. Configure that NetworkManager automatically activates ports when the bond0 device is activated:

    # nmcli connection modify bond0 connection.autoconnect-slaves 1
  10. Activate the bond0 connection:

    # nmcli connection up bond0

Verification

  • Display the currently active device, the status of the bond and its ports:

    # cat /proc/net/bonding/bond0
    Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
    
    Bonding Mode: fault-tolerance (active-backup) (fail_over_mac active)
    Primary Slave: enp11s0u1 (primary_reselect always)
    Currently Active Slave: enp11s0u1
    MII Status: up
    MII Polling Interval (ms): 1
    Up Delay (ms): 0
    Down Delay (ms): 0
    Peer Notification Delay (ms): 0
    
    Slave Interface: enp11s0u1
    MII Status: up
    Speed: 1000 Mbps
    Duplex: full
    Link Failure Count: 0
    Permanent HW addr: 00:53:00:59:da:b7
    Slave queue ID: 0
    
    Slave Interface: wlp1s0
    MII Status: up
    Speed: Unknown
    Duplex: Unknown
    Link Failure Count: 2
    Permanent HW addr: 00:53:00:b3:22:ba
    Slave queue ID: 0

3.10. The different network bonding modes

The Linux bonding driver provides link aggregation. Bonding is the process of aggregating multiple network interfaces in parallel to provide a single logical bonded interface. The actions of a bonded interface depend on the bonding policy that is also known as mode. The different modes provide either load-balancing or hot standby services.

The following modes exist:

Balance-rr (Mode 0)

Balance-rr uses the round-robin algorithm that sequentially transmits packets from the first available port to the last one. This mode provides load balancing and fault tolerance.

This mode requires switch configuration of a port aggregation group, also called EtherChannel or similar port grouping. An EtherChannel is a port link aggregation technology to group multiple physical Ethernet links to one logical Ethernet link.

The drawback of this mode is that it is not suitable for heavy workloads and if TCP throughput or ordered packet delivery is essential.

Active-backup (Mode 1)

Active-backup uses the policy that determines that only one port is active in the bond. This mode provides fault tolerance and does not require any switch configuration.

If the active port fails, an alternate port becomes active. The bond sends a gratuitous address resolution protocol (ARP) response to the network. The gratuitous ARP forces the receiver of the ARP frame to update their forwarding table. The Active-backup mode transmits a gratuitous ARP to announce the new path to maintain connectivity for the host.

The primary option defines the preferred port of the bonding interface.

Balance-xor (Mode 2)

Balance-xor uses the selected transmit hash policy to send the packets. This mode provides load balancing, fault tolerance, and requires switch configuration to set up an Etherchannel or similar port grouping.

To alter packet transmission and balance transmit, this mode uses the xmit_hash_policy option. Depending on the source or destination of traffic on the interface, the interface requires an additional load-balancing configuration. See description xmit_hash_policy bonding parameter.

Broadcast (Mode 3)

Broadcast uses a policy that transmits every packet on all interfaces. This mode provides fault tolerance and requires a switch configuration to set up an EtherChannel or similar port grouping.

The drawback of this mode is that it is not suitable for heavy workloads and if TCP throughput or ordered packet delivery is essential.

802.3ad (Mode 4)

802.3ad uses the same-named IEEE standard dynamic link aggregation policy. This mode provides fault tolerance. This mode requires switch configuration to set up a Link Aggregation Control Protocol (LACP) port grouping.

This mode creates aggregation groups that share the same speed and duplex settings and utilizes all ports in the active aggregator. Depending on the source or destination of traffic on the interface, this mode requires an additional load-balancing configuration.

By default, the port selection for outgoing traffic depends on the transmit hash policy. Use the xmit_hash_policy option of the transmit hash policy to change the port selection and balance transmit.

The difference between the 802.3ad and the Balance-xor is compliance. The 802.3ad policy negotiates LACP between the port aggregation groups. See description xmit_hash_policy bonding parameter

Balance-tlb (Mode 5)

Balance-tlb uses the transmit load balancing policy. This mode provides fault tolerance, load balancing, and establishes channel bonding that does not require any switch support.

The active port receives the incoming traffic. In case of failure of the active port, another one takes over the MAC address of the failed port. To decide which interface processes the outgoing traffic, use one of the following modes:

  • Value 0: Uses the hash distribution policy to distribute traffic without load balancing
  • Value 1: Distributes traffic to each port by using load balancing

    With the bonding option tlb_dynamic_lb=0, this bonding mode uses the xmit_hash_policy bonding option to balance transmit. The primary option defines the preferred port of the bonding interface.

See description xmit_hash_policy bonding parameter.

Balance-alb (Mode 6)

Balance-alb uses an adaptive load balancing policy. This mode provides fault tolerance, load balancing, and does not require any special switch support.

This mode Includes balance-transmit load balancing (balance-tlb) and receive-load balancing for IPv4 and IPv6 traffic. The bonding intercepts ARP replies sent by the local system and overwrites the source hardware address of one of the ports in the bond. ARP negotiation manages the receive-load balancing. Therefore, different ports use different hardware addresses for the server.

The primary option defines the preferred port of the bonding interface. With the bonding option tlb_dynamic_lb=0, this bonding mode uses the xmit_hash_policy bonding option to balance transmit. See description xmit_hash_policy bonding parameter.

Additional resources

3.11. The xmit_hash_policy bonding parameter

The xmit_hash_policy load balancing parameter selects the transmit hash policy for a node selection in the balance-xor, 802.3ad, balance-alb, and balance-tlb modes. It is only applicable to mode 5 and 6 if the tlb_dynamic_lb parameter is 0. The possible values of this parameter are layer2, layer2+3, layer3+4, encap2+3, encap3+4, and vlan+srcmac.

Refer the table for details:

Policy or Network layers

Layer2

Layer2+3

Layer3+4

encap2+3

encap3+4

VLAN+srcmac

Uses

XOR of source and destination MAC addresses and Ethernet protocol type

XOR of source and destination MAC addresses and IP addresses

XOR of source and destination ports and IP addresses

XOR of source and destination MAC addresses and IP addresses inside a supported tunnel, for example, Virtual Extensible LAN (VXLAN). This mode relies on skb_flow_dissect() function to obtain the header fields

XOR of source and destination ports and IP addresses inside a supported tunnel, for example, VXLAN. This mode relies on skb_flow_dissect() function to obtain the header fields

XOR of VLAN ID and source MAC vendor and source MAC device

Placement of traffic

All traffic to a particular network peer on the same underlying network interface

All traffic to a particular IP address on the same underlying network interface

All traffic to a particular IP address and port on the same underlying network interface

   

Primary choice

If network traffic is between this system and multiple other systems in the same broadcast domain

If network traffic between this system and multiple other systems goes through a default gateway

If network traffic between this system and another system uses the same IP addresses but goes through multiple ports

The encapsulated traffic is between the source system and multiple other systems using multiple IP addresses

The encapsulated traffic is between the source system and other systems using multiple port numbers

If the bond carries network traffic, from multiple containers or virtual machines (VM), that expose their MAC address directly to the external network such as the bridge network, and you can not configure a switch for Mode 2 or Mode 4

Secondary choice

If network traffic is mostly between this system and multiple other systems behind a default gateway

If network traffic is mostly between this system and another system

    

Compliant

802.3ad

802.3ad

Not 802.3ad

   

Default policy

This is the default policy if no configuration is provided

For non-IP traffic, the formula is the same as for the layer2 transmit policy

For non-IP traffic, the formula is the same as for the layer2 transmit policy