Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
Description This article briefly describes the steps that are required to setup interface bonding on a sensor. Interface bonding can be useful to multiplex together packets delivered to multiple sniffing interfaces. The typical use case for this is the operation with hardware tap devices who deliver inbound and outbound packets on two separate network interfaces. Known issues It should be noted that at the time of writing the use of interface bonding has some minor side-effects on the sensor operation. More specifically, the use of interface bonding causes certain appliance metrics (network traffic processed and packet processed) to stop operating correctly. This does not affect however the overall operation of the sensor. While interface bonding can be applied on both 1Gbps and 10Gbps interfaces, when using bonding we loose support for NIC hardware queues (RSS). The performance of a 10Gbps sensor with interface bonding is therefore lower than its non-bonding counterpart.
Implementation The interface bonding configuration mostly relies on the underlying Ubuntu OS support (https://help.ubuntu.com/community/UbuntuBonding).Note: The interface names below are an example, please update eth4 and eth5 to the relevant interfaces names specific to your deployment.1. Before proceeding to the configuration, deactivate the interfaces you intend to bond together. In this example, let's assume that the relevant interfaces are eth4 and eth5: ifdown eth4 ifdown eth52. Edit the ubuntu network configuration file (/etc/network/interfaces) in order to define the bonding interface. Notice that entries for the sniffing interfaces eth4 and eth5 are likely to be already present, but they need to be updated with a reference to the bond-master. Example: auto eth4 iface eth4 inet manual up ip link set eth4 up promisc on down ip link set eth4 down bond-master bond0 auto eth5 iface eth5 inet manual up ip link set eth5 up promisc on down ip link set eth5 down bond-master bond0 auto bond0 iface bond0 inet manual bond-mode 0 bond-slaves eth4 eth53. Activate the new bond0 interface created in step 2 and the slaves interfaces: ifup bond0 ifup eth4 ifup eth54. Run lastline_setup and configure the bonded interface as a sniffing interface. root@lastline-sensor:~# lastline_setup Lastline Enterprise Sensor Configuration Interface -> sniffing_interfaces bond0 sniffing_interfaces = bond0 -> saveAfter applying the configurations, you should see this line as part of the output: INFO - Applying configuration finished successfully. You can check the status of the bond0 interface by running: cat /proc/net/bonding/bond0
Note: This article is applicable to the standalone NSX Network Detection and Response product (formerly Lastline) and is not intended to be applied to the NSX NDR feature of NSX-T.