Technical data
Working with Link Aggregation
Check Point VSX Administration Guide NGX R67 | 131
How Link Aggregation Works
A bond contains a minimum of one and may contain up to eight slave interfaces. All slave interfaces
contained in a bond share a common IP and MAC address. We recommend that each cluster member
contain the same quantity of identical slave interfaces.
Figure 8-29 Bond with three slave interfaces
Note - Link Aggregation is only supported on Check Point SecurePlatform machines.
You can configure Link Aggregation using one of the following strategies:
High Availability (Active/Backup): Ensures redundancy in the event of interface or link failure. This
option also provides switch redundancy.
Load Sharing (Active/Active): All interfaces are active, but handle different connections
simultaneously. Traffic is balanced amongst slave interfaces to maximize throughput. The Load
Sharing option does not support switch redundancy.
High Availability Overview
Clusters, by definition, provide redundancy and high availability at the Security Gateway level. Link
Aggregation, however, adds interface and switch redundancy by providing automatic failover to a standby
interface card within the same member.
In a High Availability deployment, only one interface is active at a time. If an interface or connection fails, the
bond fails over to a standby slave interface. Failover occurs in one of the following cases:
An active interface detects a link state failure in a monitored interface
ClusterXL detects a failure in sending or receiving Cluster Control Protocol (CCP) keep-alive packets
Fully Meshed Redundancy via Interface Bonding
The Link Aggregation High Availability mode, when deployed with ClusterXL, enables a higher level of
reliability by providing granular redundancy in the network. This granular redundancy is achieved by using a
fully meshed topology, which provides for independent backups for both NICs and switches.
The following figure illustrates this concept.