Luna Network HSM 7 Appliance Port Bonding

Luna Network HSM 7 has four physical network interface devices: eth0, eth1, eth2, and eth3. You can bond eth0 and eth1 into a single virtual interface, bond0, or eth2 and eth3 into bond1, to provide a redundant active/standby interface. The primary purpose of the service is a hot standby mode for network interface failure, no performance or throughput gains are intended.

The following conditions and recommendations apply to the port bonding feature:

>Bonded interfaces must both be attached to the same network segment. For example, if a bonded interface of IP 192.168.9.126 is chosen, both interfaces must be connected to devices that can access the 192.168.9.* network.

>Bonded interfaces must use static addressing.

>Avoid executing bonding commands while clients are running applications against the Luna Network HSM 7. Where a bonding interface has the same IP as the IP of eth0 or eth2, no ill effects have been observed on running clients other than normal fail-over/recover behavior.

>Avoid executing bonding commands over SSH, which can result in the closure of the active SSH session.

Once bonding is configured, client connections as well as SSH connections continue uninterrupted if either of the bonded interfaces fails.

Using Port Bonding

Use LunaSH to configure, enable, or disable port bonding, and to display the current port bonding status. See network interface bonding for a list of the port bonding commands.

To bond eth0 and eth1 to the bond0 or eth2 and eth3 to the bond1 virtual interface

1.Specify a static IP address, subnet mask, and gateway for the bonded interface.

NOTE   To avoid breaking the NTLS connection to the appliance, ensure that the IP address you specify for the bonded interface is the IP address used for the current NTLS connection. For bond0 use the IP address for eth0 or eth1. For bond1 use the IP address for eth2 or eth3.

lunash:> network interface bonding config -ip <IP_address> -netmask <netmask> -name {bond0 | bond1} [-mode broadcast] -gateway <IP_address>

2.Ensure that the affected network devices are both Activated and that links are detected.

lunash:> network show

3.Enable the bonded interface.

lunash:> network interface bonding enable -name <netbond>

NOTE   Initially, "Mode 1- Active-Backup Mode" was the default, and only, bonding mode. From Luna Network HSM 7 version 7.8.4 onward, the option is provided to choose "Mode 3 - Broadcast Mode". See network interface bonding config.

Setting the Default Route on a Bonded Interface

Using older versions of the Luna Network HSM 7 appliance software, each network device can be configured with its own default route. Using Luna Appliance Software 7.3.3, Luna Network HSM 7 Appliance Software 7.4.2, or Luna Appliance Software 7.7.0 and newer, only one default route may be configured on the appliance. The first network route configured (either automatically using DHCP, or by specifying a valid -gateway option when configuring a static IP on a network device) becomes the default route. If you wish to change this default route, you must first delete the original default route. This applies if the default route has been applied on a network interface and you want to enable it on a different interface. The default route remains constant if you switch the device between static and DHCP address selection.

When setting up network devices on your Luna Network HSM 7, the first device you configured with a gateway received the default route automatically. When you enable the bond, if one of the secondary interfaces within the bond has the default route, the bonded interface receives the default route.

If you wish to transfer the default route to the other bonded interface (or a secondary device within the other bonded interface), use the following prodecure.

CAUTION!    Once the default route is added to the bonded interface, disabling the bond for any reason will cause a loss of SSH connectivity to the Luna Network HSM 7. It is highly recommended that you configure manual routes on at least one of the secondary interfaces within the bonded interface (eth0 or eth1 for bond0, eth2 or eth3 for bond1). Refer to Disabling a Bonded Interface.

To move the default route from eth0 to bond1

1.[Optional] Display the current network settings.

lunash:> network route show

2.Remove the default route from eth0. When the default route is removed from a network device or bonding interface, the gateway is automatically dropped.

lunash:> network route delete network <IP_address> -device eth0 -gateway 0.0.0.0

3.Disable bond1. When a bonding interface is disabled, its gateway value is automatically dropped.

lunash:> network interface bonding disable -name bond1

4.Re-configure bond1. Assign the gateway to add the default route to bond1.

lunash:> network interface bonding config -ip <IP_address>  -netmask <netmask> -name bond1 -gateway <gateway>

5.Enable bond1.

lunash:> network interface bonding enable -name bond1

Now you can add manual network or host routes as required for your desired network flow.

Disabling a Bonded Interface

Once the default route is added to the bonded interface, disabling the bond for any reason will cause a loss of SSH connectivity to the Luna Network HSM 7. It is highly recommended that you configure manual routes on at least one of the secondary interfaces within the bonded interface (eth0 or eth1 for bond0, eth2 or eth3 for bond1). If you did not do this, you will need to reconnect using a serial connection after disabling the bond.

To disable a bonded interface

1.Disable bond0.

lunash:> network interface bonding disable -name bond0

The network connection will drop once the bond is disabled.

2.Open a new SSH session to the IP address of eth0 or another secondary interface, or reconnect to the appliance using a serial connection.

Setting bonding mode to "broadcast"

To set the bonding mode to "broadcast":

1.For each bonded interface, disable first.

Disable bond0.

lunash:> network interface bonding disable -name bond0

Disable bond1.

lunash:> network interface bonding disable -name bond1

2.For each interface, configure with the -mode broadcast option

lunash:> network interface bonding config -name bond0 -ip <ip of interface> -netmask <netmask> -mode broadcast -gateway <ip of gateway>

lunash:> network interface bonding config -name bond1 -ip <ip of interface> -netmask <netmask> -mode broadcast --gateway <ip of gateway>

3.For each bonded interface, re-enable.

Enable bond0.

lunash:> network interface bonding disable -name bond0

Enable bond1.

lunash:> network interface bonding disable -name bond1

Setting bonding mode back to "active-backup"

To set the bonding mode to back to the default "active-backup":

1.For each bonded interface, disable first.

Disable bond0.

lunash:> network interface bonding disable -name bond0

Disable bond1.

lunash:> network interface bonding disable -name bond1

2.For each interface, set the bonding mode back to the default "active-backup" mode, configure without the -mode broadcast option

lunash:> network interface bonding config -name bond0 -ip <ip of interface> -netmask <netmask> -gateway <ip of gateway>

lunash:> network interface bonding config -name bond1 -ip <ip of interface> -netmask <netmask> --gateway <ip of gateway>

3.For each bonded interface, re-enable.

Enable bond0.

lunash:> network interface bonding disable -name bond0

Enable bond1.

lunash:> network interface bonding disable -name bond1