NSX Network Detection and Response - Using interface bonding on the sensor
search cancel

NSX Network Detection and Response - Using interface bonding on the sensor

book

Article ID: 323937

calendar_today

Updated On:

Products

VMware

Issue/Introduction

Description

This article briefly describes the steps that are required to setup interface bonding on a sensor. Interface bonding can be useful to multiplex together packets delivered to multiple sniffing interfaces. The typical use case for this is the operation with hardware tap devices who deliver inbound and outbound packets on two separate network interfaces.


Known issues

It should be noted that at the time of writing the use of interface bonding has some minor side-effects on the sensor operation. More specifically, the use of interface bonding causes certain appliance metrics (network traffic processed and packet processed) to stop operating correctly. This does not affect however the overall operation of the sensor.

While interface bonding can be applied on both 1Gbps and 10Gbps interfaces, when using bonding we loose support for NIC hardware queues (RSS). The performance of a 10Gbps sensor with interface bonding is therefore lower than its non-bonding counterpart.

 


Resolution

Implementation

The interface bonding configuration mostly relies on the underlying Ubuntu OS support (https://help.ubuntu.com/community/UbuntuBonding).

Note: The interface names below are an example, please update eth4 and eth5 to the relevant interfaces names specific to your deployment.

1. Before proceeding to the configuration, deactivate the interfaces you intend to bond together. In this example, let's assume that the relevant interfaces are eth4 and eth5:

  ifdown eth4
  ifdown eth5

2. Edit the ubuntu network configuration file (/etc/network/interfaces) in order to define the bonding interface. Notice that entries for the sniffing interfaces eth4 and eth5 are likely to be already present, but they need to be updated with a reference to the bond-master. Example:


  auto eth4
  iface eth4 inet manual
      up ip link set eth4 up promisc on
      down ip link set eth4 down
      bond-master bond0

   auto eth5
   iface eth5 inet manual
      up ip link set eth5 up promisc on
      down ip link set eth5 down
      bond-master bond0

   auto bond0
   iface bond0 inet manual
      bond-mode 0
      bond-slaves eth4 eth5

3. Activate the new bond0 interface created in step 2 and the slaves interfaces:           

   ifup bond0
   ifup eth4
   ifup eth5

4. Run lastline_setup and configure the bonded interface as a sniffing interface.

   root@lastline-sensor:~# lastline_setup
   Lastline Enterprise Sensor Configuration Interface
   -> sniffing_interfaces bond0
   sniffing_interfaces = bond0
    -> save

After applying the configurations, you should see this line as part of the output: 
INFO - Applying configuration finished successfully.


You can check the status of the bond0 interface by running: 

   cat /proc/net/bonding/bond0

Additional Information

Note: This article is applicable to the standalone NSX Network Detection and Response product (formerly Lastline) and is not intended to be applied to the NSX NDR feature of NSX-T.

Powered by Wolken Software