FreeBSD provides the lagg(4) interface which can be used to aggregate multiple network interfaces into one virtual interface in order to provide failover and link aggregation. Failover allows traffic to continue to flow as long as at least one aggregated network interface has an established link. Link aggregation works best on switches which support LACP, as this protocol distributes traffic bi-directionally while responding to the failure of individual links.
The aggregation protocols supported by the lagg interface determine which ports are used for outgoing traffic and whether or not a specific port accepts incoming traffic. The following protocols are supported by lagg(4):
This mode sends and receives traffic only through the master port. If the master port becomes unavailable, the next active port is used. The first interface added to the virtual interface is the master port and all subsequently added interfaces are used as failover devices. If failover to a non-master port occurs, the original port becomes master once it becomes available again.
Cisco® Fast EtherChannel® (FEC) is found on older Cisco® switches. It provides a static setup and does not negotiate aggregation with the peer or exchange frames to monitor the link. If the switch supports LACP, that should be used instead.
The IEEE® 802.3ad Link Aggregation Control Protocol (LACP) negotiates a set of aggregable links with the peer into one or more Link Aggregated Groups (LAGs). Each LAG is composed of ports of the same speed, set to full-duplex operation, and traffic is balanced across the ports in the LAG with the greatest total speed. Typically, there is only one LAG which contains all the ports. In the event of changes in physical connectivity, LACP will quickly converge to a new configuration.
LACP balances outgoing traffic across the active ports based on hashed protocol header information and accepts incoming traffic from any active port. The hash includes the Ethernet source and destination address and, if available, the VLAN tag, and the IPv4 or IPv6 source and destination address.
This mode distributes outgoing traffic using a round-robin scheduler through all active ports and accepts incoming traffic from any active port. Since this mode violates Ethernet frame ordering, it should be used with caution.
This section demonstrates how to configure a Cisco® switch and a FreeBSD system for LACP load balancing. It then shows how to configure two Ethernet interfaces in failover mode as well as how to configure failover mode between an Ethernet and a wireless interface.
This example connects two fxp(4) Ethernet interfaces on a FreeBSD machine to the first two Ethernet ports on a Cisco® switch as a single load balanced and fault tolerant link. More interfaces can be added to increase throughput and fault tolerance. Replace the names of the Cisco® ports, Ethernet devices, channel group number, and IP address shown in the example to match the local configuration.
Frame ordering is mandatory on Ethernet links and any traffic between two stations always flows over the same physical link, limiting the maximum speed to that of one interface. The transmit algorithm attempts to use as much information as it can to distinguish different traffic flows and balance the flows across the available interfaces.
On the Cisco® switch, add the
FastEthernet0/1 and
FastEthernet0/2 interfaces to
channel group 1:
interface!FastEthernet0/1channel-group1mode active channel-protocol lacpinterfaceFastEthernet0/2channel-group1mode active channel-protocol lacp
On the FreeBSD system, create the lagg(4) interface
using the physical interfaces
fxp0 and
fxp1 and bring the interfaces up
with an IP address of
10.0.0.3/24:
#ifconfigfxp0up#ifconfigfxp1up#ifconfiglaggcreate0#ifconfiglaggup laggproto lacp laggport0fxp0laggportfxp110.0.0.3/24
Next, verify the status of the virtual interface:
#ifconfiglagg0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=8<VLAN_MTU> ether 00:05:5d:71:8d:b8 inet 10.0.0.3 netmask 0xffffff00 broadcast 10.0.0.255 media: Ethernet autoselect status: active laggproto lacp laggport: fxp1 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING> laggport: fxp0 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>lagg0
Ports
marked as ACTIVE are part of the
LAG that has been negotiated with the
remote switch. Traffic will be transmitted and received
through these active ports. Add -v to the
above command to view the LAG
identifiers.
To see the port status on the Cisco® switch:
switch# show lacp neighbor
Flags: S - Device is requesting Slow LACPDUs
F - Device is requesting Fast LACPDUs
A - Device is in Active mode P - Device is in Passive mode
Channel group 1 neighbors
Partner's information:
LACP port Oper Port Port
Port Flags Priority Dev ID Age Key Number State
Fa0/1 SA 32768 0005.5d71.8db8 29s 0x146 0x3 0x3D
Fa0/2 SA 32768 0005.5d71.8db8 29s 0x146 0x4 0x3DFor more detail, type show lacp neighbor
detail.
To retain this configuration across reboots, add the
following entries to
/etc/rc.conf on the FreeBSD system:
ifconfig_fxp0="up" ifconfig_fxp1="up" cloned_interfaces="lagg" ifconfig_0lagg="laggproto lacp laggport0fxp0laggportfxp110.0.0.3/24"
Failover mode can be used to switch over to a secondary
interface if the link is lost on the master interface. To
configure failover, make sure that the underlying physical
interfaces are up, then create the lagg(4) interface.
In this example, fxp0 is the
master interface, fxp1 is the
secondary interface, and the virtual interface is assigned
an IP address of
10.0.0.15/24:
#ifconfigfxp0up#ifconfigfxp1up#ifconfiglaggcreate0#ifconfiglaggup laggproto failover laggport0fxp0laggportfxp110.0.0.15/24
The virtual interface should look something like this:
#ifconfiglagg0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=8<VLAN_MTU> ether 00:05:5d:71:8d:b8 inet 10.0.0.15 netmask 0xffffff00 broadcast 10.0.0.255 media: Ethernet autoselect status: active laggproto failover laggport: fxp1 flags=0<> laggport: fxp0 flags=5<MASTER,ACTIVE>lagg0
Traffic will be transmitted and received on
fxp0. If the link is lost on
fxp0,
fxp1 will become the active link.
If the link is restored on the master interface, it will
once again become the active link.
To retain this configuration across reboots, add the
following entries to
/etc/rc.conf:
ifconfig_fxp0="up" ifconfig_fxp1="up" cloned_interfaces="lagg" ifconfig_0lagg="laggproto failover laggport0fxp0laggportfxp110.0.0.15/24"
For laptop users, it is usually desirable to configure the wireless device as a secondary which is only used when the Ethernet connection is not available. With lagg(4), it is possible to configure a failover which prefers the Ethernet connection for both performance and security reasons, while maintaining the ability to transfer data over the wireless connection.
This is achieved by overriding the Ethernet interface's MAC address with that of the wireless interface.
In theory, either the Ethernet or wireless MAC address can be changed to match the other. However, some popular wireless interfaces lack support for overriding the MAC address. We therefore recommend overriding the Ethernet MAC address for this purpose.
If the driver for the wireless interface is not loaded
in the GENERIC or custom kernel,
and the computer is running FreeBSD 12.1,
load the corresponding .ko in
/boot/loader.conf by adding
driver_load="YES"/etc/rc.conf by
adding it to kld_list (see
rc.conf(5) for details) in that file and rebooting.
This is needed because otherwise the driver is not loaded
yet at the time the lagg(4) interface is set
up.
In this example, the Ethernet interface,
re0, is the master and the
wireless interface, wlan0, is
the failover. The wlan0
interface was created from the
ath0 physical wireless interface,
and the Ethernet interface will be configured with the
MAC address of the wireless interface.
First, determine the MAC address of the
wireless interface:
#ifconfigwlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 ether b8:ee:65:5b:32:59 groups: wlan ssid Bbox-A3BD2403 channel 6 (2437 MHz 11g ht/20) bssid 00:37:b7:56:4b:60 regdomain ETSI country FR indoor ecm authmode WPA2/802.11i privacy ON deftxkey UNDEF AES-CCM 2:128-bit txpower 30 bmiss 7 scanvalid 60 protmode CTS ampdulimit 64k ampdudensity 8 shortgi -stbctx stbcrx -ldpc wme burst roaming MANUAL media: IEEE 802.11 Wireless Ethernet MCS mode 11ng status: associated nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>wlan0
Replace wlan0 to match the
system's wireless interface name. The
ether line will contain the
MAC address of the specified interface.
Now, change the MAC address of the
Ethernet interface:
#ifconfigre0etherb8:ee:65:5b:32:59
Bring the wireless interface up (replacing
FR with your own 2-letter country
code), but do not set an IP
address:
#ifconfigwlan0create wlandevath0countryFRssidmy_routerup
Make sure the re0 interface
is up, then create the lagg(4) interface with
re0 as master with failover to
wlan0:
#ifconfigre0up#ifconfiglaggcreate0#ifconfiglaggup laggproto failover laggport0re0laggportwlan0
The virtual interface should look something like this:
#ifconfiglagg0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=8<VLAN_MTU> ether b8:ee:65:5b:32:59 laggproto failover lagghash l2,l3,l4 laggport: re0 flags=5<MASTER,ACTIVE> laggport: wlan0 flags=0<> groups: lagg media: Ethernet autoselect status: activelagg0
Then, start the DHCP client to obtain an IP address:
#dhclientlagg0
To retain this configuration across reboots, add the
following entries to
/etc/rc.conf:
ifconfig_re0="etherb8:ee:65:5b:32:59" wlans_ath0="wlan0" ifconfig_wlan0="WPA" create_args_wlan0="countryFR" cloned_interfaces="lagg" ifconfig_0lagg="up laggproto failover laggport0re0laggport wlan0 DHCP"
All FreeBSD documents are available for download at https://download.freebsd.org/ftp/doc/
Questions that are not answered by the
documentation may be
sent to <freebsd-questions@FreeBSD.org>.
Send questions about this document to <freebsd-doc@FreeBSD.org>.