![background image](http://html.mh-extra.com/html/d-link/netdefendos/netdefendos_user-manual_75156194.webp)
The administrator must make a judgment about the traffic being spread across the aggregated
physical interfaces and choose one of the following criteria for the distribution:
•
DestinationMAC
•
SourceIP
•
DestinationIP
•
SourcePort
•
DestinationPort
•
IP and Ports (the default)
Choosing the Distribution Method
The algorithm that spreads the traffic between the aggregated interfaces uses hashing with the
chosen distribution method as the input. The best distribution method is therefore the one
which varies the most. For example, if the source of traffic is a number of internal clients being
NATed to the Internet via an ISP, the best choice for the distribution method is most likely
SourcePort
since this will be chosen randomly as each connection is opened by a client.
An alternative in the above scenario could be
SourceIP
but only if there is a sufficiently large
number of clients. With just a few clients,
SourceIP
might end up with only one of the aggregated
interfaces being used.
If aggregation is being done for a protected web server receiving external requests from remote
clients over the public Internet, the
DestinationIP
would not be suitable since all connections
would have the server's address. Instead, the more variable
SourceIP
would be a better choice for
the distribution method.
The hashing process to choose the physical Ethernet interface to use takes place each time a new
connection is opened. This means that all packets for a given connection will be sent on the
same physical interface. The chosen interface for the connection would then only subsequently
change if the chosen mode was dynamic and the connection fails.
The Default IP and Ports Distribution Method
The default distribution method is
IP and Ports
and this takes into account both the source and
destination IP address as well as the source and destination port number. It is designed to be a
general catch-all solution where the traffic type is known to be variable or where the
administrator is uncertain which of the more specific distribution is suitable.
Physical Switch Connections
The physical cable links between the firewall and the external switch can be made either before
or after creating the
LinkAggregation
object and activating the changed configuration.
NetDefendOS will try to send data on the aggregated interfaces as soon as the configuration
changes become active.
However, it is recommended that the physical cabling is in place before the
LinkAggregation
object is activated and saved. This will provide the behavior which is expected from the feature
and is particularly relevant if negotiated aggregation (LACP) is used.
Setup with High Availability
When using link aggregation with HA, the connections from the Ethernet ports on each firewall
in the HA cluster can connect to the same or different switches. However, if using the same
switch, the switch must be configured so that the connections from each firewall are kept
separate by creating two link aggregation groups in the switch.
Chapter 3: Fundamentals
194
Содержание NetDefendOS
Страница 30: ...Figure 1 3 Packet Flow Schematic Part III Chapter 1 NetDefendOS Overview 30 ...
Страница 32: ...Chapter 1 NetDefendOS Overview 32 ...
Страница 144: ...Chapter 2 Management and Maintenance 144 ...
Страница 220: ... Enable DHCP passthrough Enable L2 passthrough for non IP protocols 4 Click OK Chapter 3 Fundamentals 220 ...
Страница 267: ... SourceNetwork lannet DestinationInterface any DestinationNetwork all nets 4 Click OK Chapter 3 Fundamentals 267 ...
Страница 284: ...Chapter 3 Fundamentals 284 ...
Страница 360: ...The ospf command options are fully described in the separate NetDefendOS CLI Reference Guide Chapter 4 Routing 360 ...
Страница 392: ...Chapter 4 Routing 392 ...
Страница 396: ...Web Interface 1 Go to Network Ethernet If1 2 Select Enable DHCP 3 Click OK Chapter 5 DHCP Services 396 ...
Страница 419: ... Host 2001 DB8 1 MAC 00 90 12 13 14 15 5 Click OK Chapter 5 DHCP Services 419 ...
Страница 420: ...Chapter 5 DHCP Services 420 ...
Страница 424: ...2 Now enter Name lan_Access Action Expect Interface lan Network lannet 3 Click OK Chapter 6 Security Mechanisms 424 ...
Страница 573: ...Chapter 6 Security Mechanisms 573 ...
Страница 575: ...This section describes and provides examples of configuring NAT and SAT rules Chapter 7 Address Translation 575 ...
Страница 607: ...Chapter 7 Address Translation 607 ...
Страница 666: ...Chapter 8 User Authentication 666 ...
Страница 775: ...Chapter 9 VPN 775 ...
Страница 819: ...Chapter 10 Traffic Management 819 ...
Страница 842: ...Chapter 11 High Availability 842 ...
Страница 866: ...Default Enabled Chapter 13 Advanced Settings 866 ...
Страница 879: ...Chapter 13 Advanced Settings 879 ...